ScreenShot
| Created | 2024.09.03 08:46 | Machine | s1_win7_x6401 |
| Filename | dw.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ce4c0b76c5f987153e922371109f666a | ||
| sha256 | f969cd4245eea84acf50aed6656f4f5df22b94b724130ea196721ef30442e467 | ||
| ssdeep | 384:eZShTDJ8dD5XVgvlDhHvgu8PFVOntTuX4i4:Fr8KvlKPFVWtT2G | ||
| imphash | 881a59729119c8db81017b4e6573179d | ||
| impfuzzy | 12:fgrCeZGcOov8CQ/PXJbF6yeGxWFGzZ0dQ/m4jv43+SQSLCnQ6iA01B2+lAxQ5kXo:ftqLOovq3pHZxzydQ/1T43+SQSLCnQnh | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable uses a known packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x55011c SetDIBitsToDevice
0x550120 CreateHatchBrush
KERNEL32.dll
0x55012c ExitProcess
0x550130 GetCommandLineA
0x550134 GetModuleHandleA
0x550138 GetStartupInfoA
0x55013c GetTickCount
0x550140 SetUnhandledExceptionFilter
0x550144 Sleep
msvcrt.dll
0x550150 _beginthread
0x550154 _cexit
0x550158 _fileno
0x55015c _fmode
0x550160 _fpreset
0x550164 _iob
0x550168 _setmode
0x55016c __getmainargs
0x550170 atexit
0x550174 __p__environ
0x550178 memset
0x55017c signal
0x550180 vsprintf
0x550184 __set_app_type
USER32.dll
0x550190 DefWindowProcA
0x550194 DispatchMessageA
0x550198 GetDC
0x55019c GetMessageA
0x5501a0 LoadCursorA
0x5501a4 LoadIconA
0x5501a8 PostQuitMessage
0x5501ac RegisterClassExA
0x5501b0 ReleaseDC
0x5501b4 SetWindowPos
0x5501b8 SetWindowTextA
0x5501bc ShowWindow
0x5501c0 TranslateMessage
0x5501c4 CreateWindowExA
EAT(Export Address Table) is none
GDI32.dll
0x55011c SetDIBitsToDevice
0x550120 CreateHatchBrush
KERNEL32.dll
0x55012c ExitProcess
0x550130 GetCommandLineA
0x550134 GetModuleHandleA
0x550138 GetStartupInfoA
0x55013c GetTickCount
0x550140 SetUnhandledExceptionFilter
0x550144 Sleep
msvcrt.dll
0x550150 _beginthread
0x550154 _cexit
0x550158 _fileno
0x55015c _fmode
0x550160 _fpreset
0x550164 _iob
0x550168 _setmode
0x55016c __getmainargs
0x550170 atexit
0x550174 __p__environ
0x550178 memset
0x55017c signal
0x550180 vsprintf
0x550184 __set_app_type
USER32.dll
0x550190 DefWindowProcA
0x550194 DispatchMessageA
0x550198 GetDC
0x55019c GetMessageA
0x5501a0 LoadCursorA
0x5501a4 LoadIconA
0x5501a8 PostQuitMessage
0x5501ac RegisterClassExA
0x5501b0 ReleaseDC
0x5501b4 SetWindowPos
0x5501b8 SetWindowTextA
0x5501bc ShowWindow
0x5501c0 TranslateMessage
0x5501c4 CreateWindowExA
EAT(Export Address Table) is none