ScreenShot
| Created | 2024.09.03 08:59 | Machine | s1_win7_x6401 |
| Filename | m20.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 1bc0da4074693f616a71d648d4b8c106 | ||
| sha256 | 42c823a5615798733e7c41dea6bbca5a054d6a521a5b095f9224af0f758d2c5e | ||
| ssdeep | 49152:mmxUy7Q5klerOxxOl17TVRU6ZSVKK5yeG/ssn+EjdvPLv2V4v0Rcbc/ka5j:570mPOzo6YhyezwuIs5 | ||
| imphash | d1bf1c793cef305c8d8d76b7452d9c18 | ||
| impfuzzy | 96:3hBGqluVrWIbKfxNXHgOHjAAarf610cmh0lJGxlMqtP:xBGMuVrOwOHE7xl7tP | ||
Network IP location
Signature (0cnts)
| Level | Description |
|---|
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
advapi32.dll
0x76e744 CopySid
0x76e74c GetLengthSid
0x76e754 GetTokenInformation
0x76e75c IsValidSid
0x76e764 OpenProcessToken
0x76e76c RegCloseKey
0x76e774 RegOpenKeyExW
0x76e77c RegQueryValueExW
0x76e784 SystemFunction036
crypt.dll
0x76e794 BCryptGenRandom
kernel32.dll
0x76e7a4 AddVectoredExceptionHandler
0x76e7ac CloseHandle
0x76e7b4 CreateFileMappingA
0x76e7bc CreateFileW
0x76e7c4 CreateIoCompletionPort
0x76e7cc CreateThread
0x76e7d4 CreateToolhelp32Snapshot
0x76e7dc CreateWaitableTimerExW
0x76e7e4 DuplicateHandle
0x76e7ec ExitProcess
0x76e7f4 FormatMessageW
0x76e7fc FreeLibrary
0x76e804 GetCommandLineW
0x76e80c GetComputerNameExW
0x76e814 GetConsoleMode
0x76e81c GetConsoleScreenBufferInfo
0x76e824 GetCurrentDirectoryW
0x76e82c GetCurrentProcess
0x76e834 GetCurrentThread
0x76e83c GetEnvironmentVariableW
0x76e844 GetFileInformationByHandle
0x76e84c GetFileInformationByHandleEx
0x76e854 GetFileType
0x76e85c GetFinalPathNameByHandleW
0x76e864 GetFullPathNameW
0x76e86c GetLastError
0x76e874 GetLogicalProcessorInformation
0x76e87c GetModuleFileNameW
0x76e884 GetModuleHandleA
0x76e88c GetModuleHandleW
0x76e894 GetProcAddress
0x76e89c GetProcessHeap
0x76e8a4 GetProcessIoCounters
0x76e8ac GetProcessTimes
0x76e8b4 GetQueuedCompletionStatusEx
0x76e8bc GetStartupInfoA
0x76e8c4 GetStdHandle
0x76e8cc GetSystemInfo
0x76e8d4 GetSystemTimePreciseAsFileTime
0x76e8dc GetSystemTimes
0x76e8e4 GetTimeZoneInformationForYear
0x76e8ec GlobalMemoryStatusEx
0x76e8f4 HeapAlloc
0x76e8fc HeapFree
0x76e904 HeapReAlloc
0x76e90c InitOnceBeginInitialize
0x76e914 InitOnceComplete
0x76e91c K32GetPerformanceInfo
0x76e924 LoadLibraryExA
0x76e92c LocalFree
0x76e934 MapViewOfFile
0x76e93c Module32FirstW
0x76e944 Module32NextW
0x76e94c MultiByteToWideChar
0x76e954 OpenProcess
0x76e95c PostQueuedCompletionStatus
0x76e964 QueryPerformanceCounter
0x76e96c QueryPerformanceFrequency
0x76e974 ReadProcessMemory
0x76e97c RtlCaptureContext
0x76e984 RtlLookupFunctionEntry
0x76e98c RtlVirtualUnwind
0x76e994 SetConsoleMode
0x76e99c SetConsoleTextAttribute
0x76e9a4 SetFileCompletionNotificationModes
0x76e9ac SetHandleInformation
0x76e9b4 SetLastError
0x76e9bc SetThreadStackGuarantee
0x76e9c4 SetUnhandledExceptionFilter
0x76e9cc SetWaitableTimer
0x76e9d4 Sleep
0x76e9dc SwitchToThread
0x76e9e4 TlsAlloc
0x76e9ec TlsFree
0x76e9f4 TlsGetValue
0x76e9fc TlsSetValue
0x76ea04 UnmapViewOfFile
0x76ea0c VirtualQueryEx
0x76ea14 WaitForSingleObject
0x76ea1c WriteConsoleW
ntdll.dll
0x76ea2c NtCancelIoFileEx
0x76ea34 NtCreateFile
0x76ea3c NtDeviceIoControlFile
0x76ea44 NtQueryInformationProcess
0x76ea4c NtQuerySystemInformation
0x76ea54 NtWriteFile
0x76ea5c RtlGetVersion
0x76ea64 RtlNtStatusToDosError
oleaut32.dll
0x76ea74 GetErrorInfo
0x76ea7c SysFreeString
0x76ea84 SysStringLen
pdh.dll
0x76ea94 PdhAddEnglishCounterW
0x76ea9c PdhCloseQuery
0x76eaa4 PdhCollectQueryData
0x76eaac PdhGetFormattedCounterValue
0x76eab4 PdhOpenQueryA
0x76eabc PdhRemoveCounter
powrprof.dll
0x76eacc CallNtPowerInformation
psapi.dll
0x76eadc GetModuleFileNameExW
0x76eae4 GetProcessMemoryInfo
shell32.dll
0x76eaf4 CommandLineToArgvW
ws2_32.dll
0x76eb04 WSACleanup
0x76eb0c WSAGetLastError
0x76eb14 WSAIoctl
0x76eb1c WSASend
0x76eb24 WSASocketW
0x76eb2c WSAStartup
0x76eb34 ind
0x76eb3c closesocket
0x76eb44 connect
0x76eb4c freeaddrinfo
0x76eb54 getaddrinfo
0x76eb5c getsockopt
0x76eb64 ioctlsocket
0x76eb6c recv
0x76eb74 send
0x76eb7c setsockopt
0x76eb84 shutdown
api-ms-win-core-synch-l1-2-0.dll
0x76eb94 WaitOnAddress
0x76eb9c WakeByAddressAll
0x76eba4 WakeByAddressSingle
cryptprimitives.dll
0x76ebb4 ProcessPrng
KERNEL32.dll
0x76ebc4 DeleteCriticalSection
0x76ebcc EnterCriticalSection
0x76ebd4 GetCurrentProcessId
0x76ebdc GetCurrentThreadId
0x76ebe4 GetSystemTimeAsFileTime
0x76ebec GetTickCount
0x76ebf4 InitializeCriticalSection
0x76ebfc LeaveCriticalSection
0x76ec04 RaiseException
0x76ec0c RtlAddFunctionTable
0x76ec14 RtlUnwindEx
0x76ec1c TerminateProcess
0x76ec24 UnhandledExceptionFilter
0x76ec2c VirtualProtect
0x76ec34 VirtualQuery
0x76ec3c __C_specific_handler
msvcrt.dll
0x76ec4c __getmainargs
0x76ec54 __initenv
0x76ec5c __iob_func
0x76ec64 __lconv_init
0x76ec6c __set_app_type
0x76ec74 __setusermatherr
0x76ec7c _acmdln
0x76ec84 _amsg_exit
0x76ec8c _assert
0x76ec94 _cexit
0x76ec9c _errno
0x76eca4 _fmode
0x76ecac _fpreset
0x76ecb4 _initterm
0x76ecbc _onexit
0x76ecc4 abort
0x76eccc calloc
0x76ecd4 exit
0x76ecdc fflush
0x76ece4 fprintf
0x76ecec free
0x76ecf4 fwrite
0x76ecfc malloc
0x76ed04 memcmp
0x76ed0c memcpy
0x76ed14 memmove
0x76ed1c memset
0x76ed24 pow
0x76ed2c signal
0x76ed34 strlen
0x76ed3c strncmp
0x76ed44 vfprintf
0x76ed4c wcslen
EAT(Export Address Table) is none
advapi32.dll
0x76e744 CopySid
0x76e74c GetLengthSid
0x76e754 GetTokenInformation
0x76e75c IsValidSid
0x76e764 OpenProcessToken
0x76e76c RegCloseKey
0x76e774 RegOpenKeyExW
0x76e77c RegQueryValueExW
0x76e784 SystemFunction036
crypt.dll
0x76e794 BCryptGenRandom
kernel32.dll
0x76e7a4 AddVectoredExceptionHandler
0x76e7ac CloseHandle
0x76e7b4 CreateFileMappingA
0x76e7bc CreateFileW
0x76e7c4 CreateIoCompletionPort
0x76e7cc CreateThread
0x76e7d4 CreateToolhelp32Snapshot
0x76e7dc CreateWaitableTimerExW
0x76e7e4 DuplicateHandle
0x76e7ec ExitProcess
0x76e7f4 FormatMessageW
0x76e7fc FreeLibrary
0x76e804 GetCommandLineW
0x76e80c GetComputerNameExW
0x76e814 GetConsoleMode
0x76e81c GetConsoleScreenBufferInfo
0x76e824 GetCurrentDirectoryW
0x76e82c GetCurrentProcess
0x76e834 GetCurrentThread
0x76e83c GetEnvironmentVariableW
0x76e844 GetFileInformationByHandle
0x76e84c GetFileInformationByHandleEx
0x76e854 GetFileType
0x76e85c GetFinalPathNameByHandleW
0x76e864 GetFullPathNameW
0x76e86c GetLastError
0x76e874 GetLogicalProcessorInformation
0x76e87c GetModuleFileNameW
0x76e884 GetModuleHandleA
0x76e88c GetModuleHandleW
0x76e894 GetProcAddress
0x76e89c GetProcessHeap
0x76e8a4 GetProcessIoCounters
0x76e8ac GetProcessTimes
0x76e8b4 GetQueuedCompletionStatusEx
0x76e8bc GetStartupInfoA
0x76e8c4 GetStdHandle
0x76e8cc GetSystemInfo
0x76e8d4 GetSystemTimePreciseAsFileTime
0x76e8dc GetSystemTimes
0x76e8e4 GetTimeZoneInformationForYear
0x76e8ec GlobalMemoryStatusEx
0x76e8f4 HeapAlloc
0x76e8fc HeapFree
0x76e904 HeapReAlloc
0x76e90c InitOnceBeginInitialize
0x76e914 InitOnceComplete
0x76e91c K32GetPerformanceInfo
0x76e924 LoadLibraryExA
0x76e92c LocalFree
0x76e934 MapViewOfFile
0x76e93c Module32FirstW
0x76e944 Module32NextW
0x76e94c MultiByteToWideChar
0x76e954 OpenProcess
0x76e95c PostQueuedCompletionStatus
0x76e964 QueryPerformanceCounter
0x76e96c QueryPerformanceFrequency
0x76e974 ReadProcessMemory
0x76e97c RtlCaptureContext
0x76e984 RtlLookupFunctionEntry
0x76e98c RtlVirtualUnwind
0x76e994 SetConsoleMode
0x76e99c SetConsoleTextAttribute
0x76e9a4 SetFileCompletionNotificationModes
0x76e9ac SetHandleInformation
0x76e9b4 SetLastError
0x76e9bc SetThreadStackGuarantee
0x76e9c4 SetUnhandledExceptionFilter
0x76e9cc SetWaitableTimer
0x76e9d4 Sleep
0x76e9dc SwitchToThread
0x76e9e4 TlsAlloc
0x76e9ec TlsFree
0x76e9f4 TlsGetValue
0x76e9fc TlsSetValue
0x76ea04 UnmapViewOfFile
0x76ea0c VirtualQueryEx
0x76ea14 WaitForSingleObject
0x76ea1c WriteConsoleW
ntdll.dll
0x76ea2c NtCancelIoFileEx
0x76ea34 NtCreateFile
0x76ea3c NtDeviceIoControlFile
0x76ea44 NtQueryInformationProcess
0x76ea4c NtQuerySystemInformation
0x76ea54 NtWriteFile
0x76ea5c RtlGetVersion
0x76ea64 RtlNtStatusToDosError
oleaut32.dll
0x76ea74 GetErrorInfo
0x76ea7c SysFreeString
0x76ea84 SysStringLen
pdh.dll
0x76ea94 PdhAddEnglishCounterW
0x76ea9c PdhCloseQuery
0x76eaa4 PdhCollectQueryData
0x76eaac PdhGetFormattedCounterValue
0x76eab4 PdhOpenQueryA
0x76eabc PdhRemoveCounter
powrprof.dll
0x76eacc CallNtPowerInformation
psapi.dll
0x76eadc GetModuleFileNameExW
0x76eae4 GetProcessMemoryInfo
shell32.dll
0x76eaf4 CommandLineToArgvW
ws2_32.dll
0x76eb04 WSACleanup
0x76eb0c WSAGetLastError
0x76eb14 WSAIoctl
0x76eb1c WSASend
0x76eb24 WSASocketW
0x76eb2c WSAStartup
0x76eb34 ind
0x76eb3c closesocket
0x76eb44 connect
0x76eb4c freeaddrinfo
0x76eb54 getaddrinfo
0x76eb5c getsockopt
0x76eb64 ioctlsocket
0x76eb6c recv
0x76eb74 send
0x76eb7c setsockopt
0x76eb84 shutdown
api-ms-win-core-synch-l1-2-0.dll
0x76eb94 WaitOnAddress
0x76eb9c WakeByAddressAll
0x76eba4 WakeByAddressSingle
cryptprimitives.dll
0x76ebb4 ProcessPrng
KERNEL32.dll
0x76ebc4 DeleteCriticalSection
0x76ebcc EnterCriticalSection
0x76ebd4 GetCurrentProcessId
0x76ebdc GetCurrentThreadId
0x76ebe4 GetSystemTimeAsFileTime
0x76ebec GetTickCount
0x76ebf4 InitializeCriticalSection
0x76ebfc LeaveCriticalSection
0x76ec04 RaiseException
0x76ec0c RtlAddFunctionTable
0x76ec14 RtlUnwindEx
0x76ec1c TerminateProcess
0x76ec24 UnhandledExceptionFilter
0x76ec2c VirtualProtect
0x76ec34 VirtualQuery
0x76ec3c __C_specific_handler
msvcrt.dll
0x76ec4c __getmainargs
0x76ec54 __initenv
0x76ec5c __iob_func
0x76ec64 __lconv_init
0x76ec6c __set_app_type
0x76ec74 __setusermatherr
0x76ec7c _acmdln
0x76ec84 _amsg_exit
0x76ec8c _assert
0x76ec94 _cexit
0x76ec9c _errno
0x76eca4 _fmode
0x76ecac _fpreset
0x76ecb4 _initterm
0x76ecbc _onexit
0x76ecc4 abort
0x76eccc calloc
0x76ecd4 exit
0x76ecdc fflush
0x76ece4 fprintf
0x76ecec free
0x76ecf4 fwrite
0x76ecfc malloc
0x76ed04 memcmp
0x76ed0c memcpy
0x76ed14 memmove
0x76ed1c memset
0x76ed24 pow
0x76ed2c signal
0x76ed34 strlen
0x76ed3c strncmp
0x76ed44 vfprintf
0x76ed4c wcslen
EAT(Export Address Table) is none