ScreenShot
| Created | 2024.08.14 13:29 | Machine | s1_win7_x6403 |
| Filename | ngrok86.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 17 detected (Artemis, Ngrok, Vr62, a variant of WinGo, B potentially unsafe, NetTool, Generic Reputation PUA, Detected, ABApplication, YCNA, MALICIOUS, susgen) | ||
| md5 | 1e0a83fac6922bde341193e7085a6f33 | ||
| sha256 | 2295878561b60d1c5470bd23a4a49091620aad27dce4ad1ff63026d88a4c7944 | ||
| ssdeep | 196608:RJwbZldnAKKLBKTOXvzNGSiBXKDCJ5BPOWI+kEiTXh:rEd6LEXcCJDO8kE8h | ||
| imphash | ea509d361799935a94335b88f534a970 | ||
| impfuzzy | 24:ibVjh9wO+jX13uT7boVaXOr6kwmDgUPMztxdD1tr6tP:AwO+jX13UjXOmokxp1ZoP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | wget_command | wget command | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1db7340 WriteFile
0x1db7344 WriteConsoleW
0x1db7348 WerSetFlags
0x1db734c WerGetFlags
0x1db7350 WaitForMultipleObjects
0x1db7354 WaitForSingleObject
0x1db7358 VirtualQuery
0x1db735c VirtualFree
0x1db7360 VirtualAlloc
0x1db7364 TlsAlloc
0x1db7368 SwitchToThread
0x1db736c SuspendThread
0x1db7370 SetWaitableTimer
0x1db7374 SetUnhandledExceptionFilter
0x1db7378 SetThreadPriority
0x1db737c SetProcessPriorityBoost
0x1db7380 SetEvent
0x1db7384 SetErrorMode
0x1db7388 SetConsoleCtrlHandler
0x1db738c ResumeThread
0x1db7390 RaiseFailFastException
0x1db7394 PostQueuedCompletionStatus
0x1db7398 LoadLibraryW
0x1db739c LoadLibraryExW
0x1db73a0 SetThreadContext
0x1db73a4 GetThreadContext
0x1db73a8 GetSystemInfo
0x1db73ac GetSystemDirectoryA
0x1db73b0 GetStdHandle
0x1db73b4 GetQueuedCompletionStatusEx
0x1db73b8 GetProcessAffinityMask
0x1db73bc GetProcAddress
0x1db73c0 GetErrorMode
0x1db73c4 GetEnvironmentStringsW
0x1db73c8 GetCurrentThreadId
0x1db73cc GetConsoleMode
0x1db73d0 FreeEnvironmentStringsW
0x1db73d4 ExitProcess
0x1db73d8 DuplicateHandle
0x1db73dc CreateWaitableTimerExW
0x1db73e0 CreateWaitableTimerA
0x1db73e4 CreateThread
0x1db73e8 CreateIoCompletionPort
0x1db73ec CreateFileA
0x1db73f0 CreateEventA
0x1db73f4 CloseHandle
0x1db73f8 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1db7340 WriteFile
0x1db7344 WriteConsoleW
0x1db7348 WerSetFlags
0x1db734c WerGetFlags
0x1db7350 WaitForMultipleObjects
0x1db7354 WaitForSingleObject
0x1db7358 VirtualQuery
0x1db735c VirtualFree
0x1db7360 VirtualAlloc
0x1db7364 TlsAlloc
0x1db7368 SwitchToThread
0x1db736c SuspendThread
0x1db7370 SetWaitableTimer
0x1db7374 SetUnhandledExceptionFilter
0x1db7378 SetThreadPriority
0x1db737c SetProcessPriorityBoost
0x1db7380 SetEvent
0x1db7384 SetErrorMode
0x1db7388 SetConsoleCtrlHandler
0x1db738c ResumeThread
0x1db7390 RaiseFailFastException
0x1db7394 PostQueuedCompletionStatus
0x1db7398 LoadLibraryW
0x1db739c LoadLibraryExW
0x1db73a0 SetThreadContext
0x1db73a4 GetThreadContext
0x1db73a8 GetSystemInfo
0x1db73ac GetSystemDirectoryA
0x1db73b0 GetStdHandle
0x1db73b4 GetQueuedCompletionStatusEx
0x1db73b8 GetProcessAffinityMask
0x1db73bc GetProcAddress
0x1db73c0 GetErrorMode
0x1db73c4 GetEnvironmentStringsW
0x1db73c8 GetCurrentThreadId
0x1db73cc GetConsoleMode
0x1db73d0 FreeEnvironmentStringsW
0x1db73d4 ExitProcess
0x1db73d8 DuplicateHandle
0x1db73dc CreateWaitableTimerExW
0x1db73e0 CreateWaitableTimerA
0x1db73e4 CreateThread
0x1db73e8 CreateIoCompletionPort
0x1db73ec CreateFileA
0x1db73f0 CreateEventA
0x1db73f4 CloseHandle
0x1db73f8 AddVectoredExceptionHandler
EAT(Export Address Table) is none