ScreenShot
| Created | 2024.11.20 09:18 | Machine | s1_win7_x6401 |
| Filename | GetAdapterInfo.exe | ||
| Type | PE32 executable (Windows CE) ARM Thumb, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | e036c5e30a9dace7ee859dc48b6130e0 | ||
| sha256 | 537d79b95fbbeedab6de6116c905e160767cbee3e5babc829b0a292c5ba22998 | ||
| ssdeep | 768:cyIAkAR4uVtZU9rkGyORyJQmd2eOeQjhrxIwhvZe:cyIAkAR4u7rURyQmPOLHhvZe | ||
| imphash | 82f72bbd7e9a45a44c87c00eaf43296b | ||
| impfuzzy | 12:IGQf+p5MPlIDcXA2nv7MAjGw+tA5EGQWx+:IlfYSKDclvMJG3+ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
COREDLL.dll
0x13000 None
0x13004 None
0x13008 None
0x1300c None
0x13010 None
0x13014 None
0x13018 None
0x1301c None
0x13020 None
0x13024 None
0x13028 None
0x1302c None
0x13030 None
0x13034 None
0x13038 None
0x1303c None
0x13040 None
0x13044 None
0x13048 None
0x1304c None
0x13050 None
0x13054 None
0x13058 None
0x1305c None
0x13060 None
0x13064 None
0x13068 None
0x1306c None
0x13070 None
0x13074 None
0x13078 None
0x1307c None
0x13080 None
0x13084 None
0x13088 None
commctrl.dll
0x13090 None
0x13094 None
0x13098 None
0x1309c None
iphlpapi.dll
0x130a4 GetAdaptersInfo
EAT(Export Address Table) is none
COREDLL.dll
0x13000 None
0x13004 None
0x13008 None
0x1300c None
0x13010 None
0x13014 None
0x13018 None
0x1301c None
0x13020 None
0x13024 None
0x13028 None
0x1302c None
0x13030 None
0x13034 None
0x13038 None
0x1303c None
0x13040 None
0x13044 None
0x13048 None
0x1304c None
0x13050 None
0x13054 None
0x13058 None
0x1305c None
0x13060 None
0x13064 None
0x13068 None
0x1306c None
0x13070 None
0x13074 None
0x13078 None
0x1307c None
0x13080 None
0x13084 None
0x13088 None
commctrl.dll
0x13090 None
0x13094 None
0x13098 None
0x1309c None
iphlpapi.dll
0x130a4 GetAdaptersInfo
EAT(Export Address Table) is none