ScreenShot
| Created | 2024.11.08 17:18 | Machine | s1_win7_x6401 |
| Filename | ngrok.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 20 detected (Ngrok, Unsafe, malicious, moderate confidence, a variant of WinGo, B potentially unsafe, NetTool, kkogxh, Tool, Detected, AQL617, EIST, susgen) | ||
| md5 | 7a3c5b70ffdb7399dc9386ea6511c0a9 | ||
| sha256 | f7ee8fdcb8a064a192aa58b6ec2d80879bd71b5995b06352ee360cfb38cd4732 | ||
| ssdeep | 98304:YgHZQOMGQEI+erErQUZP0NzOgfH6Y3mWlEaj3IS9F9x0jjvwbLEUl+ITzZSmr0at:7k+frQUZm6fojb79FcPvvU/lzDB | ||
| imphash | ea509d361799935a94335b88f534a970 | ||
| impfuzzy | 24:ibVjh9wO+jX13uT7boVaXOr6kwmDgUPMztxdD1tr6tP:AwO+jX13UjXOmokxp1ZoP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1ac8420 WriteFile
0x1ac8428 WriteConsoleW
0x1ac8430 WerSetFlags
0x1ac8438 WerGetFlags
0x1ac8440 WaitForMultipleObjects
0x1ac8448 WaitForSingleObject
0x1ac8450 VirtualQuery
0x1ac8458 VirtualFree
0x1ac8460 VirtualAlloc
0x1ac8468 TlsAlloc
0x1ac8470 SwitchToThread
0x1ac8478 SuspendThread
0x1ac8480 SetWaitableTimer
0x1ac8488 SetUnhandledExceptionFilter
0x1ac8490 SetThreadPriority
0x1ac8498 SetProcessPriorityBoost
0x1ac84a0 SetEvent
0x1ac84a8 SetErrorMode
0x1ac84b0 SetConsoleCtrlHandler
0x1ac84b8 ResumeThread
0x1ac84c0 RaiseFailFastException
0x1ac84c8 PostQueuedCompletionStatus
0x1ac84d0 LoadLibraryW
0x1ac84d8 LoadLibraryExW
0x1ac84e0 SetThreadContext
0x1ac84e8 GetThreadContext
0x1ac84f0 GetSystemInfo
0x1ac84f8 GetSystemDirectoryA
0x1ac8500 GetStdHandle
0x1ac8508 GetQueuedCompletionStatusEx
0x1ac8510 GetProcessAffinityMask
0x1ac8518 GetProcAddress
0x1ac8520 GetErrorMode
0x1ac8528 GetEnvironmentStringsW
0x1ac8530 GetCurrentThreadId
0x1ac8538 GetConsoleMode
0x1ac8540 FreeEnvironmentStringsW
0x1ac8548 ExitProcess
0x1ac8550 DuplicateHandle
0x1ac8558 CreateWaitableTimerExW
0x1ac8560 CreateWaitableTimerA
0x1ac8568 CreateThread
0x1ac8570 CreateIoCompletionPort
0x1ac8578 CreateFileA
0x1ac8580 CreateEventA
0x1ac8588 CloseHandle
0x1ac8590 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1ac8420 WriteFile
0x1ac8428 WriteConsoleW
0x1ac8430 WerSetFlags
0x1ac8438 WerGetFlags
0x1ac8440 WaitForMultipleObjects
0x1ac8448 WaitForSingleObject
0x1ac8450 VirtualQuery
0x1ac8458 VirtualFree
0x1ac8460 VirtualAlloc
0x1ac8468 TlsAlloc
0x1ac8470 SwitchToThread
0x1ac8478 SuspendThread
0x1ac8480 SetWaitableTimer
0x1ac8488 SetUnhandledExceptionFilter
0x1ac8490 SetThreadPriority
0x1ac8498 SetProcessPriorityBoost
0x1ac84a0 SetEvent
0x1ac84a8 SetErrorMode
0x1ac84b0 SetConsoleCtrlHandler
0x1ac84b8 ResumeThread
0x1ac84c0 RaiseFailFastException
0x1ac84c8 PostQueuedCompletionStatus
0x1ac84d0 LoadLibraryW
0x1ac84d8 LoadLibraryExW
0x1ac84e0 SetThreadContext
0x1ac84e8 GetThreadContext
0x1ac84f0 GetSystemInfo
0x1ac84f8 GetSystemDirectoryA
0x1ac8500 GetStdHandle
0x1ac8508 GetQueuedCompletionStatusEx
0x1ac8510 GetProcessAffinityMask
0x1ac8518 GetProcAddress
0x1ac8520 GetErrorMode
0x1ac8528 GetEnvironmentStringsW
0x1ac8530 GetCurrentThreadId
0x1ac8538 GetConsoleMode
0x1ac8540 FreeEnvironmentStringsW
0x1ac8548 ExitProcess
0x1ac8550 DuplicateHandle
0x1ac8558 CreateWaitableTimerExW
0x1ac8560 CreateWaitableTimerA
0x1ac8568 CreateThread
0x1ac8570 CreateIoCompletionPort
0x1ac8578 CreateFileA
0x1ac8580 CreateEventA
0x1ac8588 CloseHandle
0x1ac8590 AddVectoredExceptionHandler
EAT(Export Address Table) is none