ScreenShot
| Created | 2024.08.05 07:53 | Machine | s1_win7_x6401 |
| Filename | RingQ.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 76b660aeed75fd20555985ca7c7c1edd | ||
| sha256 | 3e9b442995fc472566f6689c275b24bb9d2a0244bd002671d471654d0b0893b0 | ||
| ssdeep | 12288:tm74/CTj3GpvdhHs/pHYEqOQ1z4peak0VD8EOXIYb:tmQCOXIYb | ||
| imphash | b568833c2b25e8c0876cca9c84e79cb3 | ||
| impfuzzy | 48:/lugoFRQKLUapxfPYLTn6g0W/KiLZAEkuw5fp4ZlIQxpHiHeqa3YFpIQL67ru:/cgoFRQKLUapxfPYLzyEZtpC+qa3YFpn | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | A process attempted to delay the analysis task. |
| notice | Foreign language identified in PE resource |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140012000 CreateFileA
0x140012008 WriteFile
0x140012010 CloseHandle
0x140012018 GetLastError
0x140012020 HeapAlloc
0x140012028 HeapFree
0x140012030 GetProcessHeap
0x140012038 SetCriticalSectionSpinCount
0x140012040 GetCurrentProcess
0x140012048 WriteProcessMemory
0x140012050 GetModuleHandleW
0x140012058 GetProcAddress
0x140012060 LoadLibraryA
0x140012068 MultiByteToWideChar
0x140012070 ConvertDefaultLocale
0x140012078 GetModuleHandleExW
0x140012080 FreeLibrary
0x140012088 ExitProcess
0x140012090 LCIDToLocaleName
0x140012098 RaiseException
0x1400120a0 VirtualQuery
0x1400120a8 RtlUnwindEx
0x1400120b0 TerminateProcess
0x1400120b8 InitializeSListHead
0x1400120c0 GetCurrentProcessId
0x1400120c8 IsProcessorFeaturePresent
0x1400120d0 SetUnhandledExceptionFilter
0x1400120d8 UnhandledExceptionFilter
0x1400120e0 IsDebuggerPresent
0x1400120e8 RtlVirtualUnwind
0x1400120f0 RtlLookupFunctionEntry
0x1400120f8 RtlCaptureContext
0x140012100 GetLocaleInfoEx
0x140012108 LCMapStringEx
0x140012110 WideCharToMultiByte
0x140012118 DecodePointer
0x140012120 EncodePointer
0x140012128 GetSystemTimeAsFileTime
0x140012130 DeleteCriticalSection
0x140012138 InitializeCriticalSectionEx
0x140012140 LeaveCriticalSection
0x140012148 EnterCriticalSection
0x140012150 GetCurrentThreadId
0x140012158 Sleep
0x140012160 QueryPerformanceFrequency
0x140012168 QueryPerformanceCounter
USER32.dll
0x140012178 PostMessageW
0x140012180 RegisterClassW
0x140012188 DestroyWindow
0x140012190 ShowWindow
0x140012198 MoveWindow
0x1400121a0 IsWindowVisible
0x1400121a8 IsIconic
0x1400121b0 GetWindowTextW
0x1400121b8 GetWindowContextHelpId
0x1400121c0 GetWindowLongPtrW
0x1400121c8 GetClassNameW
0x1400121d0 IsDialogMessageW
0x1400121d8 LoadStringW
WININET.dll
0x1400121e8 InternetCloseHandle
0x1400121f0 InternetOpenUrlA
0x1400121f8 InternetReadFile
0x140012200 InternetOpenW
msvcrt.dll
0x140012210 __getmainargs
0x140012218 _environ
0x140012220 _msize
0x140012228 _XcptFilter
0x140012230 __set_app_type
0x140012238 __argc
0x140012240 __argv
0x140012248 ?_set_new_mode@@YAHH@Z
0x140012250 _commode
0x140012258 _isatty
0x140012260 _fileno
0x140012268 __strncnt
0x140012270 _errno
0x140012278 realloc
0x140012280 abort
0x140012288 _fsopen
0x140012290 islower
0x140012298 _wcsdup
0x1400122a0 calloc
0x1400122a8 ___lc_codepage_func
0x1400122b0 isupper
0x1400122b8 __pctype_func
0x1400122c0 malloc
0x1400122c8 _time64
0x1400122d0 ceilf
0x1400122d8 ungetc
0x1400122e0 setvbuf
0x1400122e8 _fseeki64
0x1400122f0 fsetpos
0x1400122f8 fread
0x140012300 fgetpos
0x140012308 fgetc
0x140012310 fflush
0x140012318 fclose
0x140012320 rand
0x140012328 srand
0x140012330 free
0x140012338 strlen
0x140012340 wcslen
0x140012348 _local_unwind
0x140012350 __DestructExceptionObject
0x140012358 __CxxFrameHandler3
0x140012360 _amsg_exit
0x140012368 __uncaught_exception
0x140012370 __C_specific_handler
0x140012378 _CxxThrowException
0x140012380 memset
0x140012388 memmove
0x140012390 memcpy
0x140012398 memcmp
0x1400123a0 memchr
0x1400123a8 ?terminate@@YAXXZ
0x1400123b0 _iob
0x1400123b8 _unlock
0x1400123c0 _lock
0x1400123c8 strcpy_s
0x1400123d0 _set_fmode
0x1400123d8 _initterm_e
0x1400123e0 _initterm
0x1400123e8 _callnewh
0x1400123f0 fseek
0x1400123f8 ___lc_handle_func
0x140012400 strchr
0x140012408 wcsrchr
EAT(Export Address Table) is none
KERNEL32.dll
0x140012000 CreateFileA
0x140012008 WriteFile
0x140012010 CloseHandle
0x140012018 GetLastError
0x140012020 HeapAlloc
0x140012028 HeapFree
0x140012030 GetProcessHeap
0x140012038 SetCriticalSectionSpinCount
0x140012040 GetCurrentProcess
0x140012048 WriteProcessMemory
0x140012050 GetModuleHandleW
0x140012058 GetProcAddress
0x140012060 LoadLibraryA
0x140012068 MultiByteToWideChar
0x140012070 ConvertDefaultLocale
0x140012078 GetModuleHandleExW
0x140012080 FreeLibrary
0x140012088 ExitProcess
0x140012090 LCIDToLocaleName
0x140012098 RaiseException
0x1400120a0 VirtualQuery
0x1400120a8 RtlUnwindEx
0x1400120b0 TerminateProcess
0x1400120b8 InitializeSListHead
0x1400120c0 GetCurrentProcessId
0x1400120c8 IsProcessorFeaturePresent
0x1400120d0 SetUnhandledExceptionFilter
0x1400120d8 UnhandledExceptionFilter
0x1400120e0 IsDebuggerPresent
0x1400120e8 RtlVirtualUnwind
0x1400120f0 RtlLookupFunctionEntry
0x1400120f8 RtlCaptureContext
0x140012100 GetLocaleInfoEx
0x140012108 LCMapStringEx
0x140012110 WideCharToMultiByte
0x140012118 DecodePointer
0x140012120 EncodePointer
0x140012128 GetSystemTimeAsFileTime
0x140012130 DeleteCriticalSection
0x140012138 InitializeCriticalSectionEx
0x140012140 LeaveCriticalSection
0x140012148 EnterCriticalSection
0x140012150 GetCurrentThreadId
0x140012158 Sleep
0x140012160 QueryPerformanceFrequency
0x140012168 QueryPerformanceCounter
USER32.dll
0x140012178 PostMessageW
0x140012180 RegisterClassW
0x140012188 DestroyWindow
0x140012190 ShowWindow
0x140012198 MoveWindow
0x1400121a0 IsWindowVisible
0x1400121a8 IsIconic
0x1400121b0 GetWindowTextW
0x1400121b8 GetWindowContextHelpId
0x1400121c0 GetWindowLongPtrW
0x1400121c8 GetClassNameW
0x1400121d0 IsDialogMessageW
0x1400121d8 LoadStringW
WININET.dll
0x1400121e8 InternetCloseHandle
0x1400121f0 InternetOpenUrlA
0x1400121f8 InternetReadFile
0x140012200 InternetOpenW
msvcrt.dll
0x140012210 __getmainargs
0x140012218 _environ
0x140012220 _msize
0x140012228 _XcptFilter
0x140012230 __set_app_type
0x140012238 __argc
0x140012240 __argv
0x140012248 ?_set_new_mode@@YAHH@Z
0x140012250 _commode
0x140012258 _isatty
0x140012260 _fileno
0x140012268 __strncnt
0x140012270 _errno
0x140012278 realloc
0x140012280 abort
0x140012288 _fsopen
0x140012290 islower
0x140012298 _wcsdup
0x1400122a0 calloc
0x1400122a8 ___lc_codepage_func
0x1400122b0 isupper
0x1400122b8 __pctype_func
0x1400122c0 malloc
0x1400122c8 _time64
0x1400122d0 ceilf
0x1400122d8 ungetc
0x1400122e0 setvbuf
0x1400122e8 _fseeki64
0x1400122f0 fsetpos
0x1400122f8 fread
0x140012300 fgetpos
0x140012308 fgetc
0x140012310 fflush
0x140012318 fclose
0x140012320 rand
0x140012328 srand
0x140012330 free
0x140012338 strlen
0x140012340 wcslen
0x140012348 _local_unwind
0x140012350 __DestructExceptionObject
0x140012358 __CxxFrameHandler3
0x140012360 _amsg_exit
0x140012368 __uncaught_exception
0x140012370 __C_specific_handler
0x140012378 _CxxThrowException
0x140012380 memset
0x140012388 memmove
0x140012390 memcpy
0x140012398 memcmp
0x1400123a0 memchr
0x1400123a8 ?terminate@@YAXXZ
0x1400123b0 _iob
0x1400123b8 _unlock
0x1400123c0 _lock
0x1400123c8 strcpy_s
0x1400123d0 _set_fmode
0x1400123d8 _initterm_e
0x1400123e0 _initterm
0x1400123e8 _callnewh
0x1400123f0 fseek
0x1400123f8 ___lc_handle_func
0x140012400 strchr
0x140012408 wcsrchr
EAT(Export Address Table) is none