ScreenShot
| Created | 2024.10.15 14:27 | Machine | s1_win7_x6401 |
| Filename | builder.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | c2bc344f6dde0573ea9acdfb6698bf4c | ||
| sha256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db | ||
| ssdeep | 12288:CzVXpdg/1MB94JD7RfaVT1hG98P67PNV3giFH6J1VjR3L6dpbQrQyEpInmwuRUfB:CzxjgdRpBq1hG98P67PNV3giFH6J1Vjn | ||
| imphash | d2e26e45dcb84f1062f90f29a9cf0faa | ||
| impfuzzy | 12:SDHqZG6OV0Cjup+pyvJDv0FTFYGqBJq/nAP3ZDam:S7+/Ojup+pCJqyGq/q23Am | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | BlackMatter_Ransomware_IN | BlackMatter Ransomware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x40603c MessageBoxW
KERNEL32.dll
0x406000 LoadResource
0x406004 WriteFile
0x406008 CreateFileW
0x40600c ExitProcess
0x406010 FindResourceW
0x406014 GetCommandLineW
0x406018 GetFileSize
0x40601c GetModuleHandleW
0x406020 GlobalFree
0x406024 SizeofResource
0x406028 LockResource
0x40602c ReadFile
SHELL32.dll
0x406034 CommandLineToArgvW
msvcrt.dll
0x40604c _wcsicmp
0x406050 memcpy
0x406054 memset
0x406058 sprintf
0x40605c strchr
0x406060 strcpy
0x406064 strlen
0x406068 strstr
0x40606c wcscat
0x406070 wcscpy
0x406074 wcslen
0x406078 wcsrchr
0x40607c localeconv
0x406080 _stricmp
0x406084 _strcmpi
0x406088 tolower
0x40608c realloc
0x406090 malloc
0x406094 free
0x406098 strtod
0x40609c strncmp
imagehlp.dll
0x406044 CheckSumMappedFile
ntdll.dll
0x4060a4 RtlFreeHeap
0x4060a8 RtlAllocateHeap
0x4060ac NtClose
0x4060b0 RtlImageNtHeader
EAT(Export Address Table) is none
USER32.dll
0x40603c MessageBoxW
KERNEL32.dll
0x406000 LoadResource
0x406004 WriteFile
0x406008 CreateFileW
0x40600c ExitProcess
0x406010 FindResourceW
0x406014 GetCommandLineW
0x406018 GetFileSize
0x40601c GetModuleHandleW
0x406020 GlobalFree
0x406024 SizeofResource
0x406028 LockResource
0x40602c ReadFile
SHELL32.dll
0x406034 CommandLineToArgvW
msvcrt.dll
0x40604c _wcsicmp
0x406050 memcpy
0x406054 memset
0x406058 sprintf
0x40605c strchr
0x406060 strcpy
0x406064 strlen
0x406068 strstr
0x40606c wcscat
0x406070 wcscpy
0x406074 wcslen
0x406078 wcsrchr
0x40607c localeconv
0x406080 _stricmp
0x406084 _strcmpi
0x406088 tolower
0x40608c realloc
0x406090 malloc
0x406094 free
0x406098 strtod
0x40609c strncmp
imagehlp.dll
0x406044 CheckSumMappedFile
ntdll.dll
0x4060a4 RtlFreeHeap
0x4060a8 RtlAllocateHeap
0x4060ac NtClose
0x4060b0 RtlImageNtHeader
EAT(Export Address Table) is none