ScreenShot
| Created | 2024.09.25 11:12 | Machine | s1_win7_x6403 |
| Filename | dl | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 376af2756c19e59540331f6056b5c321 | ||
| sha256 | e3ade39dae11c8e6355c2e9e3e9212cfc8f7993b738bbff6768e32a26a457ee6 | ||
| ssdeep | 6144:wL2vEjPnYbTAJgGdGrqneldBGOEYEFYc5klNePdi:w6vE7u9G8T/Ui | ||
| imphash | ef449b91b415f487291c91f6dead0311 | ||
| impfuzzy | 24:j4fLkPMj7NbSFkrkRDc4nMUpO5Dxus1VEdQB2dg/CCbG2SEjlNY7ta2cf3yv4/Js:An0Wp1udXFO5W7t7cfke29cJf5A6Q | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x430008 GetComputerNameA
0x43000c FillConsoleOutputCharacterA
0x430010 GetNumaNodeProcessorMask
0x430014 GetConsoleAliasExesLengthA
0x430018 OpenJobObjectA
0x43001c ReadConsoleA
0x430020 QueryDosDeviceA
0x430024 WaitForSingleObject
0x430028 GetComputerNameW
0x43002c GetNumaAvailableMemoryNode
0x430030 FreeEnvironmentStringsA
0x430034 GetModuleHandleW
0x430038 GetConsoleAliasesLengthA
0x43003c GetPriorityClass
0x430040 GetEnvironmentStrings
0x430044 FatalAppExitW
0x430048 SetSystemTimeAdjustment
0x43004c WriteConsoleOutputA
0x430050 GetFileAttributesA
0x430054 HeapCreate
0x430058 SetConsoleMode
0x43005c GetBinaryTypeA
0x430060 GetModuleFileNameW
0x430064 GetShortPathNameA
0x430068 GetStdHandle
0x43006c GetLastError
0x430070 GetCommandLineW
0x430074 GetProcAddress
0x430078 SearchPathA
0x43007c OpenWaitableTimerA
0x430080 LoadLibraryA
0x430084 InterlockedExchangeAdd
0x430088 LocalAlloc
0x43008c SetCalendarInfoW
0x430090 MoveFileA
0x430094 SetCommMask
0x430098 FindAtomA
0x43009c FoldStringA
0x4300a0 CreatePipe
0x4300a4 GetDefaultCommConfigA
0x4300a8 GetModuleHandleA
0x4300ac FreeEnvironmentStringsW
0x4300b0 BuildCommDCBA
0x4300b4 PurgeComm
0x4300b8 WaitForDebugEvent
0x4300bc GlobalReAlloc
0x4300c0 CopyFileExA
0x4300c4 GetVolumeInformationW
0x4300c8 CreateFileA
0x4300cc BackupRead
0x4300d0 DebugActiveProcess
0x4300d4 HeapFree
0x4300d8 HeapAlloc
0x4300dc Sleep
0x4300e0 ExitProcess
0x4300e4 GetStartupInfoW
0x4300e8 TerminateProcess
0x4300ec GetCurrentProcess
0x4300f0 UnhandledExceptionFilter
0x4300f4 SetUnhandledExceptionFilter
0x4300f8 IsDebuggerPresent
0x4300fc VirtualFree
0x430100 DeleteCriticalSection
0x430104 LeaveCriticalSection
0x430108 EnterCriticalSection
0x43010c VirtualAlloc
0x430110 HeapReAlloc
0x430114 WriteFile
0x430118 GetModuleFileNameA
0x43011c SetHandleCount
0x430120 GetFileType
0x430124 GetStartupInfoA
0x430128 TlsGetValue
0x43012c TlsAlloc
0x430130 TlsSetValue
0x430134 TlsFree
0x430138 InterlockedIncrement
0x43013c SetLastError
0x430140 GetCurrentThreadId
0x430144 InterlockedDecrement
0x430148 HeapSize
0x43014c GetCPInfo
0x430150 GetACP
0x430154 GetOEMCP
0x430158 IsValidCodePage
0x43015c InitializeCriticalSectionAndSpinCount
0x430160 GetEnvironmentStringsW
0x430164 QueryPerformanceCounter
0x430168 GetTickCount
0x43016c GetCurrentProcessId
0x430170 GetSystemTimeAsFileTime
0x430174 RtlUnwind
0x430178 MultiByteToWideChar
0x43017c ReadFile
0x430180 LCMapStringA
0x430184 WideCharToMultiByte
0x430188 LCMapStringW
0x43018c GetStringTypeA
0x430190 GetStringTypeW
0x430194 GetLocaleInfoA
0x430198 GetConsoleCP
0x43019c GetConsoleMode
0x4301a0 FlushFileBuffers
0x4301a4 SetFilePointer
0x4301a8 SetStdHandle
0x4301ac CloseHandle
0x4301b0 WriteConsoleA
0x4301b4 GetConsoleOutputCP
0x4301b8 WriteConsoleW
USER32.dll
0x4301c0 GetUserObjectInformationW
0x4301c4 SetFocus
ADVAPI32.dll
0x430000 ObjectPrivilegeAuditAlarmA
EAT(Export Address Table) is none
KERNEL32.dll
0x430008 GetComputerNameA
0x43000c FillConsoleOutputCharacterA
0x430010 GetNumaNodeProcessorMask
0x430014 GetConsoleAliasExesLengthA
0x430018 OpenJobObjectA
0x43001c ReadConsoleA
0x430020 QueryDosDeviceA
0x430024 WaitForSingleObject
0x430028 GetComputerNameW
0x43002c GetNumaAvailableMemoryNode
0x430030 FreeEnvironmentStringsA
0x430034 GetModuleHandleW
0x430038 GetConsoleAliasesLengthA
0x43003c GetPriorityClass
0x430040 GetEnvironmentStrings
0x430044 FatalAppExitW
0x430048 SetSystemTimeAdjustment
0x43004c WriteConsoleOutputA
0x430050 GetFileAttributesA
0x430054 HeapCreate
0x430058 SetConsoleMode
0x43005c GetBinaryTypeA
0x430060 GetModuleFileNameW
0x430064 GetShortPathNameA
0x430068 GetStdHandle
0x43006c GetLastError
0x430070 GetCommandLineW
0x430074 GetProcAddress
0x430078 SearchPathA
0x43007c OpenWaitableTimerA
0x430080 LoadLibraryA
0x430084 InterlockedExchangeAdd
0x430088 LocalAlloc
0x43008c SetCalendarInfoW
0x430090 MoveFileA
0x430094 SetCommMask
0x430098 FindAtomA
0x43009c FoldStringA
0x4300a0 CreatePipe
0x4300a4 GetDefaultCommConfigA
0x4300a8 GetModuleHandleA
0x4300ac FreeEnvironmentStringsW
0x4300b0 BuildCommDCBA
0x4300b4 PurgeComm
0x4300b8 WaitForDebugEvent
0x4300bc GlobalReAlloc
0x4300c0 CopyFileExA
0x4300c4 GetVolumeInformationW
0x4300c8 CreateFileA
0x4300cc BackupRead
0x4300d0 DebugActiveProcess
0x4300d4 HeapFree
0x4300d8 HeapAlloc
0x4300dc Sleep
0x4300e0 ExitProcess
0x4300e4 GetStartupInfoW
0x4300e8 TerminateProcess
0x4300ec GetCurrentProcess
0x4300f0 UnhandledExceptionFilter
0x4300f4 SetUnhandledExceptionFilter
0x4300f8 IsDebuggerPresent
0x4300fc VirtualFree
0x430100 DeleteCriticalSection
0x430104 LeaveCriticalSection
0x430108 EnterCriticalSection
0x43010c VirtualAlloc
0x430110 HeapReAlloc
0x430114 WriteFile
0x430118 GetModuleFileNameA
0x43011c SetHandleCount
0x430120 GetFileType
0x430124 GetStartupInfoA
0x430128 TlsGetValue
0x43012c TlsAlloc
0x430130 TlsSetValue
0x430134 TlsFree
0x430138 InterlockedIncrement
0x43013c SetLastError
0x430140 GetCurrentThreadId
0x430144 InterlockedDecrement
0x430148 HeapSize
0x43014c GetCPInfo
0x430150 GetACP
0x430154 GetOEMCP
0x430158 IsValidCodePage
0x43015c InitializeCriticalSectionAndSpinCount
0x430160 GetEnvironmentStringsW
0x430164 QueryPerformanceCounter
0x430168 GetTickCount
0x43016c GetCurrentProcessId
0x430170 GetSystemTimeAsFileTime
0x430174 RtlUnwind
0x430178 MultiByteToWideChar
0x43017c ReadFile
0x430180 LCMapStringA
0x430184 WideCharToMultiByte
0x430188 LCMapStringW
0x43018c GetStringTypeA
0x430190 GetStringTypeW
0x430194 GetLocaleInfoA
0x430198 GetConsoleCP
0x43019c GetConsoleMode
0x4301a0 FlushFileBuffers
0x4301a4 SetFilePointer
0x4301a8 SetStdHandle
0x4301ac CloseHandle
0x4301b0 WriteConsoleA
0x4301b4 GetConsoleOutputCP
0x4301b8 WriteConsoleW
USER32.dll
0x4301c0 GetUserObjectInformationW
0x4301c4 SetFocus
ADVAPI32.dll
0x430000 ObjectPrivilegeAuditAlarmA
EAT(Export Address Table) is none