ScreenShot
Created | 2024.08.22 18:08 | Machine | s1_win7_x6401 |
Filename | 2.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | |||
md5 | 7cb00da13fecc6e830750d67c836766d | ||
sha256 | 79069715888789e0243c3b25b4e14b5bcb561a19aa9acafa6b9de2db9af24c2e | ||
ssdeep | 98304:ZcinV2afGKTXn2AkWAmtqtOqZfXKmznUcG8DTZ6gIn9Z6ILnSDQZ+MCGzUwr3HUh:Lgcq3L3G8D1v23HK | ||
imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP |
Network IP location
Signature (1cnts)
Level | Description |
---|---|
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1197420 WriteFile
0x1197424 WriteConsoleW
0x1197428 WerSetFlags
0x119742c WerGetFlags
0x1197430 WaitForMultipleObjects
0x1197434 WaitForSingleObject
0x1197438 VirtualQuery
0x119743c VirtualFree
0x1197440 VirtualAlloc
0x1197444 TlsAlloc
0x1197448 SwitchToThread
0x119744c SuspendThread
0x1197450 SetWaitableTimer
0x1197454 SetUnhandledExceptionFilter
0x1197458 SetProcessPriorityBoost
0x119745c SetEvent
0x1197460 SetErrorMode
0x1197464 SetConsoleCtrlHandler
0x1197468 ResumeThread
0x119746c RaiseFailFastException
0x1197470 PostQueuedCompletionStatus
0x1197474 LoadLibraryW
0x1197478 LoadLibraryExW
0x119747c SetThreadContext
0x1197480 GetThreadContext
0x1197484 GetSystemInfo
0x1197488 GetSystemDirectoryA
0x119748c GetStdHandle
0x1197490 GetQueuedCompletionStatusEx
0x1197494 GetProcessAffinityMask
0x1197498 GetProcAddress
0x119749c GetErrorMode
0x11974a0 GetEnvironmentStringsW
0x11974a4 GetCurrentThreadId
0x11974a8 GetConsoleMode
0x11974ac FreeEnvironmentStringsW
0x11974b0 ExitProcess
0x11974b4 DuplicateHandle
0x11974b8 CreateWaitableTimerExW
0x11974bc CreateThread
0x11974c0 CreateIoCompletionPort
0x11974c4 CreateEventA
0x11974c8 CloseHandle
0x11974cc AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1197420 WriteFile
0x1197424 WriteConsoleW
0x1197428 WerSetFlags
0x119742c WerGetFlags
0x1197430 WaitForMultipleObjects
0x1197434 WaitForSingleObject
0x1197438 VirtualQuery
0x119743c VirtualFree
0x1197440 VirtualAlloc
0x1197444 TlsAlloc
0x1197448 SwitchToThread
0x119744c SuspendThread
0x1197450 SetWaitableTimer
0x1197454 SetUnhandledExceptionFilter
0x1197458 SetProcessPriorityBoost
0x119745c SetEvent
0x1197460 SetErrorMode
0x1197464 SetConsoleCtrlHandler
0x1197468 ResumeThread
0x119746c RaiseFailFastException
0x1197470 PostQueuedCompletionStatus
0x1197474 LoadLibraryW
0x1197478 LoadLibraryExW
0x119747c SetThreadContext
0x1197480 GetThreadContext
0x1197484 GetSystemInfo
0x1197488 GetSystemDirectoryA
0x119748c GetStdHandle
0x1197490 GetQueuedCompletionStatusEx
0x1197494 GetProcessAffinityMask
0x1197498 GetProcAddress
0x119749c GetErrorMode
0x11974a0 GetEnvironmentStringsW
0x11974a4 GetCurrentThreadId
0x11974a8 GetConsoleMode
0x11974ac FreeEnvironmentStringsW
0x11974b0 ExitProcess
0x11974b4 DuplicateHandle
0x11974b8 CreateWaitableTimerExW
0x11974bc CreateThread
0x11974c0 CreateIoCompletionPort
0x11974c4 CreateEventA
0x11974c8 CloseHandle
0x11974cc AddVectoredExceptionHandler
EAT(Export Address Table) is none