ScreenShot
| Created | 2024.08.13 07:03 | Machine | s1_win7_x6401 |
| Filename | ed521f9314ec81688174f7c3b29e128339bf7586e930b1dca76a8e165b9cb5b5.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 46b15a02a32f9a1e2d8c891ef42aad81 | ||
| sha256 | ed521f9314ec81688174f7c3b29e128339bf7586e930b1dca76a8e165b9cb5b5 | ||
| ssdeep | 6144:EPPfTi1ByLSYC1riU701n/1wRdLRfKIbRXMA:EvTiXymYC1rJ0R1CdKIbph | ||
| imphash | a2a0817e6392d97a0384682bfc79e3d7 | ||
| impfuzzy | 48:ZKJREYPPh/pjMDmjt5PfueKch+qKdZNZxBxkrn:G9PJhjMMt5PhKch+qG1xKn | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x432000 LocalUnlock
0x432004 SetDefaultCommConfigA
0x432008 GlobalDeleteAtom
0x43200c OpenFile
0x432010 GetConsoleAliasesLengthW
0x432014 EnumDateFormatsExW
0x432018 CopyFileExW
0x43201c MoveFileExA
0x432020 SetEndOfFile
0x432024 WriteConsoleOutputW
0x432028 CreateJobObjectW
0x43202c HeapFree
0x432030 GlobalAlloc
0x432034 LoadLibraryW
0x432038 IsProcessInJob
0x43203c DnsHostnameToComputerNameW
0x432040 GetTimeFormatW
0x432044 GetModuleFileNameW
0x432048 GetCompressedFileSizeA
0x43204c lstrcatA
0x432050 SetConsoleTitleA
0x432054 VirtualUnlock
0x432058 LCMapStringA
0x43205c FreeLibraryAndExitThread
0x432060 GetLastError
0x432064 ChangeTimerQueueTimer
0x432068 GetLongPathNameW
0x43206c HeapSize
0x432070 CreateNamedPipeA
0x432074 SetVolumeLabelW
0x432078 GetConsoleDisplayMode
0x43207c EnterCriticalSection
0x432080 SetFileAttributesA
0x432084 BuildCommDCBW
0x432088 GetTempFileNameA
0x43208c GetAtomNameA
0x432090 LoadLibraryA
0x432094 OpenWaitableTimerW
0x432098 GetModuleHandleA
0x43209c FreeEnvironmentStringsW
0x4320a0 VirtualProtect
0x4320a4 CompareStringA
0x4320a8 QueryPerformanceFrequency
0x4320ac DeleteCriticalSection
0x4320b0 LocalFree
0x4320b4 SetEnvironmentVariableA
0x4320b8 CompareStringW
0x4320bc GetTimeZoneInformation
0x4320c0 GetStartupInfoW
0x4320c4 TerminateProcess
0x4320c8 GetCurrentProcess
0x4320cc UnhandledExceptionFilter
0x4320d0 SetUnhandledExceptionFilter
0x4320d4 IsDebuggerPresent
0x4320d8 HeapAlloc
0x4320dc LeaveCriticalSection
0x4320e0 WriteFile
0x4320e4 WideCharToMultiByte
0x4320e8 GetConsoleCP
0x4320ec GetConsoleMode
0x4320f0 FlushFileBuffers
0x4320f4 FatalAppExitA
0x4320f8 GetModuleHandleW
0x4320fc Sleep
0x432100 GetProcAddress
0x432104 ExitProcess
0x432108 GetStdHandle
0x43210c GetModuleFileNameA
0x432110 GetEnvironmentStringsW
0x432114 GetCommandLineW
0x432118 SetHandleCount
0x43211c GetFileType
0x432120 GetStartupInfoA
0x432124 TlsGetValue
0x432128 TlsAlloc
0x43212c TlsSetValue
0x432130 TlsFree
0x432134 InterlockedIncrement
0x432138 SetLastError
0x43213c GetCurrentThreadId
0x432140 InterlockedDecrement
0x432144 GetCurrentThread
0x432148 HeapCreate
0x43214c HeapDestroy
0x432150 VirtualFree
0x432154 QueryPerformanceCounter
0x432158 GetTickCount
0x43215c GetCurrentProcessId
0x432160 GetSystemTimeAsFileTime
0x432164 SetFilePointer
0x432168 GetCPInfo
0x43216c GetACP
0x432170 GetOEMCP
0x432174 IsValidCodePage
0x432178 VirtualAlloc
0x43217c HeapReAlloc
0x432180 RtlUnwind
0x432184 MultiByteToWideChar
0x432188 WriteConsoleA
0x43218c GetConsoleOutputCP
0x432190 WriteConsoleW
0x432194 SetStdHandle
0x432198 InitializeCriticalSectionAndSpinCount
0x43219c SetConsoleCtrlHandler
0x4321a0 FreeLibrary
0x4321a4 InterlockedExchange
0x4321a8 LCMapStringW
0x4321ac GetStringTypeA
0x4321b0 GetStringTypeW
0x4321b4 GetTimeFormatA
0x4321b8 GetDateFormatA
0x4321bc GetUserDefaultLCID
0x4321c0 GetLocaleInfoA
0x4321c4 EnumSystemLocalesA
0x4321c8 IsValidLocale
0x4321cc ReadFile
0x4321d0 CreateFileA
0x4321d4 CloseHandle
0x4321d8 GetLocaleInfoW
0x4321dc RaiseException
USER32.dll
0x4321e4 GetMonitorInfoW
0x4321e8 GetDesktopWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x432000 LocalUnlock
0x432004 SetDefaultCommConfigA
0x432008 GlobalDeleteAtom
0x43200c OpenFile
0x432010 GetConsoleAliasesLengthW
0x432014 EnumDateFormatsExW
0x432018 CopyFileExW
0x43201c MoveFileExA
0x432020 SetEndOfFile
0x432024 WriteConsoleOutputW
0x432028 CreateJobObjectW
0x43202c HeapFree
0x432030 GlobalAlloc
0x432034 LoadLibraryW
0x432038 IsProcessInJob
0x43203c DnsHostnameToComputerNameW
0x432040 GetTimeFormatW
0x432044 GetModuleFileNameW
0x432048 GetCompressedFileSizeA
0x43204c lstrcatA
0x432050 SetConsoleTitleA
0x432054 VirtualUnlock
0x432058 LCMapStringA
0x43205c FreeLibraryAndExitThread
0x432060 GetLastError
0x432064 ChangeTimerQueueTimer
0x432068 GetLongPathNameW
0x43206c HeapSize
0x432070 CreateNamedPipeA
0x432074 SetVolumeLabelW
0x432078 GetConsoleDisplayMode
0x43207c EnterCriticalSection
0x432080 SetFileAttributesA
0x432084 BuildCommDCBW
0x432088 GetTempFileNameA
0x43208c GetAtomNameA
0x432090 LoadLibraryA
0x432094 OpenWaitableTimerW
0x432098 GetModuleHandleA
0x43209c FreeEnvironmentStringsW
0x4320a0 VirtualProtect
0x4320a4 CompareStringA
0x4320a8 QueryPerformanceFrequency
0x4320ac DeleteCriticalSection
0x4320b0 LocalFree
0x4320b4 SetEnvironmentVariableA
0x4320b8 CompareStringW
0x4320bc GetTimeZoneInformation
0x4320c0 GetStartupInfoW
0x4320c4 TerminateProcess
0x4320c8 GetCurrentProcess
0x4320cc UnhandledExceptionFilter
0x4320d0 SetUnhandledExceptionFilter
0x4320d4 IsDebuggerPresent
0x4320d8 HeapAlloc
0x4320dc LeaveCriticalSection
0x4320e0 WriteFile
0x4320e4 WideCharToMultiByte
0x4320e8 GetConsoleCP
0x4320ec GetConsoleMode
0x4320f0 FlushFileBuffers
0x4320f4 FatalAppExitA
0x4320f8 GetModuleHandleW
0x4320fc Sleep
0x432100 GetProcAddress
0x432104 ExitProcess
0x432108 GetStdHandle
0x43210c GetModuleFileNameA
0x432110 GetEnvironmentStringsW
0x432114 GetCommandLineW
0x432118 SetHandleCount
0x43211c GetFileType
0x432120 GetStartupInfoA
0x432124 TlsGetValue
0x432128 TlsAlloc
0x43212c TlsSetValue
0x432130 TlsFree
0x432134 InterlockedIncrement
0x432138 SetLastError
0x43213c GetCurrentThreadId
0x432140 InterlockedDecrement
0x432144 GetCurrentThread
0x432148 HeapCreate
0x43214c HeapDestroy
0x432150 VirtualFree
0x432154 QueryPerformanceCounter
0x432158 GetTickCount
0x43215c GetCurrentProcessId
0x432160 GetSystemTimeAsFileTime
0x432164 SetFilePointer
0x432168 GetCPInfo
0x43216c GetACP
0x432170 GetOEMCP
0x432174 IsValidCodePage
0x432178 VirtualAlloc
0x43217c HeapReAlloc
0x432180 RtlUnwind
0x432184 MultiByteToWideChar
0x432188 WriteConsoleA
0x43218c GetConsoleOutputCP
0x432190 WriteConsoleW
0x432194 SetStdHandle
0x432198 InitializeCriticalSectionAndSpinCount
0x43219c SetConsoleCtrlHandler
0x4321a0 FreeLibrary
0x4321a4 InterlockedExchange
0x4321a8 LCMapStringW
0x4321ac GetStringTypeA
0x4321b0 GetStringTypeW
0x4321b4 GetTimeFormatA
0x4321b8 GetDateFormatA
0x4321bc GetUserDefaultLCID
0x4321c0 GetLocaleInfoA
0x4321c4 EnumSystemLocalesA
0x4321c8 IsValidLocale
0x4321cc ReadFile
0x4321d0 CreateFileA
0x4321d4 CloseHandle
0x4321d8 GetLocaleInfoW
0x4321dc RaiseException
USER32.dll
0x4321e4 GetMonitorInfoW
0x4321e8 GetDesktopWindow
EAT(Export Address Table) is none