Report - ZeroBOX

ScreenShot

Info
Location map


Created	2024.08.11 14:54	Machine	s1_win7_x6401
Filename	tt222.exe
Type	PE32+ executable (GUI) x86-64, for MS Windows
AI Score	4	Behavior Score	1.2
ZERO API	file : malware
VT API (file)	31 detected (AIDetectMalware, GameHack, malicious, high confidence, Cerbu, Unsafe, Vgs4, Attribute, HighConfidence, AGen, OZ potentially unsafe, CLOUD, Whisperer, Detected, ai score=82, Wacapew, ABRisk, HECK, Artemis, R002H09H924, confidence)
md5	ff081c6eebbd9fef49eb7e78ac566a78
sha256	2ad1af512c70ed61705b9e74a815ba42026da3847f3d720a70e34ab8b1f254c3
ssdeep	49152:yobfepaiJyjoMvq8kKeJgD7XraNv8no8cicidpmMtNV+00p4KXTCWubs270QrvV9:yoyv9GnxJtWTQ1UnPk8q
imphash	59ef1276075e78e704bcfa1f65a942ae
impfuzzy	192:5BXWJ7i4ftpTWmLzxvq8NhoRaxgNQgqJi2h2AiDxjFlJ:5BXI7vTDL9t0NQTJiAhKx7J

Network IP location

Signature (2cnts)

Level	Description
danger	File has been identified by 31 AntiVirus engines on VirusTotal as malicious
info	This executable has a PDB path

Rules (6cnts)

Level	Name	Description	Collection
watch	Antivirus	Contains references to security software	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x1400ce0f8 GetFirmwareType
0x1400ce100 InitializeCriticalSectionEx
0x1400ce108 DeleteCriticalSection
0x1400ce110 GetLocaleInfoEx
0x1400ce118 FormatMessageA
0x1400ce120 LocalFree
0x1400ce128 ExpandEnvironmentStringsA
0x1400ce130 GetTickCount64
0x1400ce138 VerifyVersionInfoW
0x1400ce140 FormatMessageW
0x1400ce148 SetFileCompletionNotificationModes
0x1400ce150 CloseThreadpoolIo
0x1400ce158 CancelThreadpoolIo
0x1400ce160 StartThreadpoolIo
0x1400ce168 CreateThreadpoolIo
0x1400ce170 GetOverlappedResult
0x1400ce178 WriteFile
0x1400ce180 GetCurrentThread
0x1400ce188 GetFileSizeEx
0x1400ce190 CreateFileW
0x1400ce198 OutputDebugStringW
0x1400ce1a0 InitOnceBeginInitialize
0x1400ce1a8 InitOnceComplete
0x1400ce1b0 InitializeSListHead
0x1400ce1b8 GetSystemTimeAsFileTime
0x1400ce1c0 GetCurrentThreadId
0x1400ce1c8 GetCurrentProcessId
0x1400ce1d0 GetModuleHandleW
0x1400ce1d8 GetStartupInfoW
0x1400ce1e0 IsDebuggerPresent
0x1400ce1e8 IsProcessorFeaturePresent
0x1400ce1f0 SetUnhandledExceptionFilter
0x1400ce1f8 UnhandledExceptionFilter
0x1400ce200 RtlVirtualUnwind
0x1400ce208 RtlLookupFunctionEntry
0x1400ce210 RtlCaptureContext
0x1400ce218 SleepConditionVariableSRW
0x1400ce220 WakeAllConditionVariable
0x1400ce228 AcquireSRWLockExclusive
0x1400ce230 ReleaseSRWLockExclusive
0x1400ce238 Sleep
0x1400ce240 ExitProcess
0x1400ce248 CloseHandle
0x1400ce250 GetLastError
0x1400ce258 WaitForSingleObject
0x1400ce260 FindClose
0x1400ce268 FindNextFileA
0x1400ce270 GetUserDefaultLocaleName
0x1400ce278 TerminateProcess
0x1400ce280 GetCurrentProcess
0x1400ce288 FindFirstFileA
0x1400ce290 GetModuleFileNameA
0x1400ce298 GlobalUnlock
0x1400ce2a0 WideCharToMultiByte
0x1400ce2a8 GlobalLock
0x1400ce2b0 GlobalFree
0x1400ce2b8 GlobalAlloc
0x1400ce2c0 QueryPerformanceCounter
0x1400ce2c8 FreeLibrary
0x1400ce2d0 VerSetConditionMask
0x1400ce2d8 GetProcAddress
0x1400ce2e0 QueryPerformanceFrequency
0x1400ce2e8 LoadLibraryA
0x1400ce2f0 GetFirmwareEnvironmentVariableA
0x1400ce2f8 MultiByteToWideChar
0x1400ce300 GetModuleHandleA
0x1400ce308 GetLocaleInfoA
0x1400ce310 ReadFile
USER32.dll
0x1400ce758 LoadIconA
0x1400ce760 CreateWindowExA
0x1400ce768 RegisterClassExA
0x1400ce770 SetCursorPos
0x1400ce778 DispatchMessageA
0x1400ce780 GetWindowRect
0x1400ce788 ReleaseCapture
0x1400ce790 DestroyWindow
0x1400ce798 GetCursorPos
0x1400ce7a0 CreateWindowExW
0x1400ce7a8 GetSystemMetrics
0x1400ce7b0 UnregisterClassW
0x1400ce7b8 RegisterClassExW
0x1400ce7c0 ShowWindow
0x1400ce7c8 MoveWindow
0x1400ce7d0 DefWindowProcA
0x1400ce7d8 TranslateMessage
0x1400ce7e0 PeekMessageA
0x1400ce7e8 PostQuitMessage
0x1400ce7f0 UpdateWindow
0x1400ce7f8 OpenClipboard
0x1400ce800 SetWindowRgn
0x1400ce808 IsWindowUnicode
0x1400ce810 GetClientRect
0x1400ce818 CloseClipboard
0x1400ce820 EmptyClipboard
0x1400ce828 SetCursor
0x1400ce830 SetCapture
0x1400ce838 GetForegroundWindow
0x1400ce840 GetKeyboardLayout
0x1400ce848 TrackMouseEvent
0x1400ce850 ClientToScreen
0x1400ce858 GetCapture
0x1400ce860 ScreenToClient
0x1400ce868 GetClipboardData
0x1400ce870 SetClipboardData
0x1400ce878 LoadCursorA
0x1400ce880 GetKeyState
0x1400ce888 GetMessageExtraInfo
GDI32.dll
0x1400ce0c0 CreateRoundRectRgn
ADVAPI32.dll
0x1400ce000 LookupPrivilegeValueA
0x1400ce008 RegSetValueExA
0x1400ce010 GetUserNameW
0x1400ce018 OpenProcessToken
0x1400ce020 RegQueryValueExA
0x1400ce028 RegCloseKey
0x1400ce030 AdjustTokenPrivileges
0x1400ce038 RegOpenKeyExA
0x1400ce040 RegGetValueA
0x1400ce048 RegCreateKeyExA
SHELL32.dll
0x1400ce748 ShellExecuteExA
D3DCOMPILER_43.dll
0x1400ce0b0 D3DCompile
MSVCP140.dll
0x1400ce320 ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
0x1400ce328 ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
0x1400ce330 ?_Xbad_alloc@std@@YAXXZ
0x1400ce338 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400ce340 ?_Random_device@std@@YAIXZ
0x1400ce348 ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
0x1400ce350 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400ce358 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x1400ce360 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400ce368 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400ce370 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400ce378 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400ce380 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400ce388 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400ce390 ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
0x1400ce398 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ce3a0 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400ce3a8 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400ce3b0 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400ce3b8 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400ce3c0 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400ce3c8 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400ce3d0 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1400ce3d8 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400ce3e0 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1400ce3e8 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ce3f0 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ce3f8 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400ce400 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
0x1400ce408 ??Bios_base@std@@QEBA_NXZ
0x1400ce410 ??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
0x1400ce418 ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
0x1400ce420 ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
0x1400ce428 ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
0x1400ce430 ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
0x1400ce438 ?_Incref@facet@locale@std@@UEAAXXZ
0x1400ce440 ??Bid@locale@std@@QEAA_KXZ
0x1400ce448 _Mtx_destroy_in_situ
0x1400ce450 _Mtx_init_in_situ
0x1400ce458 ??1_Lockit@std@@QEAA@XZ
0x1400ce460 ??0_Lockit@std@@QEAA@H@Z
0x1400ce468 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400ce470 ?uncaught_exception@std@@YA_NXZ
0x1400ce478 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400ce480 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1400ce488 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400ce490 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400ce498 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400ce4a0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400ce4a8 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400ce4b0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400ce4b8 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1400ce4c0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400ce4c8 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1400ce4d0 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1400ce4d8 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400ce4e0 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400ce4e8 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400ce4f0 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400ce4f8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400ce500 ?good@ios_base@std@@QEBA_NXZ
0x1400ce508 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400ce510 ?_Throw_Cpp_error@std@@YAXH@Z
0x1400ce518 ?_Xbad_function_call@std@@YAXXZ
0x1400ce520 _Cnd_do_broadcast_at_thread_exit
0x1400ce528 _Thrd_detach
0x1400ce530 ?_Xinvalid_argument@std@@YAXPEBD@Z
0x1400ce538 ?fail@ios_base@std@@QEBA_NXZ
0x1400ce540 ?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
0x1400ce548 ?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
0x1400ce550 ?_ReportUnobservedException@details@Concurrency@@YAXXZ
0x1400ce558 ?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
0x1400ce560 ?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
0x1400ce568 ?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
0x1400ce570 ?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
0x1400ce578 ?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
0x1400ce580 ?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
0x1400ce588 ?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
0x1400ce590 ?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
0x1400ce598 ?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
0x1400ce5a0 ?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
0x1400ce5a8 ?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
0x1400ce5b0 ?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
0x1400ce5b8 ?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
0x1400ce5c0 ?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
0x1400ce5c8 ??0task_continuation_context@Concurrency@@AEAA@XZ
0x1400ce5d0 ?__ExceptionPtrCreate@@YAXPEAX@Z
0x1400ce5d8 _Cnd_init_in_situ
0x1400ce5e0 ?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
0x1400ce5e8 ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
0x1400ce5f0 ?__ExceptionPtrToBool@@YA_NPEBX@Z
0x1400ce5f8 ?__ExceptionPtrDestroy@@YAXPEAX@Z
0x1400ce600 _Mtx_lock
0x1400ce608 ?__ExceptionPtrCurrentException@@YAXPEAX@Z
0x1400ce610 ?__ExceptionPtrRethrow@@YAXPEBX@Z
0x1400ce618 _Cnd_wait
0x1400ce620 _Mtx_unlock
0x1400ce628 _Cnd_broadcast
0x1400ce630 _Cnd_destroy_in_situ
0x1400ce638 ?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
0x1400ce640 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
0x1400ce648 ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
0x1400ce650 ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
0x1400ce658 ?_Xlength_error@std@@YAXPEBD@Z
0x1400ce660 ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
0x1400ce668 ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
0x1400ce670 ?classic@locale@std@@SAAEBV12@XZ
0x1400ce678 ?_Throw_C_error@std@@YAXH@Z
0x1400ce680 ??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
0x1400ce688 ??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
0x1400ce690 ??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
0x1400ce698 ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
0x1400ce6a0 ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
0x1400ce6a8 ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1400ce6b0 ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
0x1400ce6b8 ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
0x1400ce6c0 ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
0x1400ce6c8 ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
0x1400ce6d0 ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
0x1400ce6d8 ??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
0x1400ce6e0 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
0x1400ce6e8 ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
0x1400ce6f0 ?__ExceptionPtrCompare@@YA_NPEBX0@Z
0x1400ce6f8 ?_Syserror_map@std@@YAPEBDH@Z
0x1400ce700 ?_Winerror_map@std@@YAHH@Z
0x1400ce708 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
0x1400ce710 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
0x1400ce718 ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
0x1400ce720 ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
0x1400ce728 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
0x1400ce730 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
0x1400ce738 ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
d3d11.dll
0x1400cecb8 D3D11CreateDeviceAndSwapChain
d3dx11_43.dll
0x1400cecc8 D3DX11CreateShaderResourceViewFromMemory
IMM32.dll
0x1400ce0d0 ImmSetCandidateWindow
0x1400ce0d8 ImmSetCompositionWindow
0x1400ce0e0 ImmReleaseContext
0x1400ce0e8 ImmGetContext
CONCRT140.dll
0x1400ce058 ??1_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
0x1400ce060 ??0_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
0x1400ce068 ?_Release@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
0x1400ce070 ?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
CRYPT32.dll
0x1400ce080 CertVerifyCertificateChainPolicy
0x1400ce088 CertFreeCertificateChain
0x1400ce090 CertGetCertificateChain
0x1400ce098 CertFreeCertificateContext
0x1400ce0a0 CryptUnprotectMemory
crypt.dll
0x1400cec78 BCryptFinishHash
0x1400cec80 BCryptHashData
0x1400cec88 BCryptCreateHash
0x1400cec90 BCryptDestroyHash
0x1400cec98 BCryptCloseAlgorithmProvider
0x1400ceca0 BCryptGetProperty
0x1400ceca8 BCryptOpenAlgorithmProvider
WINHTTP.dll
0x1400ce920 WinHttpWriteData
0x1400ce928 WinHttpCloseHandle
0x1400ce930 WinHttpOpen
0x1400ce938 WinHttpConnect
0x1400ce940 WinHttpReadData
0x1400ce948 WinHttpSetStatusCallback
0x1400ce950 WinHttpSetTimeouts
0x1400ce958 WinHttpSetOption
0x1400ce960 WinHttpQueryOption
0x1400ce968 WinHttpQueryDataAvailable
0x1400ce970 WinHttpGetDefaultProxyConfiguration
0x1400ce978 WinHttpOpenRequest
0x1400ce980 WinHttpGetProxyForUrl
0x1400ce988 WinHttpQueryHeaders
0x1400ce990 WinHttpReceiveResponse
0x1400ce998 WinHttpQueryAuthSchemes
0x1400ce9a0 WinHttpSetCredentials
0x1400ce9a8 WinHttpSendRequest
0x1400ce9b0 WinHttpAddRequestHeaders
0x1400ce9b8 WinHttpGetIEProxyConfigForCurrentUser
VCRUNTIME140_1.dll
0x1400ce910 __CxxFrameHandler4
VCRUNTIME140.dll
0x1400ce898 __current_exception_context
0x1400ce8a0 __std_terminate
0x1400ce8a8 strstr
0x1400ce8b0 __std_exception_destroy
0x1400ce8b8 __std_exception_copy
0x1400ce8c0 _purecall
0x1400ce8c8 memchr
0x1400ce8d0 __C_specific_handler
0x1400ce8d8 __current_exception
0x1400ce8e0 memcmp
0x1400ce8e8 memset
0x1400ce8f0 memcpy
0x1400ce8f8 memmove
0x1400ce900 _CxxThrowException
api-ms-win-crt-stdio-l1-1-0.dll
0x1400ceb40 __stdio_common_vsprintf_s
0x1400ceb48 fgetc
0x1400ceb50 fgetpos
0x1400ceb58 setvbuf
0x1400ceb60 ungetc
0x1400ceb68 fsetpos
0x1400ceb70 __stdio_common_vsscanf
0x1400ceb78 fread
0x1400ceb80 fputc
0x1400ceb88 __stdio_common_vsprintf
0x1400ceb90 _wfopen
0x1400ceb98 fwrite
0x1400ceba0 __stdio_common_vfprintf
0x1400ceba8 fseek
0x1400cebb0 fclose
0x1400cebb8 fflush
0x1400cebc0 __acrt_iob_func
0x1400cebc8 ftell
0x1400cebd0 _get_stream_buffer_pointers
0x1400cebd8 _fseeki64
0x1400cebe0 __p__commode
0x1400cebe8 _set_fmode
api-ms-win-crt-utility-l1-1-0.dll
0x1400cec68 qsort
api-ms-win-crt-string-l1-1-0.dll
0x1400cebf8 strcmp
0x1400cec00 strncpy
0x1400cec08 strncmp
0x1400cec10 isdigit
0x1400cec18 isalpha
0x1400cec20 strcat_s
0x1400cec28 isxdigit
0x1400cec30 strcpy_s
api-ms-win-crt-heap-l1-1-0.dll
0x1400cea18 _callnewh
0x1400cea20 realloc
0x1400cea28 _set_new_mode
0x1400cea30 free
0x1400cea38 malloc
api-ms-win-crt-runtime-l1-1-0.dll
0x1400cea98 _initialize_onexit_table
0x1400ceaa0 _register_onexit_function
0x1400ceaa8 _initialize_narrow_environment
0x1400ceab0 abort
0x1400ceab8 _crt_atexit
0x1400ceac0 _register_thread_local_exe_atexit_callback
0x1400ceac8 _c_exit
0x1400cead0 _errno
0x1400cead8 terminate
0x1400ceae0 _beginthreadex
0x1400ceae8 _configure_narrow_argv
0x1400ceaf0 _exit
0x1400ceaf8 _invalid_parameter_noinfo_noreturn
0x1400ceb00 _initterm_e
0x1400ceb08 _initterm
0x1400ceb10 _get_narrow_winmain_command_line
0x1400ceb18 _set_app_type
0x1400ceb20 _cexit
0x1400ceb28 exit
0x1400ceb30 _seh_filter_exe
api-ms-win-crt-convert-l1-1-0.dll
0x1400ce9c8 wcstombs_s
0x1400ce9d0 wcstol
0x1400ce9d8 atoi
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400ce9e8 _access_s
0x1400ce9f0 remove
0x1400ce9f8 _unlock_file
0x1400cea00 _lock_file
0x1400cea08 _mkdir
api-ms-win-crt-time-l1-1-0.dll
0x1400cec40 _time64
0x1400cec48 _localtime64
0x1400cec50 _localtime64_s
0x1400cec58 strftime
api-ms-win-crt-math-l1-1-0.dll
0x1400cea58 __setusermatherr
0x1400cea60 sinf
0x1400cea68 fmodf
0x1400cea70 acosf
0x1400cea78 sqrtf
0x1400cea80 cosf
0x1400cea88 ceilf
api-ms-win-crt-locale-l1-1-0.dll
0x1400cea48 _configthreadlocale

EAT(Export Address Table) is none

Report - tt222.exe

Signature (2cnts)

Rules (6cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure