ScreenShot
| Created | 2024.08.06 09:27 | Machine | s1_win7_x6403 |
| Filename | public.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 4 detected (malicious, moderate confidence, Casdet) | ||
| md5 | 099b959c7202e63afb435cb3bbbf25c8 | ||
| sha256 | 494e94d57ca2260c30b5d52ac414a2c8600eab38d08edb273832cee82685e1d8 | ||
| ssdeep | 384:1hILRmKwRxYaK666Q39pNiJBuXMFAqIqIr4ahKaYfziTz+3jpYd/Pt4T:1hILRmKwR2aZW9zilFd+zSOTS3Ko | ||
| imphash | f92f2e35c4a67c9bde631a2e24d5fdc4 | ||
| impfuzzy | 24:8MEmySPDMQSLaJCZhKbJLocAD29hT4Tg9ByihAtzAfBBBb+u5FzT9jDpylE9JEyo:KmVwQSLwyq1968BSwyesyLy8v0 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 4 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
api-ms-win-crt-string-l1-1-0.dll
0x140006200 _wcsicmp
0x140006208 strncpy
0x140006210 strncat
0x140006218 wcsnlen
0x140006220 wcsncmp
api-ms-win-crt-convert-l1-1-0.dll
0x1400060e8 mbstowcs
api-ms-win-crt-stdio-l1-1-0.dll
0x1400061d8 __stdio_common_vfprintf
0x1400061e0 __acrt_iob_func
0x1400061e8 _set_fmode
0x1400061f0 __p__commode
api-ms-win-crt-runtime-l1-1-0.dll
0x140006138 _register_onexit_function
0x140006140 _initialize_onexit_table
0x140006148 _initialize_narrow_environment
0x140006150 _crt_atexit
0x140006158 _register_thread_local_exe_atexit_callback
0x140006160 _c_exit
0x140006168 _cexit
0x140006170 __p___argv
0x140006178 __p___argc
0x140006180 _get_initial_narrow_environment
0x140006188 _configure_narrow_argv
0x140006190 exit
0x140006198 terminate
0x1400061a0 _initterm
0x1400061a8 _initterm_e
0x1400061b0 abort
0x1400061b8 _exit
0x1400061c0 _set_app_type
0x1400061c8 _seh_filter_exe
api-ms-win-crt-math-l1-1-0.dll
0x140006128 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x140006118 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1400060f8 free
0x140006100 calloc
0x140006108 _set_new_mode
KERNEL32.dll
0x140006000 GetLastError
0x140006008 GetCurrentProcess
0x140006010 LoadLibraryExW
0x140006018 GetProcAddress
0x140006020 FreeLibrary
0x140006028 TlsFree
0x140006030 TlsSetValue
0x140006038 TlsGetValue
0x140006040 TlsAlloc
0x140006048 InitializeCriticalSectionAndSpinCount
0x140006050 DeleteCriticalSection
0x140006058 SetLastError
0x140006060 RtlUnwindEx
0x140006068 GetModuleHandleW
0x140006070 IsProcessorFeaturePresent
0x140006078 SetUnhandledExceptionFilter
0x140006080 UnhandledExceptionFilter
0x140006088 IsDebuggerPresent
0x140006090 RtlVirtualUnwind
0x140006098 RtlLookupFunctionEntry
0x1400060a0 RtlCaptureContext
0x1400060a8 InitializeSListHead
0x1400060b0 GetSystemTimeAsFileTime
0x1400060b8 GetCurrentThreadId
0x1400060c0 GetCurrentProcessId
0x1400060c8 QueryPerformanceCounter
0x1400060d0 Sleep
0x1400060d8 TerminateProcess
EAT(Export Address Table) is none
api-ms-win-crt-string-l1-1-0.dll
0x140006200 _wcsicmp
0x140006208 strncpy
0x140006210 strncat
0x140006218 wcsnlen
0x140006220 wcsncmp
api-ms-win-crt-convert-l1-1-0.dll
0x1400060e8 mbstowcs
api-ms-win-crt-stdio-l1-1-0.dll
0x1400061d8 __stdio_common_vfprintf
0x1400061e0 __acrt_iob_func
0x1400061e8 _set_fmode
0x1400061f0 __p__commode
api-ms-win-crt-runtime-l1-1-0.dll
0x140006138 _register_onexit_function
0x140006140 _initialize_onexit_table
0x140006148 _initialize_narrow_environment
0x140006150 _crt_atexit
0x140006158 _register_thread_local_exe_atexit_callback
0x140006160 _c_exit
0x140006168 _cexit
0x140006170 __p___argv
0x140006178 __p___argc
0x140006180 _get_initial_narrow_environment
0x140006188 _configure_narrow_argv
0x140006190 exit
0x140006198 terminate
0x1400061a0 _initterm
0x1400061a8 _initterm_e
0x1400061b0 abort
0x1400061b8 _exit
0x1400061c0 _set_app_type
0x1400061c8 _seh_filter_exe
api-ms-win-crt-math-l1-1-0.dll
0x140006128 __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll
0x140006118 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1400060f8 free
0x140006100 calloc
0x140006108 _set_new_mode
KERNEL32.dll
0x140006000 GetLastError
0x140006008 GetCurrentProcess
0x140006010 LoadLibraryExW
0x140006018 GetProcAddress
0x140006020 FreeLibrary
0x140006028 TlsFree
0x140006030 TlsSetValue
0x140006038 TlsGetValue
0x140006040 TlsAlloc
0x140006048 InitializeCriticalSectionAndSpinCount
0x140006050 DeleteCriticalSection
0x140006058 SetLastError
0x140006060 RtlUnwindEx
0x140006068 GetModuleHandleW
0x140006070 IsProcessorFeaturePresent
0x140006078 SetUnhandledExceptionFilter
0x140006080 UnhandledExceptionFilter
0x140006088 IsDebuggerPresent
0x140006090 RtlVirtualUnwind
0x140006098 RtlLookupFunctionEntry
0x1400060a0 RtlCaptureContext
0x1400060a8 InitializeSListHead
0x1400060b0 GetSystemTimeAsFileTime
0x1400060b8 GetCurrentThreadId
0x1400060c0 GetCurrentProcessId
0x1400060c8 QueryPerformanceCounter
0x1400060d0 Sleep
0x1400060d8 TerminateProcess
EAT(Export Address Table) is none