ScreenShot
| Created | 2024.07.11 13:22 | Machine | s1_win7_x6403 |
| Filename | parent.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 2 detected (susgen, HackTool, SelectMyParent) | ||
| md5 | 79f0217feda3db821ac7c89d9c31ec7f | ||
| sha256 | dcf7bccac1a08fb5d70e6d4fbbcc5f67ede54fe54a378443dc684814e2272914 | ||
| ssdeep | 192:Koc4q4LkGkokHWu3avV8RE3yzruVQl6ZarDaN:KoTq4a/H/3avV8ReyHuV | ||
| imphash | 36cb6f1addd942c545febbc134f07815 | ||
| impfuzzy | 24:5z694F1BzeLsB2dIzCasx8yldfmVIZK+s5Fw:J69Y1leLvd0mZldfmVIZKY | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x402010 UpdateProcThreadAttribute
0x402014 GetProcessHeap
0x402018 OpenProcess
0x40201c FormatMessageW
0x402020 GetCurrentProcess
0x402024 LocalLock
0x402028 InitializeProcThreadAttributeList
0x40202c CloseHandle
0x402030 LocalFree
0x402034 HeapAlloc
0x402038 CreateProcessW
0x40203c GetLastError
0x402040 DeleteProcThreadAttributeList
0x402044 GetCurrentProcessId
0x402048 GetCurrentThreadId
0x40204c GetTickCount
0x402050 QueryPerformanceCounter
0x402054 DecodePointer
0x402058 IsDebuggerPresent
0x40205c SetUnhandledExceptionFilter
0x402060 UnhandledExceptionFilter
0x402064 TerminateProcess
0x402068 EncodePointer
0x40206c HeapSetInformation
0x402070 InterlockedCompareExchange
0x402074 GetSystemTimeAsFileTime
0x402078 Sleep
0x40207c InterlockedExchange
ADVAPI32.dll
0x402000 LookupPrivilegeValueW
0x402004 OpenProcessToken
0x402008 AdjustTokenPrivileges
MSVCR100.dll
0x402084 _fmode
0x402088 __set_app_type
0x40208c _crt_debugger_hook
0x402090 ?terminate@@YAXXZ
0x402094 _unlock
0x402098 __dllonexit
0x40209c _lock
0x4020a0 _onexit
0x4020a4 _except_handler4_common
0x4020a8 _invoke_watson
0x4020ac _controlfp_s
0x4020b0 _commode
0x4020b4 __setusermatherr
0x4020b8 _initterm_e
0x4020bc _initterm
0x4020c0 __winitenv
0x4020c4 exit
0x4020c8 _XcptFilter
0x4020cc _exit
0x4020d0 _cexit
0x4020d4 __wgetmainargs
0x4020d8 _amsg_exit
0x4020dc _putws
0x4020e0 wprintf
0x4020e4 _wtoi
0x4020e8 _configthreadlocale
0x4020ec memset
EAT(Export Address Table) is none
KERNEL32.dll
0x402010 UpdateProcThreadAttribute
0x402014 GetProcessHeap
0x402018 OpenProcess
0x40201c FormatMessageW
0x402020 GetCurrentProcess
0x402024 LocalLock
0x402028 InitializeProcThreadAttributeList
0x40202c CloseHandle
0x402030 LocalFree
0x402034 HeapAlloc
0x402038 CreateProcessW
0x40203c GetLastError
0x402040 DeleteProcThreadAttributeList
0x402044 GetCurrentProcessId
0x402048 GetCurrentThreadId
0x40204c GetTickCount
0x402050 QueryPerformanceCounter
0x402054 DecodePointer
0x402058 IsDebuggerPresent
0x40205c SetUnhandledExceptionFilter
0x402060 UnhandledExceptionFilter
0x402064 TerminateProcess
0x402068 EncodePointer
0x40206c HeapSetInformation
0x402070 InterlockedCompareExchange
0x402074 GetSystemTimeAsFileTime
0x402078 Sleep
0x40207c InterlockedExchange
ADVAPI32.dll
0x402000 LookupPrivilegeValueW
0x402004 OpenProcessToken
0x402008 AdjustTokenPrivileges
MSVCR100.dll
0x402084 _fmode
0x402088 __set_app_type
0x40208c _crt_debugger_hook
0x402090 ?terminate@@YAXXZ
0x402094 _unlock
0x402098 __dllonexit
0x40209c _lock
0x4020a0 _onexit
0x4020a4 _except_handler4_common
0x4020a8 _invoke_watson
0x4020ac _controlfp_s
0x4020b0 _commode
0x4020b4 __setusermatherr
0x4020b8 _initterm_e
0x4020bc _initterm
0x4020c0 __winitenv
0x4020c4 exit
0x4020c8 _XcptFilter
0x4020cc _exit
0x4020d0 _cexit
0x4020d4 __wgetmainargs
0x4020d8 _amsg_exit
0x4020dc _putws
0x4020e0 wprintf
0x4020e4 _wtoi
0x4020e8 _configthreadlocale
0x4020ec memset
EAT(Export Address Table) is none