Report - ZeroBOX

ScreenShot

Info
Location map


Created	2024.07.23 07:38	Machine	s1_win7_x6401
Filename	215.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	Not founds	Behavior Score	4.4
ZERO API	file : clean
VT API (file)
md5	5824dfdc189116156a9619a5af980de4
sha256	35a4178a89270867a969750a3e20b143491472bb06bbfef975fa62bb37d72fe8
ssdeep	196608:xDsXFti0lFlBySXz1mpq4RsPe6JHZ1ggWchgtwmfaq6TlbC4OC8oKGRwgoa5V:4ttlByaDim9PphjwgoMV
imphash	ff2ec81fd8a60f4267eae22ce0c8224f
impfuzzy	384:A+shWyVLOT1rhXkgdaKk94AVib2PNfumMWil:A+shWkw1rhldaK64ABil

Network IP location

Signature (11cnts)

Level	Description
danger	Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
watch	Communicates with host for which no DNS query was performed
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Performs some HTTP requests
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	Checks amount of memory in system
info	Queries for the computername
info	The file contains an unknown PE resource name possibly indicative of a packer
info	This executable has a PDB path

Rules (11cnts)

Level	Name	Description	Collection
danger	Win32_Trojan_Emotet_1_Zero	Win32 Trojan Emotet	binaries (upload)
danger	Win32_Trojan_Emotet_2_Zero	Win32 Trojan Emotet	binaries (upload)
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	Malicious_Packer_Zero	Malicious Packer	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	ftp_command	ftp command	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)
info	PNG_Format_Zero	PNG Format	binaries (download)

Network (4cnts) ?

Request	ASN Co	IP4	ZERO ?
https://pastebin.com/raw/kPvvMYDF whois	CLOUDFLARENET	104.20.3.235	clean
pastebin.com whois	CLOUDFLARENET	104.20.3.235	mailcious
104.20.3.235 whois	CLOUDFLARENET	104.20.3.235	malware
45.141.87.16 whois	IT Outsourcing LLC	45.141.87.16	clean

Suricata ids

PE API

IAT(Import Address Table) Library

WS2_32.dll
0x8b1a88 closesocket
0x8b1a8c inet_addr
0x8b1a90 socket
0x8b1a94 select
0x8b1a98 ind
0x8b1a9c WSAGetLastError
0x8b1aa0 gethostbyname
0x8b1aa4 WSASetLastError
0x8b1aa8 connect
0x8b1aac send
0x8b1ab0 recv
0x8b1ab4 WSACleanup
0x8b1ab8 WSAStartup
0x8b1abc inet_ntoa
0x8b1ac0 ntohs
0x8b1ac4 htons
0x8b1ac8 getsockname
KERNEL32.dll
0x8b12a8 GetComputerNameW
0x8b12ac FormatMessageA
0x8b12b0 DeleteFileA
0x8b12b4 CreateDirectoryA
0x8b12b8 SetFileAttributesA
0x8b12bc GetFileAttributesA
0x8b12c0 ReleaseSemaphore
0x8b12c4 LocalSize
0x8b12c8 OpenProcess
0x8b12cc FlushInstructionCache
0x8b12d0 lstrcpynA
0x8b12d4 GetUserDefaultLangID
0x8b12d8 OutputDebugStringW
0x8b12dc GetPrivateProfileSectionNamesW
0x8b12e0 GetLocalTime
0x8b12e4 LoadLibraryExW
0x8b12e8 lstrcpynW
0x8b12ec EnumResourceTypesW
0x8b12f0 FindResourceW
0x8b12f4 LoadResource
0x8b12f8 SizeofResource
0x8b12fc LockResource
0x8b1300 GetFileSize
0x8b1304 MapViewOfFile
0x8b1308 UnmapViewOfFile
0x8b130c WideCharToMultiByte
0x8b1310 CopyFileW
0x8b1314 FormatMessageW
0x8b1318 CreateFileW
0x8b131c GetLastError
0x8b1320 MoveFileW
0x8b1324 CreateFileMappingW
0x8b1328 CloseHandle
0x8b132c DeleteFileW
0x8b1330 LocalFree
0x8b1334 InitializeCriticalSection
0x8b1338 Sleep
0x8b133c LeaveCriticalSection
0x8b1340 EnterCriticalSection
0x8b1344 DeleteCriticalSection
0x8b1348 lstrlenW
0x8b134c GetCurrentDirectoryW
0x8b1350 ExitProcess
0x8b1354 SystemTimeToFileTime
0x8b1358 CreateDirectoryW
0x8b135c GetModuleHandleW
0x8b1360 GetTickCount
0x8b1364 SetFileTime
0x8b1368 LoadLibraryW
0x8b136c GetVersionExW
0x8b1370 GetFileAttributesW
0x8b1374 FileTimeToSystemTime
0x8b1378 GetModuleFileNameW
0x8b137c MultiByteToWideChar
0x8b1380 GetTempPathW
0x8b1384 GetLongPathNameW
0x8b1388 SetLastError
0x8b138c GetProcAddress
0x8b1390 GetFileTime
0x8b1394 GetFileAttributesExW
0x8b1398 GetSystemTime
0x8b139c GetTempFileNameW
0x8b13a0 EnumResourceNamesW
0x8b13a4 SetEnvironmentVariableA
0x8b13a8 GetProcessHeap
0x8b13ac WriteConsoleW
0x8b13b0 GetConsoleOutputCP
0x8b13b4 WriteConsoleA
0x8b13b8 GetFullPathNameA
0x8b13bc GetDriveTypeA
0x8b13c0 GetCurrentDirectoryA
0x8b13c4 CreateFileA
0x8b13c8 GetLocaleInfoA
0x8b13cc GetStringTypeW
0x8b13d0 GetStringTypeA
0x8b13d4 LCMapStringA
0x8b13d8 GetConsoleMode
0x8b13dc GetConsoleCP
0x8b13e0 InitializeCriticalSectionAndSpinCount
0x8b13e4 GetDateFormatA
0x8b13e8 GetTimeFormatA
0x8b13ec GetTimeZoneInformation
0x8b13f0 LCMapStringW
0x8b13f4 IsValidCodePage
0x8b13f8 GetOEMCP
0x8b13fc GetCPInfo
0x8b1400 QueryPerformanceCounter
0x8b1404 VirtualFree
0x8b1408 HeapCreate
0x8b140c GetStartupInfoA
0x8b1410 SetHandleCount
0x8b1414 GetCommandLineW
0x8b1418 GetEnvironmentStringsW
0x8b141c FreeEnvironmentStringsW
0x8b1420 GetModuleFileNameA
0x8b1424 GetStdHandle
0x8b1428 GetFileType
0x8b142c SetStdHandle
0x8b1430 HeapSize
0x8b1434 VirtualQuery
0x8b1438 GetSystemInfo
0x8b143c VirtualAlloc
0x8b1440 CreateThread
0x8b1444 ExitThread
0x8b1448 RtlUnwind
0x8b144c HeapReAlloc
0x8b1450 HeapAlloc
0x8b1454 HeapFree
0x8b1458 IsDebuggerPresent
0x8b145c SetUnhandledExceptionFilter
0x8b1460 UnhandledExceptionFilter
0x8b1464 TerminateProcess
0x8b1468 GetSystemTimeAsFileTime
0x8b146c GetStartupInfoW
0x8b1470 GetProfileIntW
0x8b1474 FindResourceExW
0x8b1478 GetFileSizeEx
0x8b147c LocalFileTimeToFileTime
0x8b1480 SetErrorMode
0x8b1484 GlobalFlags
0x8b1488 TlsFree
0x8b148c LocalReAlloc
0x8b1490 TlsSetValue
0x8b1494 TlsAlloc
0x8b1498 GlobalHandle
0x8b149c TlsGetValue
0x8b14a0 RaiseException
0x8b14a4 VirtualProtect
0x8b14a8 lstrlenA
0x8b14ac GlobalReAlloc
0x8b14b0 GetDiskFreeSpaceW
0x8b14b4 LocalAlloc
0x8b14b8 GetPrivateProfileStringW
0x8b14bc WritePrivateProfileStringW
0x8b14c0 GetPrivateProfileIntW
0x8b14c4 FileTimeToLocalFileTime
0x8b14c8 FindNextFileW
0x8b14cc GetCurrentThread
0x8b14d0 ConvertDefaultLocale
0x8b14d4 EnumResourceLanguagesW
0x8b14d8 lstrcmpA
0x8b14dc GetLocaleInfoW
0x8b14e0 CompareStringA
0x8b14e4 InterlockedExchange
0x8b14e8 GetModuleHandleA
0x8b14ec GlobalGetAtomNameW
0x8b14f0 CreateEventW
0x8b14f4 SuspendThread
0x8b14f8 SetEvent
0x8b14fc ResumeThread
0x8b1500 SetThreadPriority
0x8b1504 GetShortPathNameW
0x8b1508 GetFullPathNameW
0x8b150c GetVolumeInformationW
0x8b1510 FindFirstFileW
0x8b1514 FindClose
0x8b1518 GetCurrentProcess
0x8b151c DuplicateHandle
0x8b1520 SetEndOfFile
0x8b1524 UnlockFile
0x8b1528 LockFile
0x8b152c FlushFileBuffers
0x8b1530 SetFilePointer
0x8b1534 WriteFile
0x8b1538 ReadFile
0x8b153c lstrcmpiW
0x8b1540 GetThreadLocale
0x8b1544 GetStringTypeExW
0x8b1548 GetCurrentProcessId
0x8b154c GetCurrentThreadId
0x8b1550 GlobalAddAtomW
0x8b1554 GlobalFindAtomW
0x8b1558 GlobalDeleteAtom
0x8b155c CompareStringW
0x8b1560 LoadLibraryA
0x8b1564 lstrcmpW
0x8b1568 GetVersionExA
0x8b156c GlobalSize
0x8b1570 GlobalAlloc
0x8b1574 MulDiv
0x8b1578 GlobalFree
0x8b157c FreeResource
0x8b1580 InterlockedIncrement
0x8b1584 WaitForSingleObject
0x8b1588 MoveFileExW
0x8b158c FreeLibrary
0x8b1590 RemoveDirectoryW
0x8b1594 GlobalUnlock
0x8b1598 GlobalLock
0x8b159c GetACP
0x8b15a0 CreateProcessW
0x8b15a4 InterlockedDecrement
0x8b15a8 CompareFileTime
0x8b15ac SetFileAttributesW
USER32.dll
0x8b1688 OpenClipboard
0x8b168c GetDoubleClickTime
0x8b1690 DrawEdge
0x8b1694 DrawFrameControl
0x8b1698 GetCursor
0x8b169c InvertRect
0x8b16a0 DrawFocusRect
0x8b16a4 LoadMenuIndirectW
0x8b16a8 LookupIconIdFromDirectoryEx
0x8b16ac SetClipboardData
0x8b16b0 DrawIconEx
0x8b16b4 LoadImageW
0x8b16b8 CreateIconIndirect
0x8b16bc CreateIconFromResourceEx
0x8b16c0 CopyIcon
0x8b16c4 GetIconInfo
0x8b16c8 DrawStateW
0x8b16cc LockWindowUpdate
0x8b16d0 GetDCEx
0x8b16d4 GetTabbedTextExtentA
0x8b16d8 CreateMenu
0x8b16dc PostThreadMessageW
0x8b16e0 MessageBeep
0x8b16e4 GetNextDlgGroupItem
0x8b16e8 InvalidateRgn
0x8b16ec CopyAcceleratorTableW
0x8b16f0 CharNextW
0x8b16f4 DestroyIcon
0x8b16f8 SetWindowRgn
0x8b16fc DrawIcon
0x8b1700 UnionRect
0x8b1704 SetParent
0x8b1708 GetSystemMenu
0x8b170c IsRectEmpty
0x8b1710 UnregisterClassW
0x8b1714 GetDialogBaseUnits
0x8b1718 GetSysColorBrush
0x8b171c WindowFromPoint
0x8b1720 IsClipboardFormatAvailable
0x8b1724 GetAsyncKeyState
0x8b1728 WaitMessage
0x8b172c SetWindowContextHelpId
0x8b1730 MapDialogRect
0x8b1734 ShowOwnedPopups
0x8b1738 PostQuitMessage
0x8b173c EndPaint
0x8b1740 BeginPaint
0x8b1744 GetWindowDC
0x8b1748 GrayStringW
0x8b174c DrawTextExW
0x8b1750 DrawTextW
0x8b1754 TabbedTextOutW
0x8b1758 DestroyCursor
0x8b175c SetCursorPos
0x8b1760 MapVirtualKeyW
0x8b1764 GetKeyNameTextW
0x8b1768 SystemParametersInfoW
0x8b176c GetMenuItemInfoW
0x8b1770 InflateRect
0x8b1774 RedrawWindow
0x8b1778 TranslateMDISysAccel
0x8b177c DrawMenuBar
0x8b1780 DefMDIChildProcW
0x8b1784 DefFrameProcW
0x8b1788 UnpackDDElParam
0x8b178c ReuseDDElParam
0x8b1790 DestroyMenu
0x8b1794 LoadAcceleratorsW
0x8b1798 InsertMenuItemW
0x8b179c CreatePopupMenu
0x8b17a0 SetRectEmpty
0x8b17a4 TranslateAcceleratorW
0x8b17a8 GetMessageW
0x8b17ac TranslateMessage
0x8b17b0 CloseClipboard
0x8b17b4 ValidateRect
0x8b17b8 CharUpperW
0x8b17bc MoveWindow
0x8b17c0 IsDialogMessageW
0x8b17c4 SetDlgItemTextW
0x8b17c8 SendDlgItemMessageW
0x8b17cc SendDlgItemMessageA
0x8b17d0 WinHelpW
0x8b17d4 IsChild
0x8b17d8 GetCapture
0x8b17dc SetWindowsHookExW
0x8b17e0 CallNextHookEx
0x8b17e4 GetClassLongW
0x8b17e8 GetClassNameW
0x8b17ec SetPropW
0x8b17f0 GetWindowRect
0x8b17f4 UpdateWindow
0x8b17f8 RegisterClipboardFormatW
0x8b17fc LoadBitmapW
0x8b1800 GetDesktopWindow
0x8b1804 GetPropW
0x8b1808 RemovePropW
0x8b180c GetWindowTextLengthW
0x8b1810 GetForegroundWindow
0x8b1814 GetLastActivePopup
0x8b1818 DispatchMessageW
0x8b181c BeginDeferWindowPos
0x8b1820 EndDeferWindowPos
0x8b1824 GetTopWindow
0x8b1828 GetMessageTime
0x8b182c PeekMessageW
0x8b1830 MapWindowPoints
0x8b1834 ScrollWindow
0x8b1838 TrackPopupMenu
0x8b183c SetMenu
0x8b1840 GetClassInfoExW
0x8b1844 GetClassInfoW
0x8b1848 RegisterClassW
0x8b184c AdjustWindowRectEx
0x8b1850 EqualRect
0x8b1854 DeferWindowPos
0x8b1858 GetScrollInfo
0x8b185c SetScrollInfo
0x8b1860 SetWindowPlacement
0x8b1864 GetDlgCtrlID
0x8b1868 DefWindowProcW
0x8b186c CallWindowProcW
0x8b1870 GetMenu
0x8b1874 SetWindowPos
0x8b1878 OffsetRect
0x8b187c SystemParametersInfoA
0x8b1880 GetWindowPlacement
0x8b1884 GetSystemMetrics
0x8b1888 GetMenuStringW
0x8b188c AppendMenuW
0x8b1890 GetMenuItemID
0x8b1894 UnhookWindowsHookEx
0x8b1898 GetActiveWindow
0x8b189c EmptyClipboard
0x8b18a0 GetMenuDefaultItem
0x8b18a4 CloseDesktop
0x8b18a8 GetUserObjectInformationW
0x8b18ac OpenInputDesktop
0x8b18b0 ToUnicodeEx
0x8b18b4 GetKeyboardState
0x8b18b8 GetKeyboardLayoutList
0x8b18bc IsCharLowerW
0x8b18c0 MapVirtualKeyExW
0x8b18c4 GetKeyboardLayout
0x8b18c8 GetWindowRgn
0x8b18cc IsMenu
0x8b18d0 CreateDialogIndirectParamW
0x8b18d4 DestroyWindow
0x8b18d8 GetWindowLongW
0x8b18dc IsWindowEnabled
0x8b18e0 GetNextDlgTabItem
0x8b18e4 SetMenuItemBitmaps
0x8b18e8 GetMenuCheckMarkDimensions
0x8b18ec GetMenuState
0x8b18f0 ClientToScreen
0x8b18f4 SetFocus
0x8b18f8 GetDlgItem
0x8b18fc SetWindowLongW
0x8b1900 EndDialog
0x8b1904 ShowCaret
0x8b1908 HideCaret
0x8b190c SetClassLongW
0x8b1910 GetClipboardFormatNameW
0x8b1914 SetWindowLongA
0x8b1918 GetWindowLongA
0x8b191c IsWindowUnicode
0x8b1920 SendMessageTimeoutW
0x8b1924 SetMenuDefaultItem
0x8b1928 GetCursorPos
0x8b192c GetWindowTextW
0x8b1930 IntersectRect
0x8b1934 EnumWindows
0x8b1938 PostMessageW
0x8b193c CopyRect
0x8b1940 CheckMenuItem
0x8b1944 GetScrollPos
0x8b1948 ReleaseCapture
0x8b194c RemoveMenu
0x8b1950 ShowScrollBar
0x8b1954 EnableMenuItem
0x8b1958 SetScrollPos
0x8b195c LoadMenuW
0x8b1960 GetScrollRange
0x8b1964 SetScrollRange
0x8b1968 PtInRect
0x8b196c ModifyMenuW
0x8b1970 GetClientRect
0x8b1974 GetSubMenu
0x8b1978 GetSysColor
0x8b197c KillTimer
0x8b1980 SetTimer
0x8b1984 ScreenToClient
0x8b1988 EnableWindow
0x8b198c SendMessageW
0x8b1990 LoadIconW
0x8b1994 RegisterWindowMessageW
0x8b1998 InsertMenuW
0x8b199c GetParent
0x8b19a0 GetMenuItemCount
0x8b19a4 wsprintfW
0x8b19a8 DeleteMenu
0x8b19ac IsWindowVisible
0x8b19b0 IsWindow
0x8b19b4 InvalidateRect
0x8b19b8 GetFocus
0x8b19bc SetForegroundWindow
0x8b19c0 BringWindowToTop
0x8b19c4 GetMessagePos
0x8b19c8 LoadCursorW
0x8b19cc SetCursor
0x8b19d0 ReleaseDC
0x8b19d4 GetDC
0x8b19d8 GetWindowThreadProcessId
0x8b19dc MessageBoxW
0x8b19e0 GetKeyState
0x8b19e4 SetCapture
0x8b19e8 FrameRect
0x8b19ec FillRect
0x8b19f0 GetWindow
0x8b19f4 SetRect
0x8b19f8 IsZoomed
0x8b19fc IsIconic
0x8b1a00 SetActiveWindow
0x8b1a04 SetWindowTextW
0x8b1a08 CreateWindowExW
0x8b1a0c ShowWindow
GDI32.dll
0x8b10d8 PolyBezierTo
0x8b10dc ExtSelectClipRgn
0x8b10e0 DeleteDC
0x8b10e4 CreatePatternBrush
0x8b10e8 GetStockObject
0x8b10ec SelectPalette
0x8b10f0 GetObjectType
0x8b10f4 CreatePen
0x8b10f8 GetViewportOrgEx
0x8b10fc DPtoLP
0x8b1100 Rectangle
0x8b1104 StartPage
0x8b1108 EndPage
0x8b110c SetAbortProc
0x8b1110 AbortDoc
0x8b1114 EndDoc
0x8b1118 SetRectRgn
0x8b111c CombineRgn
0x8b1120 GetMapMode
0x8b1124 StretchDIBits
0x8b1128 CreateEllipticRgn
0x8b112c Ellipse
0x8b1130 GetTextColor
0x8b1134 GetRgnBox
0x8b1138 GetNearestColor
0x8b113c GetBkMode
0x8b1140 GetPolyFillMode
0x8b1144 GetROP2
0x8b1148 GetStretchBltMode
0x8b114c GetTextAlign
0x8b1150 GetTextFaceW
0x8b1154 GetTextExtentPoint32A
0x8b1158 GetWindowOrgEx
0x8b115c EnumFontFamiliesExW
0x8b1160 StretchBlt
0x8b1164 CreateDIBSection
0x8b1168 SetPixel
0x8b116c GetDIBits
0x8b1170 CreateBrushIndirect
0x8b1174 Polygon
0x8b1178 BeginPath
0x8b117c EndPath
0x8b1180 StrokePath
0x8b1184 GetBitmapBits
0x8b1188 ExtCreateRegion
0x8b118c GetCurrentObject
0x8b1190 CreatePolygonRgn
0x8b1194 RoundRect
0x8b1198 Polyline
0x8b119c FillPath
0x8b11a0 StrokeAndFillPath
0x8b11a4 CloseFigure
0x8b11a8 PtInRegion
0x8b11ac ExtFloodFill
0x8b11b0 SetBrushOrgEx
0x8b11b4 GetObjectA
0x8b11b8 OffsetRgn
0x8b11bc GetTextCharsetInfo
0x8b11c0 CreatePalette
0x8b11c4 CreateDIBitmap
0x8b11c8 GetCurrentPositionEx
0x8b11cc ScaleWindowExtEx
0x8b11d0 SetWindowExtEx
0x8b11d4 SetWindowOrgEx
0x8b11d8 ScaleViewportExtEx
0x8b11dc SetViewportExtEx
0x8b11e0 OffsetViewportOrgEx
0x8b11e4 SetViewportOrgEx
0x8b11e8 Escape
0x8b11ec TextOutW
0x8b11f0 RectVisible
0x8b11f4 PtVisible
0x8b11f8 StartDocW
0x8b11fc GetPixel
0x8b1200 GetWindowExtEx
0x8b1204 GetViewportExtEx
0x8b1208 CreateRectRgn
0x8b120c GetClipRgn
0x8b1210 SelectClipRgn
0x8b1214 DeleteObject
0x8b1218 SetTextAlign
0x8b121c MoveToEx
0x8b1220 LineTo
0x8b1224 IntersectClipRect
0x8b1228 ExcludeClipRect
0x8b122c SetMapMode
0x8b1230 SetStretchBltMode
0x8b1234 SetROP2
0x8b1238 SetPolyFillMode
0x8b123c SetBkMode
0x8b1240 RestoreDC
0x8b1244 SaveDC
0x8b1248 SelectObject
0x8b124c CreateRectRgnIndirect
0x8b1250 ExtTextOutW
0x8b1254 BitBlt
0x8b1258 CreateFontIndirectW
0x8b125c GetBkColor
0x8b1260 GetDeviceCaps
0x8b1264 PatBlt
0x8b1268 CreateSolidBrush
0x8b126c GetTextMetricsW
0x8b1270 CreateFontW
0x8b1274 GetCharWidthW
0x8b1278 CreateBitmap
0x8b127c GetTextExtentPoint32W
0x8b1280 CopyMetaFileW
0x8b1284 CreateDCW
0x8b1288 GetClipBox
0x8b128c SetTextColor
0x8b1290 SetBkColor
0x8b1294 GetObjectW
0x8b1298 CreateCompatibleBitmap
0x8b129c LPtoDP
0x8b12a0 CreateCompatibleDC
COMDLG32.dll
0x8b10a4 GetFileTitleW
WINSPOOL.DRV
0x8b1a74 ClosePrinter
0x8b1a78 OpenPrinterW
0x8b1a7c GetJobW
0x8b1a80 DocumentPropertiesW
ADVAPI32.dll
0x8b1000 RegCloseKey
0x8b1004 RegSetValueW
0x8b1008 RegQueryValueExW
0x8b100c RegOpenKeyW
0x8b1010 RegOpenKeyExW
0x8b1014 RegDeleteKeyW
0x8b1018 RegEnumKeyW
0x8b101c RegQueryValueW
0x8b1020 RegCreateKeyExW
0x8b1024 RegSetValueExW
0x8b1028 RegDeleteValueW
0x8b102c SetFileSecurityW
0x8b1030 GetFileSecurityW
0x8b1034 RegCreateKeyW
0x8b1038 CryptAcquireContextA
0x8b103c CryptReleaseContext
0x8b1040 CryptGenRandom
0x8b1044 IsTextUnicode
0x8b1048 GetUserNameA
0x8b104c RegOpenKeyExA
0x8b1050 RegQueryValueExA
0x8b1054 CryptDestroyKey
0x8b1058 CryptExportKey
0x8b105c CryptGetUserKey
0x8b1060 CryptDestroyHash
0x8b1064 CryptCreateHash
0x8b1068 CryptSignHashA
0x8b106c CryptSetHashParam
0x8b1070 CryptEnumProvidersA
0x8b1074 CryptGetProvParam
SHELL32.dll
0x8b1630 SHAppBarMessage
0x8b1634 DragAcceptFiles
0x8b1638 SHGetSpecialFolderPathW
0x8b163c DragQueryFileW
0x8b1640 SHBrowseForFolderW
0x8b1644 SHGetMalloc
0x8b1648 SHGetPathFromIDListW
0x8b164c SHGetFileInfoW
0x8b1650 DragFinish
0x8b1654 ExtractIconW
0x8b1658 ShellExecuteW
0x8b165c SHGetSpecialFolderLocation
COMCTL32.dll
0x8b107c ImageList_DrawEx
0x8b1080 ImageList_GetIconSize
0x8b1084 ImageList_Destroy
0x8b1088 _TrackMouseEvent
0x8b108c FlatSB_GetScrollProp
0x8b1090 ImageList_GetBkColor
0x8b1094 ImageList_GetImageInfo
0x8b1098 ImageList_DrawIndirect
0x8b109c ImageList_GetImageCount
SHLWAPI.dll
0x8b1664 PathStripToRootW
0x8b1668 PathIsUNCW
0x8b166c PathRemoveFileSpecW
0x8b1670 PathFindExtensionW
0x8b1674 PathFindFileNameW
0x8b1678 PathCombineW
0x8b167c SHCreateStreamOnFileW
0x8b1680 PathFindFileNameA
oledlg.dll
0x8b1c18 OleUIAddVerbMenuW
0x8b1c1c OleUIBusyW
ole32.dll
0x8b1b88 CoLockObjectExternal
0x8b1b8c OleRun
0x8b1b90 CreateStreamOnHGlobal
0x8b1b94 OleDestroyMenuDescriptor
0x8b1b98 OleCreateMenuDescriptor
0x8b1b9c IsAccelerator
0x8b1ba0 OleTranslateAccelerator
0x8b1ba4 CoRegisterMessageFilter
0x8b1ba8 CoRevokeClassObject
0x8b1bac CreateILockBytesOnHGlobal
0x8b1bb0 StgCreateDocfileOnILockBytes
0x8b1bb4 StgOpenStorageOnILockBytes
0x8b1bb8 CoGetClassObject
0x8b1bbc OleGetClipboard
0x8b1bc0 OleIsCurrentClipboard
0x8b1bc4 OleSetClipboard
0x8b1bc8 OleInitialize
0x8b1bcc CoFreeUnusedLibraries
0x8b1bd0 OleUninitialize
0x8b1bd4 CLSIDFromString
0x8b1bd8 CLSIDFromProgID
0x8b1bdc CoDisconnectObject
0x8b1be0 OleDuplicateData
0x8b1be4 CoTaskMemAlloc
0x8b1be8 ReleaseStgMedium
0x8b1bec CoTaskMemFree
0x8b1bf0 CoInitialize
0x8b1bf4 CoInitializeEx
0x8b1bf8 CoInitializeSecurity
0x8b1bfc CoUninitialize
0x8b1c00 CoSetProxyBlanket
0x8b1c04 CoCreateInstance
0x8b1c08 RevokeDragDrop
0x8b1c0c RegisterDragDrop
0x8b1c10 OleFlushClipboard
OLEAUT32.dll
0x8b15b4 SysAllocString
0x8b15b8 VariantClear
0x8b15bc SysStringLen
0x8b15c0 SysAllocStringByteLen
0x8b15c4 SysStringByteLen
0x8b15c8 SysAllocStringLen
0x8b15cc VariantChangeType
0x8b15d0 VariantInit
0x8b15d4 VariantCopy
0x8b15d8 DispCallFunc
0x8b15dc LoadRegTypeLib
0x8b15e0 SafeArrayUnaccessData
0x8b15e4 SafeArrayAccessData
0x8b15e8 SafeArrayGetUBound
0x8b15ec SafeArrayGetLBound
0x8b15f0 SafeArrayGetElemsize
0x8b15f4 SafeArrayGetDim
0x8b15f8 SafeArrayCreate
0x8b15fc SafeArrayDestroy
0x8b1600 VariantTimeToSystemTime
0x8b1604 SystemTimeToVariantTime
0x8b1608 VarDateFromStr
0x8b160c VarBstrFromDate
0x8b1610 LoadTypeLib
0x8b1614 OleCreateFontIndirect
0x8b1618 OleLoadPicturePath
0x8b161c VarUdateFromDate
0x8b1620 VariantChangeTypeEx
0x8b1624 GetErrorInfo
0x8b1628 SysFreeString
WSOCK32.dll
0x8b1ad0 inet_ntoa
0x8b1ad4 __WSAFDIsSet
0x8b1ad8 shutdown
0x8b1adc setsockopt
0x8b1ae0 getsockopt
gdiplus.dll
0x8b1ae8 GdipDeleteBrush
0x8b1aec GdipFree
0x8b1af0 GdipAlloc
0x8b1af4 GdipCreateStringFormat
0x8b1af8 GdipDeleteStringFormat
0x8b1afc GdipDeleteGraphics
0x8b1b00 GdipDeleteFont
0x8b1b04 GdipCreateSolidFill
0x8b1b08 GdipSetStringFormatLineAlign
0x8b1b0c GdipSetStringFormatTrimming
0x8b1b10 GdipCreateFromHDC
0x8b1b14 GdipSetCompositingMode
0x8b1b18 GdipSetCompositingQuality
0x8b1b1c GdipFillRectangle
0x8b1b20 GdipDrawString
0x8b1b24 GdipDisposeImageAttributes
0x8b1b28 GdipCreateFontFromLogfontA
0x8b1b2c GdipCloneBrush
0x8b1b30 GdiplusStartup
0x8b1b34 GdiplusShutdown
0x8b1b38 GdipSetLineBlend
0x8b1b3c GdipCreatePath
0x8b1b40 GdipDeletePath
0x8b1b44 GdipSetPathGradientCenterColor
0x8b1b48 GdipGetPathGradientPointCount
0x8b1b4c GdipSetPathGradientSurroundColorsWithCount
0x8b1b50 GdipSetPathGradientCenterPointI
0x8b1b54 GdipSetPathGradientBlend
0x8b1b58 GdipCreateLineBrush
0x8b1b5c GdipCreateLineBrushI
0x8b1b60 GdipAddPathEllipseI
0x8b1b64 GdipCreatePathGradientFromPath
0x8b1b68 GdipSetSmoothingMode
0x8b1b6c GdipFillRectangleI
0x8b1b70 GdipFillPieI
0x8b1b74 GdipCreateImageAttributes
0x8b1b78 GdipCreateFontFromDC
WININET.dll
0x8b1a14 InternetCloseHandle
0x8b1a18 InternetFindNextFileW
0x8b1a1c FtpGetFileW
0x8b1a20 FtpPutFileW
0x8b1a24 FtpGetCurrentDirectoryW
0x8b1a28 FtpSetCurrentDirectoryW
0x8b1a2c FtpRemoveDirectoryW
0x8b1a30 FtpCreateDirectoryW
0x8b1a34 FtpRenameFileW
0x8b1a38 FtpDeleteFileW
0x8b1a3c InternetQueryDataAvailable
0x8b1a40 InternetOpenW
0x8b1a44 InternetSetStatusCallbackW
0x8b1a48 InternetSetFilePointer
0x8b1a4c InternetWriteFile
0x8b1a50 InternetReadFile
0x8b1a54 FtpOpenFileW
0x8b1a58 FtpCommandW
0x8b1a5c FtpFindFirstFileW
0x8b1a60 InternetConnectW
0x8b1a64 InternetGetLastResponseInfoW
imagehlp.dll
0x8b1b80 ImageDirectoryEntryToData
WINMM.dll
0x8b1a6c PlaySoundW
CRYPT32.dll
0x8b10ac CertDuplicateCertificateContext
0x8b10b0 CertEnumCertificatesInStore
0x8b10b4 CertOpenStore
0x8b10b8 CertNameToStrW
0x8b10bc CryptDecodeObject
0x8b10c0 CertGetCertificateContextProperty
0x8b10c4 CertCreateCertificateContext
0x8b10c8 CertFreeCertificateContext
0x8b10cc CertSetCertificateContextProperty
0x8b10d0 CertCloseStore

EAT(Export Address Table) is none

Report - 215.exe

Signature (11cnts)

Rules (11cnts)

Network (4cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure