ScreenShot
| Created | 2024.07.27 12:36 | Machine | s1_win7_x6403 |
| Filename | aaa.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 1318fbc69b729539376cb6c9ac3cee4c | ||
| sha256 | e972fb08a4dcde8d09372f78fe67ba283618288432cdb7d33015fc80613cb408 | ||
| ssdeep | 192:C+y8/RdxS7cMa1gxJX2+71entqb8yRTkKrfac09HynJxTaqVIdthI4m/Gtyx:C+yE/xK5X2+Y/yBMynuqVIdf1ti | ||
| imphash | d4aa9ed1c24f35a9649cb4146576e0ec | ||
| impfuzzy | 24:Ja2KkdINnv5FMhEwjvNFzSHhclOEt/2NdkhX8+7jYgKQx:JaHaINnEKIFzSHClO22dkhX8+xKQx | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
MSVCR90.dll
0x403090 _crt_debugger_hook
0x403094 _controlfp_s
0x403098 _invoke_watson
0x40309c _except_handler4_common
0x4030a0 _decode_pointer
0x4030a4 _onexit
0x4030a8 _lock
0x4030ac __dllonexit
0x4030b0 _unlock
0x4030b4 ?terminate@@YAXXZ
0x4030b8 __set_app_type
0x4030bc _encode_pointer
0x4030c0 memset
0x4030c4 __p__fmode
0x4030c8 __p__commode
0x4030cc _adjust_fdiv
0x4030d0 __setusermatherr
0x4030d4 _configthreadlocale
0x4030d8 _initterm_e
0x4030dc _initterm
0x4030e0 _acmdln
0x4030e4 exit
0x4030e8 _ismbblead
0x4030ec _XcptFilter
0x4030f0 _exit
0x4030f4 _cexit
0x4030f8 __getmainargs
0x4030fc _amsg_exit
0x403100 srand
0x403104 rand
0x403108 mbstowcs
MPR.dll
0x403084 WNetAddConnection2W
0x403088 WNetCancelConnectionW
WS2_32.dll
0x403140 WSAStartup
0x403144 inet_addr
0x403148 ioctlsocket
0x40314c select
0x403150 htons
0x403154 socket
0x403158 closesocket
0x40315c gethostbyname
0x403160 connect
WININET.dll
0x40312c InternetReadFile
0x403130 InternetCloseHandle
0x403134 InternetOpenUrlW
0x403138 InternetOpenW
SHLWAPI.dll
0x403118 PathFindFileNameW
urlmon.dll
0x403168 URLDownloadToFileW
KERNEL32.dll
0x403014 GetModuleFileNameW
0x403018 CopyFileW
0x40301c Sleep
0x403020 WriteFile
0x403024 GetTickCount
0x403028 CreateProcessW
0x40302c ExitProcess
0x403030 DeleteFileW
0x403034 CreateThread
0x403038 ExpandEnvironmentStringsW
0x40303c InterlockedExchange
0x403040 CreateFileW
0x403044 GetStartupInfoA
0x403048 SetUnhandledExceptionFilter
0x40304c QueryPerformanceCounter
0x403050 GetCurrentThreadId
0x403054 GetCurrentProcessId
0x403058 GetSystemTimeAsFileTime
0x40305c TerminateProcess
0x403060 GetCurrentProcess
0x403064 UnhandledExceptionFilter
0x403068 IsDebuggerPresent
0x40306c ExitThread
0x403070 GetLastError
0x403074 CreateMutexA
0x403078 InterlockedCompareExchange
0x40307c CloseHandle
USER32.dll
0x403120 wsprintfA
0x403124 wsprintfW
ADVAPI32.dll
0x403000 OpenSCManagerW
0x403004 CloseServiceHandle
0x403008 CreateServiceW
0x40300c StartServiceA
SHELL32.dll
0x403110 ShellExecuteW
EAT(Export Address Table) is none
MSVCR90.dll
0x403090 _crt_debugger_hook
0x403094 _controlfp_s
0x403098 _invoke_watson
0x40309c _except_handler4_common
0x4030a0 _decode_pointer
0x4030a4 _onexit
0x4030a8 _lock
0x4030ac __dllonexit
0x4030b0 _unlock
0x4030b4 ?terminate@@YAXXZ
0x4030b8 __set_app_type
0x4030bc _encode_pointer
0x4030c0 memset
0x4030c4 __p__fmode
0x4030c8 __p__commode
0x4030cc _adjust_fdiv
0x4030d0 __setusermatherr
0x4030d4 _configthreadlocale
0x4030d8 _initterm_e
0x4030dc _initterm
0x4030e0 _acmdln
0x4030e4 exit
0x4030e8 _ismbblead
0x4030ec _XcptFilter
0x4030f0 _exit
0x4030f4 _cexit
0x4030f8 __getmainargs
0x4030fc _amsg_exit
0x403100 srand
0x403104 rand
0x403108 mbstowcs
MPR.dll
0x403084 WNetAddConnection2W
0x403088 WNetCancelConnectionW
WS2_32.dll
0x403140 WSAStartup
0x403144 inet_addr
0x403148 ioctlsocket
0x40314c select
0x403150 htons
0x403154 socket
0x403158 closesocket
0x40315c gethostbyname
0x403160 connect
WININET.dll
0x40312c InternetReadFile
0x403130 InternetCloseHandle
0x403134 InternetOpenUrlW
0x403138 InternetOpenW
SHLWAPI.dll
0x403118 PathFindFileNameW
urlmon.dll
0x403168 URLDownloadToFileW
KERNEL32.dll
0x403014 GetModuleFileNameW
0x403018 CopyFileW
0x40301c Sleep
0x403020 WriteFile
0x403024 GetTickCount
0x403028 CreateProcessW
0x40302c ExitProcess
0x403030 DeleteFileW
0x403034 CreateThread
0x403038 ExpandEnvironmentStringsW
0x40303c InterlockedExchange
0x403040 CreateFileW
0x403044 GetStartupInfoA
0x403048 SetUnhandledExceptionFilter
0x40304c QueryPerformanceCounter
0x403050 GetCurrentThreadId
0x403054 GetCurrentProcessId
0x403058 GetSystemTimeAsFileTime
0x40305c TerminateProcess
0x403060 GetCurrentProcess
0x403064 UnhandledExceptionFilter
0x403068 IsDebuggerPresent
0x40306c ExitThread
0x403070 GetLastError
0x403074 CreateMutexA
0x403078 InterlockedCompareExchange
0x40307c CloseHandle
USER32.dll
0x403120 wsprintfA
0x403124 wsprintfW
ADVAPI32.dll
0x403000 OpenSCManagerW
0x403004 CloseServiceHandle
0x403008 CreateServiceW
0x40300c StartServiceA
SHELL32.dll
0x403110 ShellExecuteW
EAT(Export Address Table) is none