ScreenShot
| Created | 2024.10.17 10:36 | Machine | s1_win7_x6401 |
| Filename | pnr.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 3 detected (BrowseFox, Diztakun, GrayWare) | ||
| md5 | 03095ac4f252a39ed63043b4ec57a070 | ||
| sha256 | e9a4af1ebd77f159b775c24dae1aeb4193db74e533f37fcd277d35a54e66b6e9 | ||
| ssdeep | 196608:Bh4qPaVcYO3bsKP2hyqhD3kLWmjZNf2FmHxOnq1CnXp3rgM6eFt17fQ59:Yq8XO3E3hzkimj/2FZqUp3rg8tBK9 | ||
| imphash | 8153e38af3edfd83dbe718abd367e38c | ||
| impfuzzy | 12:mDzjA9A+pZ1nd3EUPu6H1q+FaGKHWNXug3hrU1C1uCzlKfr:mDnWA+pZ11EguEQzHMNhlzlWr | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x57df5c GetProcAddress
0x57df60 GetModuleHandleA
0x57df64 LoadLibraryA
user32.dll
0x57e1f2 GetKeyboardType
advapi32.dll
0x57e1fa RegQueryValueExA
oleaut32.dll
0x57e202 VariantChangeTypeEx
advapi32.dll
0x57e20a RegSetValueExA
gdi32.dll
0x57e212 UnrealizeObject
user32.dll
0x57e21a keybd_event
ole32.dll
0x57e222 CreateStreamOnHGlobal
oleaut32.dll
0x57e22a GetErrorInfo
comctl32.dll
0x57e232 ImageList_SetIconSize
winspool.drv
0x57e23a OpenPrinterA
shell32.dll
0x57e242 Shell_NotifyIconA
shell32.dll
0x57e24a SHGetPathFromIDListA
comdlg32.dll
0x57e252 PrintDlgA
wsock32.dll
0x57e25a WSACleanup
msvfw32.dll
0x57e262 DrawDibEnd
winmm.dll
0x57e26a timeGetTime
user32.dll
0x57e272 DdeCmpStringHandles
EAT(Export Address Table) is none
kernel32.dll
0x57df5c GetProcAddress
0x57df60 GetModuleHandleA
0x57df64 LoadLibraryA
user32.dll
0x57e1f2 GetKeyboardType
advapi32.dll
0x57e1fa RegQueryValueExA
oleaut32.dll
0x57e202 VariantChangeTypeEx
advapi32.dll
0x57e20a RegSetValueExA
gdi32.dll
0x57e212 UnrealizeObject
user32.dll
0x57e21a keybd_event
ole32.dll
0x57e222 CreateStreamOnHGlobal
oleaut32.dll
0x57e22a GetErrorInfo
comctl32.dll
0x57e232 ImageList_SetIconSize
winspool.drv
0x57e23a OpenPrinterA
shell32.dll
0x57e242 Shell_NotifyIconA
shell32.dll
0x57e24a SHGetPathFromIDListA
comdlg32.dll
0x57e252 PrintDlgA
wsock32.dll
0x57e25a WSACleanup
msvfw32.dll
0x57e262 DrawDibEnd
winmm.dll
0x57e26a timeGetTime
user32.dll
0x57e272 DdeCmpStringHandles
EAT(Export Address Table) is none