ScreenShot
| Created | 2024.10.21 14:14 | Machine | s1_win7_x6401 |
| Filename | test.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 4 detected (AIDetectMalware, HackTool, Chisel) | ||
| md5 | 3e5777de48f53f6b3224e29634ca6691 | ||
| sha256 | 367ea4bcf096a1ae701c2d550e401b4fbfa6058cc8c0d02f0910a1e36f220004 | ||
| ssdeep | 49152:pzAbGAWQqqpt/JaWc8RmGa3qTm++DGO96c6haQTJle0rD8lb5cNrAt7HaDNEVuL7:XQEVwp5eLHVisY | ||
| imphash | 7b0aea11265f18f3d6126046e1a0dcd1 | ||
| impfuzzy | 24:1rXjmThWkN6YkMA41vuHRDkOVUTZdX1PJOvxjhW0B:tXjIpdF1vJJdX1PJOv/ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 4 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ws2_32.dll
0x884000 WSAGetOverlappedResult
advapi32.dll
0x884010 CryptAcquireContextW
0x884018 CryptGenRandom
0x884020 CryptReleaseContext
ntdll.dll
0x884030 NtWaitForSingleObject
kernel32.dll
0x884040 VirtualAlloc
0x884048 VirtualFree
0x884050 CreateIoCompletionPort
0x884058 GetQueuedCompletionStatus
0x884060 AddVectoredExceptionHandler
0x884068 CloseHandle
0x884070 CreateEventA
0x884078 CreateThread
0x884080 CreateWaitableTimerA
0x884088 DuplicateHandle
0x884090 ExitProcess
0x884098 FreeEnvironmentStringsW
0x8840a0 GetEnvironmentStringsW
0x8840a8 GetProcAddress
0x8840b0 GetStdHandle
0x8840b8 GetSystemInfo
0x8840c0 GetThreadContext
0x8840c8 LoadLibraryW
0x8840d0 LoadLibraryA
0x8840d8 ResumeThread
0x8840e0 SetConsoleCtrlHandler
0x8840e8 SetEvent
0x8840f0 SetProcessPriorityBoost
0x8840f8 SetThreadPriority
0x884100 SetUnhandledExceptionFilter
0x884108 SetWaitableTimer
0x884110 SuspendThread
0x884118 WaitForSingleObject
0x884120 WriteFile
winmm.dll
0x884130 timeBeginPeriod
EAT(Export Address Table) is none
ws2_32.dll
0x884000 WSAGetOverlappedResult
advapi32.dll
0x884010 CryptAcquireContextW
0x884018 CryptGenRandom
0x884020 CryptReleaseContext
ntdll.dll
0x884030 NtWaitForSingleObject
kernel32.dll
0x884040 VirtualAlloc
0x884048 VirtualFree
0x884050 CreateIoCompletionPort
0x884058 GetQueuedCompletionStatus
0x884060 AddVectoredExceptionHandler
0x884068 CloseHandle
0x884070 CreateEventA
0x884078 CreateThread
0x884080 CreateWaitableTimerA
0x884088 DuplicateHandle
0x884090 ExitProcess
0x884098 FreeEnvironmentStringsW
0x8840a0 GetEnvironmentStringsW
0x8840a8 GetProcAddress
0x8840b0 GetStdHandle
0x8840b8 GetSystemInfo
0x8840c0 GetThreadContext
0x8840c8 LoadLibraryW
0x8840d0 LoadLibraryA
0x8840d8 ResumeThread
0x8840e0 SetConsoleCtrlHandler
0x8840e8 SetEvent
0x8840f0 SetProcessPriorityBoost
0x8840f8 SetThreadPriority
0x884100 SetUnhandledExceptionFilter
0x884108 SetWaitableTimer
0x884110 SuspendThread
0x884118 WaitForSingleObject
0x884120 WriteFile
winmm.dll
0x884130 timeBeginPeriod
EAT(Export Address Table) is none