ScreenShot
| Created | 2024.07.09 09:58 | Machine | s1_win7_x6401 |
| Filename | PsExec.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 2 detected (HackTool, PsExec, uwccg) | ||
| md5 | 24a648a48741b1ac809e47b9543c6f12 | ||
| sha256 | 078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b | ||
| ssdeep | 12288:LOO6oMlKDdwPDMlkw6Pph0lhSMXle+eO1HK+meynh5yRX3oRG72:LD9McwPDCkw6Bh0lhSMXlemqth5yRX3E | ||
| imphash | 1193bc223dad681f22f8248608cbb592 | ||
| impfuzzy | 96:eKmemBwXcPcpVotsXCLRsNncc1Fg8mczKsO:ecmBwS6MsO | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
VERSION.dll
0x4412cc GetFileVersionInfoSizeW
0x4412d0 VerQueryValueW
0x4412d4 GetFileVersionInfoW
NETAPI32.dll
0x4412c0 NetServerEnum
0x4412c4 NetApiBufferFree
WS2_32.dll
0x4412dc gethostname
0x4412e0 WSAStartup
0x4412e4 inet_ntoa
0x4412e8 gethostbyname
MPR.dll
0x4412b4 WNetCancelConnection2W
0x4412b8 WNetAddConnection2W
KERNEL32.dll
0x4410c4 SetFileAttributesW
0x4410c8 DuplicateHandle
0x4410cc DisconnectNamedPipe
0x4410d0 SetNamedPipeHandleState
0x4410d4 TransactNamedPipe
0x4410d8 WaitNamedPipeW
0x4410dc CreateEventW
0x4410e0 WaitForMultipleObjects
0x4410e4 GetCurrentProcessId
0x4410e8 GetFileTime
0x4410ec GetExitCodeProcess
0x4410f0 ResumeThread
0x4410f4 GetVersion
0x4410f8 SetProcessAffinityMask
0x4410fc CopyFileW
0x441100 ReadConsoleW
0x441104 SetConsoleCtrlHandler
0x441108 SetConsoleTitleW
0x44110c HeapReAlloc
0x441110 GetEnvironmentVariableW
0x441114 GetFileAttributesW
0x441118 ReadFile
0x44111c GetConsoleScreenBufferInfo
0x441120 MultiByteToWideChar
0x441124 VerifyVersionInfoW
0x441128 FormatMessageA
0x44112c FindResourceW
0x441130 SizeofResource
0x441134 LockResource
0x441138 LoadResource
0x44113c FreeLibrary
0x441140 GetSystemDirectoryW
0x441144 GetTickCount
0x441148 GetCurrentProcess
0x44114c Sleep
0x441150 WaitForSingleObject
0x441154 SetEvent
0x441158 CloseHandle
0x44115c WriteFile
0x441160 DeleteFileW
0x441164 CreateFileW
0x441168 VerSetConditionMask
0x44116c SetThreadGroupAffinity
0x441170 SetPriorityClass
0x441174 GetModuleFileNameW
0x441178 LocalFree
0x44117c SetEndOfFile
0x441180 LocalAlloc
0x441184 GetProcAddress
0x441188 GetModuleHandleW
0x44118c GetFileType
0x441190 GetCommandLineW
0x441194 GetStdHandle
0x441198 LoadLibraryExW
0x44119c GetVersionExW
0x4411a0 SetLastError
0x4411a4 GetComputerNameW
0x4411a8 GetLastError
0x4411ac FindClose
0x4411b0 FindFirstFileExW
0x4411b4 FindNextFileW
0x4411b8 IsValidCodePage
0x4411bc GetACP
0x4411c0 GetOEMCP
0x4411c4 GetEnvironmentStringsW
0x4411c8 FreeEnvironmentStringsW
0x4411cc SetEnvironmentVariableW
0x4411d0 GetProcessHeap
0x4411d4 WriteConsoleW
0x4411d8 HeapSize
0x4411dc TerminateProcess
0x4411e0 RaiseException
0x4411e4 GetSystemInfo
0x4411e8 VirtualProtect
0x4411ec VirtualQuery
0x4411f0 LoadLibraryExA
0x4411f4 WideCharToMultiByte
0x4411f8 GetStringTypeW
0x4411fc EnterCriticalSection
0x441200 LeaveCriticalSection
0x441204 InitializeCriticalSectionEx
0x441208 DeleteCriticalSection
0x44120c EncodePointer
0x441210 DecodePointer
0x441214 GetCPInfo
0x441218 UnhandledExceptionFilter
0x44121c SetUnhandledExceptionFilter
0x441220 IsProcessorFeaturePresent
0x441224 IsDebuggerPresent
0x441228 GetStartupInfoW
0x44122c QueryPerformanceCounter
0x441230 GetCurrentThreadId
0x441234 GetSystemTimeAsFileTime
0x441238 InitializeSListHead
0x44123c RtlUnwind
0x441240 InitializeCriticalSectionAndSpinCount
0x441244 TlsAlloc
0x441248 TlsGetValue
0x44124c TlsSetValue
0x441250 TlsFree
0x441254 ExitProcess
0x441258 GetModuleHandleExW
0x44125c GetConsoleCP
0x441260 SetStdHandle
0x441264 CreateThread
0x441268 ExitThread
0x44126c FreeLibraryAndExitThread
0x441270 GetCommandLineA
0x441274 HeapAlloc
0x441278 HeapFree
0x44127c CompareStringW
0x441280 LCMapStringW
0x441284 GetLocaleInfoW
0x441288 IsValidLocale
0x44128c GetUserDefaultLCID
0x441290 EnumSystemLocalesW
0x441294 FlushFileBuffers
0x441298 GetConsoleOutputCP
0x44129c GetConsoleMode
0x4412a0 SetConsoleMode
0x4412a4 ReadConsoleInputW
0x4412a8 GetFileSizeEx
0x4412ac SetFilePointerEx
COMDLG32.dll
0x4410bc PrintDlgW
ADVAPI32.dll
0x441000 CreateProcessAsUserW
0x441004 CryptHashData
0x441008 CryptCreateHash
0x44100c CryptDecrypt
0x441010 CryptEncrypt
0x441014 CryptImportKey
0x441018 CryptExportKey
0x44101c CryptDestroyKey
0x441020 CryptDeriveKey
0x441024 CryptGenKey
0x441028 CryptReleaseContext
0x44102c CryptAcquireContextW
0x441030 StartServiceW
0x441034 QueryServiceStatus
0x441038 OpenServiceW
0x44103c OpenSCManagerW
0x441040 DeleteService
0x441044 CreateServiceW
0x441048 ControlService
0x44104c CloseServiceHandle
0x441050 OpenProcessToken
0x441054 LsaEnumerateAccountRights
0x441058 LsaOpenPolicy
0x44105c LsaClose
0x441060 LsaFreeMemory
0x441064 SetSecurityInfo
0x441068 GetSecurityInfo
0x44106c SetEntriesInAclW
0x441070 LookupPrivilegeValueW
0x441074 SetTokenInformation
0x441078 SetSecurityDescriptorDacl
0x44107c InitializeSecurityDescriptor
0x441080 InitializeAcl
0x441084 GetTokenInformation
0x441088 GetLengthSid
0x44108c GetAce
0x441090 FreeSid
0x441094 AllocateAndInitializeSid
0x441098 AddAce
0x44109c AddAccessAllowedAce
0x4410a0 RegSetValueExW
0x4410a4 RegQueryValueExW
0x4410a8 RegOpenKeyExW
0x4410ac RegOpenKeyW
0x4410b0 RegCreateKeyW
0x4410b4 RegCloseKey
EAT(Export Address Table) is none
VERSION.dll
0x4412cc GetFileVersionInfoSizeW
0x4412d0 VerQueryValueW
0x4412d4 GetFileVersionInfoW
NETAPI32.dll
0x4412c0 NetServerEnum
0x4412c4 NetApiBufferFree
WS2_32.dll
0x4412dc gethostname
0x4412e0 WSAStartup
0x4412e4 inet_ntoa
0x4412e8 gethostbyname
MPR.dll
0x4412b4 WNetCancelConnection2W
0x4412b8 WNetAddConnection2W
KERNEL32.dll
0x4410c4 SetFileAttributesW
0x4410c8 DuplicateHandle
0x4410cc DisconnectNamedPipe
0x4410d0 SetNamedPipeHandleState
0x4410d4 TransactNamedPipe
0x4410d8 WaitNamedPipeW
0x4410dc CreateEventW
0x4410e0 WaitForMultipleObjects
0x4410e4 GetCurrentProcessId
0x4410e8 GetFileTime
0x4410ec GetExitCodeProcess
0x4410f0 ResumeThread
0x4410f4 GetVersion
0x4410f8 SetProcessAffinityMask
0x4410fc CopyFileW
0x441100 ReadConsoleW
0x441104 SetConsoleCtrlHandler
0x441108 SetConsoleTitleW
0x44110c HeapReAlloc
0x441110 GetEnvironmentVariableW
0x441114 GetFileAttributesW
0x441118 ReadFile
0x44111c GetConsoleScreenBufferInfo
0x441120 MultiByteToWideChar
0x441124 VerifyVersionInfoW
0x441128 FormatMessageA
0x44112c FindResourceW
0x441130 SizeofResource
0x441134 LockResource
0x441138 LoadResource
0x44113c FreeLibrary
0x441140 GetSystemDirectoryW
0x441144 GetTickCount
0x441148 GetCurrentProcess
0x44114c Sleep
0x441150 WaitForSingleObject
0x441154 SetEvent
0x441158 CloseHandle
0x44115c WriteFile
0x441160 DeleteFileW
0x441164 CreateFileW
0x441168 VerSetConditionMask
0x44116c SetThreadGroupAffinity
0x441170 SetPriorityClass
0x441174 GetModuleFileNameW
0x441178 LocalFree
0x44117c SetEndOfFile
0x441180 LocalAlloc
0x441184 GetProcAddress
0x441188 GetModuleHandleW
0x44118c GetFileType
0x441190 GetCommandLineW
0x441194 GetStdHandle
0x441198 LoadLibraryExW
0x44119c GetVersionExW
0x4411a0 SetLastError
0x4411a4 GetComputerNameW
0x4411a8 GetLastError
0x4411ac FindClose
0x4411b0 FindFirstFileExW
0x4411b4 FindNextFileW
0x4411b8 IsValidCodePage
0x4411bc GetACP
0x4411c0 GetOEMCP
0x4411c4 GetEnvironmentStringsW
0x4411c8 FreeEnvironmentStringsW
0x4411cc SetEnvironmentVariableW
0x4411d0 GetProcessHeap
0x4411d4 WriteConsoleW
0x4411d8 HeapSize
0x4411dc TerminateProcess
0x4411e0 RaiseException
0x4411e4 GetSystemInfo
0x4411e8 VirtualProtect
0x4411ec VirtualQuery
0x4411f0 LoadLibraryExA
0x4411f4 WideCharToMultiByte
0x4411f8 GetStringTypeW
0x4411fc EnterCriticalSection
0x441200 LeaveCriticalSection
0x441204 InitializeCriticalSectionEx
0x441208 DeleteCriticalSection
0x44120c EncodePointer
0x441210 DecodePointer
0x441214 GetCPInfo
0x441218 UnhandledExceptionFilter
0x44121c SetUnhandledExceptionFilter
0x441220 IsProcessorFeaturePresent
0x441224 IsDebuggerPresent
0x441228 GetStartupInfoW
0x44122c QueryPerformanceCounter
0x441230 GetCurrentThreadId
0x441234 GetSystemTimeAsFileTime
0x441238 InitializeSListHead
0x44123c RtlUnwind
0x441240 InitializeCriticalSectionAndSpinCount
0x441244 TlsAlloc
0x441248 TlsGetValue
0x44124c TlsSetValue
0x441250 TlsFree
0x441254 ExitProcess
0x441258 GetModuleHandleExW
0x44125c GetConsoleCP
0x441260 SetStdHandle
0x441264 CreateThread
0x441268 ExitThread
0x44126c FreeLibraryAndExitThread
0x441270 GetCommandLineA
0x441274 HeapAlloc
0x441278 HeapFree
0x44127c CompareStringW
0x441280 LCMapStringW
0x441284 GetLocaleInfoW
0x441288 IsValidLocale
0x44128c GetUserDefaultLCID
0x441290 EnumSystemLocalesW
0x441294 FlushFileBuffers
0x441298 GetConsoleOutputCP
0x44129c GetConsoleMode
0x4412a0 SetConsoleMode
0x4412a4 ReadConsoleInputW
0x4412a8 GetFileSizeEx
0x4412ac SetFilePointerEx
COMDLG32.dll
0x4410bc PrintDlgW
ADVAPI32.dll
0x441000 CreateProcessAsUserW
0x441004 CryptHashData
0x441008 CryptCreateHash
0x44100c CryptDecrypt
0x441010 CryptEncrypt
0x441014 CryptImportKey
0x441018 CryptExportKey
0x44101c CryptDestroyKey
0x441020 CryptDeriveKey
0x441024 CryptGenKey
0x441028 CryptReleaseContext
0x44102c CryptAcquireContextW
0x441030 StartServiceW
0x441034 QueryServiceStatus
0x441038 OpenServiceW
0x44103c OpenSCManagerW
0x441040 DeleteService
0x441044 CreateServiceW
0x441048 ControlService
0x44104c CloseServiceHandle
0x441050 OpenProcessToken
0x441054 LsaEnumerateAccountRights
0x441058 LsaOpenPolicy
0x44105c LsaClose
0x441060 LsaFreeMemory
0x441064 SetSecurityInfo
0x441068 GetSecurityInfo
0x44106c SetEntriesInAclW
0x441070 LookupPrivilegeValueW
0x441074 SetTokenInformation
0x441078 SetSecurityDescriptorDacl
0x44107c InitializeSecurityDescriptor
0x441080 InitializeAcl
0x441084 GetTokenInformation
0x441088 GetLengthSid
0x44108c GetAce
0x441090 FreeSid
0x441094 AllocateAndInitializeSid
0x441098 AddAce
0x44109c AddAccessAllowedAce
0x4410a0 RegSetValueExW
0x4410a4 RegQueryValueExW
0x4410a8 RegOpenKeyExW
0x4410ac RegOpenKeyW
0x4410b0 RegCreateKeyW
0x4410b4 RegCloseKey
EAT(Export Address Table) is none