ScreenShot
| Created | 2024.10.20 09:39 | Machine | s1_win7_x6403 |
| Filename | winfo.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 5 detected (AIDetectMalware, hpuzc, GenericMC, susgen) | ||
| md5 | 36731ee0e883b48fea504491545d2bff | ||
| sha256 | 807d1a00a996b7ff88e7070cf9812232e9ff70a3a9387c67c63ec162a5edd655 | ||
| ssdeep | 768:TkP3dfDtLXV7/LnGd/T9VCtK7NBCUQ7aWyoe/lep8J0zlhhHecD:adfDLTA5VeKpEUQLaJ0zlDec | ||
| imphash | a3f02717021f5e48dcf6e9998900d2c7 | ||
| impfuzzy | 24:pGCBCKNZBQBGrAep1uK2t+DROov/TgFQqpyvtlj1TR8nArR:rF2ep50fMT7NV8ArR | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WSOCK32.dll
0x409120 ioctlsocket
NETAPI32.dll
0x4090fc NetUserEnum
0x409100 NetShareEnum
0x409104 NetUserGetInfo
0x409108 NetUserModalsGet
0x40910c NetWkstaGetInfo
0x409110 NetSessionEnum
0x409114 NetWkstaUserEnum
0x409118 NetApiBufferFree
MPR.dll
0x4090f4 WNetAddConnection2A
KERNEL32.dll
0x409014 CompareStringW
0x409018 CompareStringA
0x40901c CloseHandle
0x409020 SetStdHandle
0x409024 SetEnvironmentVariableA
0x409028 GetStringTypeW
0x40902c GetStringTypeA
0x409030 LCMapStringW
0x409034 MultiByteToWideChar
0x409038 GetLocaleInfoA
0x40903c VirtualProtect
0x409040 GetSystemInfo
0x409044 RtlUnwind
0x409048 GetEnvironmentStringsW
0x40904c ExitProcess
0x409050 GetProcAddress
0x409054 GetModuleHandleA
0x409058 TerminateProcess
0x40905c GetCurrentProcess
0x409060 GetCommandLineA
0x409064 GetVersionExA
0x409068 WideCharToMultiByte
0x40906c GetTimeZoneInformation
0x409070 WriteFile
0x409074 GetStdHandle
0x409078 GetModuleFileNameA
0x40907c UnhandledExceptionFilter
0x409080 FreeEnvironmentStringsA
0x409084 GetEnvironmentStrings
0x409088 FreeEnvironmentStringsW
0x40908c GetLastError
0x409090 VirtualQuery
0x409094 SetHandleCount
0x409098 GetFileType
0x40909c GetStartupInfoA
0x4090a0 HeapDestroy
0x4090a4 HeapCreate
0x4090a8 VirtualFree
0x4090ac HeapFree
0x4090b0 HeapAlloc
0x4090b4 HeapReAlloc
0x4090b8 HeapSize
0x4090bc LoadLibraryA
0x4090c0 GetACP
0x4090c4 GetOEMCP
0x4090c8 GetCPInfo
0x4090cc VirtualAlloc
0x4090d0 FlushFileBuffers
0x4090d4 QueryPerformanceCounter
0x4090d8 GetTickCount
0x4090dc GetCurrentThreadId
0x4090e0 GetCurrentProcessId
0x4090e4 GetSystemTimeAsFileTime
0x4090e8 SetFilePointer
0x4090ec LCMapStringA
ADVAPI32.dll
0x409000 LsaNtStatusToWinError
0x409004 LsaQueryInformationPolicy
0x409008 LsaFreeMemory
0x40900c LsaOpenPolicy
EAT(Export Address Table) is none
WSOCK32.dll
0x409120 ioctlsocket
NETAPI32.dll
0x4090fc NetUserEnum
0x409100 NetShareEnum
0x409104 NetUserGetInfo
0x409108 NetUserModalsGet
0x40910c NetWkstaGetInfo
0x409110 NetSessionEnum
0x409114 NetWkstaUserEnum
0x409118 NetApiBufferFree
MPR.dll
0x4090f4 WNetAddConnection2A
KERNEL32.dll
0x409014 CompareStringW
0x409018 CompareStringA
0x40901c CloseHandle
0x409020 SetStdHandle
0x409024 SetEnvironmentVariableA
0x409028 GetStringTypeW
0x40902c GetStringTypeA
0x409030 LCMapStringW
0x409034 MultiByteToWideChar
0x409038 GetLocaleInfoA
0x40903c VirtualProtect
0x409040 GetSystemInfo
0x409044 RtlUnwind
0x409048 GetEnvironmentStringsW
0x40904c ExitProcess
0x409050 GetProcAddress
0x409054 GetModuleHandleA
0x409058 TerminateProcess
0x40905c GetCurrentProcess
0x409060 GetCommandLineA
0x409064 GetVersionExA
0x409068 WideCharToMultiByte
0x40906c GetTimeZoneInformation
0x409070 WriteFile
0x409074 GetStdHandle
0x409078 GetModuleFileNameA
0x40907c UnhandledExceptionFilter
0x409080 FreeEnvironmentStringsA
0x409084 GetEnvironmentStrings
0x409088 FreeEnvironmentStringsW
0x40908c GetLastError
0x409090 VirtualQuery
0x409094 SetHandleCount
0x409098 GetFileType
0x40909c GetStartupInfoA
0x4090a0 HeapDestroy
0x4090a4 HeapCreate
0x4090a8 VirtualFree
0x4090ac HeapFree
0x4090b0 HeapAlloc
0x4090b4 HeapReAlloc
0x4090b8 HeapSize
0x4090bc LoadLibraryA
0x4090c0 GetACP
0x4090c4 GetOEMCP
0x4090c8 GetCPInfo
0x4090cc VirtualAlloc
0x4090d0 FlushFileBuffers
0x4090d4 QueryPerformanceCounter
0x4090d8 GetTickCount
0x4090dc GetCurrentThreadId
0x4090e0 GetCurrentProcessId
0x4090e4 GetSystemTimeAsFileTime
0x4090e8 SetFilePointer
0x4090ec LCMapStringA
ADVAPI32.dll
0x409000 LsaNtStatusToWinError
0x409004 LsaQueryInformationPolicy
0x409008 LsaFreeMemory
0x40900c LsaOpenPolicy
EAT(Export Address Table) is none