ScreenShot
| Created | 2024.07.31 07:22 | Machine | s1_win7_x6403 |
| Filename | Major_0x00012BD4C3BDF0.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | c7ea74a05e864d4d67a2fba6be3bb667 | ||
| sha256 | a01ac4244102e3958296c70d71e3d951f11abcc355458d1918d081587b151d90 | ||
| ssdeep | 24576:fWljizSawkL2zmeaAit8v1hUw+hqPNKLkFh:+l2akSz+AitK5EAF | ||
| imphash | b1586d63a786074f33bd0544b4df7b1c | ||
| impfuzzy | 48:FiBOAg6yecJS1YtSkW/MewPhgeyTLHpMvlx:TAg6yecJS1YtSkjewGR6x | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14014d070 HeapCreate
0x14014d078 GetProcAddress
0x14014d080 GetModuleHandleA
0x14014d088 WriteConsoleW
0x14014d090 CloseHandle
0x14014d098 CreateFileW
0x14014d0a0 SetFilePointerEx
0x14014d0a8 GetConsoleMode
0x14014d0b0 GetConsoleOutputCP
0x14014d0b8 FlushFileBuffers
0x14014d0c0 HeapReAlloc
0x14014d0c8 HeapSize
0x14014d0d0 GetProcessHeap
0x14014d0d8 LCMapStringW
0x14014d0e0 FlsFree
0x14014d0e8 FlsSetValue
0x14014d0f0 FlsGetValue
0x14014d0f8 FlsAlloc
0x14014d100 GetStringTypeW
0x14014d108 GetFileType
0x14014d110 SetStdHandle
0x14014d118 FreeEnvironmentStringsW
0x14014d120 GetEnvironmentStringsW
0x14014d128 WideCharToMultiByte
0x14014d130 MultiByteToWideChar
0x14014d138 GetCommandLineW
0x14014d140 GetCommandLineA
0x14014d148 GetCPInfo
0x14014d150 GetOEMCP
0x14014d158 GetACP
0x14014d160 IsValidCodePage
0x14014d168 FindNextFileW
0x14014d170 FindFirstFileExW
0x14014d178 FindClose
0x14014d180 HeapFree
0x14014d188 HeapAlloc
0x14014d190 GetModuleHandleExW
0x14014d198 TerminateProcess
0x14014d1a0 ExitProcess
0x14014d1a8 GetCurrentProcess
0x14014d1b0 GetModuleFileNameW
0x14014d1b8 WriteFile
0x14014d1c0 GetStdHandle
0x14014d1c8 RtlPcToFileHeader
0x14014d1d0 RaiseException
0x14014d1d8 EncodePointer
0x14014d1e0 LoadLibraryExW
0x14014d1e8 FreeLibrary
0x14014d1f0 TlsFree
0x14014d1f8 TlsSetValue
0x14014d200 TlsGetValue
0x14014d208 TlsAlloc
0x14014d210 InitializeCriticalSectionAndSpinCount
0x14014d218 DeleteCriticalSection
0x14014d220 LeaveCriticalSection
0x14014d228 QueryPerformanceCounter
0x14014d230 GetCurrentProcessId
0x14014d238 GetCurrentThreadId
0x14014d240 GetSystemTimeAsFileTime
0x14014d248 InitializeSListHead
0x14014d250 RtlCaptureContext
0x14014d258 RtlLookupFunctionEntry
0x14014d260 RtlVirtualUnwind
0x14014d268 IsDebuggerPresent
0x14014d270 UnhandledExceptionFilter
0x14014d278 SetUnhandledExceptionFilter
0x14014d280 GetStartupInfoW
0x14014d288 IsProcessorFeaturePresent
0x14014d290 GetModuleHandleW
0x14014d298 RtlUnwindEx
0x14014d2a0 GetLastError
0x14014d2a8 SetLastError
0x14014d2b0 EnterCriticalSection
COMDLG32.dll
0x14014d018 PageSetupDlgA
0x14014d020 GetOpenFileNameA
0x14014d028 GetSaveFileNameA
0x14014d030 GetFileTitleA
0x14014d038 FindTextA
0x14014d040 ReplaceTextA
0x14014d048 ChooseFontA
0x14014d050 PrintDlgA
0x14014d058 PrintDlgExA
0x14014d060 CommDlgExtendedError
ADVAPI32.dll
0x14014d000 GetUserNameA
0x14014d008 DecryptFileA
ole32.dll
0x14014d2d0 OleGetAutoConvert
0x14014d2d8 OleDoAutoConvert
0x14014d2e0 OleRegGetUserType
0x14014d2e8 OleGetIconOfFile
0x14014d2f0 IsAccelerator
0x14014d2f8 GetClassFile
0x14014d300 MonikerCommonPrefixWith
0x14014d308 MonikerRelativePathTo
0x14014d310 MkParseDisplayName
0x14014d318 CoInstall
0x14014d320 CoTreatAsClass
0x14014d328 CoDosDateTimeToFileTime
0x14014d330 CoIsOle1Class
0x14014d338 CoAllowSetForegroundWindow
0x14014d340 CoGetInstanceFromFile
0x14014d348 CoRevokeInitializeSpy
0x14014d350 CoRevokeMallocSpy
0x14014d358 CLSIDFromProgIDEx
0x14014d360 CoFileTimeNow
0x14014d368 CoTaskMemFree
0x14014d370 CoTaskMemRealloc
0x14014d378 CoTaskMemAlloc
0x14014d380 CoInvalidateRemoteMachineBindings
0x14014d388 CoGetTreatAsClass
0x14014d390 CoWaitForMultipleHandles
0x14014d398 StringFromGUID2
0x14014d3a0 CLSIDFromProgID
0x14014d3a8 ProgIDFromCLSID
0x14014d3b0 IIDFromString
0x14014d3b8 StringFromIID
0x14014d3c0 CoGetInterceptor
0x14014d3c8 StringFromCLSID
0x14014d3d0 CoDisableCallCancellation
0x14014d3d8 CoEnableCallCancellation
0x14014d3e0 CoTestCancel
0x14014d3e8 CoCancelCall
0x14014d3f0 CoGetCancelObject
0x14014d3f8 CoSwitchCallContext
0x14014d400 CoQueryAuthenticationServices
0x14014d408 CoRevertToSelf
0x14014d410 CoImpersonateClient
0x14014d418 CoCopyProxy
0x14014d420 CoSetProxyBlanket
0x14014d428 CoQueryProxyBlanket
0x14014d430 CoGetCallContext
0x14014d438 CoGetInterfaceAndReleaseStream
0x14014d440 CoGetStdMarshalEx
0x14014d448 CoLockObjectExternal
0x14014d450 CoDisconnectObject
0x14014d458 CoUnmarshalHresult
0x14014d460 CoMarshalHresult
0x14014d468 CoMarshalInterface
0x14014d470 CoGetMarshalSizeMax
0x14014d478 CoSuspendClassObjects
0x14014d480 CoResumeClassObjects
0x14014d488 CoGetClassObject
0x14014d490 CoGetObjectContext
0x14014d498 CoGetContextToken
0x14014d4a0 CoGetCurrentLogicalThreadId
0x14014d4a8 CoGetCallerTID
0x14014d4b0 CoUninitialize
0x14014d4b8 CoGetMalloc
0x14014d4c0 CLSIDFromString
dxgi.dll
0x14014d2c0 CreateDXGIFactory
EAT(Export Address Table) is none
KERNEL32.dll
0x14014d070 HeapCreate
0x14014d078 GetProcAddress
0x14014d080 GetModuleHandleA
0x14014d088 WriteConsoleW
0x14014d090 CloseHandle
0x14014d098 CreateFileW
0x14014d0a0 SetFilePointerEx
0x14014d0a8 GetConsoleMode
0x14014d0b0 GetConsoleOutputCP
0x14014d0b8 FlushFileBuffers
0x14014d0c0 HeapReAlloc
0x14014d0c8 HeapSize
0x14014d0d0 GetProcessHeap
0x14014d0d8 LCMapStringW
0x14014d0e0 FlsFree
0x14014d0e8 FlsSetValue
0x14014d0f0 FlsGetValue
0x14014d0f8 FlsAlloc
0x14014d100 GetStringTypeW
0x14014d108 GetFileType
0x14014d110 SetStdHandle
0x14014d118 FreeEnvironmentStringsW
0x14014d120 GetEnvironmentStringsW
0x14014d128 WideCharToMultiByte
0x14014d130 MultiByteToWideChar
0x14014d138 GetCommandLineW
0x14014d140 GetCommandLineA
0x14014d148 GetCPInfo
0x14014d150 GetOEMCP
0x14014d158 GetACP
0x14014d160 IsValidCodePage
0x14014d168 FindNextFileW
0x14014d170 FindFirstFileExW
0x14014d178 FindClose
0x14014d180 HeapFree
0x14014d188 HeapAlloc
0x14014d190 GetModuleHandleExW
0x14014d198 TerminateProcess
0x14014d1a0 ExitProcess
0x14014d1a8 GetCurrentProcess
0x14014d1b0 GetModuleFileNameW
0x14014d1b8 WriteFile
0x14014d1c0 GetStdHandle
0x14014d1c8 RtlPcToFileHeader
0x14014d1d0 RaiseException
0x14014d1d8 EncodePointer
0x14014d1e0 LoadLibraryExW
0x14014d1e8 FreeLibrary
0x14014d1f0 TlsFree
0x14014d1f8 TlsSetValue
0x14014d200 TlsGetValue
0x14014d208 TlsAlloc
0x14014d210 InitializeCriticalSectionAndSpinCount
0x14014d218 DeleteCriticalSection
0x14014d220 LeaveCriticalSection
0x14014d228 QueryPerformanceCounter
0x14014d230 GetCurrentProcessId
0x14014d238 GetCurrentThreadId
0x14014d240 GetSystemTimeAsFileTime
0x14014d248 InitializeSListHead
0x14014d250 RtlCaptureContext
0x14014d258 RtlLookupFunctionEntry
0x14014d260 RtlVirtualUnwind
0x14014d268 IsDebuggerPresent
0x14014d270 UnhandledExceptionFilter
0x14014d278 SetUnhandledExceptionFilter
0x14014d280 GetStartupInfoW
0x14014d288 IsProcessorFeaturePresent
0x14014d290 GetModuleHandleW
0x14014d298 RtlUnwindEx
0x14014d2a0 GetLastError
0x14014d2a8 SetLastError
0x14014d2b0 EnterCriticalSection
COMDLG32.dll
0x14014d018 PageSetupDlgA
0x14014d020 GetOpenFileNameA
0x14014d028 GetSaveFileNameA
0x14014d030 GetFileTitleA
0x14014d038 FindTextA
0x14014d040 ReplaceTextA
0x14014d048 ChooseFontA
0x14014d050 PrintDlgA
0x14014d058 PrintDlgExA
0x14014d060 CommDlgExtendedError
ADVAPI32.dll
0x14014d000 GetUserNameA
0x14014d008 DecryptFileA
ole32.dll
0x14014d2d0 OleGetAutoConvert
0x14014d2d8 OleDoAutoConvert
0x14014d2e0 OleRegGetUserType
0x14014d2e8 OleGetIconOfFile
0x14014d2f0 IsAccelerator
0x14014d2f8 GetClassFile
0x14014d300 MonikerCommonPrefixWith
0x14014d308 MonikerRelativePathTo
0x14014d310 MkParseDisplayName
0x14014d318 CoInstall
0x14014d320 CoTreatAsClass
0x14014d328 CoDosDateTimeToFileTime
0x14014d330 CoIsOle1Class
0x14014d338 CoAllowSetForegroundWindow
0x14014d340 CoGetInstanceFromFile
0x14014d348 CoRevokeInitializeSpy
0x14014d350 CoRevokeMallocSpy
0x14014d358 CLSIDFromProgIDEx
0x14014d360 CoFileTimeNow
0x14014d368 CoTaskMemFree
0x14014d370 CoTaskMemRealloc
0x14014d378 CoTaskMemAlloc
0x14014d380 CoInvalidateRemoteMachineBindings
0x14014d388 CoGetTreatAsClass
0x14014d390 CoWaitForMultipleHandles
0x14014d398 StringFromGUID2
0x14014d3a0 CLSIDFromProgID
0x14014d3a8 ProgIDFromCLSID
0x14014d3b0 IIDFromString
0x14014d3b8 StringFromIID
0x14014d3c0 CoGetInterceptor
0x14014d3c8 StringFromCLSID
0x14014d3d0 CoDisableCallCancellation
0x14014d3d8 CoEnableCallCancellation
0x14014d3e0 CoTestCancel
0x14014d3e8 CoCancelCall
0x14014d3f0 CoGetCancelObject
0x14014d3f8 CoSwitchCallContext
0x14014d400 CoQueryAuthenticationServices
0x14014d408 CoRevertToSelf
0x14014d410 CoImpersonateClient
0x14014d418 CoCopyProxy
0x14014d420 CoSetProxyBlanket
0x14014d428 CoQueryProxyBlanket
0x14014d430 CoGetCallContext
0x14014d438 CoGetInterfaceAndReleaseStream
0x14014d440 CoGetStdMarshalEx
0x14014d448 CoLockObjectExternal
0x14014d450 CoDisconnectObject
0x14014d458 CoUnmarshalHresult
0x14014d460 CoMarshalHresult
0x14014d468 CoMarshalInterface
0x14014d470 CoGetMarshalSizeMax
0x14014d478 CoSuspendClassObjects
0x14014d480 CoResumeClassObjects
0x14014d488 CoGetClassObject
0x14014d490 CoGetObjectContext
0x14014d498 CoGetContextToken
0x14014d4a0 CoGetCurrentLogicalThreadId
0x14014d4a8 CoGetCallerTID
0x14014d4b0 CoUninitialize
0x14014d4b8 CoGetMalloc
0x14014d4c0 CLSIDFromString
dxgi.dll
0x14014d2c0 CreateDXGIFactory
EAT(Export Address Table) is none