Report - ZeroBOX

ScreenShot

Info
Location map


Created	2024.10.14 10:49	Machine	s1_win7_x6401
Filename	TDPremium.exe
Type	PE32+ executable (console) x86-64, for MS Windows
AI Score	3	Behavior Score	2.0
ZERO API
VT API (file)	60 detected (AIDetectMalware, Nekark, Malicious, score, Lazy, Unsafe, Save, confidence, 100%, high confidence, GenKryptik, GSCO, CrypterX, kqbeov, Vigorf, EgYafl2csHI, elxlr, R002C0XGE24, Static AI, Malicious PE, hszys, Detected, Sabsik, Malware@#3fkwdgdybzhpo, Phonzy, Artemis, Chgt, Gencirc, YnM0Zm88s7U, susgen)
md5	53f178ea0c14b901bc30cc22687d384d
sha256	f2b707c3cf25fd49571811650b22df7f568b5cdc0c83988094599d0ece04e6c2
ssdeep	24576:bgnFJEsu/wiCE7ljNGuhTVU7wgqWJGOyNjbBnT5FW:0nFJEsuoh6WRnGBl1nN8
imphash	6f181bbb9b68fced5b0aaae00cf24483
impfuzzy	96:BcRNt9WAtj1zMp46Bp0jBAKxU3LaI+uN4eg+zMqsYoFsIvAxUZxUxC7t64Er/iRJ:kzWfkjBAjr1X/Z5QQwiO3jIPRDSBTZ

Network IP location

Signature (3cnts)

Level	Description
danger	File has been identified by 60 AntiVirus engines on VirusTotal as malicious
watch	Communicates with host for which no DNS query was performed
info	This executable has a PDB path

Rules (7cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	ftp_command	ftp command	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (1cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
131.153.76.130 whois		PhoenixNAP	131.153.76.130

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x1400d9138 EnterCriticalSection
0x1400d9140 LeaveCriticalSection
0x1400d9148 SleepEx
0x1400d9150 GetSystemDirectoryA
0x1400d9158 VerifyVersionInfoA
0x1400d9160 GetTickCount
0x1400d9168 MoveFileExA
0x1400d9170 WaitForSingleObjectEx
0x1400d9178 GetEnvironmentVariableA
0x1400d9180 GetFileType
0x1400d9188 ReadFile
0x1400d9190 PeekNamedPipe
0x1400d9198 WaitForMultipleObjects
0x1400d91a0 CreateFileA
0x1400d91a8 GetFileSizeEx
0x1400d91b0 GetLocaleInfoEx
0x1400d91b8 FindClose
0x1400d91c0 FindFirstFileExW
0x1400d91c8 FindNextFileW
0x1400d91d0 Module32FirstW
0x1400d91d8 SetFileInformationByHandle
0x1400d91e0 FormatMessageA
0x1400d91e8 GetModuleHandleW
0x1400d91f0 GetModuleFileNameA
0x1400d91f8 AreFileApisANSI
0x1400d9200 GetFileInformationByHandleEx
0x1400d9208 ReleaseSRWLockExclusive
0x1400d9210 AcquireSRWLockExclusive
0x1400d9218 WakeAllConditionVariable
0x1400d9220 SleepConditionVariableSRW
0x1400d9228 RtlCaptureContext
0x1400d9230 RtlLookupFunctionEntry
0x1400d9238 RtlVirtualUnwind
0x1400d9240 UnhandledExceptionFilter
0x1400d9248 SetUnhandledExceptionFilter
0x1400d9250 TerminateProcess
0x1400d9258 IsProcessorFeaturePresent
0x1400d9260 IsDebuggerPresent
0x1400d9268 GetCurrentProcessId
0x1400d9270 GetCurrentThreadId
0x1400d9278 GetSystemTimeAsFileTime
0x1400d9280 InitializeSListHead
0x1400d9288 OutputDebugStringW
0x1400d9290 GetLastError
0x1400d9298 OpenProcess
0x1400d92a0 GetStdHandle
0x1400d92a8 SetConsoleTextAttribute
0x1400d92b0 SetLastError
0x1400d92b8 GetCurrentProcess
0x1400d92c0 DeleteCriticalSection
0x1400d92c8 InitializeCriticalSectionEx
0x1400d92d0 GetProcessHeap
0x1400d92d8 HeapSize
0x1400d92e0 WideCharToMultiByte
0x1400d92e8 HeapFree
0x1400d92f0 HeapReAlloc
0x1400d92f8 HeapAlloc
0x1400d9300 HeapDestroy
0x1400d9308 CreateDirectoryA
0x1400d9310 QueryPerformanceCounter
0x1400d9318 FreeLibrary
0x1400d9320 VerSetConditionMask
0x1400d9328 GetProcAddress
0x1400d9330 QueryPerformanceFrequency
0x1400d9338 LoadLibraryA
0x1400d9340 GetModuleHandleA
0x1400d9348 GlobalUnlock
0x1400d9350 GlobalLock
0x1400d9358 LocalFree
0x1400d9360 GlobalFree
0x1400d9368 GlobalAlloc
0x1400d9370 MultiByteToWideChar
0x1400d9378 Module32NextW
0x1400d9380 Beep
0x1400d9388 CloseHandle
0x1400d9390 WriteProcessMemory
0x1400d9398 Process32FirstW
0x1400d93a0 GetCurrentThread
0x1400d93a8 Process32NextW
0x1400d93b0 CreateToolhelp32Snapshot
0x1400d93b8 SetConsoleTitleA
0x1400d93c0 ReadProcessMemory
0x1400d93c8 Sleep
0x1400d93d0 CreateFileW
USER32.dll
0x1400d9668 GetWindowThreadProcessId
0x1400d9670 EnumWindows
0x1400d9678 SetWindowLongA
0x1400d9680 GetClipboardData
0x1400d9688 EmptyClipboard
0x1400d9690 CloseClipboard
0x1400d9698 OpenClipboard
0x1400d96a0 GetCursorPos
0x1400d96a8 SetCursorPos
0x1400d96b0 ReleaseCapture
0x1400d96b8 FindWindowW
0x1400d96c0 FindWindowA
0x1400d96c8 GetKeyState
0x1400d96d0 RegisterClassExA
0x1400d96d8 GetDesktopWindow
0x1400d96e0 GetAsyncKeyState
0x1400d96e8 LoadIconW
0x1400d96f0 TranslateMessage
0x1400d96f8 SetLayeredWindowAttributes
0x1400d9700 CreateWindowExA
0x1400d9708 DefWindowProcA
0x1400d9710 MoveWindow
0x1400d9718 SetWindowDisplayAffinity
0x1400d9720 PeekMessageW
0x1400d9728 DispatchMessageW
0x1400d9730 ShowWindow
0x1400d9738 SetWindowPos
0x1400d9740 DestroyWindow
0x1400d9748 GetWindowRect
0x1400d9750 GetWindow
0x1400d9758 GetWindowLongW
0x1400d9760 SetClipboardData
0x1400d9768 GetSystemMetrics
0x1400d9770 GetClientRect
0x1400d9778 SetCursor
0x1400d9780 SetCapture
0x1400d9788 LoadCursorW
0x1400d9790 GetForegroundWindow
0x1400d9798 TrackMouseEvent
0x1400d97a0 ClientToScreen
0x1400d97a8 GetCapture
0x1400d97b0 ScreenToClient
0x1400d97b8 mouse_event
0x1400d97c0 SendInput
0x1400d97c8 SetWindowLongW
SHELL32.dll
0x1400d9658 ShellExecuteW
MSVCP140.dll
0x1400d93e0 ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400d93e8 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x1400d93f0 ??Bid@locale@std@@QEAA_KXZ
0x1400d93f8 ?_Winerror_map@std@@YAHH@Z
0x1400d9400 ?_Syserror_map@std@@YAPEBDH@Z
0x1400d9408 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
0x1400d9410 ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
0x1400d9418 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400d9420 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
0x1400d9428 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400d9430 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
0x1400d9438 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
0x1400d9440 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
0x1400d9448 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
0x1400d9450 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400d9458 ??Bios_base@std@@QEBA_NXZ
0x1400d9460 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
0x1400d9468 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
0x1400d9470 ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
0x1400d9478 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1400d9480 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400d9488 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400d9490 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400d9498 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x1400d94a0 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x1400d94a8 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x1400d94b0 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400d94b8 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x1400d94c0 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400d94c8 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1400d94d0 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400d94d8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1400d94e0 ?_Xbad_alloc@std@@YAXXZ
0x1400d94e8 ?_Xlength_error@std@@YAXPEBD@Z
0x1400d94f0 _Query_perf_frequency
0x1400d94f8 ?_Throw_Cpp_error@std@@YAXH@Z
0x1400d9500 _Cnd_do_broadcast_at_thread_exit
0x1400d9508 _Thrd_sleep
0x1400d9510 _Thrd_id
0x1400d9518 _Query_perf_counter
0x1400d9520 _Thrd_detach
0x1400d9528 _Xtime_get_ticks
0x1400d9530 _Thrd_join
0x1400d9538 ?_Xout_of_range@std@@YAXPEBD@Z
0x1400d9540 ?_Random_device@std@@YAIXZ
0x1400d9548 ??1_Lockit@std@@QEAA@XZ
0x1400d9550 ??0_Lockit@std@@QEAA@H@Z
0x1400d9558 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1400d9560 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x1400d9568 ?uncaught_exception@std@@YA_NXZ
0x1400d9570 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400d9578 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x1400d9580 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x1400d9588 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x1400d9590 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x1400d9598 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x1400d95a0 ?_Xbad_function_call@std@@YAXXZ
0x1400d95a8 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1400d95b0 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
0x1400d95b8 ?id@?$ctype@D@std@@2V0locale@2@A
0x1400d95c0 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1400d95c8 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
0x1400d95d0 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x1400d95d8 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400d95e0 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
0x1400d95e8 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1400d95f0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1400d95f8 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1400d9600 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1400d9608 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1400d9610 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x1400d9618 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
d3d9.dll
0x1400d9de8 Direct3DCreate9Ex
d3dx9_43.dll
0x1400d9df8 D3DXMatrixTranspose
0x1400d9e00 D3DXVec3Transform
dwmapi.dll
0x1400d9e10 DwmExtendFrameIntoClientArea
IMM32.dll
0x1400d9110 ImmSetCandidateWindow
0x1400d9118 ImmSetCompositionWindow
0x1400d9120 ImmGetContext
0x1400d9128 ImmReleaseContext
Normaliz.dll
0x1400d9628 IdnToAscii
WLDAP32.dll
0x1400d9878 None
0x1400d9880 None
0x1400d9888 None
0x1400d9890 None
0x1400d9898 None
0x1400d98a0 None
0x1400d98a8 None
0x1400d98b0 None
0x1400d98b8 None
0x1400d98c0 None
0x1400d98c8 None
0x1400d98d0 None
0x1400d98d8 None
0x1400d98e0 None
0x1400d98e8 None
0x1400d98f0 None
0x1400d98f8 None
0x1400d9900 None
CRYPT32.dll
0x1400d9088 CertFreeCertificateChainEngine
0x1400d9090 CertCreateCertificateChainEngine
0x1400d9098 CryptQueryObject
0x1400d90a0 CertFreeCertificateChain
0x1400d90a8 CertOpenStore
0x1400d90b0 CertCloseStore
0x1400d90b8 CertEnumCertificatesInStore
0x1400d90c0 CertFindCertificateInStore
0x1400d90c8 CertFreeCertificateContext
0x1400d90d0 CryptStringToBinaryA
0x1400d90d8 PFXImportCertStore
0x1400d90e0 CryptDecodeObjectEx
0x1400d90e8 CertAddCertificateContextToStore
0x1400d90f0 CertFindExtension
0x1400d90f8 CertGetNameStringA
0x1400d9100 CertGetCertificateChain
WS2_32.dll
0x1400d9910 closesocket
0x1400d9918 recv
0x1400d9920 send
0x1400d9928 WSAGetLastError
0x1400d9930 ind
0x1400d9938 connect
0x1400d9940 getpeername
0x1400d9948 getsockname
0x1400d9950 getsockopt
0x1400d9958 htons
0x1400d9960 ntohs
0x1400d9968 setsockopt
0x1400d9970 socket
0x1400d9978 WSASetLastError
0x1400d9980 WSAIoctl
0x1400d9988 WSAStartup
0x1400d9990 WSACleanup
0x1400d9998 accept
0x1400d99a0 ntohl
0x1400d99a8 gethostname
0x1400d99b0 sendto
0x1400d99b8 recvfrom
0x1400d99c0 freeaddrinfo
0x1400d99c8 getaddrinfo
0x1400d99d0 select
0x1400d99d8 __WSAFDIsSet
0x1400d99e0 ioctlsocket
0x1400d99e8 listen
0x1400d99f0 htonl
RPCRT4.dll
0x1400d9638 UuidCreate
0x1400d9640 UuidToStringA
0x1400d9648 RpcStringFreeA
USERENV.dll
0x1400d97d8 UnloadUserProfile
VCRUNTIME140_1.dll
0x1400d9868 __CxxFrameHandler4
VCRUNTIME140.dll
0x1400d97e8 __std_exception_destroy
0x1400d97f0 __std_exception_copy
0x1400d97f8 __std_terminate
0x1400d9800 strstr
0x1400d9808 _CxxThrowException
0x1400d9810 memchr
0x1400d9818 memcmp
0x1400d9820 memcpy
0x1400d9828 memmove
0x1400d9830 memset
0x1400d9838 strchr
0x1400d9840 strrchr
0x1400d9848 __C_specific_handler
0x1400d9850 __current_exception
0x1400d9858 __current_exception_context
api-ms-win-crt-heap-l1-1-0.dll
0x1400d9a90 malloc
0x1400d9a98 free
0x1400d9aa0 _set_new_mode
0x1400d9aa8 _callnewh
0x1400d9ab0 calloc
0x1400d9ab8 realloc
api-ms-win-crt-utility-l1-1-0.dll
0x1400d9dc8 rand
0x1400d9dd0 srand
0x1400d9dd8 qsort
api-ms-win-crt-runtime-l1-1-0.dll
0x1400d9b50 _beginthreadex
0x1400d9b58 _getpid
0x1400d9b60 _invalid_parameter_noinfo_noreturn
0x1400d9b68 system
0x1400d9b70 terminate
0x1400d9b78 abort
0x1400d9b80 _configure_narrow_argv
0x1400d9b88 _initialize_onexit_table
0x1400d9b90 _register_onexit_function
0x1400d9b98 exit
0x1400d9ba0 _register_thread_local_exe_atexit_callback
0x1400d9ba8 _resetstkoflw
0x1400d9bb0 _c_exit
0x1400d9bb8 _invalid_parameter_noinfo
0x1400d9bc0 __p___argv
0x1400d9bc8 __sys_nerr
0x1400d9bd0 strerror
0x1400d9bd8 __p___argc
0x1400d9be0 _exit
0x1400d9be8 _errno
0x1400d9bf0 _initterm_e
0x1400d9bf8 _initterm
0x1400d9c00 _get_initial_narrow_environment
0x1400d9c08 _set_app_type
0x1400d9c10 _crt_atexit
0x1400d9c18 _seh_filter_exe
0x1400d9c20 _cexit
0x1400d9c28 _initialize_narrow_environment
api-ms-win-crt-time-l1-1-0.dll
0x1400d9db0 _gmtime64
0x1400d9db8 _time64
api-ms-win-crt-stdio-l1-1-0.dll
0x1400d9c38 _set_fmode
0x1400d9c40 fread_s
0x1400d9c48 __stdio_common_vsscanf
0x1400d9c50 _wfopen
0x1400d9c58 __p__commode
0x1400d9c60 _read
0x1400d9c68 _write
0x1400d9c70 __stdio_common_vfprintf
0x1400d9c78 fseek
0x1400d9c80 __acrt_iob_func
0x1400d9c88 ftell
0x1400d9c90 _get_stream_buffer_pointers
0x1400d9c98 _fseeki64
0x1400d9ca0 fread
0x1400d9ca8 fgets
0x1400d9cb0 fsetpos
0x1400d9cb8 ungetc
0x1400d9cc0 setvbuf
0x1400d9cc8 fgetpos
0x1400d9cd0 _pclose
0x1400d9cd8 __stdio_common_vsprintf
0x1400d9ce0 _popen
0x1400d9ce8 fwrite
0x1400d9cf0 _close
0x1400d9cf8 fopen
0x1400d9d00 fputs
0x1400d9d08 fgetc
0x1400d9d10 feof
0x1400d9d18 _open
0x1400d9d20 fclose
0x1400d9d28 __stdio_common_vsprintf_s
0x1400d9d30 fflush
0x1400d9d38 fopen_s
0x1400d9d40 _lseeki64
0x1400d9d48 fputc
api-ms-win-crt-math-l1-1-0.dll
0x1400d9ae8 ceilf
0x1400d9af0 cosf
0x1400d9af8 fmodf
0x1400d9b00 acosf
0x1400d9b08 _hypotf
0x1400d9b10 sinf
0x1400d9b18 _dclass
0x1400d9b20 __setusermatherr
0x1400d9b28 roundf
0x1400d9b30 _dsign
0x1400d9b38 pow
0x1400d9b40 sqrtf
api-ms-win-crt-string-l1-1-0.dll
0x1400d9d58 strcmp
0x1400d9d60 tolower
0x1400d9d68 strcspn
0x1400d9d70 strncmp
0x1400d9d78 strspn
0x1400d9d80 isupper
0x1400d9d88 strncpy
0x1400d9d90 _wcsicmp
0x1400d9d98 _strdup
0x1400d9da0 strpbrk
api-ms-win-crt-convert-l1-1-0.dll
0x1400d9a10 atoi
0x1400d9a18 strtod
0x1400d9a20 atof
0x1400d9a28 strtol
0x1400d9a30 strtoul
0x1400d9a38 strtoull
0x1400d9a40 strtoll
api-ms-win-crt-conio-l1-1-0.dll
0x1400d9a00 _getch
api-ms-win-crt-filesystem-l1-1-0.dll
0x1400d9a50 _stat64
0x1400d9a58 _mkdir
0x1400d9a60 _lock_file
0x1400d9a68 _fstat64
0x1400d9a70 _unlock_file
0x1400d9a78 _access
0x1400d9a80 _unlink
api-ms-win-crt-locale-l1-1-0.dll
0x1400d9ac8 ___lc_codepage_func
0x1400d9ad0 localeconv
0x1400d9ad8 _configthreadlocale
ADVAPI32.dll
0x1400d9000 CryptGetHashParam
0x1400d9008 CryptEncrypt
0x1400d9010 CryptImportKey
0x1400d9018 CryptDestroyKey
0x1400d9020 CryptDestroyHash
0x1400d9028 CryptHashData
0x1400d9030 CryptCreateHash
0x1400d9038 CryptGenRandom
0x1400d9040 CryptReleaseContext
0x1400d9048 CryptAcquireContextA
0x1400d9050 ConvertSidToStringSidA
0x1400d9058 IsValidSid
0x1400d9060 GetTokenInformation
0x1400d9068 GetLengthSid
0x1400d9070 CopySid
0x1400d9078 OpenProcessToken

EAT(Export Address Table) is none

Report - TDPremium.exe

Signature (3cnts)

Rules (7cnts)

Network (1cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure