ScreenShot
| Created | 2024.07.24 21:45 | Machine | s1_win7_x6401 |
| Filename | test.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 2 detected (AIDetectMalware, MALICIOUS) | ||
| md5 | 0784da3d1a6ab997b2842fbf73b29688 | ||
| sha256 | 749c485da4adacfa775ecfd1d98c849b251157ef8df6de350d21a729d528e653 | ||
| ssdeep | 3072:c3+8oP9VR+EpZOEPot2pABIyzzZK0AujAbHchW6BzSMTIx5vD:C+pyUZVPot2aRzZKYsjeED | ||
| imphash | eb5d30a5054ebb967441de70a207b912 | ||
| impfuzzy | 24:+aZzE0qEzWKAWA02tdS1hwcpVfKgGUJBl3eDoroUOovbOIhvREZHu99RFZ4GMAo1:v1OWAtdS1mcpVfKgGspXi3WjFZO1 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | Expresses interest in specific running processes |
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14002e000 AdjustTokenPrivileges
0x14002e008 OpenProcessToken
0x14002e010 ImpersonateLoggedOnUser
0x14002e018 RevertToSelf
0x14002e020 DuplicateTokenEx
0x14002e028 CreateProcessWithTokenW
0x14002e030 LookupPrivilegeValueW
KERNEL32.dll
0x14002e040 GetLastError
0x14002e048 CreateToolhelp32Snapshot
0x14002e050 Process32FirstW
0x14002e058 Process32NextW
0x14002e060 CloseHandle
0x14002e068 OpenProcess
0x14002e070 ReleaseSRWLockExclusive
0x14002e078 AcquireSRWLockExclusive
0x14002e080 WakeAllConditionVariable
0x14002e088 SleepConditionVariableSRW
0x14002e090 RtlCaptureContext
0x14002e098 RtlLookupFunctionEntry
0x14002e0a0 RtlVirtualUnwind
0x14002e0a8 UnhandledExceptionFilter
0x14002e0b0 SetUnhandledExceptionFilter
0x14002e0b8 GetCurrentProcess
0x14002e0c0 TerminateProcess
0x14002e0c8 IsProcessorFeaturePresent
0x14002e0d0 IsDebuggerPresent
0x14002e0d8 GetStartupInfoW
0x14002e0e0 GetModuleHandleW
0x14002e0e8 QueryPerformanceCounter
0x14002e0f0 GetCurrentProcessId
0x14002e0f8 GetCurrentThreadId
0x14002e100 GetSystemTimeAsFileTime
0x14002e108 InitializeSListHead
0x14002e110 WideCharToMultiByte
0x14002e118 EncodePointer
0x14002e120 DecodePointer
0x14002e128 EnterCriticalSection
0x14002e130 LeaveCriticalSection
0x14002e138 InitializeCriticalSectionEx
0x14002e140 DeleteCriticalSection
0x14002e148 MultiByteToWideChar
0x14002e150 LCMapStringEx
0x14002e158 GetStringTypeW
0x14002e160 GetCPInfo
0x14002e168 WriteConsoleW
0x14002e170 RtlPcToFileHeader
0x14002e178 RaiseException
0x14002e180 RtlUnwindEx
0x14002e188 SetLastError
0x14002e190 InitializeCriticalSectionAndSpinCount
0x14002e198 TlsAlloc
0x14002e1a0 TlsGetValue
0x14002e1a8 TlsSetValue
0x14002e1b0 TlsFree
0x14002e1b8 FreeLibrary
0x14002e1c0 GetProcAddress
0x14002e1c8 LoadLibraryExW
0x14002e1d0 ExitProcess
0x14002e1d8 GetModuleHandleExW
0x14002e1e0 GetModuleFileNameW
0x14002e1e8 GetStdHandle
0x14002e1f0 WriteFile
0x14002e1f8 GetCommandLineA
0x14002e200 GetCommandLineW
0x14002e208 HeapFree
0x14002e210 HeapAlloc
0x14002e218 GetFileType
0x14002e220 FindClose
0x14002e228 FindFirstFileExW
0x14002e230 FindNextFileW
0x14002e238 IsValidCodePage
0x14002e240 GetACP
0x14002e248 GetOEMCP
0x14002e250 GetEnvironmentStringsW
0x14002e258 FreeEnvironmentStringsW
0x14002e260 SetEnvironmentVariableW
0x14002e268 FlsAlloc
0x14002e270 FlsGetValue
0x14002e278 FlsSetValue
0x14002e280 FlsFree
0x14002e288 CompareStringW
0x14002e290 LCMapStringW
0x14002e298 GetLocaleInfoW
0x14002e2a0 IsValidLocale
0x14002e2a8 GetUserDefaultLCID
0x14002e2b0 EnumSystemLocalesW
0x14002e2b8 GetProcessHeap
0x14002e2c0 SetStdHandle
0x14002e2c8 FlushFileBuffers
0x14002e2d0 GetConsoleOutputCP
0x14002e2d8 GetConsoleMode
0x14002e2e0 ReadFile
0x14002e2e8 GetFileSizeEx
0x14002e2f0 SetFilePointerEx
0x14002e2f8 ReadConsoleW
0x14002e300 HeapReAlloc
0x14002e308 HeapSize
0x14002e310 CreateFileW
0x14002e318 RtlUnwind
EAT(Export Address Table) is none
ADVAPI32.dll
0x14002e000 AdjustTokenPrivileges
0x14002e008 OpenProcessToken
0x14002e010 ImpersonateLoggedOnUser
0x14002e018 RevertToSelf
0x14002e020 DuplicateTokenEx
0x14002e028 CreateProcessWithTokenW
0x14002e030 LookupPrivilegeValueW
KERNEL32.dll
0x14002e040 GetLastError
0x14002e048 CreateToolhelp32Snapshot
0x14002e050 Process32FirstW
0x14002e058 Process32NextW
0x14002e060 CloseHandle
0x14002e068 OpenProcess
0x14002e070 ReleaseSRWLockExclusive
0x14002e078 AcquireSRWLockExclusive
0x14002e080 WakeAllConditionVariable
0x14002e088 SleepConditionVariableSRW
0x14002e090 RtlCaptureContext
0x14002e098 RtlLookupFunctionEntry
0x14002e0a0 RtlVirtualUnwind
0x14002e0a8 UnhandledExceptionFilter
0x14002e0b0 SetUnhandledExceptionFilter
0x14002e0b8 GetCurrentProcess
0x14002e0c0 TerminateProcess
0x14002e0c8 IsProcessorFeaturePresent
0x14002e0d0 IsDebuggerPresent
0x14002e0d8 GetStartupInfoW
0x14002e0e0 GetModuleHandleW
0x14002e0e8 QueryPerformanceCounter
0x14002e0f0 GetCurrentProcessId
0x14002e0f8 GetCurrentThreadId
0x14002e100 GetSystemTimeAsFileTime
0x14002e108 InitializeSListHead
0x14002e110 WideCharToMultiByte
0x14002e118 EncodePointer
0x14002e120 DecodePointer
0x14002e128 EnterCriticalSection
0x14002e130 LeaveCriticalSection
0x14002e138 InitializeCriticalSectionEx
0x14002e140 DeleteCriticalSection
0x14002e148 MultiByteToWideChar
0x14002e150 LCMapStringEx
0x14002e158 GetStringTypeW
0x14002e160 GetCPInfo
0x14002e168 WriteConsoleW
0x14002e170 RtlPcToFileHeader
0x14002e178 RaiseException
0x14002e180 RtlUnwindEx
0x14002e188 SetLastError
0x14002e190 InitializeCriticalSectionAndSpinCount
0x14002e198 TlsAlloc
0x14002e1a0 TlsGetValue
0x14002e1a8 TlsSetValue
0x14002e1b0 TlsFree
0x14002e1b8 FreeLibrary
0x14002e1c0 GetProcAddress
0x14002e1c8 LoadLibraryExW
0x14002e1d0 ExitProcess
0x14002e1d8 GetModuleHandleExW
0x14002e1e0 GetModuleFileNameW
0x14002e1e8 GetStdHandle
0x14002e1f0 WriteFile
0x14002e1f8 GetCommandLineA
0x14002e200 GetCommandLineW
0x14002e208 HeapFree
0x14002e210 HeapAlloc
0x14002e218 GetFileType
0x14002e220 FindClose
0x14002e228 FindFirstFileExW
0x14002e230 FindNextFileW
0x14002e238 IsValidCodePage
0x14002e240 GetACP
0x14002e248 GetOEMCP
0x14002e250 GetEnvironmentStringsW
0x14002e258 FreeEnvironmentStringsW
0x14002e260 SetEnvironmentVariableW
0x14002e268 FlsAlloc
0x14002e270 FlsGetValue
0x14002e278 FlsSetValue
0x14002e280 FlsFree
0x14002e288 CompareStringW
0x14002e290 LCMapStringW
0x14002e298 GetLocaleInfoW
0x14002e2a0 IsValidLocale
0x14002e2a8 GetUserDefaultLCID
0x14002e2b0 EnumSystemLocalesW
0x14002e2b8 GetProcessHeap
0x14002e2c0 SetStdHandle
0x14002e2c8 FlushFileBuffers
0x14002e2d0 GetConsoleOutputCP
0x14002e2d8 GetConsoleMode
0x14002e2e0 ReadFile
0x14002e2e8 GetFileSizeEx
0x14002e2f0 SetFilePointerEx
0x14002e2f8 ReadConsoleW
0x14002e300 HeapReAlloc
0x14002e308 HeapSize
0x14002e310 CreateFileW
0x14002e318 RtlUnwind
EAT(Export Address Table) is none