ScreenShot
Created | 2024.07.01 14:56 | Machine | s1_win7_x6401 |
Filename | CONT.exe | ||
Type | PE32 executable (console) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 2 detected (AIDetectMalware, malicious, moderate confidence) | ||
md5 | 1cdf5a27c0f2ceaf51055ed3721d5c32 | ||
sha256 | 3abee122a435b2e85a1d29c754fa729e05c3ffccad24f67f62d67b3686f9e05a | ||
ssdeep | 768:BfGsLWKNqv9zDO5zfGsLWKNqv9zDO5mfyXAehtY3TEEtlhEBgiiVLFlDch6hGgGV:L6i49O/6i49OcwYZNvS6i49OH6i49O | ||
imphash | 4d14d19b876bbb7a86ffba329be9d956 | ||
impfuzzy | 24:FM1fJhgSSvFkvCSRpVlGroq57qvBgN6bRYPuIv:YfJhgsqYbGrV9YgN6bRYWIv |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
info | The file contains an unknown PE resource name possibly indicative of a packer |
info | This executable has a PDB path |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x404000 RegCloseKey
0x404004 RegQueryValueExW
KERNEL32.dll
0x40402c GetSystemTimeAsFileTime
0x404030 GetCurrentThreadId
0x404034 UnhandledExceptionFilter
0x404038 QueryPerformanceCounter
0x40403c GetModuleHandleW
0x404040 SetUnhandledExceptionFilter
0x404044 Sleep
0x404048 GetTickCount
0x40404c GetCurrentProcess
0x404050 CloseHandle
0x404054 SetEvent
0x404058 OpenEventW
0x40405c GetLastError
0x404060 CompareStringOrdinal
0x404064 TerminateProcess
0x404068 GetCurrentProcessId
0x40406c ResolveDelayLoadedAPI
0x404070 DelayLoadFailureHook
msvcrt.dll
0x404078 _controlfp
0x40407c ?terminate@@YAXXZ
0x404080 _except_handler4_common
0x404084 _initterm
0x404088 __setusermatherr
0x40408c __p__fmode
0x404090 _cexit
0x404094 _exit
0x404098 exit
0x40409c __set_app_type
0x4040a0 __wgetmainargs
0x4040a4 _amsg_exit
0x4040a8 __p__commode
0x4040ac _XcptFilter
0x4040b0 _vsnwprintf
0x4040b4 memset
newdev.dll
0x4040bc DiUninstallDevice
DEVOBJ.dll
0x40400c DevObjUninstallDevice
0x404010 DevObjDestroyDeviceInfoList
0x404014 DevObjGetDeviceInstanceId
0x404018 DevObjGetClassDevs
0x40401c DevObjCreateDeviceInfoList
0x404020 DevObjOpenDevRegKey
0x404024 DevObjEnumDeviceInfo
EAT(Export Address Table) is none
ADVAPI32.dll
0x404000 RegCloseKey
0x404004 RegQueryValueExW
KERNEL32.dll
0x40402c GetSystemTimeAsFileTime
0x404030 GetCurrentThreadId
0x404034 UnhandledExceptionFilter
0x404038 QueryPerformanceCounter
0x40403c GetModuleHandleW
0x404040 SetUnhandledExceptionFilter
0x404044 Sleep
0x404048 GetTickCount
0x40404c GetCurrentProcess
0x404050 CloseHandle
0x404054 SetEvent
0x404058 OpenEventW
0x40405c GetLastError
0x404060 CompareStringOrdinal
0x404064 TerminateProcess
0x404068 GetCurrentProcessId
0x40406c ResolveDelayLoadedAPI
0x404070 DelayLoadFailureHook
msvcrt.dll
0x404078 _controlfp
0x40407c ?terminate@@YAXXZ
0x404080 _except_handler4_common
0x404084 _initterm
0x404088 __setusermatherr
0x40408c __p__fmode
0x404090 _cexit
0x404094 _exit
0x404098 exit
0x40409c __set_app_type
0x4040a0 __wgetmainargs
0x4040a4 _amsg_exit
0x4040a8 __p__commode
0x4040ac _XcptFilter
0x4040b0 _vsnwprintf
0x4040b4 memset
newdev.dll
0x4040bc DiUninstallDevice
DEVOBJ.dll
0x40400c DevObjUninstallDevice
0x404010 DevObjDestroyDeviceInfoList
0x404014 DevObjGetDeviceInstanceId
0x404018 DevObjGetClassDevs
0x40401c DevObjCreateDeviceInfoList
0x404020 DevObjOpenDevRegKey
0x404024 DevObjEnumDeviceInfo
EAT(Export Address Table) is none