ScreenShot
| Created | 2024.07.17 09:09 | Machine | s1_win7_x6401 |
| Filename | remcmdstub.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 3 detected (RemoteAdmin, NetSup) | ||
| md5 | 35da3b727567fab0c7c8426f1261c7f5 | ||
| sha256 | 89027f1449be9ba1e56dd82d13a947cb3ca319adfe9782f4874fbdc26dc59d09 | ||
| ssdeep | 1536:bJfanvXuN86jJ9hUHYBlXUYwT24a+yVwQ:lanPGjJTU4IYia+yVX | ||
| imphash | 99c0cd957fc7334714fefa3daa61a6ea | ||
| impfuzzy | 24:VieDkJrqjqibiTnMUM7/2xOovpkEwJtWcbOHRnlyvpNT4avZ/5AkQjxtIW:Y0BtJtWcb2KpNcObA/jXr | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40a000 LoadLibraryA
0x40a004 FreeLibrary
0x40a008 GetProcAddress
0x40a00c SetLastError
0x40a010 GetVersionExA
0x40a014 GetLastError
0x40a018 GetModuleFileNameA
0x40a01c WaitForSingleObject
0x40a020 Sleep
0x40a024 WriteFile
0x40a028 GetExitCodeProcess
0x40a02c GenerateConsoleCtrlEvent
0x40a030 WaitForMultipleObjects
0x40a034 CloseHandle
0x40a038 CreateProcessA
0x40a03c SetConsoleCtrlHandler
0x40a040 SetConsoleMode
0x40a044 GetConsoleMode
0x40a048 GetStdHandle
0x40a04c ExpandEnvironmentStringsA
0x40a050 SetStdHandle
0x40a054 WriteConsoleW
0x40a058 HeapSize
0x40a05c SetFilePointer
0x40a060 FlushFileBuffers
0x40a064 GetCommandLineA
0x40a068 HeapSetInformation
0x40a06c GetCPInfo
0x40a070 InterlockedIncrement
0x40a074 InterlockedDecrement
0x40a078 GetACP
0x40a07c GetOEMCP
0x40a080 IsValidCodePage
0x40a084 EncodePointer
0x40a088 TlsAlloc
0x40a08c TlsGetValue
0x40a090 TlsSetValue
0x40a094 DecodePointer
0x40a098 TlsFree
0x40a09c GetModuleHandleW
0x40a0a0 GetCurrentThreadId
0x40a0a4 UnhandledExceptionFilter
0x40a0a8 SetUnhandledExceptionFilter
0x40a0ac IsDebuggerPresent
0x40a0b0 TerminateProcess
0x40a0b4 GetCurrentProcess
0x40a0b8 WideCharToMultiByte
0x40a0bc LCMapStringW
0x40a0c0 MultiByteToWideChar
0x40a0c4 EnterCriticalSection
0x40a0c8 LeaveCriticalSection
0x40a0cc IsProcessorFeaturePresent
0x40a0d0 ExitProcess
0x40a0d4 GetModuleFileNameW
0x40a0d8 FreeEnvironmentStringsW
0x40a0dc GetEnvironmentStringsW
0x40a0e0 SetHandleCount
0x40a0e4 InitializeCriticalSectionAndSpinCount
0x40a0e8 GetFileType
0x40a0ec GetStartupInfoW
0x40a0f0 DeleteCriticalSection
0x40a0f4 HeapCreate
0x40a0f8 QueryPerformanceCounter
0x40a0fc GetTickCount
0x40a100 GetCurrentProcessId
0x40a104 GetSystemTimeAsFileTime
0x40a108 GetStringTypeW
0x40a10c HeapFree
0x40a110 HeapAlloc
0x40a114 RtlUnwind
0x40a118 LoadLibraryW
0x40a11c HeapReAlloc
0x40a120 GetConsoleCP
0x40a124 CreateFileW
USER32.dll
0x40a12c EnumWindows
0x40a130 GetClassNameA
0x40a134 SendMessageA
0x40a138 EnumThreadWindows
EAT(Export Address Table) is none
KERNEL32.dll
0x40a000 LoadLibraryA
0x40a004 FreeLibrary
0x40a008 GetProcAddress
0x40a00c SetLastError
0x40a010 GetVersionExA
0x40a014 GetLastError
0x40a018 GetModuleFileNameA
0x40a01c WaitForSingleObject
0x40a020 Sleep
0x40a024 WriteFile
0x40a028 GetExitCodeProcess
0x40a02c GenerateConsoleCtrlEvent
0x40a030 WaitForMultipleObjects
0x40a034 CloseHandle
0x40a038 CreateProcessA
0x40a03c SetConsoleCtrlHandler
0x40a040 SetConsoleMode
0x40a044 GetConsoleMode
0x40a048 GetStdHandle
0x40a04c ExpandEnvironmentStringsA
0x40a050 SetStdHandle
0x40a054 WriteConsoleW
0x40a058 HeapSize
0x40a05c SetFilePointer
0x40a060 FlushFileBuffers
0x40a064 GetCommandLineA
0x40a068 HeapSetInformation
0x40a06c GetCPInfo
0x40a070 InterlockedIncrement
0x40a074 InterlockedDecrement
0x40a078 GetACP
0x40a07c GetOEMCP
0x40a080 IsValidCodePage
0x40a084 EncodePointer
0x40a088 TlsAlloc
0x40a08c TlsGetValue
0x40a090 TlsSetValue
0x40a094 DecodePointer
0x40a098 TlsFree
0x40a09c GetModuleHandleW
0x40a0a0 GetCurrentThreadId
0x40a0a4 UnhandledExceptionFilter
0x40a0a8 SetUnhandledExceptionFilter
0x40a0ac IsDebuggerPresent
0x40a0b0 TerminateProcess
0x40a0b4 GetCurrentProcess
0x40a0b8 WideCharToMultiByte
0x40a0bc LCMapStringW
0x40a0c0 MultiByteToWideChar
0x40a0c4 EnterCriticalSection
0x40a0c8 LeaveCriticalSection
0x40a0cc IsProcessorFeaturePresent
0x40a0d0 ExitProcess
0x40a0d4 GetModuleFileNameW
0x40a0d8 FreeEnvironmentStringsW
0x40a0dc GetEnvironmentStringsW
0x40a0e0 SetHandleCount
0x40a0e4 InitializeCriticalSectionAndSpinCount
0x40a0e8 GetFileType
0x40a0ec GetStartupInfoW
0x40a0f0 DeleteCriticalSection
0x40a0f4 HeapCreate
0x40a0f8 QueryPerformanceCounter
0x40a0fc GetTickCount
0x40a100 GetCurrentProcessId
0x40a104 GetSystemTimeAsFileTime
0x40a108 GetStringTypeW
0x40a10c HeapFree
0x40a110 HeapAlloc
0x40a114 RtlUnwind
0x40a118 LoadLibraryW
0x40a11c HeapReAlloc
0x40a120 GetConsoleCP
0x40a124 CreateFileW
USER32.dll
0x40a12c EnumWindows
0x40a130 GetClassNameA
0x40a134 SendMessageA
0x40a138 EnumThreadWindows
EAT(Export Address Table) is none