ScreenShot
| Created | 2024.10.20 09:57 | Machine | s1_win7_x6403 |
| Filename | CapCut.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | f0ecb0b7a365f88b26f3cb7d5101881a | ||
| sha256 | 4d97c5998d3d572ebdfbcad5ff324bf33a355fa49f0fbfb2ee8f50af7ccaec49 | ||
| ssdeep | 196608:xRoY983hPZdFdpJvbAtqfMmjyS7yKMOW:f/MhP1dPvMSiS7AO | ||
| imphash | 4a438adb9d59c004dab9ec35016a1405 | ||
| impfuzzy | 96:woexMCyamCRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wNrymLe3SFomQ6+STjz | ||
Network IP location
Signature (0cnts)
| Level | Description |
|---|
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1413f048c AddAtomA
0x1413f0494 AddVectoredContinueHandler
0x1413f049c AddVectoredExceptionHandler
0x1413f04a4 CloseHandle
0x1413f04ac CreateEventA
0x1413f04b4 CreateIoCompletionPort
0x1413f04bc CreateMutexA
0x1413f04c4 CreateSemaphoreA
0x1413f04cc CreateThread
0x1413f04d4 CreateWaitableTimerExW
0x1413f04dc DeleteAtom
0x1413f04e4 DeleteCriticalSection
0x1413f04ec DuplicateHandle
0x1413f04f4 EnterCriticalSection
0x1413f04fc ExitProcess
0x1413f0504 FindAtomA
0x1413f050c FormatMessageA
0x1413f0514 FreeEnvironmentStringsW
0x1413f051c GetAtomNameA
0x1413f0524 GetConsoleMode
0x1413f052c GetCurrentProcess
0x1413f0534 GetCurrentProcessId
0x1413f053c GetCurrentThread
0x1413f0544 GetCurrentThreadId
0x1413f054c GetEnvironmentStringsW
0x1413f0554 GetErrorMode
0x1413f055c GetHandleInformation
0x1413f0564 GetLastError
0x1413f056c GetProcAddress
0x1413f0574 GetProcessAffinityMask
0x1413f057c GetQueuedCompletionStatusEx
0x1413f0584 GetStartupInfoA
0x1413f058c GetStdHandle
0x1413f0594 GetSystemDirectoryA
0x1413f059c GetSystemInfo
0x1413f05a4 GetSystemTimeAsFileTime
0x1413f05ac GetThreadContext
0x1413f05b4 GetThreadPriority
0x1413f05bc GetTickCount
0x1413f05c4 InitializeCriticalSection
0x1413f05cc IsDBCSLeadByteEx
0x1413f05d4 IsDebuggerPresent
0x1413f05dc LeaveCriticalSection
0x1413f05e4 LoadLibraryExW
0x1413f05ec LoadLibraryW
0x1413f05f4 LocalFree
0x1413f05fc MultiByteToWideChar
0x1413f0604 OpenProcess
0x1413f060c OutputDebugStringA
0x1413f0614 PostQueuedCompletionStatus
0x1413f061c QueryPerformanceCounter
0x1413f0624 QueryPerformanceFrequency
0x1413f062c RaiseException
0x1413f0634 RaiseFailFastException
0x1413f063c ReleaseMutex
0x1413f0644 ReleaseSemaphore
0x1413f064c RemoveVectoredExceptionHandler
0x1413f0654 ResetEvent
0x1413f065c ResumeThread
0x1413f0664 RtlLookupFunctionEntry
0x1413f066c RtlVirtualUnwind
0x1413f0674 SetConsoleCtrlHandler
0x1413f067c SetErrorMode
0x1413f0684 SetEvent
0x1413f068c SetLastError
0x1413f0694 SetProcessAffinityMask
0x1413f069c SetProcessPriorityBoost
0x1413f06a4 SetThreadContext
0x1413f06ac SetThreadPriority
0x1413f06b4 SetUnhandledExceptionFilter
0x1413f06bc SetWaitableTimer
0x1413f06c4 Sleep
0x1413f06cc SuspendThread
0x1413f06d4 SwitchToThread
0x1413f06dc TlsAlloc
0x1413f06e4 TlsGetValue
0x1413f06ec TlsSetValue
0x1413f06f4 TryEnterCriticalSection
0x1413f06fc VirtualAlloc
0x1413f0704 VirtualFree
0x1413f070c VirtualProtect
0x1413f0714 VirtualQuery
0x1413f071c WaitForMultipleObjects
0x1413f0724 WaitForSingleObject
0x1413f072c WerGetFlags
0x1413f0734 WerSetFlags
0x1413f073c WideCharToMultiByte
0x1413f0744 WriteConsoleW
0x1413f074c WriteFile
0x1413f0754 __C_specific_handler
msvcrt.dll
0x1413f0764 ___lc_codepage_func
0x1413f076c ___mb_cur_max_func
0x1413f0774 __getmainargs
0x1413f077c __initenv
0x1413f0784 __iob_func
0x1413f078c __lconv_init
0x1413f0794 __set_app_type
0x1413f079c __setusermatherr
0x1413f07a4 _acmdln
0x1413f07ac _amsg_exit
0x1413f07b4 _beginthread
0x1413f07bc _beginthreadex
0x1413f07c4 _cexit
0x1413f07cc _commode
0x1413f07d4 _endthreadex
0x1413f07dc _errno
0x1413f07e4 _fmode
0x1413f07ec _initterm
0x1413f07f4 _lock
0x1413f07fc _memccpy
0x1413f0804 _onexit
0x1413f080c _setjmp
0x1413f0814 _strdup
0x1413f081c _ultoa
0x1413f0824 _unlock
0x1413f082c abort
0x1413f0834 calloc
0x1413f083c exit
0x1413f0844 fprintf
0x1413f084c fputc
0x1413f0854 free
0x1413f085c fwrite
0x1413f0864 localeconv
0x1413f086c longjmp
0x1413f0874 malloc
0x1413f087c memcpy
0x1413f0884 memmove
0x1413f088c memset
0x1413f0894 printf
0x1413f089c realloc
0x1413f08a4 signal
0x1413f08ac strerror
0x1413f08b4 strlen
0x1413f08bc strncmp
0x1413f08c4 vfprintf
0x1413f08cc wcslen
EAT(Export Address Table) Library
0x1413edc90 _cgo_dummy_export
KERNEL32.dll
0x1413f048c AddAtomA
0x1413f0494 AddVectoredContinueHandler
0x1413f049c AddVectoredExceptionHandler
0x1413f04a4 CloseHandle
0x1413f04ac CreateEventA
0x1413f04b4 CreateIoCompletionPort
0x1413f04bc CreateMutexA
0x1413f04c4 CreateSemaphoreA
0x1413f04cc CreateThread
0x1413f04d4 CreateWaitableTimerExW
0x1413f04dc DeleteAtom
0x1413f04e4 DeleteCriticalSection
0x1413f04ec DuplicateHandle
0x1413f04f4 EnterCriticalSection
0x1413f04fc ExitProcess
0x1413f0504 FindAtomA
0x1413f050c FormatMessageA
0x1413f0514 FreeEnvironmentStringsW
0x1413f051c GetAtomNameA
0x1413f0524 GetConsoleMode
0x1413f052c GetCurrentProcess
0x1413f0534 GetCurrentProcessId
0x1413f053c GetCurrentThread
0x1413f0544 GetCurrentThreadId
0x1413f054c GetEnvironmentStringsW
0x1413f0554 GetErrorMode
0x1413f055c GetHandleInformation
0x1413f0564 GetLastError
0x1413f056c GetProcAddress
0x1413f0574 GetProcessAffinityMask
0x1413f057c GetQueuedCompletionStatusEx
0x1413f0584 GetStartupInfoA
0x1413f058c GetStdHandle
0x1413f0594 GetSystemDirectoryA
0x1413f059c GetSystemInfo
0x1413f05a4 GetSystemTimeAsFileTime
0x1413f05ac GetThreadContext
0x1413f05b4 GetThreadPriority
0x1413f05bc GetTickCount
0x1413f05c4 InitializeCriticalSection
0x1413f05cc IsDBCSLeadByteEx
0x1413f05d4 IsDebuggerPresent
0x1413f05dc LeaveCriticalSection
0x1413f05e4 LoadLibraryExW
0x1413f05ec LoadLibraryW
0x1413f05f4 LocalFree
0x1413f05fc MultiByteToWideChar
0x1413f0604 OpenProcess
0x1413f060c OutputDebugStringA
0x1413f0614 PostQueuedCompletionStatus
0x1413f061c QueryPerformanceCounter
0x1413f0624 QueryPerformanceFrequency
0x1413f062c RaiseException
0x1413f0634 RaiseFailFastException
0x1413f063c ReleaseMutex
0x1413f0644 ReleaseSemaphore
0x1413f064c RemoveVectoredExceptionHandler
0x1413f0654 ResetEvent
0x1413f065c ResumeThread
0x1413f0664 RtlLookupFunctionEntry
0x1413f066c RtlVirtualUnwind
0x1413f0674 SetConsoleCtrlHandler
0x1413f067c SetErrorMode
0x1413f0684 SetEvent
0x1413f068c SetLastError
0x1413f0694 SetProcessAffinityMask
0x1413f069c SetProcessPriorityBoost
0x1413f06a4 SetThreadContext
0x1413f06ac SetThreadPriority
0x1413f06b4 SetUnhandledExceptionFilter
0x1413f06bc SetWaitableTimer
0x1413f06c4 Sleep
0x1413f06cc SuspendThread
0x1413f06d4 SwitchToThread
0x1413f06dc TlsAlloc
0x1413f06e4 TlsGetValue
0x1413f06ec TlsSetValue
0x1413f06f4 TryEnterCriticalSection
0x1413f06fc VirtualAlloc
0x1413f0704 VirtualFree
0x1413f070c VirtualProtect
0x1413f0714 VirtualQuery
0x1413f071c WaitForMultipleObjects
0x1413f0724 WaitForSingleObject
0x1413f072c WerGetFlags
0x1413f0734 WerSetFlags
0x1413f073c WideCharToMultiByte
0x1413f0744 WriteConsoleW
0x1413f074c WriteFile
0x1413f0754 __C_specific_handler
msvcrt.dll
0x1413f0764 ___lc_codepage_func
0x1413f076c ___mb_cur_max_func
0x1413f0774 __getmainargs
0x1413f077c __initenv
0x1413f0784 __iob_func
0x1413f078c __lconv_init
0x1413f0794 __set_app_type
0x1413f079c __setusermatherr
0x1413f07a4 _acmdln
0x1413f07ac _amsg_exit
0x1413f07b4 _beginthread
0x1413f07bc _beginthreadex
0x1413f07c4 _cexit
0x1413f07cc _commode
0x1413f07d4 _endthreadex
0x1413f07dc _errno
0x1413f07e4 _fmode
0x1413f07ec _initterm
0x1413f07f4 _lock
0x1413f07fc _memccpy
0x1413f0804 _onexit
0x1413f080c _setjmp
0x1413f0814 _strdup
0x1413f081c _ultoa
0x1413f0824 _unlock
0x1413f082c abort
0x1413f0834 calloc
0x1413f083c exit
0x1413f0844 fprintf
0x1413f084c fputc
0x1413f0854 free
0x1413f085c fwrite
0x1413f0864 localeconv
0x1413f086c longjmp
0x1413f0874 malloc
0x1413f087c memcpy
0x1413f0884 memmove
0x1413f088c memset
0x1413f0894 printf
0x1413f089c realloc
0x1413f08a4 signal
0x1413f08ac strerror
0x1413f08b4 strlen
0x1413f08bc strncmp
0x1413f08c4 vfprintf
0x1413f08cc wcslen
EAT(Export Address Table) Library
0x1413edc90 _cgo_dummy_export