ScreenShot
| Created | 2024.08.06 17:49 | Machine | s1_win7_x6401 |
| Filename | 1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | c6eae5603e3b43a51d2d2c449db3f6be | ||
| sha256 | a1f94fa283270290a5365565dd6234d4eba89c394d3c8076c064f62c53cbb749 | ||
| ssdeep | 12288:4uzzfSDgiGQbmkejmQJNT9MiH2wSD1ms1XJwDo3HY0nk25+Yn3anpgtQNZm1nthJ:YU7JNmiHjSnR3Ye5zapgtwZm1thGO | ||
| imphash | ad7a3589ff2ccdadc453f0632ec12f2f | ||
| impfuzzy | 48:pcWcrYrwI9ET8OSlONGaV/fcuPtwS1INikZe3N5:pcWcrYrwIeT8DONGaV/fcuPtwS1gBQ5 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x46f000 VerSetConditionMask
0x46f004 SetCurrentDirectoryW
0x46f008 GetCurrentDirectoryW
0x46f00c FileTimeToLocalFileTime
0x46f010 FindClose
0x46f014 FindFirstFileA
0x46f018 FindNextFileA
0x46f01c GetDriveTypeA
0x46f020 GetFileAttributesW
0x46f024 GetShortPathNameW
0x46f028 GetTempPathW
0x46f02c OutputDebugStringW
0x46f030 CloseHandle
0x46f034 GetLastError
0x46f038 SetErrorMode
0x46f03c SetEvent
0x46f040 CreateEventA
0x46f044 Sleep
0x46f048 CreateThread
0x46f04c GetSystemDirectoryA
0x46f050 GetSystemDirectoryW
0x46f054 GetWindowsDirectoryW
0x46f058 GetVersionExW
0x46f05c GetModuleHandleW
0x46f060 GetProcAddress
0x46f064 SizeofResource
0x46f068 FindResourceW
0x46f06c LoadLibraryW
0x46f070 FindResourceA
0x46f074 QueryDosDeviceA
0x46f078 VerifyVersionInfoW
0x46f07c FileTimeToSystemTime
0x46f080 GetUserDefaultLangID
0x46f084 GetTickCount
0x46f088 GetSystemDefaultLangID
0x46f08c GetExitCodeProcess
0x46f090 FreeLibrary
0x46f094 CreateMutexW
0x46f098 GetCurrentProcess
0x46f09c GetModuleFileNameW
0x46f0a0 LoadResource
0x46f0a4 LockResource
0x46f0a8 GlobalAlloc
0x46f0ac GlobalFree
0x46f0b0 LocalFree
0x46f0b4 FormatMessageW
0x46f0b8 OutputDebugStringA
0x46f0bc SystemTimeToTzSpecificLocalTime
0x46f0c0 GetFileInformationByHandle
0x46f0c4 ReadFile
0x46f0c8 SetHandleInformation
0x46f0cc CreatePipe
0x46f0d0 WaitForSingleObject
0x46f0d4 TerminateProcess
0x46f0d8 CreateProcessW
0x46f0dc GetSystemInfo
0x46f0e0 GetVersionExA
0x46f0e4 LoadLibraryExW
0x46f0e8 CreateDirectoryW
0x46f0ec DeleteFileW
0x46f0f0 FindNextFileW
0x46f0f4 GetFileSizeEx
0x46f0f8 GetCurrentThread
0x46f0fc CopyFileW
0x46f100 MoveFileExW
0x46f104 SetLastError
0x46f108 GetSystemTimeAsFileTime
0x46f10c CreateFileW
0x46f110 FlushFileBuffers
0x46f114 WriteFile
0x46f118 SetEnvironmentVariableW
0x46f11c FindFirstFileExW
0x46f120 GetDriveTypeW
0x46f124 LoadLibraryA
0x46f128 BeginUpdateResourceW
0x46f12c UpdateResourceW
0x46f130 GetDiskFreeSpaceExW
0x46f134 GetFileAttributesExW
0x46f138 GetFullPathNameW
0x46f13c RemoveDirectoryW
0x46f140 SetFileAttributesW
0x46f144 WriteConsoleW
0x46f148 MapViewOfFile
0x46f14c UnmapViewOfFile
0x46f150 CreateFileMappingA
0x46f154 MultiByteToWideChar
0x46f158 WideCharToMultiByte
0x46f15c GetACP
0x46f160 VirtualQuery
0x46f164 GetFileSize
0x46f168 SetFilePointer
0x46f16c DecodePointer
0x46f170 RaiseException
0x46f174 HeapDestroy
0x46f178 HeapAlloc
0x46f17c HeapReAlloc
0x46f180 HeapFree
0x46f184 HeapSize
0x46f188 GetProcessHeap
0x46f18c InitializeCriticalSectionEx
0x46f190 DeleteCriticalSection
0x46f194 EndUpdateResourceW
0x46f198 FindResourceExW
0x46f19c InitializeCriticalSection
0x46f1a0 EnterCriticalSection
0x46f1a4 LeaveCriticalSection
0x46f1a8 CreateFileA
0x46f1ac InitializeCriticalSectionAndSpinCount
0x46f1b0 ResetEvent
0x46f1b4 WaitForSingleObjectEx
0x46f1b8 CreateEventW
0x46f1bc UnhandledExceptionFilter
0x46f1c0 SetUnhandledExceptionFilter
0x46f1c4 IsProcessorFeaturePresent
0x46f1c8 QueryPerformanceCounter
0x46f1cc GetCurrentProcessId
0x46f1d0 GetCurrentThreadId
0x46f1d4 InitializeSListHead
0x46f1d8 IsDebuggerPresent
0x46f1dc GetStartupInfoW
0x46f1e0 GetStringTypeW
0x46f1e4 EncodePointer
0x46f1e8 SwitchToThread
0x46f1ec TlsAlloc
0x46f1f0 TlsGetValue
0x46f1f4 TlsSetValue
0x46f1f8 TlsFree
0x46f1fc CompareStringW
0x46f200 LCMapStringW
0x46f204 GetLocaleInfoW
0x46f208 GetCPInfo
0x46f20c ExitProcess
0x46f210 GetModuleHandleExW
0x46f214 GetConsoleCP
0x46f218 GetConsoleMode
0x46f21c GetFileType
0x46f220 SetStdHandle
0x46f224 GetStdHandle
0x46f228 SetFilePointerEx
0x46f22c IsValidLocale
0x46f230 GetUserDefaultLCID
0x46f234 EnumSystemLocalesW
0x46f238 ReadConsoleW
0x46f23c SetEndOfFile
0x46f240 IsValidCodePage
0x46f244 GetOEMCP
0x46f248 GetCommandLineA
0x46f24c GetCommandLineW
0x46f250 GetEnvironmentStringsW
0x46f254 FreeEnvironmentStringsW
0x46f258 RtlUnwind
0x46f25c LoadLibraryExA
0x46f260 VirtualProtect
SHLWAPI.dll
0x46f268 PathCombineA
EAT(Export Address Table) Library
0x403c70 ??4CResource@@QAEAAV0@$$QAV0@@Z
0x403c70 ??4CResource@@QAEAAV0@ABV0@@Z
0x421860 ?BitmapResourceHandler@CResource@@IAEKPBD0PAX@Z
0x421ba0 ?GetResourceHandler@CResource@@IAE_NPBD@Z
0x422140 ?StringResourceHandler@CResource@@IAEKPBD0PAX@Z
0x4221c0 ?UpdateFileResource@CResource@@QAEKPBD00PAX@Z
0x422220 ?UpdateFixedVersionResource@CResource@@IAEKPBD00@Z
0x422430 ?UpdateResourceInternal@CResource@@IAEKPBD00GPBXK@Z
0x4224b0 ?UpdateVariableVersionResource@CResource@@IAEKPBD00@Z
0x422750 ?VersionResourceHandler@CResource@@IAEKPBD0PAX@Z
KERNEL32.dll
0x46f000 VerSetConditionMask
0x46f004 SetCurrentDirectoryW
0x46f008 GetCurrentDirectoryW
0x46f00c FileTimeToLocalFileTime
0x46f010 FindClose
0x46f014 FindFirstFileA
0x46f018 FindNextFileA
0x46f01c GetDriveTypeA
0x46f020 GetFileAttributesW
0x46f024 GetShortPathNameW
0x46f028 GetTempPathW
0x46f02c OutputDebugStringW
0x46f030 CloseHandle
0x46f034 GetLastError
0x46f038 SetErrorMode
0x46f03c SetEvent
0x46f040 CreateEventA
0x46f044 Sleep
0x46f048 CreateThread
0x46f04c GetSystemDirectoryA
0x46f050 GetSystemDirectoryW
0x46f054 GetWindowsDirectoryW
0x46f058 GetVersionExW
0x46f05c GetModuleHandleW
0x46f060 GetProcAddress
0x46f064 SizeofResource
0x46f068 FindResourceW
0x46f06c LoadLibraryW
0x46f070 FindResourceA
0x46f074 QueryDosDeviceA
0x46f078 VerifyVersionInfoW
0x46f07c FileTimeToSystemTime
0x46f080 GetUserDefaultLangID
0x46f084 GetTickCount
0x46f088 GetSystemDefaultLangID
0x46f08c GetExitCodeProcess
0x46f090 FreeLibrary
0x46f094 CreateMutexW
0x46f098 GetCurrentProcess
0x46f09c GetModuleFileNameW
0x46f0a0 LoadResource
0x46f0a4 LockResource
0x46f0a8 GlobalAlloc
0x46f0ac GlobalFree
0x46f0b0 LocalFree
0x46f0b4 FormatMessageW
0x46f0b8 OutputDebugStringA
0x46f0bc SystemTimeToTzSpecificLocalTime
0x46f0c0 GetFileInformationByHandle
0x46f0c4 ReadFile
0x46f0c8 SetHandleInformation
0x46f0cc CreatePipe
0x46f0d0 WaitForSingleObject
0x46f0d4 TerminateProcess
0x46f0d8 CreateProcessW
0x46f0dc GetSystemInfo
0x46f0e0 GetVersionExA
0x46f0e4 LoadLibraryExW
0x46f0e8 CreateDirectoryW
0x46f0ec DeleteFileW
0x46f0f0 FindNextFileW
0x46f0f4 GetFileSizeEx
0x46f0f8 GetCurrentThread
0x46f0fc CopyFileW
0x46f100 MoveFileExW
0x46f104 SetLastError
0x46f108 GetSystemTimeAsFileTime
0x46f10c CreateFileW
0x46f110 FlushFileBuffers
0x46f114 WriteFile
0x46f118 SetEnvironmentVariableW
0x46f11c FindFirstFileExW
0x46f120 GetDriveTypeW
0x46f124 LoadLibraryA
0x46f128 BeginUpdateResourceW
0x46f12c UpdateResourceW
0x46f130 GetDiskFreeSpaceExW
0x46f134 GetFileAttributesExW
0x46f138 GetFullPathNameW
0x46f13c RemoveDirectoryW
0x46f140 SetFileAttributesW
0x46f144 WriteConsoleW
0x46f148 MapViewOfFile
0x46f14c UnmapViewOfFile
0x46f150 CreateFileMappingA
0x46f154 MultiByteToWideChar
0x46f158 WideCharToMultiByte
0x46f15c GetACP
0x46f160 VirtualQuery
0x46f164 GetFileSize
0x46f168 SetFilePointer
0x46f16c DecodePointer
0x46f170 RaiseException
0x46f174 HeapDestroy
0x46f178 HeapAlloc
0x46f17c HeapReAlloc
0x46f180 HeapFree
0x46f184 HeapSize
0x46f188 GetProcessHeap
0x46f18c InitializeCriticalSectionEx
0x46f190 DeleteCriticalSection
0x46f194 EndUpdateResourceW
0x46f198 FindResourceExW
0x46f19c InitializeCriticalSection
0x46f1a0 EnterCriticalSection
0x46f1a4 LeaveCriticalSection
0x46f1a8 CreateFileA
0x46f1ac InitializeCriticalSectionAndSpinCount
0x46f1b0 ResetEvent
0x46f1b4 WaitForSingleObjectEx
0x46f1b8 CreateEventW
0x46f1bc UnhandledExceptionFilter
0x46f1c0 SetUnhandledExceptionFilter
0x46f1c4 IsProcessorFeaturePresent
0x46f1c8 QueryPerformanceCounter
0x46f1cc GetCurrentProcessId
0x46f1d0 GetCurrentThreadId
0x46f1d4 InitializeSListHead
0x46f1d8 IsDebuggerPresent
0x46f1dc GetStartupInfoW
0x46f1e0 GetStringTypeW
0x46f1e4 EncodePointer
0x46f1e8 SwitchToThread
0x46f1ec TlsAlloc
0x46f1f0 TlsGetValue
0x46f1f4 TlsSetValue
0x46f1f8 TlsFree
0x46f1fc CompareStringW
0x46f200 LCMapStringW
0x46f204 GetLocaleInfoW
0x46f208 GetCPInfo
0x46f20c ExitProcess
0x46f210 GetModuleHandleExW
0x46f214 GetConsoleCP
0x46f218 GetConsoleMode
0x46f21c GetFileType
0x46f220 SetStdHandle
0x46f224 GetStdHandle
0x46f228 SetFilePointerEx
0x46f22c IsValidLocale
0x46f230 GetUserDefaultLCID
0x46f234 EnumSystemLocalesW
0x46f238 ReadConsoleW
0x46f23c SetEndOfFile
0x46f240 IsValidCodePage
0x46f244 GetOEMCP
0x46f248 GetCommandLineA
0x46f24c GetCommandLineW
0x46f250 GetEnvironmentStringsW
0x46f254 FreeEnvironmentStringsW
0x46f258 RtlUnwind
0x46f25c LoadLibraryExA
0x46f260 VirtualProtect
SHLWAPI.dll
0x46f268 PathCombineA
EAT(Export Address Table) Library
0x403c70 ??4CResource@@QAEAAV0@$$QAV0@@Z
0x403c70 ??4CResource@@QAEAAV0@ABV0@@Z
0x421860 ?BitmapResourceHandler@CResource@@IAEKPBD0PAX@Z
0x421ba0 ?GetResourceHandler@CResource@@IAE_NPBD@Z
0x422140 ?StringResourceHandler@CResource@@IAEKPBD0PAX@Z
0x4221c0 ?UpdateFileResource@CResource@@QAEKPBD00PAX@Z
0x422220 ?UpdateFixedVersionResource@CResource@@IAEKPBD00@Z
0x422430 ?UpdateResourceInternal@CResource@@IAEKPBD00GPBXK@Z
0x4224b0 ?UpdateVariableVersionResource@CResource@@IAEKPBD00@Z
0x422750 ?VersionResourceHandler@CResource@@IAEKPBD0PAX@Z