ScreenShot
| Created | 2024.07.26 19:00 | Machine | s1_win7_x6403 |
| Filename | C.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 5 detected (ZexaF, fuW@aWLp, Outbreak, HackTool, malicious, confidence, 100%) | ||
| md5 | 9474b528235299dbbd8e6d7520df48e3 | ||
| sha256 | 653643156a1d40a4be173edea122b0b20a68ce42f6c4e32d4425fe2c765467da | ||
| ssdeep | 1536:zhzgDctWGkDWzOhIKtP7Zv41JQqa39ImLXL+BP1cyY2VsWjcdHg0LFkpvb0Sg:RXpkazOOKtTZQ7QCML+BPvY2aHg0LFky | ||
| imphash | 10d5eed2875d69cbd6ec9676c4e8c440 | ||
| impfuzzy | 24:i3jEAudMUE9GHOov1aoXD4cduJ3mv9JSBZHtRl8v62rMzu9xTK8:KGurLcMQ9JS/tRnqR | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x410020 GetCurrentThread
0x410024 CreateThread
0x410028 CreateEventA
0x41002c WaitForSingleObject
0x410030 SetEvent
0x410034 ConnectNamedPipe
0x410038 CloseHandle
0x41003c CreateNamedPipeA
0x410040 GetEnvironmentVariableA
0x410044 WriteConsoleW
0x410048 SetStdHandle
0x41004c SetFilePointerEx
0x410050 GetConsoleMode
0x410054 GetConsoleCP
0x410058 FlushFileBuffers
0x41005c GetStringTypeW
0x410060 HeapAlloc
0x410064 EncodePointer
0x410068 DecodePointer
0x41006c RaiseException
0x410070 RtlUnwind
0x410074 GetCommandLineA
0x410078 GetLastError
0x41007c ExitProcess
0x410080 GetModuleHandleExW
0x410084 GetProcAddress
0x410088 MultiByteToWideChar
0x41008c WideCharToMultiByte
0x410090 GetStdHandle
0x410094 WriteFile
0x410098 GetModuleFileNameW
0x41009c GetProcessHeap
0x4100a0 IsDebuggerPresent
0x4100a4 IsProcessorFeaturePresent
0x4100a8 EnterCriticalSection
0x4100ac LeaveCriticalSection
0x4100b0 HeapFree
0x4100b4 HeapSize
0x4100b8 SetLastError
0x4100bc GetCurrentThreadId
0x4100c0 GetFileType
0x4100c4 DeleteCriticalSection
0x4100c8 GetStartupInfoW
0x4100cc GetModuleFileNameA
0x4100d0 QueryPerformanceCounter
0x4100d4 GetCurrentProcessId
0x4100d8 GetSystemTimeAsFileTime
0x4100dc GetEnvironmentStringsW
0x4100e0 FreeEnvironmentStringsW
0x4100e4 IsValidCodePage
0x4100e8 GetACP
0x4100ec GetOEMCP
0x4100f0 GetCPInfo
0x4100f4 UnhandledExceptionFilter
0x4100f8 SetUnhandledExceptionFilter
0x4100fc InitializeCriticalSectionAndSpinCount
0x410100 Sleep
0x410104 GetCurrentProcess
0x410108 TerminateProcess
0x41010c TlsAlloc
0x410110 TlsGetValue
0x410114 TlsSetValue
0x410118 TlsFree
0x41011c GetModuleHandleW
0x410120 LoadLibraryExW
0x410124 OutputDebugStringW
0x410128 LCMapStringW
0x41012c HeapReAlloc
0x410130 CreateFileW
ADVAPI32.dll
0x410000 RegOpenKeyExA
0x410004 RegCloseKey
0x410008 CreateProcessAsUserA
0x41000c DuplicateTokenEx
0x410010 OpenThreadToken
0x410014 ImpersonateNamedPipeClient
0x410018 RegSetValueExA
WS2_32.dll
0x410138 WSAStartup
0x41013c inet_addr
0x410140 htons
0x410144 connect
0x410148 ind
0x41014c WSASocketA
EAT(Export Address Table) is none
KERNEL32.dll
0x410020 GetCurrentThread
0x410024 CreateThread
0x410028 CreateEventA
0x41002c WaitForSingleObject
0x410030 SetEvent
0x410034 ConnectNamedPipe
0x410038 CloseHandle
0x41003c CreateNamedPipeA
0x410040 GetEnvironmentVariableA
0x410044 WriteConsoleW
0x410048 SetStdHandle
0x41004c SetFilePointerEx
0x410050 GetConsoleMode
0x410054 GetConsoleCP
0x410058 FlushFileBuffers
0x41005c GetStringTypeW
0x410060 HeapAlloc
0x410064 EncodePointer
0x410068 DecodePointer
0x41006c RaiseException
0x410070 RtlUnwind
0x410074 GetCommandLineA
0x410078 GetLastError
0x41007c ExitProcess
0x410080 GetModuleHandleExW
0x410084 GetProcAddress
0x410088 MultiByteToWideChar
0x41008c WideCharToMultiByte
0x410090 GetStdHandle
0x410094 WriteFile
0x410098 GetModuleFileNameW
0x41009c GetProcessHeap
0x4100a0 IsDebuggerPresent
0x4100a4 IsProcessorFeaturePresent
0x4100a8 EnterCriticalSection
0x4100ac LeaveCriticalSection
0x4100b0 HeapFree
0x4100b4 HeapSize
0x4100b8 SetLastError
0x4100bc GetCurrentThreadId
0x4100c0 GetFileType
0x4100c4 DeleteCriticalSection
0x4100c8 GetStartupInfoW
0x4100cc GetModuleFileNameA
0x4100d0 QueryPerformanceCounter
0x4100d4 GetCurrentProcessId
0x4100d8 GetSystemTimeAsFileTime
0x4100dc GetEnvironmentStringsW
0x4100e0 FreeEnvironmentStringsW
0x4100e4 IsValidCodePage
0x4100e8 GetACP
0x4100ec GetOEMCP
0x4100f0 GetCPInfo
0x4100f4 UnhandledExceptionFilter
0x4100f8 SetUnhandledExceptionFilter
0x4100fc InitializeCriticalSectionAndSpinCount
0x410100 Sleep
0x410104 GetCurrentProcess
0x410108 TerminateProcess
0x41010c TlsAlloc
0x410110 TlsGetValue
0x410114 TlsSetValue
0x410118 TlsFree
0x41011c GetModuleHandleW
0x410120 LoadLibraryExW
0x410124 OutputDebugStringW
0x410128 LCMapStringW
0x41012c HeapReAlloc
0x410130 CreateFileW
ADVAPI32.dll
0x410000 RegOpenKeyExA
0x410004 RegCloseKey
0x410008 CreateProcessAsUserA
0x41000c DuplicateTokenEx
0x410010 OpenThreadToken
0x410014 ImpersonateNamedPipeClient
0x410018 RegSetValueExA
WS2_32.dll
0x410138 WSAStartup
0x41013c inet_addr
0x410140 htons
0x410144 connect
0x410148 ind
0x41014c WSASocketA
EAT(Export Address Table) is none