ScreenShot
| Created | 2024.10.17 14:31 | Machine | s1_win7_x6403 |
| Filename | 63e909b3647d.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 790a583c92b1575850a1a18adcb6c3bb | ||
| sha256 | 41c368c21f9011b53c84f94a27c897373a294bcbbf9bf05c7bb7d7088b4049b8 | ||
| ssdeep | 12288:cwU7U4aFpPwDW5Z833VCr9sNiWbA6AGliQE83DEO:M7U4aFp9ZQ3VNbAlGs4Tt | ||
| imphash | c68e3728e5b31346dadca5959fef3f1a | ||
| impfuzzy | 24:A2tMS14GhlJnc+pl3eDo/Y15vRSOovbO9ZHGMc:RtMS14G5c+ppsnj3S | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x414000 GetModuleHandleExW
0x414004 WriteConsoleW
0x414008 CreateFileW
0x41400c HeapReAlloc
0x414010 CloseHandle
0x414014 UnhandledExceptionFilter
0x414018 SetUnhandledExceptionFilter
0x41401c GetCurrentProcess
0x414020 TerminateProcess
0x414024 IsProcessorFeaturePresent
0x414028 QueryPerformanceCounter
0x41402c GetCurrentProcessId
0x414030 GetCurrentThreadId
0x414034 GetSystemTimeAsFileTime
0x414038 InitializeSListHead
0x41403c IsDebuggerPresent
0x414040 GetStartupInfoW
0x414044 GetModuleHandleW
0x414048 HeapSize
0x41404c RaiseException
0x414050 RtlUnwind
0x414054 GetLastError
0x414058 SetLastError
0x41405c EnterCriticalSection
0x414060 LeaveCriticalSection
0x414064 DeleteCriticalSection
0x414068 InitializeCriticalSectionAndSpinCount
0x41406c TlsAlloc
0x414070 TlsGetValue
0x414074 TlsSetValue
0x414078 TlsFree
0x41407c FreeLibrary
0x414080 GetProcAddress
0x414084 LoadLibraryExW
0x414088 EncodePointer
0x41408c GetStdHandle
0x414090 WriteFile
0x414094 GetModuleFileNameW
0x414098 ExitProcess
0x41409c DecodePointer
0x4140a0 HeapAlloc
0x4140a4 HeapFree
0x4140a8 LCMapStringW
0x4140ac GetFileType
0x4140b0 FindClose
0x4140b4 FindFirstFileExW
0x4140b8 FindNextFileW
0x4140bc IsValidCodePage
0x4140c0 GetACP
0x4140c4 GetOEMCP
0x4140c8 GetCPInfo
0x4140cc GetCommandLineA
0x4140d0 GetCommandLineW
0x4140d4 MultiByteToWideChar
0x4140d8 WideCharToMultiByte
0x4140dc GetEnvironmentStringsW
0x4140e0 FreeEnvironmentStringsW
0x4140e4 SetStdHandle
0x4140e8 GetStringTypeW
0x4140ec GetProcessHeap
0x4140f0 FlushFileBuffers
0x4140f4 GetConsoleOutputCP
0x4140f8 GetConsoleMode
0x4140fc GetFileSizeEx
0x414100 SetFilePointerEx
EAT(Export Address Table) is none
KERNEL32.dll
0x414000 GetModuleHandleExW
0x414004 WriteConsoleW
0x414008 CreateFileW
0x41400c HeapReAlloc
0x414010 CloseHandle
0x414014 UnhandledExceptionFilter
0x414018 SetUnhandledExceptionFilter
0x41401c GetCurrentProcess
0x414020 TerminateProcess
0x414024 IsProcessorFeaturePresent
0x414028 QueryPerformanceCounter
0x41402c GetCurrentProcessId
0x414030 GetCurrentThreadId
0x414034 GetSystemTimeAsFileTime
0x414038 InitializeSListHead
0x41403c IsDebuggerPresent
0x414040 GetStartupInfoW
0x414044 GetModuleHandleW
0x414048 HeapSize
0x41404c RaiseException
0x414050 RtlUnwind
0x414054 GetLastError
0x414058 SetLastError
0x41405c EnterCriticalSection
0x414060 LeaveCriticalSection
0x414064 DeleteCriticalSection
0x414068 InitializeCriticalSectionAndSpinCount
0x41406c TlsAlloc
0x414070 TlsGetValue
0x414074 TlsSetValue
0x414078 TlsFree
0x41407c FreeLibrary
0x414080 GetProcAddress
0x414084 LoadLibraryExW
0x414088 EncodePointer
0x41408c GetStdHandle
0x414090 WriteFile
0x414094 GetModuleFileNameW
0x414098 ExitProcess
0x41409c DecodePointer
0x4140a0 HeapAlloc
0x4140a4 HeapFree
0x4140a8 LCMapStringW
0x4140ac GetFileType
0x4140b0 FindClose
0x4140b4 FindFirstFileExW
0x4140b8 FindNextFileW
0x4140bc IsValidCodePage
0x4140c0 GetACP
0x4140c4 GetOEMCP
0x4140c8 GetCPInfo
0x4140cc GetCommandLineA
0x4140d0 GetCommandLineW
0x4140d4 MultiByteToWideChar
0x4140d8 WideCharToMultiByte
0x4140dc GetEnvironmentStringsW
0x4140e0 FreeEnvironmentStringsW
0x4140e4 SetStdHandle
0x4140e8 GetStringTypeW
0x4140ec GetProcessHeap
0x4140f0 FlushFileBuffers
0x4140f4 GetConsoleOutputCP
0x4140f8 GetConsoleMode
0x4140fc GetFileSizeEx
0x414100 SetFilePointerEx
EAT(Export Address Table) is none