ScreenShot
| Created | 2024.07.30 10:11 | Machine | s1_win7_x6403_us |
| Filename | doc.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 14 detected (malicious, high confidence, Artemis, Undefined, pnNXHYOY5pO, Detected, Wacatac, susgen, confidence) | ||
| md5 | 8f92f52bffea35771a435d8d0ac04b0d | ||
| sha256 | 1979b3e9366928d0774a41e8bd5e7610a0302cdf62e9a533d2ff6c5ff7c346e9 | ||
| ssdeep | 384:mYSRbM/Que/ldFtXfGG4Avmdq95b6kHe5U:TQ3/ldFDTvGqzpHT | ||
| imphash | 2b29ecda909fdba87059f051e118961a | ||
| impfuzzy | 48:m0SXItRS1jd6EcjHD/TbnwAnW99iNOGg7wYYikBMQSLMA:mlXItRS1j8EcjHDnnwAW99iNOv7whf6 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140004000 VirtualFree
0x140004008 VirtualAlloc
0x140004010 AddVectoredExceptionHandler
0x140004018 GetLastError
0x140004020 GetCurrentThread
0x140004028 GetThreadContext
0x140004030 SetThreadContext
0x140004038 RtlLookupFunctionEntry
0x140004040 RtlVirtualUnwind
0x140004048 UnhandledExceptionFilter
0x140004050 SetUnhandledExceptionFilter
0x140004058 GetCurrentProcess
0x140004060 TerminateProcess
0x140004068 IsProcessorFeaturePresent
0x140004070 IsDebuggerPresent
0x140004078 GetModuleHandleW
0x140004080 QueryPerformanceCounter
0x140004088 GetCurrentProcessId
0x140004090 GetCurrentThreadId
0x140004098 GetSystemTimeAsFileTime
0x1400040a0 InitializeSListHead
0x1400040a8 RtlCaptureContext
MSVCP140.dll
0x1400040b8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
0x1400040c0 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400040c8 ?uncaught_exception@std@@YA_NXZ
0x1400040d0 ?_Xlength_error@std@@YAXPEBD@Z
0x1400040d8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400040e0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400040e8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400040f0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400040f8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x140004100 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x140004108 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x140004110 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
VCRUNTIME140_1.dll
0x140004178 __CxxFrameHandler4
VCRUNTIME140.dll
0x140004120 memset
0x140004128 __current_exception_context
0x140004130 memmove
0x140004138 __current_exception
0x140004140 _CxxThrowException
0x140004148 __C_specific_handler
0x140004150 __std_terminate
0x140004158 __std_exception_copy
0x140004160 __std_exception_destroy
0x140004168 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x1400041d0 terminate
0x1400041d8 _exit
0x1400041e0 exit
0x1400041e8 _initterm_e
0x1400041f0 __p___argc
0x1400041f8 __p___argv
0x140004200 _invalid_parameter_noinfo_noreturn
0x140004208 _get_initial_narrow_environment
0x140004210 _register_thread_local_exe_atexit_callback
0x140004218 _set_app_type
0x140004220 _seh_filter_exe
0x140004228 _cexit
0x140004230 _crt_atexit
0x140004238 _register_onexit_function
0x140004240 _initialize_narrow_environment
0x140004248 _configure_narrow_argv
0x140004250 _initterm
0x140004258 _c_exit
0x140004260 _initialize_onexit_table
api-ms-win-crt-heap-l1-1-0.dll
0x140004188 free
0x140004190 _set_new_mode
0x140004198 malloc
0x1400041a0 _callnewh
api-ms-win-crt-math-l1-1-0.dll
0x1400041c0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140004270 _set_fmode
0x140004278 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1400041b0 _configthreadlocale
EAT(Export Address Table) is none
KERNEL32.dll
0x140004000 VirtualFree
0x140004008 VirtualAlloc
0x140004010 AddVectoredExceptionHandler
0x140004018 GetLastError
0x140004020 GetCurrentThread
0x140004028 GetThreadContext
0x140004030 SetThreadContext
0x140004038 RtlLookupFunctionEntry
0x140004040 RtlVirtualUnwind
0x140004048 UnhandledExceptionFilter
0x140004050 SetUnhandledExceptionFilter
0x140004058 GetCurrentProcess
0x140004060 TerminateProcess
0x140004068 IsProcessorFeaturePresent
0x140004070 IsDebuggerPresent
0x140004078 GetModuleHandleW
0x140004080 QueryPerformanceCounter
0x140004088 GetCurrentProcessId
0x140004090 GetCurrentThreadId
0x140004098 GetSystemTimeAsFileTime
0x1400040a0 InitializeSListHead
0x1400040a8 RtlCaptureContext
MSVCP140.dll
0x1400040b8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
0x1400040c0 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400040c8 ?uncaught_exception@std@@YA_NXZ
0x1400040d0 ?_Xlength_error@std@@YAXPEBD@Z
0x1400040d8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400040e0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400040e8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400040f0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400040f8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x140004100 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x140004108 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x140004110 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
VCRUNTIME140_1.dll
0x140004178 __CxxFrameHandler4
VCRUNTIME140.dll
0x140004120 memset
0x140004128 __current_exception_context
0x140004130 memmove
0x140004138 __current_exception
0x140004140 _CxxThrowException
0x140004148 __C_specific_handler
0x140004150 __std_terminate
0x140004158 __std_exception_copy
0x140004160 __std_exception_destroy
0x140004168 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x1400041d0 terminate
0x1400041d8 _exit
0x1400041e0 exit
0x1400041e8 _initterm_e
0x1400041f0 __p___argc
0x1400041f8 __p___argv
0x140004200 _invalid_parameter_noinfo_noreturn
0x140004208 _get_initial_narrow_environment
0x140004210 _register_thread_local_exe_atexit_callback
0x140004218 _set_app_type
0x140004220 _seh_filter_exe
0x140004228 _cexit
0x140004230 _crt_atexit
0x140004238 _register_onexit_function
0x140004240 _initialize_narrow_environment
0x140004248 _configure_narrow_argv
0x140004250 _initterm
0x140004258 _c_exit
0x140004260 _initialize_onexit_table
api-ms-win-crt-heap-l1-1-0.dll
0x140004188 free
0x140004190 _set_new_mode
0x140004198 malloc
0x1400041a0 _callnewh
api-ms-win-crt-math-l1-1-0.dll
0x1400041c0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140004270 _set_fmode
0x140004278 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x1400041b0 _configthreadlocale
EAT(Export Address Table) is none