ScreenShot
| Created | 2025.01.03 17:58 | Machine | s1_win7_x6401 |
| Filename | qidong.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 8 detected (malicious, confidence, BypassUAC, LESS, bWQ1OgaF+Szp4L23, score, susgen) | ||
| md5 | fd3b02595e57959bdffe927dfa01b651 | ||
| sha256 | d11790375573ac728cbd860735a7cfa37e9ed624c9f758b1153c1ec36054682c | ||
| ssdeep | 384:N5tmVYRTF5Uy06VkFowCTgwuBv9Fr/L8EwpESycPNAX/LuazV0ocRUos7Xh3awZT:9mVYRT370TV9BNw/jNAvLU9UosbJawq | ||
| imphash | ae1179fd332ecab323e4058edd63692f | ||
| impfuzzy | 24:tnOovufiv8ERRv07JHXuklEEfcfDot9qL:QhfW0qEfcsIL | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 8 AntiVirus engines on VirusTotal as malicious |
| info | The executable uses a known packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x406000 GetTickCount
0x406004 GetTempPathW
0x406008 GetCommandLineA
0x40600c GetVersion
0x406010 ExitProcess
0x406014 TerminateProcess
0x406018 GetCurrentProcess
0x40601c HeapReAlloc
0x406020 HeapAlloc
0x406024 HeapSize
0x406028 UnhandledExceptionFilter
0x40602c GetModuleFileNameA
0x406030 FreeEnvironmentStringsA
0x406034 FreeEnvironmentStringsW
0x406038 WideCharToMultiByte
0x40603c GetEnvironmentStrings
0x406040 GetEnvironmentStringsW
0x406044 SetHandleCount
0x406048 GetStdHandle
0x40604c GetFileType
0x406050 GetStartupInfoA
0x406054 GetCurrentThreadId
0x406058 TlsSetValue
0x40605c TlsAlloc
0x406060 SetLastError
0x406064 TlsGetValue
0x406068 GetLastError
0x40606c GetModuleHandleA
0x406070 GetEnvironmentVariableA
0x406074 GetVersionExA
0x406078 HeapDestroy
0x40607c HeapCreate
0x406080 VirtualFree
0x406084 HeapFree
0x406088 RtlUnwind
0x40608c WriteFile
0x406090 InitializeCriticalSection
0x406094 EnterCriticalSection
0x406098 LeaveCriticalSection
0x40609c VirtualAlloc
0x4060a0 GetCPInfo
0x4060a4 GetACP
0x4060a8 GetOEMCP
0x4060ac GetProcAddress
0x4060b0 LoadLibraryA
0x4060b4 MultiByteToWideChar
0x4060b8 LCMapStringA
0x4060bc LCMapStringW
0x4060c0 GetStringTypeA
0x4060c4 GetStringTypeW
0x4060c8 InterlockedDecrement
0x4060cc InterlockedIncrement
USER32.dll
0x4060d4 wsprintfW
EAT(Export Address Table) is none
KERNEL32.dll
0x406000 GetTickCount
0x406004 GetTempPathW
0x406008 GetCommandLineA
0x40600c GetVersion
0x406010 ExitProcess
0x406014 TerminateProcess
0x406018 GetCurrentProcess
0x40601c HeapReAlloc
0x406020 HeapAlloc
0x406024 HeapSize
0x406028 UnhandledExceptionFilter
0x40602c GetModuleFileNameA
0x406030 FreeEnvironmentStringsA
0x406034 FreeEnvironmentStringsW
0x406038 WideCharToMultiByte
0x40603c GetEnvironmentStrings
0x406040 GetEnvironmentStringsW
0x406044 SetHandleCount
0x406048 GetStdHandle
0x40604c GetFileType
0x406050 GetStartupInfoA
0x406054 GetCurrentThreadId
0x406058 TlsSetValue
0x40605c TlsAlloc
0x406060 SetLastError
0x406064 TlsGetValue
0x406068 GetLastError
0x40606c GetModuleHandleA
0x406070 GetEnvironmentVariableA
0x406074 GetVersionExA
0x406078 HeapDestroy
0x40607c HeapCreate
0x406080 VirtualFree
0x406084 HeapFree
0x406088 RtlUnwind
0x40608c WriteFile
0x406090 InitializeCriticalSection
0x406094 EnterCriticalSection
0x406098 LeaveCriticalSection
0x40609c VirtualAlloc
0x4060a0 GetCPInfo
0x4060a4 GetACP
0x4060a8 GetOEMCP
0x4060ac GetProcAddress
0x4060b0 LoadLibraryA
0x4060b4 MultiByteToWideChar
0x4060b8 LCMapStringA
0x4060bc LCMapStringW
0x4060c0 GetStringTypeA
0x4060c4 GetStringTypeW
0x4060c8 InterlockedDecrement
0x4060cc InterlockedIncrement
USER32.dll
0x4060d4 wsprintfW
EAT(Export Address Table) is none