ScreenShot
| Created | 2024.08.05 07:59 | Machine | s1_win7_x6401 |
| Filename | power.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 6719f60e2ab9391cf9ed617b608e1cbc | ||
| sha256 | ded138638c4b0f2107fd366e7ccc7f249037bd5c9ee7192e9446be94fd097716 | ||
| ssdeep | 1536:UvdNndpMCzzudHEqTIm4gKN2P056quDk+Ad/:2Vnm3TKNV59u5Ad/ | ||
| imphash | aee2d95a831668fd42f12ee662129072 | ||
| impfuzzy | 48:Cfg1c+koLeoslTJGhJ8k1k1vkqQTtPbB2:Cfg1croLeoYTJGh6k1mkqAtPo | ||
Network IP location
Signature (0cnts)
| Level | Description |
|---|
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40e2d8 CreateThread
0x40e2e0 DeleteCriticalSection
0x40e2e8 EnterCriticalSection
0x40e2f0 GetCurrentProcess
0x40e2f8 GetCurrentProcessId
0x40e300 GetCurrentThreadId
0x40e308 GetLastError
0x40e310 GetStartupInfoA
0x40e318 GetSystemTimeAsFileTime
0x40e320 GetTickCount
0x40e328 InitializeCriticalSection
0x40e330 IsDBCSLeadByteEx
0x40e338 LeaveCriticalSection
0x40e340 MultiByteToWideChar
0x40e348 QueryPerformanceCounter
0x40e350 RtlAddFunctionTable
0x40e358 RtlCaptureContext
0x40e360 RtlLookupFunctionEntry
0x40e368 RtlVirtualUnwind
0x40e370 SetUnhandledExceptionFilter
0x40e378 Sleep
0x40e380 TerminateProcess
0x40e388 TlsGetValue
0x40e390 UnhandledExceptionFilter
0x40e398 VirtualAlloc
0x40e3a0 VirtualProtect
0x40e3a8 VirtualQuery
0x40e3b0 WaitForSingleObject
0x40e3b8 WideCharToMultiByte
0x40e3c0 lstrcatA
msvcrt.dll
0x40e3d0 __C_specific_handler
0x40e3d8 ___lc_codepage_func
0x40e3e0 ___mb_cur_max_func
0x40e3e8 __getmainargs
0x40e3f0 __initenv
0x40e3f8 __iob_func
0x40e400 __lconv_init
0x40e408 __set_app_type
0x40e410 __setusermatherr
0x40e418 _acmdln
0x40e420 _amsg_exit
0x40e428 _cexit
0x40e430 _errno
0x40e438 _fmode
0x40e440 _initterm
0x40e448 _lock
0x40e450 _onexit
0x40e458 _unlock
0x40e460 abort
0x40e468 calloc
0x40e470 exit
0x40e478 fprintf
0x40e480 fputc
0x40e488 free
0x40e490 fwrite
0x40e498 localeconv
0x40e4a0 malloc
0x40e4a8 mbstowcs_s
0x40e4b0 memcpy
0x40e4b8 memmove
0x40e4c0 memset
0x40e4c8 signal
0x40e4d0 strerror
0x40e4d8 strlen
0x40e4e0 strncmp
0x40e4e8 vfprintf
0x40e4f0 wcslen
WS2_32.dll
0x40e500 WSACleanup
0x40e508 WSAGetLastError
0x40e510 WSAStartup
0x40e518 closesocket
0x40e520 connect
0x40e528 freeaddrinfo
0x40e530 getaddrinfo
0x40e538 recv
0x40e540 send
0x40e548 shutdown
0x40e550 socket
EAT(Export Address Table) is none
KERNEL32.dll
0x40e2d8 CreateThread
0x40e2e0 DeleteCriticalSection
0x40e2e8 EnterCriticalSection
0x40e2f0 GetCurrentProcess
0x40e2f8 GetCurrentProcessId
0x40e300 GetCurrentThreadId
0x40e308 GetLastError
0x40e310 GetStartupInfoA
0x40e318 GetSystemTimeAsFileTime
0x40e320 GetTickCount
0x40e328 InitializeCriticalSection
0x40e330 IsDBCSLeadByteEx
0x40e338 LeaveCriticalSection
0x40e340 MultiByteToWideChar
0x40e348 QueryPerformanceCounter
0x40e350 RtlAddFunctionTable
0x40e358 RtlCaptureContext
0x40e360 RtlLookupFunctionEntry
0x40e368 RtlVirtualUnwind
0x40e370 SetUnhandledExceptionFilter
0x40e378 Sleep
0x40e380 TerminateProcess
0x40e388 TlsGetValue
0x40e390 UnhandledExceptionFilter
0x40e398 VirtualAlloc
0x40e3a0 VirtualProtect
0x40e3a8 VirtualQuery
0x40e3b0 WaitForSingleObject
0x40e3b8 WideCharToMultiByte
0x40e3c0 lstrcatA
msvcrt.dll
0x40e3d0 __C_specific_handler
0x40e3d8 ___lc_codepage_func
0x40e3e0 ___mb_cur_max_func
0x40e3e8 __getmainargs
0x40e3f0 __initenv
0x40e3f8 __iob_func
0x40e400 __lconv_init
0x40e408 __set_app_type
0x40e410 __setusermatherr
0x40e418 _acmdln
0x40e420 _amsg_exit
0x40e428 _cexit
0x40e430 _errno
0x40e438 _fmode
0x40e440 _initterm
0x40e448 _lock
0x40e450 _onexit
0x40e458 _unlock
0x40e460 abort
0x40e468 calloc
0x40e470 exit
0x40e478 fprintf
0x40e480 fputc
0x40e488 free
0x40e490 fwrite
0x40e498 localeconv
0x40e4a0 malloc
0x40e4a8 mbstowcs_s
0x40e4b0 memcpy
0x40e4b8 memmove
0x40e4c0 memset
0x40e4c8 signal
0x40e4d0 strerror
0x40e4d8 strlen
0x40e4e0 strncmp
0x40e4e8 vfprintf
0x40e4f0 wcslen
WS2_32.dll
0x40e500 WSACleanup
0x40e508 WSAGetLastError
0x40e510 WSAStartup
0x40e518 closesocket
0x40e520 connect
0x40e528 freeaddrinfo
0x40e530 getaddrinfo
0x40e538 recv
0x40e540 send
0x40e548 shutdown
0x40e550 socket
EAT(Export Address Table) is none