ScreenShot
| Created | 2024.07.22 07:31 | Machine | s1_win7_x6403 |
| Filename | jp.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 808502752ca0492aca995e9b620d507b | ||
| sha256 | 0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036 | ||
| ssdeep | 6144:1fuJYaRk/qxEuUPAVHKZxgHb95dL2f552yxhMsxEc8d7:1fGFRw3+P/PuiX | ||
| imphash | 23867a89c2b8fc733be6cf5ef902f2d1 | ||
| impfuzzy | 96:wW3x4wa9aXNys9X1EteS1scg+C2zGN7KrWBN:wWWn9a9l9Fye7Nn | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
Secur32.dll
0x1400383c0 AcquireCredentialsHandleW
0x1400383c8 QuerySecurityContextToken
0x1400383d0 AcceptSecurityContext
KERNEL32.dll
0x140038058 Sleep
0x140038060 WTSGetActiveConsoleSessionId
0x140038068 GetLastError
0x140038070 GetCurrentProcess
0x140038078 CreateThread
0x140038080 LoadLibraryW
0x140038088 LoadLibraryExW
0x140038090 UnregisterWaitEx
0x140038098 QueryDepthSList
0x1400380a0 InterlockedPopEntrySList
0x1400380a8 ReleaseSemaphore
0x1400380b0 DuplicateHandle
0x1400380b8 VirtualProtect
0x1400380c0 VirtualFree
0x1400380c8 VirtualAlloc
0x1400380d0 GetVersionExW
0x1400380d8 GetModuleHandleA
0x1400380e0 FreeLibraryAndExitThread
0x1400380e8 GetThreadTimes
0x1400380f0 UnregisterWait
0x1400380f8 RegisterWaitForSingleObject
0x140038100 SetThreadAffinityMask
0x140038108 GetProcessAffinityMask
0x140038110 GetNumaHighestNodeNumber
0x140038118 DeleteTimerQueueTimer
0x140038120 ChangeTimerQueueTimer
0x140038128 CreateTimerQueueTimer
0x140038130 GetLogicalProcessorInformation
0x140038138 GetThreadPriority
0x140038140 SetThreadPriority
0x140038148 RtlCaptureContext
0x140038150 RtlLookupFunctionEntry
0x140038158 RtlVirtualUnwind
0x140038160 UnhandledExceptionFilter
0x140038168 SetUnhandledExceptionFilter
0x140038170 TerminateProcess
0x140038178 IsProcessorFeaturePresent
0x140038180 QueryPerformanceCounter
0x140038188 GetCurrentProcessId
0x140038190 GetCurrentThreadId
0x140038198 GetSystemTimeAsFileTime
0x1400381a0 InitializeSListHead
0x1400381a8 IsDebuggerPresent
0x1400381b0 GetStartupInfoW
0x1400381b8 GetModuleHandleW
0x1400381c0 EnterCriticalSection
0x1400381c8 LeaveCriticalSection
0x1400381d0 TryEnterCriticalSection
0x1400381d8 DeleteCriticalSection
0x1400381e0 WideCharToMultiByte
0x1400381e8 SetLastError
0x1400381f0 InitializeCriticalSectionAndSpinCount
0x1400381f8 CreateEventW
0x140038200 TlsAlloc
0x140038208 TlsGetValue
0x140038210 TlsSetValue
0x140038218 TlsFree
0x140038220 GetTickCount
0x140038228 GetProcAddress
0x140038230 RtlPcToFileHeader
0x140038238 EncodePointer
0x140038240 RaiseException
0x140038248 RtlUnwindEx
0x140038250 InterlockedPushEntrySList
0x140038258 InterlockedFlushSList
0x140038260 FreeLibrary
0x140038268 DecodePointer
0x140038270 ExitProcess
0x140038278 GetModuleHandleExW
0x140038280 GetStdHandle
0x140038288 WriteFile
0x140038290 GetModuleFileNameW
0x140038298 MultiByteToWideChar
0x1400382a0 GetCommandLineA
0x1400382a8 GetCommandLineW
0x1400382b0 GetACP
0x1400382b8 HeapAlloc
0x1400382c0 HeapFree
0x1400382c8 CompareStringW
0x1400382d0 LCMapStringW
0x1400382d8 GetFileType
0x1400382e0 GetCurrentThread
0x1400382e8 FlushFileBuffers
0x1400382f0 GetConsoleCP
0x1400382f8 GetConsoleMode
0x140038300 CloseHandle
0x140038308 WaitForSingleObjectEx
0x140038310 FindClose
0x140038318 FindFirstFileExW
0x140038320 FindNextFileW
0x140038328 IsValidCodePage
0x140038330 GetOEMCP
0x140038338 GetCPInfo
0x140038340 GetEnvironmentStringsW
0x140038348 FreeEnvironmentStringsW
0x140038350 SetEnvironmentVariableW
0x140038358 SetStdHandle
0x140038360 GetStringTypeW
0x140038368 GetProcessHeap
0x140038370 SetFilePointerEx
0x140038378 WriteConsoleW
0x140038380 HeapSize
0x140038388 HeapReAlloc
0x140038390 CreateFileW
0x140038398 CreateTimerQueue
0x1400383a0 SetEvent
0x1400383a8 SignalObjectAndWait
0x1400383b0 SwitchToThread
ADVAPI32.dll
0x140038000 GetTokenInformation
0x140038008 CreateProcessAsUserW
0x140038010 CreateProcessWithTokenW
0x140038018 DuplicateTokenEx
0x140038020 OpenProcessToken
0x140038028 AdjustTokenPrivileges
0x140038030 LookupPrivilegeValueW
0x140038038 LookupAccountSidW
0x140038040 CopySid
0x140038048 GetLengthSid
ole32.dll
0x140038470 CoTaskMemAlloc
0x140038478 CLSIDFromString
0x140038480 StgCreateDocfileOnILockBytes
0x140038488 CoGetInstanceFromIStorage
0x140038490 CoInitialize
0x140038498 CreateILockBytesOnHGlobal
WS2_32.dll
0x1400383e0 freeaddrinfo
0x1400383e8 setsockopt
0x1400383f0 shutdown
0x1400383f8 recv
0x140038400 send
0x140038408 closesocket
0x140038410 ind
0x140038418 WSAGetLastError
0x140038420 socket
0x140038428 WSACleanup
0x140038430 getaddrinfo
0x140038438 WSAStartup
0x140038440 accept
0x140038448 select
0x140038450 listen
0x140038458 __WSAFDIsSet
0x140038460 connect
EAT(Export Address Table) is none
Secur32.dll
0x1400383c0 AcquireCredentialsHandleW
0x1400383c8 QuerySecurityContextToken
0x1400383d0 AcceptSecurityContext
KERNEL32.dll
0x140038058 Sleep
0x140038060 WTSGetActiveConsoleSessionId
0x140038068 GetLastError
0x140038070 GetCurrentProcess
0x140038078 CreateThread
0x140038080 LoadLibraryW
0x140038088 LoadLibraryExW
0x140038090 UnregisterWaitEx
0x140038098 QueryDepthSList
0x1400380a0 InterlockedPopEntrySList
0x1400380a8 ReleaseSemaphore
0x1400380b0 DuplicateHandle
0x1400380b8 VirtualProtect
0x1400380c0 VirtualFree
0x1400380c8 VirtualAlloc
0x1400380d0 GetVersionExW
0x1400380d8 GetModuleHandleA
0x1400380e0 FreeLibraryAndExitThread
0x1400380e8 GetThreadTimes
0x1400380f0 UnregisterWait
0x1400380f8 RegisterWaitForSingleObject
0x140038100 SetThreadAffinityMask
0x140038108 GetProcessAffinityMask
0x140038110 GetNumaHighestNodeNumber
0x140038118 DeleteTimerQueueTimer
0x140038120 ChangeTimerQueueTimer
0x140038128 CreateTimerQueueTimer
0x140038130 GetLogicalProcessorInformation
0x140038138 GetThreadPriority
0x140038140 SetThreadPriority
0x140038148 RtlCaptureContext
0x140038150 RtlLookupFunctionEntry
0x140038158 RtlVirtualUnwind
0x140038160 UnhandledExceptionFilter
0x140038168 SetUnhandledExceptionFilter
0x140038170 TerminateProcess
0x140038178 IsProcessorFeaturePresent
0x140038180 QueryPerformanceCounter
0x140038188 GetCurrentProcessId
0x140038190 GetCurrentThreadId
0x140038198 GetSystemTimeAsFileTime
0x1400381a0 InitializeSListHead
0x1400381a8 IsDebuggerPresent
0x1400381b0 GetStartupInfoW
0x1400381b8 GetModuleHandleW
0x1400381c0 EnterCriticalSection
0x1400381c8 LeaveCriticalSection
0x1400381d0 TryEnterCriticalSection
0x1400381d8 DeleteCriticalSection
0x1400381e0 WideCharToMultiByte
0x1400381e8 SetLastError
0x1400381f0 InitializeCriticalSectionAndSpinCount
0x1400381f8 CreateEventW
0x140038200 TlsAlloc
0x140038208 TlsGetValue
0x140038210 TlsSetValue
0x140038218 TlsFree
0x140038220 GetTickCount
0x140038228 GetProcAddress
0x140038230 RtlPcToFileHeader
0x140038238 EncodePointer
0x140038240 RaiseException
0x140038248 RtlUnwindEx
0x140038250 InterlockedPushEntrySList
0x140038258 InterlockedFlushSList
0x140038260 FreeLibrary
0x140038268 DecodePointer
0x140038270 ExitProcess
0x140038278 GetModuleHandleExW
0x140038280 GetStdHandle
0x140038288 WriteFile
0x140038290 GetModuleFileNameW
0x140038298 MultiByteToWideChar
0x1400382a0 GetCommandLineA
0x1400382a8 GetCommandLineW
0x1400382b0 GetACP
0x1400382b8 HeapAlloc
0x1400382c0 HeapFree
0x1400382c8 CompareStringW
0x1400382d0 LCMapStringW
0x1400382d8 GetFileType
0x1400382e0 GetCurrentThread
0x1400382e8 FlushFileBuffers
0x1400382f0 GetConsoleCP
0x1400382f8 GetConsoleMode
0x140038300 CloseHandle
0x140038308 WaitForSingleObjectEx
0x140038310 FindClose
0x140038318 FindFirstFileExW
0x140038320 FindNextFileW
0x140038328 IsValidCodePage
0x140038330 GetOEMCP
0x140038338 GetCPInfo
0x140038340 GetEnvironmentStringsW
0x140038348 FreeEnvironmentStringsW
0x140038350 SetEnvironmentVariableW
0x140038358 SetStdHandle
0x140038360 GetStringTypeW
0x140038368 GetProcessHeap
0x140038370 SetFilePointerEx
0x140038378 WriteConsoleW
0x140038380 HeapSize
0x140038388 HeapReAlloc
0x140038390 CreateFileW
0x140038398 CreateTimerQueue
0x1400383a0 SetEvent
0x1400383a8 SignalObjectAndWait
0x1400383b0 SwitchToThread
ADVAPI32.dll
0x140038000 GetTokenInformation
0x140038008 CreateProcessAsUserW
0x140038010 CreateProcessWithTokenW
0x140038018 DuplicateTokenEx
0x140038020 OpenProcessToken
0x140038028 AdjustTokenPrivileges
0x140038030 LookupPrivilegeValueW
0x140038038 LookupAccountSidW
0x140038040 CopySid
0x140038048 GetLengthSid
ole32.dll
0x140038470 CoTaskMemAlloc
0x140038478 CLSIDFromString
0x140038480 StgCreateDocfileOnILockBytes
0x140038488 CoGetInstanceFromIStorage
0x140038490 CoInitialize
0x140038498 CreateILockBytesOnHGlobal
WS2_32.dll
0x1400383e0 freeaddrinfo
0x1400383e8 setsockopt
0x1400383f0 shutdown
0x1400383f8 recv
0x140038400 send
0x140038408 closesocket
0x140038410 ind
0x140038418 WSAGetLastError
0x140038420 socket
0x140038428 WSACleanup
0x140038430 getaddrinfo
0x140038438 WSAStartup
0x140038440 accept
0x140038448 select
0x140038450 listen
0x140038458 __WSAFDIsSet
0x140038460 connect
EAT(Export Address Table) is none