Report - ZeroBOX

ScreenShot

Info
Location map


Created	2024.10.21 14:08	Machine	s1_win7_x6401
Filename	ncat.exe
Type	PE32 executable (console) Intel 80386, for MS Windows
AI Score	3	Behavior Score	1.2
ZERO API	file : clean
VT API (file)	38 detected (AIDetectMalware, NetTool, Infected, Misc, HackTool, Unsafe, V75z, malicious, moderate confidence, Ncat, B potentially unsafe, NetCat, Fugrafa, ioithn, CLOUD, VSNTLS23, Detected, ApplicUnwnt@#1z7ibrgqhc72o, SIDD, GenericRXAA, BScope, Swrort, ppvTeq3YSVo, susgen, Nzbf)
md5	b6e0db27c2b3e62db616b0918a5d8ed8
sha256	1d177ff8ed3a7f17c5e5e4ecebcee3f26f360658bca2e8ad808bd270d1f492de
ssdeep	49152:XB10saFtVM9UHfj96y/Y0ZRPzQOBzY7Sj:Xb0s59UHfJ6uvZQ
imphash	ac615fb1d93576fa3c26077a619c9144
impfuzzy	48:XqPldeuNsrzu65xGZR/y9mutcfjyV98EqvS3Xc8YlChZztRa:Xyl0uNCvgR/y9NcfGVWvSHcH0ztRa

Network IP location

Signature (2cnts)

Level	Description
danger	File has been identified by 38 AntiVirus engines on VirusTotal as malicious
info	Command line console output was observed

Rules (6cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

WS2_32.dll
0x5b8354 WSASocketA
0x5b8358 ioctlsocket
0x5b835c getsockname
0x5b8360 sendto
0x5b8364 getsockopt
0x5b8368 WSAStartup
0x5b836c gethostname
0x5b8370 ntohl
0x5b8374 ind
0x5b8378 socket
0x5b837c setsockopt
0x5b8380 recvfrom
0x5b8384 listen
0x5b8388 connect
0x5b838c WSAEventSelect
0x5b8390 WSACreateEvent
0x5b8394 WSACloseEvent
0x5b8398 shutdown
0x5b839c WSAGetLastError
0x5b83a0 WSASetLastError
0x5b83a4 getservbyname
0x5b83a8 getservbyport
0x5b83ac gethostbyname
0x5b83b0 gethostbyaddr
0x5b83b4 select
0x5b83b8 recv
0x5b83bc ntohs
0x5b83c0 inet_ntoa
0x5b83c4 inet_addr
0x5b83c8 htons
0x5b83cc htonl
0x5b83d0 send
0x5b83d4 getpeername
0x5b83d8 closesocket
0x5b83dc accept
0x5b83e0 __WSAFDIsSet
ADVAPI32.dll
0x5b8000 CryptAcquireContextA
0x5b8004 CryptGenRandom
0x5b8008 ReportEventA
0x5b800c RegisterEventSourceA
0x5b8010 DeregisterEventSource
0x5b8014 CryptReleaseContext
USER32.dll
0x5b8318 GetDesktopWindow
0x5b831c MessageBoxA
0x5b8320 GetUserObjectInformationW
0x5b8324 GetProcessWindowStation
GDI32.dll
0x5b8048 DeleteObject
0x5b804c GetBitmapBits
0x5b8050 CreateDCA
0x5b8054 CreateCompatibleDC
0x5b8058 CreateCompatibleBitmap
0x5b805c BitBlt
0x5b8060 GetDeviceCaps
0x5b8064 SelectObject
0x5b8068 DeleteDC
0x5b806c GetObjectA
KERNEL32.dll
0x5b80a4 EnumSystemLocalesW
0x5b80a8 GetUserDefaultLCID
0x5b80ac IsValidLocale
0x5b80b0 GetLocaleInfoW
0x5b80b4 GetStringTypeW
0x5b80b8 ReadConsoleW
0x5b80bc RaiseException
0x5b80c0 FileTimeToSystemTime
0x5b80c4 SystemTimeToTzSpecificLocalTime
0x5b80c8 GetDriveTypeW
0x5b80cc GetDateFormatW
0x5b80d0 FindClose
0x5b80d4 GetFileAttributesExW
0x5b80d8 FlushFileBuffers
0x5b80dc FreeEnvironmentStringsW
0x5b80e0 GetEnvironmentStringsW
0x5b80e4 CreateFileW
0x5b80e8 SetFilePointerEx
0x5b80ec RtlUnwind
0x5b80f0 GetTimeFormatW
0x5b80f4 CompareStringW
0x5b80f8 LCMapStringW
0x5b80fc SetEnvironmentVariableA
0x5b8100 HeapSize
0x5b8104 CreateSemaphoreW
0x5b8108 GetModuleHandleW
0x5b810c GetStartupInfoW
0x5b8110 TlsFree
0x5b8114 SetEndOfFile
0x5b8118 FileTimeToLocalFileTime
0x5b811c GetFileInformationByHandle
0x5b8120 GetFullPathNameW
0x5b8124 SetCurrentDirectoryW
0x5b8128 GetCurrentDirectoryW
0x5b812c GetFullPathNameA
0x5b8130 FindFirstFileA
0x5b8134 FindFirstFileExW
0x5b8138 GetVersion
0x5b813c GetSystemDirectoryA
0x5b8140 FreeLibrary
0x5b8144 GetProcAddress
0x5b8148 LoadLibraryA
0x5b814c GetStdHandle
0x5b8150 CreateFileA
0x5b8154 ReadFile
0x5b8158 WriteFile
0x5b815c CloseHandle
0x5b8160 SetHandleInformation
0x5b8164 GetLastError
0x5b8168 CreatePipe
0x5b816c GetOverlappedResult
0x5b8170 ResetEvent
0x5b8174 ReleaseMutex
0x5b8178 WaitForSingleObject
0x5b817c CreateMutexA
0x5b8180 ExitProcess
0x5b8184 TerminateProcess
0x5b8188 GetExitCodeProcess
0x5b818c CreateThread
0x5b8190 CreateProcessA
0x5b8194 WaitForMultipleObjects
0x5b8198 CreateNamedPipeA
0x5b819c GetModuleFileNameA
0x5b81a0 GetModuleHandleA
0x5b81a4 DuplicateHandle
0x5b81a8 GetCurrentProcess
0x5b81ac FormatMessageA
0x5b81b0 Sleep
0x5b81b4 SetStdHandle
0x5b81b8 PeekNamedPipe
0x5b81bc GetFileType
0x5b81c0 GetCurrentThreadId
0x5b81c4 FindNextFileA
0x5b81c8 MultiByteToWideChar
0x5b81cc QueryPerformanceCounter
0x5b81d0 GetCurrentProcessId
0x5b81d4 GetTickCount
0x5b81d8 GetVersionExA
0x5b81dc GlobalMemoryStatus
0x5b81e0 FlushConsoleInputBuffer
0x5b81e4 SetLastError
0x5b81e8 GetModuleFileNameW
0x5b81ec GetModuleHandleExW
0x5b81f0 WriteConsoleW
0x5b81f4 HeapFree
0x5b81f8 EnterCriticalSection
0x5b81fc LeaveCriticalSection
0x5b8200 EncodePointer
0x5b8204 DecodePointer
0x5b8208 AreFileApisANSI
0x5b820c WideCharToMultiByte
0x5b8210 SetConsoleCtrlHandler
0x5b8214 HeapAlloc
0x5b8218 GetConsoleCP
0x5b821c GetConsoleMode
0x5b8220 IsProcessorFeaturePresent
0x5b8224 GetCommandLineA
0x5b8228 IsDebuggerPresent
0x5b822c HeapReAlloc
0x5b8230 GetSystemTimeAsFileTime
0x5b8234 GetTimeZoneInformation
0x5b8238 GetNumberOfConsoleInputEvents
0x5b823c PeekConsoleInputA
0x5b8240 ReadConsoleInputA
0x5b8244 SetConsoleMode
0x5b8248 OutputDebugStringW
0x5b824c LoadLibraryExW
0x5b8250 IsValidCodePage
0x5b8254 GetACP
0x5b8258 GetOEMCP
0x5b825c GetCPInfo
0x5b8260 GetCurrentThread
0x5b8264 GetProcessHeap
0x5b8268 DeleteCriticalSection
0x5b826c FatalAppExitA
0x5b8270 UnhandledExceptionFilter
0x5b8274 SetUnhandledExceptionFilter
0x5b8278 InitializeCriticalSectionAndSpinCount
0x5b827c CreateEventW
0x5b8280 TlsAlloc
0x5b8284 TlsGetValue
0x5b8288 TlsSetValue

EAT(Export Address Table) is none

Report - ncat.exe

Signature (2cnts)

Rules (6cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure