ScreenShot
| Created | 2024.08.11 14:50 | Machine | s1_win7_x6403 |
| Filename | 66ae96cb3d23b_crypted.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 4587aa68e93674b5d4e35fff967b72b0 | ||
| sha256 | 0e0c0490ffc84c7495c29f2cd0e302e982efc377764f22b57f0acbf637b93630 | ||
| ssdeep | 24576:F3dQC5oKB7j2xKR13XYpAaZq39jImMqKcXwm8j/jwt:FBoKB7j2xK1sZq3hImMqKI | ||
| imphash | ddd411113fce64ff664d110a3ad7d003 | ||
| impfuzzy | 48:v9dIcpVqzWs9xLzXtX/rtte4GzPpm63NuFZGVc:vPIcpVqzW2x/XtXDtte4GTpmNt | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x484000 WaitForSingleObject
0x484004 CreateThread
0x484008 GetProcAddress
0x48400c VirtualAllocEx
0x484010 GetModuleHandleW
0x484014 MultiByteToWideChar
0x484018 FormatMessageA
0x48401c GetStringTypeW
0x484020 WideCharToMultiByte
0x484024 GetCurrentThreadId
0x484028 CloseHandle
0x48402c WaitForSingleObjectEx
0x484030 Sleep
0x484034 SwitchToThread
0x484038 GetExitCodeThread
0x48403c GetNativeSystemInfo
0x484040 EnterCriticalSection
0x484044 LeaveCriticalSection
0x484048 InitializeCriticalSectionEx
0x48404c DeleteCriticalSection
0x484050 EncodePointer
0x484054 DecodePointer
0x484058 LocalFree
0x48405c GetLocaleInfoEx
0x484060 LCMapStringEx
0x484064 ReleaseSRWLockExclusive
0x484068 AcquireSRWLockExclusive
0x48406c TryAcquireSRWLockExclusive
0x484070 WakeConditionVariable
0x484074 WakeAllConditionVariable
0x484078 SleepConditionVariableSRW
0x48407c QueryPerformanceCounter
0x484080 QueryPerformanceFrequency
0x484084 SetFileInformationByHandle
0x484088 GetTempPathW
0x48408c InitOnceExecuteOnce
0x484090 CreateEventExW
0x484094 CreateSemaphoreExW
0x484098 FlushProcessWriteBuffers
0x48409c GetCurrentProcessorNumber
0x4840a0 GetSystemTimeAsFileTime
0x4840a4 GetTickCount64
0x4840a8 FreeLibraryWhenCallbackReturns
0x4840ac CreateThreadpoolTimer
0x4840b0 SetThreadpoolTimer
0x4840b4 WaitForThreadpoolTimerCallbacks
0x4840b8 CloseThreadpoolTimer
0x4840bc CreateThreadpoolWait
0x4840c0 SetThreadpoolWait
0x4840c4 CloseThreadpoolWait
0x4840c8 GetFileInformationByHandleEx
0x4840cc CreateSymbolicLinkW
0x4840d0 CompareStringEx
0x4840d4 GetCPInfo
0x4840d8 IsProcessorFeaturePresent
0x4840dc UnhandledExceptionFilter
0x4840e0 SetUnhandledExceptionFilter
0x4840e4 GetCurrentProcess
0x4840e8 TerminateProcess
0x4840ec GetCurrentProcessId
0x4840f0 InitializeSListHead
0x4840f4 IsDebuggerPresent
0x4840f8 GetStartupInfoW
0x4840fc CreateFileW
0x484100 RaiseException
0x484104 RtlUnwind
0x484108 InterlockedPushEntrySList
0x48410c InterlockedFlushSList
0x484110 GetLastError
0x484114 SetLastError
0x484118 InitializeCriticalSectionAndSpinCount
0x48411c TlsAlloc
0x484120 TlsGetValue
0x484124 TlsSetValue
0x484128 TlsFree
0x48412c FreeLibrary
0x484130 LoadLibraryExW
0x484134 ExitThread
0x484138 ResumeThread
0x48413c FreeLibraryAndExitThread
0x484140 GetModuleHandleExW
0x484144 GetStdHandle
0x484148 WriteFile
0x48414c GetModuleFileNameW
0x484150 ExitProcess
0x484154 GetCommandLineA
0x484158 GetCommandLineW
0x48415c HeapAlloc
0x484160 HeapFree
0x484164 GetCurrentThread
0x484168 GetDateFormatW
0x48416c GetTimeFormatW
0x484170 CompareStringW
0x484174 LCMapStringW
0x484178 GetLocaleInfoW
0x48417c IsValidLocale
0x484180 GetUserDefaultLCID
0x484184 EnumSystemLocalesW
0x484188 GetFileType
0x48418c SetConsoleCtrlHandler
0x484190 FlushFileBuffers
0x484194 GetConsoleOutputCP
0x484198 GetConsoleMode
0x48419c ReadFile
0x4841a0 GetFileSizeEx
0x4841a4 SetFilePointerEx
0x4841a8 ReadConsoleW
0x4841ac HeapReAlloc
0x4841b0 GetTimeZoneInformation
0x4841b4 OutputDebugStringW
0x4841b8 FindClose
0x4841bc FindFirstFileExW
0x4841c0 FindNextFileW
0x4841c4 IsValidCodePage
0x4841c8 GetACP
0x4841cc GetOEMCP
0x4841d0 GetEnvironmentStringsW
0x4841d4 FreeEnvironmentStringsW
0x4841d8 SetEnvironmentVariableW
0x4841dc SetStdHandle
0x4841e0 GetProcessHeap
0x4841e4 HeapSize
0x4841e8 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x484000 WaitForSingleObject
0x484004 CreateThread
0x484008 GetProcAddress
0x48400c VirtualAllocEx
0x484010 GetModuleHandleW
0x484014 MultiByteToWideChar
0x484018 FormatMessageA
0x48401c GetStringTypeW
0x484020 WideCharToMultiByte
0x484024 GetCurrentThreadId
0x484028 CloseHandle
0x48402c WaitForSingleObjectEx
0x484030 Sleep
0x484034 SwitchToThread
0x484038 GetExitCodeThread
0x48403c GetNativeSystemInfo
0x484040 EnterCriticalSection
0x484044 LeaveCriticalSection
0x484048 InitializeCriticalSectionEx
0x48404c DeleteCriticalSection
0x484050 EncodePointer
0x484054 DecodePointer
0x484058 LocalFree
0x48405c GetLocaleInfoEx
0x484060 LCMapStringEx
0x484064 ReleaseSRWLockExclusive
0x484068 AcquireSRWLockExclusive
0x48406c TryAcquireSRWLockExclusive
0x484070 WakeConditionVariable
0x484074 WakeAllConditionVariable
0x484078 SleepConditionVariableSRW
0x48407c QueryPerformanceCounter
0x484080 QueryPerformanceFrequency
0x484084 SetFileInformationByHandle
0x484088 GetTempPathW
0x48408c InitOnceExecuteOnce
0x484090 CreateEventExW
0x484094 CreateSemaphoreExW
0x484098 FlushProcessWriteBuffers
0x48409c GetCurrentProcessorNumber
0x4840a0 GetSystemTimeAsFileTime
0x4840a4 GetTickCount64
0x4840a8 FreeLibraryWhenCallbackReturns
0x4840ac CreateThreadpoolTimer
0x4840b0 SetThreadpoolTimer
0x4840b4 WaitForThreadpoolTimerCallbacks
0x4840b8 CloseThreadpoolTimer
0x4840bc CreateThreadpoolWait
0x4840c0 SetThreadpoolWait
0x4840c4 CloseThreadpoolWait
0x4840c8 GetFileInformationByHandleEx
0x4840cc CreateSymbolicLinkW
0x4840d0 CompareStringEx
0x4840d4 GetCPInfo
0x4840d8 IsProcessorFeaturePresent
0x4840dc UnhandledExceptionFilter
0x4840e0 SetUnhandledExceptionFilter
0x4840e4 GetCurrentProcess
0x4840e8 TerminateProcess
0x4840ec GetCurrentProcessId
0x4840f0 InitializeSListHead
0x4840f4 IsDebuggerPresent
0x4840f8 GetStartupInfoW
0x4840fc CreateFileW
0x484100 RaiseException
0x484104 RtlUnwind
0x484108 InterlockedPushEntrySList
0x48410c InterlockedFlushSList
0x484110 GetLastError
0x484114 SetLastError
0x484118 InitializeCriticalSectionAndSpinCount
0x48411c TlsAlloc
0x484120 TlsGetValue
0x484124 TlsSetValue
0x484128 TlsFree
0x48412c FreeLibrary
0x484130 LoadLibraryExW
0x484134 ExitThread
0x484138 ResumeThread
0x48413c FreeLibraryAndExitThread
0x484140 GetModuleHandleExW
0x484144 GetStdHandle
0x484148 WriteFile
0x48414c GetModuleFileNameW
0x484150 ExitProcess
0x484154 GetCommandLineA
0x484158 GetCommandLineW
0x48415c HeapAlloc
0x484160 HeapFree
0x484164 GetCurrentThread
0x484168 GetDateFormatW
0x48416c GetTimeFormatW
0x484170 CompareStringW
0x484174 LCMapStringW
0x484178 GetLocaleInfoW
0x48417c IsValidLocale
0x484180 GetUserDefaultLCID
0x484184 EnumSystemLocalesW
0x484188 GetFileType
0x48418c SetConsoleCtrlHandler
0x484190 FlushFileBuffers
0x484194 GetConsoleOutputCP
0x484198 GetConsoleMode
0x48419c ReadFile
0x4841a0 GetFileSizeEx
0x4841a4 SetFilePointerEx
0x4841a8 ReadConsoleW
0x4841ac HeapReAlloc
0x4841b0 GetTimeZoneInformation
0x4841b4 OutputDebugStringW
0x4841b8 FindClose
0x4841bc FindFirstFileExW
0x4841c0 FindNextFileW
0x4841c4 IsValidCodePage
0x4841c8 GetACP
0x4841cc GetOEMCP
0x4841d0 GetEnvironmentStringsW
0x4841d4 FreeEnvironmentStringsW
0x4841d8 SetEnvironmentVariableW
0x4841dc SetStdHandle
0x4841e0 GetProcessHeap
0x4841e4 HeapSize
0x4841e8 WriteConsoleW
EAT(Export Address Table) is none