ScreenShot
| Created | 2024.09.24 11:07 | Machine | s1_win7_x6401 |
| Filename | key.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 4cdc368d9d4685c5800293f68703c3d0 | ||
| sha256 | 12fb50931a167e6e00e3eb430f6a8406e80a7649f14b1265247b56416ac919b0 | ||
| ssdeep | 49152:rDEkjzoUB1cGvcrnHe1dnyjggQvtoZdMXRgZOYpFO5QTGHwh4Z1tg7X5PACom3VD:rDEQNzcwWnGdytQvtoZdMXRgZOMiZ1yx | ||
| imphash | 07b000512f97f6944f3b6a56a9abc6b7 | ||
| impfuzzy | 96:dJG1uLYaEL6X174xEpcfLwHsH2LDKHBZAugPL:v/PF74xcHsH2D6ZAuSL | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x545044 GetCurrentDirectoryW
0x545048 SetErrorMode
0x54504c LoadLibraryW
0x545050 OutputDebugStringA
0x545054 GetLastError
0x545058 FlushFileBuffers
0x54505c MoveFileExW
0x545060 GetFileAttributesExW
0x545064 GetFullPathNameW
0x545068 GetVersionExW
0x54506c SetEvent
0x545070 ResetEvent
0x545074 WaitForSingleObjectEx
0x545078 GetModuleFileNameW
0x54507c CreateProcessW
0x545080 GetCurrentProcessId
0x545084 GetCurrentThreadId
0x545088 IsProcessorFeaturePresent
0x54508c IsDebuggerPresent
0x545090 SetUnhandledExceptionFilter
0x545094 UnhandledExceptionFilter
0x545098 GetCurrentProcess
0x54509c TerminateProcess
0x5450a0 GetStartupInfoW
0x5450a4 HeapSetInformation
0x5450a8 InterlockedCompareExchange
0x5450ac InterlockedExchange
0x5450b0 DecodePointer
0x5450b4 EncodePointer
0x5450b8 GetModuleHandleW
0x5450bc FormatMessageW
0x5450c0 QueryPerformanceFrequency
0x5450c4 QueryPerformanceCounter
0x5450c8 ReleaseMutex
0x5450cc CreateMutexW
0x5450d0 GetSystemInfo
0x5450d4 SetThreadPriority
0x5450d8 GetThreadPriority
0x5450dc MultiByteToWideChar
0x5450e0 WaitForSingleObject
0x5450e4 GetExitCodeProcess
0x5450e8 CloseHandle
0x5450ec GlobalLock
0x5450f0 GlobalUnlock
0x5450f4 FindFirstFileW
0x5450f8 CreateEventW
0x5450fc FindNextFileW
0x545100 FindClose
0x545104 GetSystemTimeAsFileTime
0x545108 SetLastError
0x54510c FormatMessageA
0x545110 GetProcAddress
0x545114 LoadLibraryA
0x545118 GetVersionExA
0x54511c FreeLibrary
0x545120 DeleteCriticalSection
0x545124 InitializeCriticalSection
0x545128 LeaveCriticalSection
0x54512c EnterCriticalSection
0x545130 SleepEx
0x545134 GetTickCount
0x545138 ReadFile
0x54513c PeekNamedPipe
0x545140 WaitForMultipleObjects
0x545144 GetFileType
0x545148 GetStdHandle
0x54514c Sleep
0x545150 ExpandEnvironmentStringsA
0x545154 GetFileAttributesW
0x545158 GetLocaleInfoA
0x54515c GetFileAttributesA
USER32.dll
0x5454bc TranslateMessage
0x5454c0 DispatchMessageW
0x5454c4 PeekMessageW
0x5454c8 SetCapture
0x5454cc ClientToScreen
0x5454d0 SetCursorPos
0x5454d4 ReleaseCapture
0x5454d8 LoadIconW
0x5454dc RegisterClassExW
0x5454e0 AdjustWindowRectEx
0x5454e4 MonitorFromPoint
0x5454e8 CreateWindowExW
0x5454ec UnregisterClassW
0x5454f0 DefWindowProcW
0x5454f4 PostQuitMessage
0x5454f8 GetWindowTextA
0x5454fc ShowWindow
0x545500 ScreenToClient
0x545504 TrackMouseEvent
0x545508 GetMessageW
0x54550c LoadImageW
0x545510 SetCursor
0x545514 ReleaseDC
0x545518 GetDC
0x54551c SetWindowTextW
0x545520 GetClientRect
0x545524 GetWindowRect
0x545528 MoveWindow
0x54552c GetWindowPlacement
0x545530 MonitorFromWindow
0x545534 GetMonitorInfoW
0x545538 SetWindowLongW
0x54553c SetWindowPos
0x545540 SetWindowPlacement
0x545544 ClipCursor
0x545548 CloseClipboard
0x54554c GetClipboardData
0x545550 OpenClipboard
0x545554 MessageBoxA
0x545558 MessageBoxW
0x54555c GetTopWindow
0x545560 SendMessageW
0x545564 GetCursorPos
0x545568 LoadCursorW
0x54556c SetForegroundWindow
0x545570 FindWindowW
0x545574 DestroyWindow
0x545578 GetDlgItem
0x54557c GetWindowLongW
0x545580 DialogBoxIndirectParamW
0x545584 EndDialog
0x545588 SendDlgItemMessageA
0x54558c GetDlgItemTextA
WS2_32.dll
0x5455fc getsockname
0x545600 setsockopt
0x545604 send
0x545608 ntohs
0x54560c WSAGetLastError
0x545610 WSAStartup
0x545614 WSACleanup
0x545618 ind
0x54561c htons
0x545620 getsockopt
0x545624 getpeername
0x545628 closesocket
0x54562c socket
0x545630 connect
0x545634 WSASetLastError
0x545638 recvfrom
0x54563c sendto
0x545640 getaddrinfo
0x545644 freeaddrinfo
0x545648 accept
0x54564c listen
0x545650 __WSAFDIsSet
0x545654 select
0x545658 ioctlsocket
0x54565c gethostname
0x545660 recv
WLDAP32.dll
0x5455b8 None
0x5455bc None
0x5455c0 None
0x5455c4 None
0x5455c8 None
0x5455cc None
0x5455d0 None
0x5455d4 None
0x5455d8 None
0x5455dc None
0x5455e0 None
0x5455e4 None
0x5455e8 None
0x5455ec None
0x5455f0 None
0x5455f4 None
ADVAPI32.dll
0x545000 CryptCreateHash
0x545004 RegQueryValueExW
0x545008 CryptGetHashParam
0x54500c CryptDestroyHash
0x545010 CryptReleaseContext
0x545014 CryptHashData
0x545018 CryptAcquireContextA
0x54501c RegOpenKeyExW
0x545020 RegCloseKey
IPHLPAPI.DLL
0x54503c GetAdaptersInfo
RPCRT4.dll
0x54549c UuidCreate
0x5454a0 RpcStringFreeA
0x5454a4 UuidToStringA
GDI32.dll
0x545030 DeleteObject
0x545034 CreateFontA
SHELL32.dll
0x5454ac ShellExecuteExW
0x5454b0 SHGetFolderPathAndSubDirW
0x5454b4 SHFileOperationW
EAT(Export Address Table) is none
KERNEL32.dll
0x545044 GetCurrentDirectoryW
0x545048 SetErrorMode
0x54504c LoadLibraryW
0x545050 OutputDebugStringA
0x545054 GetLastError
0x545058 FlushFileBuffers
0x54505c MoveFileExW
0x545060 GetFileAttributesExW
0x545064 GetFullPathNameW
0x545068 GetVersionExW
0x54506c SetEvent
0x545070 ResetEvent
0x545074 WaitForSingleObjectEx
0x545078 GetModuleFileNameW
0x54507c CreateProcessW
0x545080 GetCurrentProcessId
0x545084 GetCurrentThreadId
0x545088 IsProcessorFeaturePresent
0x54508c IsDebuggerPresent
0x545090 SetUnhandledExceptionFilter
0x545094 UnhandledExceptionFilter
0x545098 GetCurrentProcess
0x54509c TerminateProcess
0x5450a0 GetStartupInfoW
0x5450a4 HeapSetInformation
0x5450a8 InterlockedCompareExchange
0x5450ac InterlockedExchange
0x5450b0 DecodePointer
0x5450b4 EncodePointer
0x5450b8 GetModuleHandleW
0x5450bc FormatMessageW
0x5450c0 QueryPerformanceFrequency
0x5450c4 QueryPerformanceCounter
0x5450c8 ReleaseMutex
0x5450cc CreateMutexW
0x5450d0 GetSystemInfo
0x5450d4 SetThreadPriority
0x5450d8 GetThreadPriority
0x5450dc MultiByteToWideChar
0x5450e0 WaitForSingleObject
0x5450e4 GetExitCodeProcess
0x5450e8 CloseHandle
0x5450ec GlobalLock
0x5450f0 GlobalUnlock
0x5450f4 FindFirstFileW
0x5450f8 CreateEventW
0x5450fc FindNextFileW
0x545100 FindClose
0x545104 GetSystemTimeAsFileTime
0x545108 SetLastError
0x54510c FormatMessageA
0x545110 GetProcAddress
0x545114 LoadLibraryA
0x545118 GetVersionExA
0x54511c FreeLibrary
0x545120 DeleteCriticalSection
0x545124 InitializeCriticalSection
0x545128 LeaveCriticalSection
0x54512c EnterCriticalSection
0x545130 SleepEx
0x545134 GetTickCount
0x545138 ReadFile
0x54513c PeekNamedPipe
0x545140 WaitForMultipleObjects
0x545144 GetFileType
0x545148 GetStdHandle
0x54514c Sleep
0x545150 ExpandEnvironmentStringsA
0x545154 GetFileAttributesW
0x545158 GetLocaleInfoA
0x54515c GetFileAttributesA
USER32.dll
0x5454bc TranslateMessage
0x5454c0 DispatchMessageW
0x5454c4 PeekMessageW
0x5454c8 SetCapture
0x5454cc ClientToScreen
0x5454d0 SetCursorPos
0x5454d4 ReleaseCapture
0x5454d8 LoadIconW
0x5454dc RegisterClassExW
0x5454e0 AdjustWindowRectEx
0x5454e4 MonitorFromPoint
0x5454e8 CreateWindowExW
0x5454ec UnregisterClassW
0x5454f0 DefWindowProcW
0x5454f4 PostQuitMessage
0x5454f8 GetWindowTextA
0x5454fc ShowWindow
0x545500 ScreenToClient
0x545504 TrackMouseEvent
0x545508 GetMessageW
0x54550c LoadImageW
0x545510 SetCursor
0x545514 ReleaseDC
0x545518 GetDC
0x54551c SetWindowTextW
0x545520 GetClientRect
0x545524 GetWindowRect
0x545528 MoveWindow
0x54552c GetWindowPlacement
0x545530 MonitorFromWindow
0x545534 GetMonitorInfoW
0x545538 SetWindowLongW
0x54553c SetWindowPos
0x545540 SetWindowPlacement
0x545544 ClipCursor
0x545548 CloseClipboard
0x54554c GetClipboardData
0x545550 OpenClipboard
0x545554 MessageBoxA
0x545558 MessageBoxW
0x54555c GetTopWindow
0x545560 SendMessageW
0x545564 GetCursorPos
0x545568 LoadCursorW
0x54556c SetForegroundWindow
0x545570 FindWindowW
0x545574 DestroyWindow
0x545578 GetDlgItem
0x54557c GetWindowLongW
0x545580 DialogBoxIndirectParamW
0x545584 EndDialog
0x545588 SendDlgItemMessageA
0x54558c GetDlgItemTextA
WS2_32.dll
0x5455fc getsockname
0x545600 setsockopt
0x545604 send
0x545608 ntohs
0x54560c WSAGetLastError
0x545610 WSAStartup
0x545614 WSACleanup
0x545618 ind
0x54561c htons
0x545620 getsockopt
0x545624 getpeername
0x545628 closesocket
0x54562c socket
0x545630 connect
0x545634 WSASetLastError
0x545638 recvfrom
0x54563c sendto
0x545640 getaddrinfo
0x545644 freeaddrinfo
0x545648 accept
0x54564c listen
0x545650 __WSAFDIsSet
0x545654 select
0x545658 ioctlsocket
0x54565c gethostname
0x545660 recv
WLDAP32.dll
0x5455b8 None
0x5455bc None
0x5455c0 None
0x5455c4 None
0x5455c8 None
0x5455cc None
0x5455d0 None
0x5455d4 None
0x5455d8 None
0x5455dc None
0x5455e0 None
0x5455e4 None
0x5455e8 None
0x5455ec None
0x5455f0 None
0x5455f4 None
ADVAPI32.dll
0x545000 CryptCreateHash
0x545004 RegQueryValueExW
0x545008 CryptGetHashParam
0x54500c CryptDestroyHash
0x545010 CryptReleaseContext
0x545014 CryptHashData
0x545018 CryptAcquireContextA
0x54501c RegOpenKeyExW
0x545020 RegCloseKey
IPHLPAPI.DLL
0x54503c GetAdaptersInfo
RPCRT4.dll
0x54549c UuidCreate
0x5454a0 RpcStringFreeA
0x5454a4 UuidToStringA
GDI32.dll
0x545030 DeleteObject
0x545034 CreateFontA
SHELL32.dll
0x5454ac ShellExecuteExW
0x5454b0 SHGetFolderPathAndSubDirW
0x5454b4 SHFileOperationW
EAT(Export Address Table) is none