ScreenShot
| Created | 2024.09.13 09:13 | Machine | s1_win7_x6403 |
| Filename | file.exe | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 12 detected (malicious, moderate confidence, Unsafe, WrongInf, Tool, GrayWare, Wacapew, confidence) | ||
| md5 | 81ab6efc7f70bfccf8669c4be6b8098c | ||
| sha256 | 42a27dcdd65f2e3b7ed85e996a70eb0df422692914715fce6a1919514b85ddb6 | ||
| ssdeep | 768:KXQi5vZ0UfJRDhiB9lOn0QQrybZolteW7yjoTm:WQU+OJhn8gStenju | ||
| imphash | c279b8b8fc3646f129e3179c556bda2d | ||
| impfuzzy | 48:HnYU6rFhbv40vl3GTMInBArz40l/6U0/1Do7n6G45EXRSeSvxun:Hnv6rnt6AFg2z | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
| info | Checks if process is being debugged by a debugger |
| info | The executable uses a known packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x407014 GetStringTypeW
0x407018 GetStringTypeA
0x40701c MultiByteToWideChar
0x407020 LoadLibraryA
0x407024 GetOEMCP
0x407028 GetACP
0x40702c GetCPInfo
0x407030 HeapReAlloc
0x407034 VirtualAlloc
0x407038 WriteFile
0x40703c RtlUnwind
0x407040 VirtualFree
0x407044 HeapCreate
0x407048 LCMapStringA
0x40704c GetVersionExA
0x407050 GetEnvironmentVariableA
0x407054 GetFileType
0x407058 GetStdHandle
0x40705c SetHandleCount
0x407060 GetEnvironmentStringsW
0x407064 GetEnvironmentStrings
0x407068 WideCharToMultiByte
0x40706c FreeEnvironmentStringsW
0x407070 FreeEnvironmentStringsA
0x407074 GetModuleFileNameA
0x407078 UnhandledExceptionFilter
0x40707c GetCurrentProcess
0x407080 TerminateProcess
0x407084 HeapFree
0x407088 GetSystemDefaultLangID
0x40708c GetTickCount
0x407090 HeapDestroy
0x407094 lstrcpyA
0x407098 LCMapStringW
0x40709c HeapAlloc
0x4070a0 GetModuleHandleA
0x4070a4 GetStartupInfoA
0x4070a8 GetCommandLineA
0x4070ac GetVersion
0x4070b0 ExitProcess
0x4070b4 GetProcAddress
USER32.dll
0x4070c4 FindWindowA
0x4070c8 LoadCursorA
0x4070cc RegisterClassExA
0x4070d0 CreateWindowExA
0x4070d4 GetMessageA
0x4070d8 TranslateMessage
0x4070dc DispatchMessageA
0x4070e0 DestroyMenu
0x4070e4 KillTimer
0x4070e8 PostQuitMessage
0x4070ec RedrawWindow
0x4070f0 GetDesktopWindow
0x4070f4 FindWindowExA
0x4070f8 RegisterWindowMessageA
0x4070fc DestroyWindow
0x407100 DialogBoxParamA
0x407104 DefWindowProcA
0x407108 GetCursorPos
0x40710c SetForegroundWindow
0x407110 TrackPopupMenu
0x407114 PostMessageA
0x407118 GetDC
0x40711c ReleaseDC
0x407120 CreatePopupMenu
0x407124 AppendMenuA
0x407128 CheckMenuItem
0x40712c LoadIconA
0x407130 EndDialog
0x407134 SystemParametersInfoA
0x407138 SetTimer
GDI32.dll
0x407000 GetPixel
0x407004 PtVisible
0x407008 SetPixelV
0x40700c GetStockObject
SHELL32.dll
0x4070bc Shell_NotifyIconA
EAT(Export Address Table) is none
KERNEL32.dll
0x407014 GetStringTypeW
0x407018 GetStringTypeA
0x40701c MultiByteToWideChar
0x407020 LoadLibraryA
0x407024 GetOEMCP
0x407028 GetACP
0x40702c GetCPInfo
0x407030 HeapReAlloc
0x407034 VirtualAlloc
0x407038 WriteFile
0x40703c RtlUnwind
0x407040 VirtualFree
0x407044 HeapCreate
0x407048 LCMapStringA
0x40704c GetVersionExA
0x407050 GetEnvironmentVariableA
0x407054 GetFileType
0x407058 GetStdHandle
0x40705c SetHandleCount
0x407060 GetEnvironmentStringsW
0x407064 GetEnvironmentStrings
0x407068 WideCharToMultiByte
0x40706c FreeEnvironmentStringsW
0x407070 FreeEnvironmentStringsA
0x407074 GetModuleFileNameA
0x407078 UnhandledExceptionFilter
0x40707c GetCurrentProcess
0x407080 TerminateProcess
0x407084 HeapFree
0x407088 GetSystemDefaultLangID
0x40708c GetTickCount
0x407090 HeapDestroy
0x407094 lstrcpyA
0x407098 LCMapStringW
0x40709c HeapAlloc
0x4070a0 GetModuleHandleA
0x4070a4 GetStartupInfoA
0x4070a8 GetCommandLineA
0x4070ac GetVersion
0x4070b0 ExitProcess
0x4070b4 GetProcAddress
USER32.dll
0x4070c4 FindWindowA
0x4070c8 LoadCursorA
0x4070cc RegisterClassExA
0x4070d0 CreateWindowExA
0x4070d4 GetMessageA
0x4070d8 TranslateMessage
0x4070dc DispatchMessageA
0x4070e0 DestroyMenu
0x4070e4 KillTimer
0x4070e8 PostQuitMessage
0x4070ec RedrawWindow
0x4070f0 GetDesktopWindow
0x4070f4 FindWindowExA
0x4070f8 RegisterWindowMessageA
0x4070fc DestroyWindow
0x407100 DialogBoxParamA
0x407104 DefWindowProcA
0x407108 GetCursorPos
0x40710c SetForegroundWindow
0x407110 TrackPopupMenu
0x407114 PostMessageA
0x407118 GetDC
0x40711c ReleaseDC
0x407120 CreatePopupMenu
0x407124 AppendMenuA
0x407128 CheckMenuItem
0x40712c LoadIconA
0x407130 EndDialog
0x407134 SystemParametersInfoA
0x407138 SetTimer
GDI32.dll
0x407000 GetPixel
0x407004 PtVisible
0x407008 SetPixelV
0x40700c GetStockObject
SHELL32.dll
0x4070bc Shell_NotifyIconA
EAT(Export Address Table) is none