ScreenShot
| Created | 2024.08.05 07:54 | Machine | s1_win7_x6403 |
| Filename | 2.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | ae787a8df10831e433bd33b6674e612e | ||
| sha256 | 49dc64191a08c389e43a7b765975fe2119b0b5228172fbf5e76d5cabd9afc80e | ||
| ssdeep | 12288:8JrRgDmuKtJkJ5HHywk3Ta77Hp0fWAUmB2mdlACvYFLWqoMy:8vluKtKcUCvYFLWqoMy | ||
| imphash | 8892181748c61660b1283058a8498a12 | ||
| impfuzzy | 48:qVoME9Sm/eFR+2/4jxQHQXiX1PnvklTJGAYJ86NJlX1vpwqTjUGQ:qWMEgm4RH/4jxQHQXiX1PvwTJGt66bla | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400203fc AddAtomA
0x140020404 AddVectoredExceptionHandler
0x14002040c CloseHandle
0x140020414 CreateEventA
0x14002041c CreateMutexA
0x140020424 CreateSemaphoreA
0x14002042c DeleteAtom
0x140020434 DeleteCriticalSection
0x14002043c DuplicateHandle
0x140020444 EnterCriticalSection
0x14002044c FindAtomA
0x140020454 FormatMessageA
0x14002045c GetAtomNameA
0x140020464 GetCurrentProcess
0x14002046c GetCurrentProcessId
0x140020474 GetCurrentThread
0x14002047c GetCurrentThreadId
0x140020484 GetHandleInformation
0x14002048c GetLastError
0x140020494 GetProcessAffinityMask
0x14002049c GetStartupInfoA
0x1400204a4 GetSystemTimeAsFileTime
0x1400204ac GetThreadContext
0x1400204b4 GetThreadPriority
0x1400204bc GetTickCount
0x1400204c4 InitializeCriticalSection
0x1400204cc IsDBCSLeadByteEx
0x1400204d4 IsDebuggerPresent
0x1400204dc LeaveCriticalSection
0x1400204e4 LocalFree
0x1400204ec MultiByteToWideChar
0x1400204f4 OpenProcess
0x1400204fc OutputDebugStringA
0x140020504 QueryPerformanceCounter
0x14002050c QueryPerformanceFrequency
0x140020514 RaiseException
0x14002051c ReleaseMutex
0x140020524 ReleaseSemaphore
0x14002052c RemoveVectoredExceptionHandler
0x140020534 ResetEvent
0x14002053c ResumeThread
0x140020544 SetEvent
0x14002054c SetLastError
0x140020554 SetProcessAffinityMask
0x14002055c SetThreadContext
0x140020564 SetThreadPriority
0x14002056c SetUnhandledExceptionFilter
0x140020574 Sleep
0x14002057c SuspendThread
0x140020584 TlsAlloc
0x14002058c TlsGetValue
0x140020594 TlsSetValue
0x14002059c TryEnterCriticalSection
0x1400205a4 VirtualAlloc
0x1400205ac VirtualProtect
0x1400205b4 VirtualQuery
0x1400205bc WaitForMultipleObjects
0x1400205c4 WaitForSingleObject
0x1400205cc WideCharToMultiByte
0x1400205d4 __C_specific_handler
msvcrt.dll
0x1400205e4 ___lc_codepage_func
0x1400205ec ___mb_cur_max_func
0x1400205f4 __getmainargs
0x1400205fc __initenv
0x140020604 __iob_func
0x14002060c __lconv_init
0x140020614 __set_app_type
0x14002061c __setusermatherr
0x140020624 _acmdln
0x14002062c _amsg_exit
0x140020634 _beginthreadex
0x14002063c _cexit
0x140020644 _commode
0x14002064c _endthreadex
0x140020654 _errno
0x14002065c _fmode
0x140020664 _initterm
0x14002066c _lock
0x140020674 _memccpy
0x14002067c _onexit
0x140020684 _setjmp
0x14002068c _strdup
0x140020694 _ultoa
0x14002069c _unlock
0x1400206a4 abort
0x1400206ac atoi
0x1400206b4 calloc
0x1400206bc clock
0x1400206c4 exit
0x1400206cc fprintf
0x1400206d4 fputc
0x1400206dc free
0x1400206e4 fwrite
0x1400206ec getc
0x1400206f4 islower
0x1400206fc isspace
0x140020704 isupper
0x14002070c isxdigit
0x140020714 localeconv
0x14002071c longjmp
0x140020724 malloc
0x14002072c memcpy
0x140020734 memmove
0x14002073c memset
0x140020744 printf
0x14002074c realloc
0x140020754 signal
0x14002075c strcat
0x140020764 strcpy
0x14002076c strerror
0x140020774 strlen
0x14002077c strncmp
0x140020784 strtol
0x14002078c strtoul
0x140020794 tolower
0x14002079c ungetc
0x1400207a4 vfprintf
0x1400207ac wcslen
EAT(Export Address Table) is none
KERNEL32.dll
0x1400203fc AddAtomA
0x140020404 AddVectoredExceptionHandler
0x14002040c CloseHandle
0x140020414 CreateEventA
0x14002041c CreateMutexA
0x140020424 CreateSemaphoreA
0x14002042c DeleteAtom
0x140020434 DeleteCriticalSection
0x14002043c DuplicateHandle
0x140020444 EnterCriticalSection
0x14002044c FindAtomA
0x140020454 FormatMessageA
0x14002045c GetAtomNameA
0x140020464 GetCurrentProcess
0x14002046c GetCurrentProcessId
0x140020474 GetCurrentThread
0x14002047c GetCurrentThreadId
0x140020484 GetHandleInformation
0x14002048c GetLastError
0x140020494 GetProcessAffinityMask
0x14002049c GetStartupInfoA
0x1400204a4 GetSystemTimeAsFileTime
0x1400204ac GetThreadContext
0x1400204b4 GetThreadPriority
0x1400204bc GetTickCount
0x1400204c4 InitializeCriticalSection
0x1400204cc IsDBCSLeadByteEx
0x1400204d4 IsDebuggerPresent
0x1400204dc LeaveCriticalSection
0x1400204e4 LocalFree
0x1400204ec MultiByteToWideChar
0x1400204f4 OpenProcess
0x1400204fc OutputDebugStringA
0x140020504 QueryPerformanceCounter
0x14002050c QueryPerformanceFrequency
0x140020514 RaiseException
0x14002051c ReleaseMutex
0x140020524 ReleaseSemaphore
0x14002052c RemoveVectoredExceptionHandler
0x140020534 ResetEvent
0x14002053c ResumeThread
0x140020544 SetEvent
0x14002054c SetLastError
0x140020554 SetProcessAffinityMask
0x14002055c SetThreadContext
0x140020564 SetThreadPriority
0x14002056c SetUnhandledExceptionFilter
0x140020574 Sleep
0x14002057c SuspendThread
0x140020584 TlsAlloc
0x14002058c TlsGetValue
0x140020594 TlsSetValue
0x14002059c TryEnterCriticalSection
0x1400205a4 VirtualAlloc
0x1400205ac VirtualProtect
0x1400205b4 VirtualQuery
0x1400205bc WaitForMultipleObjects
0x1400205c4 WaitForSingleObject
0x1400205cc WideCharToMultiByte
0x1400205d4 __C_specific_handler
msvcrt.dll
0x1400205e4 ___lc_codepage_func
0x1400205ec ___mb_cur_max_func
0x1400205f4 __getmainargs
0x1400205fc __initenv
0x140020604 __iob_func
0x14002060c __lconv_init
0x140020614 __set_app_type
0x14002061c __setusermatherr
0x140020624 _acmdln
0x14002062c _amsg_exit
0x140020634 _beginthreadex
0x14002063c _cexit
0x140020644 _commode
0x14002064c _endthreadex
0x140020654 _errno
0x14002065c _fmode
0x140020664 _initterm
0x14002066c _lock
0x140020674 _memccpy
0x14002067c _onexit
0x140020684 _setjmp
0x14002068c _strdup
0x140020694 _ultoa
0x14002069c _unlock
0x1400206a4 abort
0x1400206ac atoi
0x1400206b4 calloc
0x1400206bc clock
0x1400206c4 exit
0x1400206cc fprintf
0x1400206d4 fputc
0x1400206dc free
0x1400206e4 fwrite
0x1400206ec getc
0x1400206f4 islower
0x1400206fc isspace
0x140020704 isupper
0x14002070c isxdigit
0x140020714 localeconv
0x14002071c longjmp
0x140020724 malloc
0x14002072c memcpy
0x140020734 memmove
0x14002073c memset
0x140020744 printf
0x14002074c realloc
0x140020754 signal
0x14002075c strcat
0x140020764 strcpy
0x14002076c strerror
0x140020774 strlen
0x14002077c strncmp
0x140020784 strtol
0x14002078c strtoul
0x140020794 tolower
0x14002079c ungetc
0x1400207a4 vfprintf
0x1400207ac wcslen
EAT(Export Address Table) is none