ScreenShot
| Created | 2024.08.27 13:32 | Machine | s1_win7_x6401 |
| Filename | popup | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | df72f2df722a840bb4b7bf1d000dd278 | ||
| sha256 | bc5528b78b341bacfa7de74b592e0a88209394617104bc502512d259cd7a8a78 | ||
| ssdeep | 3072:088nbom5xIAb88nbom5xIAEl88nbom5xIAo88nbom5xIA:ByxH6yxHEIyxHdyxH | ||
| imphash | 76e0d8d65462216e7b0903bc27d606d1 | ||
| impfuzzy | 48:sK24t9qcBL8xnAfJKDjsMFSvlw/gl4/zLn6g1bFEUznpfttvzGZSY49+oRiuenBu:sKTtccBL8Nf0m7eGeEIx+ZN3Mzw | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x408000 RegDeleteValueW
0x408004 RegOpenKeyExW
0x408008 RegSetValueExW
0x40800c RegCreateKeyExW
0x408010 RegCloseKey
0x408014 RegQueryValueExW
KERNEL32.dll
0x408038 HeapSetInformation
0x40803c LocalFree
0x408040 GetModuleHandleW
0x408044 GetTickCount
0x408048 lstrcmpW
0x40804c GetCurrentThreadId
0x408050 GetLastError
0x408054 FormatMessageW
0x408058 LocalAlloc
0x40805c CreateMutexW
0x408060 lstrlenW
0x408064 CloseHandle
0x408068 GetCurrentProcessId
0x40806c GetSystemTimeAsFileTime
0x408070 QueryPerformanceCounter
0x408074 TerminateProcess
0x408078 GetCurrentProcess
0x40807c SetUnhandledExceptionFilter
0x408080 UnhandledExceptionFilter
0x408084 GetStartupInfoW
0x408088 Sleep
GDI32.dll
0x40801c GetStockObject
0x408020 GetTextExtentPoint32W
0x408024 SetBkColor
0x408028 LPtoDP
0x40802c CreateFontIndirectW
0x408030 SelectObject
USER32.dll
0x4080e4 DefDlgProcW
0x4080e8 IsDialogMessageW
0x4080ec DispatchMessageW
0x4080f0 ShowWindow
0x4080f4 GetActiveWindow
0x4080f8 LoadStringW
0x4080fc LoadAcceleratorsW
0x408100 DrawIcon
0x408104 GetSystemMetrics
0x408108 EndDialog
0x40810c SendMessageW
0x408110 FillRect
0x408114 MessageBoxW
0x408118 SetWindowPos
0x40811c GetDC
0x408120 DestroyWindow
0x408124 GetFocus
0x408128 GetWindowRect
0x40812c PostMessageW
0x408130 CreateDialogParamW
0x408134 GetMessageW
0x408138 GetWindowTextLengthW
0x40813c SetDlgItemTextW
0x408140 GetDlgItemTextW
0x408144 SendDlgItemMessageW
0x408148 GetSysColor
0x40814c WinHelpW
0x408150 SetFocus
0x408154 TranslateAcceleratorW
0x408158 TranslateMessage
0x40815c GetClipboardData
0x408160 LoadIconW
0x408164 PeekMessageW
0x408168 FindWindowW
0x40816c LoadCursorW
0x408170 GetClientRect
0x408174 GetDlgItem
0x408178 IsClipboardFormatAvailable
0x40817c CheckDlgButton
0x408180 PostQuitMessage
0x408184 GetSysColorBrush
0x408188 EnableMenuItem
0x40818c SystemParametersInfoW
0x408190 GetParent
0x408194 DialogBoxParamW
0x408198 UpdateWindow
0x40819c SetForegroundWindow
0x4081a0 IsIconic
0x4081a4 ReleaseDC
0x4081a8 BeginPaint
0x4081ac EndPaint
0x4081b0 EnableWindow
0x4081b4 RegisterClassW
msvcrt.dll
0x4081bc _except_handler4_common
0x4081c0 _controlfp
0x4081c4 ?terminate@@YAXXZ
0x4081c8 _acmdln
0x4081cc _initterm
0x4081d0 __setusermatherr
0x4081d4 _ismbblead
0x4081d8 __p__fmode
0x4081dc _cexit
0x4081e0 memset
0x4081e4 exit
0x4081e8 __set_app_type
0x4081ec __getmainargs
0x4081f0 _amsg_exit
0x4081f4 __p__commode
0x4081f8 _XcptFilter
0x4081fc wcscspn
0x408200 wcsspn
0x408204 _itow
0x408208 _wtoi
0x40820c _vsnwprintf
0x408210 _exit
0x408214 memmove
SHELL32.dll
0x408090 ShellAboutW
TAPI32.dll
0x408098 lineGetAppPriorityW
0x40809c lineGetDevCapsW
0x4080a0 lineClose
0x4080a4 lineGetRequestW
0x4080a8 lineSetAppPriorityW
0x4080ac lineRegisterRequestRecipient
0x4080b0 lineDrop
0x4080b4 lineConfigDialogW
0x4080b8 lineDeallocateCall
0x4080bc lineTranslateDialogW
0x4080c0 lineInitializeExW
0x4080c4 lineGetTranslateCapsW
0x4080c8 lineTranslateAddressW
0x4080cc lineShutdown
0x4080d0 lineGetAddressCapsW
0x4080d4 lineMakeCallW
0x4080d8 lineNegotiateAPIVersion
0x4080dc lineOpenW
EAT(Export Address Table) is none
ADVAPI32.dll
0x408000 RegDeleteValueW
0x408004 RegOpenKeyExW
0x408008 RegSetValueExW
0x40800c RegCreateKeyExW
0x408010 RegCloseKey
0x408014 RegQueryValueExW
KERNEL32.dll
0x408038 HeapSetInformation
0x40803c LocalFree
0x408040 GetModuleHandleW
0x408044 GetTickCount
0x408048 lstrcmpW
0x40804c GetCurrentThreadId
0x408050 GetLastError
0x408054 FormatMessageW
0x408058 LocalAlloc
0x40805c CreateMutexW
0x408060 lstrlenW
0x408064 CloseHandle
0x408068 GetCurrentProcessId
0x40806c GetSystemTimeAsFileTime
0x408070 QueryPerformanceCounter
0x408074 TerminateProcess
0x408078 GetCurrentProcess
0x40807c SetUnhandledExceptionFilter
0x408080 UnhandledExceptionFilter
0x408084 GetStartupInfoW
0x408088 Sleep
GDI32.dll
0x40801c GetStockObject
0x408020 GetTextExtentPoint32W
0x408024 SetBkColor
0x408028 LPtoDP
0x40802c CreateFontIndirectW
0x408030 SelectObject
USER32.dll
0x4080e4 DefDlgProcW
0x4080e8 IsDialogMessageW
0x4080ec DispatchMessageW
0x4080f0 ShowWindow
0x4080f4 GetActiveWindow
0x4080f8 LoadStringW
0x4080fc LoadAcceleratorsW
0x408100 DrawIcon
0x408104 GetSystemMetrics
0x408108 EndDialog
0x40810c SendMessageW
0x408110 FillRect
0x408114 MessageBoxW
0x408118 SetWindowPos
0x40811c GetDC
0x408120 DestroyWindow
0x408124 GetFocus
0x408128 GetWindowRect
0x40812c PostMessageW
0x408130 CreateDialogParamW
0x408134 GetMessageW
0x408138 GetWindowTextLengthW
0x40813c SetDlgItemTextW
0x408140 GetDlgItemTextW
0x408144 SendDlgItemMessageW
0x408148 GetSysColor
0x40814c WinHelpW
0x408150 SetFocus
0x408154 TranslateAcceleratorW
0x408158 TranslateMessage
0x40815c GetClipboardData
0x408160 LoadIconW
0x408164 PeekMessageW
0x408168 FindWindowW
0x40816c LoadCursorW
0x408170 GetClientRect
0x408174 GetDlgItem
0x408178 IsClipboardFormatAvailable
0x40817c CheckDlgButton
0x408180 PostQuitMessage
0x408184 GetSysColorBrush
0x408188 EnableMenuItem
0x40818c SystemParametersInfoW
0x408190 GetParent
0x408194 DialogBoxParamW
0x408198 UpdateWindow
0x40819c SetForegroundWindow
0x4081a0 IsIconic
0x4081a4 ReleaseDC
0x4081a8 BeginPaint
0x4081ac EndPaint
0x4081b0 EnableWindow
0x4081b4 RegisterClassW
msvcrt.dll
0x4081bc _except_handler4_common
0x4081c0 _controlfp
0x4081c4 ?terminate@@YAXXZ
0x4081c8 _acmdln
0x4081cc _initterm
0x4081d0 __setusermatherr
0x4081d4 _ismbblead
0x4081d8 __p__fmode
0x4081dc _cexit
0x4081e0 memset
0x4081e4 exit
0x4081e8 __set_app_type
0x4081ec __getmainargs
0x4081f0 _amsg_exit
0x4081f4 __p__commode
0x4081f8 _XcptFilter
0x4081fc wcscspn
0x408200 wcsspn
0x408204 _itow
0x408208 _wtoi
0x40820c _vsnwprintf
0x408210 _exit
0x408214 memmove
SHELL32.dll
0x408090 ShellAboutW
TAPI32.dll
0x408098 lineGetAppPriorityW
0x40809c lineGetDevCapsW
0x4080a0 lineClose
0x4080a4 lineGetRequestW
0x4080a8 lineSetAppPriorityW
0x4080ac lineRegisterRequestRecipient
0x4080b0 lineDrop
0x4080b4 lineConfigDialogW
0x4080b8 lineDeallocateCall
0x4080bc lineTranslateDialogW
0x4080c0 lineInitializeExW
0x4080c4 lineGetTranslateCapsW
0x4080c8 lineTranslateAddressW
0x4080cc lineShutdown
0x4080d0 lineGetAddressCapsW
0x4080d4 lineMakeCallW
0x4080d8 lineNegotiateAPIVersion
0x4080dc lineOpenW
EAT(Export Address Table) is none