ScreenShot
| Created | 2024.09.02 19:29 | Machine | s1_win7_x6401 |
| Filename | SCPSL_NicknameChanger.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 1 detected (AIDetectMalware) | ||
| md5 | 4da72dc49c901dc8e3f05ad298a9c85d | ||
| sha256 | 5fe58095f56b9aef3d09c5bb00514917fd530c6a67c2eac5754118ccc548d581 | ||
| ssdeep | 3072:Kz6SAVyxY+XWso4LQyMBPyWvQ0S46d7aPOP:KIVyJ/El9Gh4Q7aPg | ||
| imphash | ffff45487d1e51fa972c8409931457df | ||
| impfuzzy | 48:ZpfCWbmGF8vgLMt6P4lj+t4tzKLSwo4oIEQ0twXQDOEkzrIdjJLHBWweBVd:ZpfCWbmGF8vgLMt/lCtgtD4O9Ij | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by one AntiVirus engine on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41401c FindNextFileW
0x414020 GetCurrentProcess
0x414024 GetModuleHandleExW
0x414028 GetModuleFileNameW
0x41402c LeaveCriticalSection
0x414030 InitializeCriticalSection
0x414034 GetEnvironmentVariableW
0x414038 FindClose
0x41403c MultiByteToWideChar
0x414040 GetLastError
0x414044 GetFileAttributesExW
0x414048 GetFullPathNameW
0x41404c GetProcAddress
0x414050 DeleteCriticalSection
0x414054 WideCharToMultiByte
0x414058 IsWow64Process
0x41405c LoadLibraryExW
0x414060 FreeLibrary
0x414064 TlsFree
0x414068 TlsSetValue
0x41406c TlsGetValue
0x414070 TlsAlloc
0x414074 EnterCriticalSection
0x414078 FindFirstFileExW
0x41407c OutputDebugStringW
0x414080 LoadLibraryA
0x414084 GetModuleHandleW
0x414088 InitializeCriticalSectionAndSpinCount
0x41408c SetLastError
0x414090 RaiseException
0x414094 RtlUnwind
0x414098 InitializeSListHead
0x41409c GetSystemTimeAsFileTime
0x4140a0 GetCurrentThreadId
0x4140a4 GetCurrentProcessId
0x4140a8 QueryPerformanceCounter
0x4140ac IsDebuggerPresent
0x4140b0 IsProcessorFeaturePresent
0x4140b4 TerminateProcess
0x4140b8 SetUnhandledExceptionFilter
0x4140bc UnhandledExceptionFilter
0x4140c0 LCMapStringEx
0x4140c4 DecodePointer
0x4140c8 EncodePointer
0x4140cc InitializeCriticalSectionEx
0x4140d0 GetStringTypeW
USER32.dll
0x4140e0 MessageBoxW
SHELL32.dll
0x4140d8 ShellExecuteW
ADVAPI32.dll
0x414000 RegOpenKeyExW
0x414004 RegGetValueW
0x414008 DeregisterEventSource
0x41400c RegisterEventSourceW
0x414010 ReportEventW
0x414014 RegCloseKey
api-ms-win-crt-runtime-l1-1-0.dll
0x414140 _crt_atexit
0x414144 _seh_filter_exe
0x414148 terminate
0x41414c _set_app_type
0x414150 _controlfp_s
0x414154 _invalid_parameter_noinfo_noreturn
0x414158 _exit
0x41415c _register_thread_local_exe_atexit_callback
0x414160 _initialize_onexit_table
0x414164 exit
0x414168 __p___argc
0x41416c __p___wargv
0x414170 _errno
0x414174 _c_exit
0x414178 _cexit
0x41417c abort
0x414180 _initterm_e
0x414184 _initterm
0x414188 _get_initial_wide_environment
0x41418c _initialize_wide_environment
0x414190 _configure_wide_argv
0x414194 _register_onexit_function
api-ms-win-crt-stdio-l1-1-0.dll
0x41419c __p__commode
0x4141a0 __acrt_iob_func
0x4141a4 fputwc
0x4141a8 fputws
0x4141ac __stdio_common_vsprintf_s
0x4141b0 fflush
0x4141b4 __stdio_common_vfwprintf
0x4141b8 __stdio_common_vswprintf
0x4141bc _wfopen
0x4141c0 setvbuf
0x4141c4 _set_fmode
api-ms-win-crt-heap-l1-1-0.dll
0x4140f4 _set_new_mode
0x4140f8 _callnewh
0x4140fc free
0x414100 malloc
0x414104 calloc
api-ms-win-crt-string-l1-1-0.dll
0x4141cc strcpy_s
0x4141d0 strcspn
0x4141d4 wcsncmp
0x4141d8 toupper
0x4141dc wcsnlen
0x4141e0 _wcsdup
api-ms-win-crt-convert-l1-1-0.dll
0x4140e8 _wtoi
0x4140ec wcstoul
api-ms-win-crt-locale-l1-1-0.dll
0x41410c _configthreadlocale
0x414110 _lock_locales
0x414114 ___lc_locale_name_func
0x414118 ___mb_cur_max_func
0x41411c ___lc_codepage_func
0x414120 __pctype_func
0x414124 setlocale
0x414128 _unlock_locales
0x41412c localeconv
api-ms-win-crt-math-l1-1-0.dll
0x414134 frexp
0x414138 __setusermatherr
api-ms-win-crt-time-l1-1-0.dll
0x4141e8 _gmtime64_s
0x4141ec wcsftime
0x4141f0 _time64
EAT(Export Address Table) is none
KERNEL32.dll
0x41401c FindNextFileW
0x414020 GetCurrentProcess
0x414024 GetModuleHandleExW
0x414028 GetModuleFileNameW
0x41402c LeaveCriticalSection
0x414030 InitializeCriticalSection
0x414034 GetEnvironmentVariableW
0x414038 FindClose
0x41403c MultiByteToWideChar
0x414040 GetLastError
0x414044 GetFileAttributesExW
0x414048 GetFullPathNameW
0x41404c GetProcAddress
0x414050 DeleteCriticalSection
0x414054 WideCharToMultiByte
0x414058 IsWow64Process
0x41405c LoadLibraryExW
0x414060 FreeLibrary
0x414064 TlsFree
0x414068 TlsSetValue
0x41406c TlsGetValue
0x414070 TlsAlloc
0x414074 EnterCriticalSection
0x414078 FindFirstFileExW
0x41407c OutputDebugStringW
0x414080 LoadLibraryA
0x414084 GetModuleHandleW
0x414088 InitializeCriticalSectionAndSpinCount
0x41408c SetLastError
0x414090 RaiseException
0x414094 RtlUnwind
0x414098 InitializeSListHead
0x41409c GetSystemTimeAsFileTime
0x4140a0 GetCurrentThreadId
0x4140a4 GetCurrentProcessId
0x4140a8 QueryPerformanceCounter
0x4140ac IsDebuggerPresent
0x4140b0 IsProcessorFeaturePresent
0x4140b4 TerminateProcess
0x4140b8 SetUnhandledExceptionFilter
0x4140bc UnhandledExceptionFilter
0x4140c0 LCMapStringEx
0x4140c4 DecodePointer
0x4140c8 EncodePointer
0x4140cc InitializeCriticalSectionEx
0x4140d0 GetStringTypeW
USER32.dll
0x4140e0 MessageBoxW
SHELL32.dll
0x4140d8 ShellExecuteW
ADVAPI32.dll
0x414000 RegOpenKeyExW
0x414004 RegGetValueW
0x414008 DeregisterEventSource
0x41400c RegisterEventSourceW
0x414010 ReportEventW
0x414014 RegCloseKey
api-ms-win-crt-runtime-l1-1-0.dll
0x414140 _crt_atexit
0x414144 _seh_filter_exe
0x414148 terminate
0x41414c _set_app_type
0x414150 _controlfp_s
0x414154 _invalid_parameter_noinfo_noreturn
0x414158 _exit
0x41415c _register_thread_local_exe_atexit_callback
0x414160 _initialize_onexit_table
0x414164 exit
0x414168 __p___argc
0x41416c __p___wargv
0x414170 _errno
0x414174 _c_exit
0x414178 _cexit
0x41417c abort
0x414180 _initterm_e
0x414184 _initterm
0x414188 _get_initial_wide_environment
0x41418c _initialize_wide_environment
0x414190 _configure_wide_argv
0x414194 _register_onexit_function
api-ms-win-crt-stdio-l1-1-0.dll
0x41419c __p__commode
0x4141a0 __acrt_iob_func
0x4141a4 fputwc
0x4141a8 fputws
0x4141ac __stdio_common_vsprintf_s
0x4141b0 fflush
0x4141b4 __stdio_common_vfwprintf
0x4141b8 __stdio_common_vswprintf
0x4141bc _wfopen
0x4141c0 setvbuf
0x4141c4 _set_fmode
api-ms-win-crt-heap-l1-1-0.dll
0x4140f4 _set_new_mode
0x4140f8 _callnewh
0x4140fc free
0x414100 malloc
0x414104 calloc
api-ms-win-crt-string-l1-1-0.dll
0x4141cc strcpy_s
0x4141d0 strcspn
0x4141d4 wcsncmp
0x4141d8 toupper
0x4141dc wcsnlen
0x4141e0 _wcsdup
api-ms-win-crt-convert-l1-1-0.dll
0x4140e8 _wtoi
0x4140ec wcstoul
api-ms-win-crt-locale-l1-1-0.dll
0x41410c _configthreadlocale
0x414110 _lock_locales
0x414114 ___lc_locale_name_func
0x414118 ___mb_cur_max_func
0x41411c ___lc_codepage_func
0x414120 __pctype_func
0x414124 setlocale
0x414128 _unlock_locales
0x41412c localeconv
api-ms-win-crt-math-l1-1-0.dll
0x414134 frexp
0x414138 __setusermatherr
api-ms-win-crt-time-l1-1-0.dll
0x4141e8 _gmtime64_s
0x4141ec wcsftime
0x4141f0 _time64
EAT(Export Address Table) is none