ScreenShot
| Created | 2024.07.08 17:03 | Machine | s1_win7_x6402 |
| Filename | cc.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | f84d08aa136cff60ce8e8c45202190af | ||
| sha256 | 7d03d75d38cc9ae688d780c8afd0eae3a6d4417f0227e9e115c0c6cc19f356aa | ||
| ssdeep | 49152:NrW1vjSdjSqhyhc+KJiADCIytuDZ3M4WiPA1NHySRUkfVhupolGB/K7tysepFx+:tsLSd+I+6nD6D41US/whupolbepFx+ | ||
| imphash | 6ed4f5f04d62b18d96b26d6db7c18840 | ||
| impfuzzy | 3:swBJAEPw1MO/OywS9KTXzhAXwEQaxRn:dBJAEoZ/OEGDzyRn | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects the presence of Wine emulator |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0xcba028 LoadLibraryA
0xcba030 ExitProcess
0xcba038 GetProcAddress
0xcba040 VirtualProtect
EAT(Export Address Table) is none
KERNEL32.DLL
0xcba028 LoadLibraryA
0xcba030 ExitProcess
0xcba038 GetProcAddress
0xcba040 VirtualProtect
EAT(Export Address Table) is none