ScreenShot
| Created | 2024.07.16 07:11 | Machine | s1_win7_x6401 |
| Filename | Game.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 21959a3818472588bee12b4e4ac688dc | ||
| sha256 | 07e1e13cb373126d7704fbd07cacfe2a81e98b25e76f1de2826cb07b49bf65aa | ||
| ssdeep | 24576:k+wc92oFL3AjPTCfdDCvXaVg2FcFSrsOin4wvht/:qoFL3uTC1OygfZFb | ||
| imphash | 45c4c3df10d777cd769f80b2ccde7cf3 | ||
| impfuzzy | 12:VA/DzqYOZ9RgJEQIAq0cBmPg5Ot/YUBQIII4C3n:V0DBa9iIAvoU9rkk3n | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | The executable uses a known packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x71f67c LoadLibraryA
0x71f680 GetProcAddress
0x71f684 VirtualProtect
0x71f688 VirtualAlloc
0x71f68c VirtualFree
0x71f690 ExitProcess
advapi32.dll
0x71f698 RegCloseKey
dinput8.dll
0x71f6a0 DirectInput8Create
fmod.dll
0x71f6a8 _FSOUND_Close@0
imm32.dll
0x71f6b0 ImmGetContext
luaplus.dll
0x71f6b8 lua_type
msvcp71.dll
0x71f6c0 ??1locale@std@@QAE@XZ
msvcr71.dll
0x71f6c8 exit
pathlib.dll
0x71f6d0 ?getPathData@PathLibRoot@PathLib@@QAEPAVPathData@2@XZ
rpcrt4.dll
0x71f6d8 UuidCreate
rssparser.dll
0x71f6e0 RSS_GotoURL
shlwapi.dll
0x71f6e8 SHSetValueA
tengine.dll
0x71f6f0 ??1tNode@@UAE@XZ
user32.dll
0x71f6f8 SetRect
wininet.dll
0x71f700 InternetOpenA
winmm.dll
0x71f708 timeGetTime
ws2_32.dll
0x71f710 send
EAT(Export Address Table) is none
KERNEL32.DLL
0x71f67c LoadLibraryA
0x71f680 GetProcAddress
0x71f684 VirtualProtect
0x71f688 VirtualAlloc
0x71f68c VirtualFree
0x71f690 ExitProcess
advapi32.dll
0x71f698 RegCloseKey
dinput8.dll
0x71f6a0 DirectInput8Create
fmod.dll
0x71f6a8 _FSOUND_Close@0
imm32.dll
0x71f6b0 ImmGetContext
luaplus.dll
0x71f6b8 lua_type
msvcp71.dll
0x71f6c0 ??1locale@std@@QAE@XZ
msvcr71.dll
0x71f6c8 exit
pathlib.dll
0x71f6d0 ?getPathData@PathLibRoot@PathLib@@QAEPAVPathData@2@XZ
rpcrt4.dll
0x71f6d8 UuidCreate
rssparser.dll
0x71f6e0 RSS_GotoURL
shlwapi.dll
0x71f6e8 SHSetValueA
tengine.dll
0x71f6f0 ??1tNode@@UAE@XZ
user32.dll
0x71f6f8 SetRect
wininet.dll
0x71f700 InternetOpenA
winmm.dll
0x71f708 timeGetTime
ws2_32.dll
0x71f710 send
EAT(Export Address Table) is none