ScreenShot
| Created | 2025.01.09 10:48 | Machine | s1_win7_x6401 |
| Filename | recoder-ori.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 1 detected (BScope, Skeeyah) | ||
| md5 | aaf9dfee455084282455cd46f0a4ac2a | ||
| sha256 | 93dba6a882a8a0dd133b65c5368d2e2a80c04435a8c6666af45b8e48aa0c1162 | ||
| ssdeep | 384:YSwgseLLyoTWNjRz0CdrySCUE/D3A2OSzuAHArPoF+rdv4ERYhl:fw/ILyPfKUcdOxJPoghb8l | ||
| imphash | 71771ca76817492258bac7ad2cf881b2 | ||
| impfuzzy | 12:YRJR+5TZnJ2cDnWiiARZqRJhPPXJNiXJcqVvM5XGXVVeGJCk1i6lOKpJqm2hiZn:8fg1JlDzncJ9enk5XGDZEk1ioZqmRZn | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| notice | File has been identified by one AntiVirus engine on VirusTotal as malicious |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40611c DeleteCriticalSection
0x406120 EnterCriticalSection
0x406124 GetCurrentProcess
0x406128 GetCurrentProcessId
0x40612c GetCurrentThreadId
0x406130 GetLastError
0x406134 GetModuleHandleA
0x406138 GetProcAddress
0x40613c GetStartupInfoA
0x406140 GetSystemTimeAsFileTime
0x406144 GetTickCount
0x406148 InitializeCriticalSection
0x40614c LeaveCriticalSection
0x406150 QueryPerformanceCounter
0x406154 SetUnhandledExceptionFilter
0x406158 Sleep
0x40615c TerminateProcess
0x406160 TlsGetValue
0x406164 UnhandledExceptionFilter
0x406168 VirtualProtect
0x40616c VirtualQuery
msvcrt.dll
0x406174 __dllonexit
0x406178 __getmainargs
0x40617c __initenv
0x406180 __lconv_init
0x406184 __set_app_type
0x406188 __setusermatherr
0x40618c _acmdln
0x406190 _amsg_exit
0x406194 _cexit
0x406198 _fmode
0x40619c _initterm
0x4061a0 _iob
0x4061a4 _lock
0x4061a8 _onexit
0x4061ac _unlock
0x4061b0 abort
0x4061b4 calloc
0x4061b8 exit
0x4061bc fclose
0x4061c0 fopen
0x4061c4 fprintf
0x4061c8 fread
0x4061cc free
0x4061d0 fwrite
0x4061d4 getchar
0x4061d8 malloc
0x4061dc memcpy
0x4061e0 putchar
0x4061e4 signal
0x4061e8 strcmp
0x4061ec strlen
0x4061f0 strncmp
0x4061f4 vfprintf
EAT(Export Address Table) is none
KERNEL32.dll
0x40611c DeleteCriticalSection
0x406120 EnterCriticalSection
0x406124 GetCurrentProcess
0x406128 GetCurrentProcessId
0x40612c GetCurrentThreadId
0x406130 GetLastError
0x406134 GetModuleHandleA
0x406138 GetProcAddress
0x40613c GetStartupInfoA
0x406140 GetSystemTimeAsFileTime
0x406144 GetTickCount
0x406148 InitializeCriticalSection
0x40614c LeaveCriticalSection
0x406150 QueryPerformanceCounter
0x406154 SetUnhandledExceptionFilter
0x406158 Sleep
0x40615c TerminateProcess
0x406160 TlsGetValue
0x406164 UnhandledExceptionFilter
0x406168 VirtualProtect
0x40616c VirtualQuery
msvcrt.dll
0x406174 __dllonexit
0x406178 __getmainargs
0x40617c __initenv
0x406180 __lconv_init
0x406184 __set_app_type
0x406188 __setusermatherr
0x40618c _acmdln
0x406190 _amsg_exit
0x406194 _cexit
0x406198 _fmode
0x40619c _initterm
0x4061a0 _iob
0x4061a4 _lock
0x4061a8 _onexit
0x4061ac _unlock
0x4061b0 abort
0x4061b4 calloc
0x4061b8 exit
0x4061bc fclose
0x4061c0 fopen
0x4061c4 fprintf
0x4061c8 fread
0x4061cc free
0x4061d0 fwrite
0x4061d4 getchar
0x4061d8 malloc
0x4061dc memcpy
0x4061e0 putchar
0x4061e4 signal
0x4061e8 strcmp
0x4061ec strlen
0x4061f0 strncmp
0x4061f4 vfprintf
EAT(Export Address Table) is none