ScreenShot
| Created | 2025.02.19 10:39 | Machine | s1_win7_x6401 |
| Filename | ncpa.cpl | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | |||
| md5 | 39f596ff944812a4f788052306cc6043 | ||
| sha256 | 8855f942f830d93b9f8f9eccb02aa371458495fdc667d31500c47c57cc98c249 | ||
| ssdeep | 3072:r+r7lgrGM37B6IEXroCx1ZZXw+m6TLtaN9gONjOAg0Fuj0/3DxPOIaEaE:r+rhUjcBsCxvhw6TFAOKThbaY | ||
| imphash | 4f76041734febd00d75e9598c1a8323c | ||
| impfuzzy | 24:Boj/xMjDYc+WcstV1rMOJBl39rogcvuZjjMAGLOovbOPZ+:yxMQc+5stV1rMapZ6uZf3A | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10022000 CreateProcessW
0x10022004 GetLastError
0x10022008 WaitForSingleObject
0x1002200c CloseHandle
0x10022010 Sleep
0x10022014 GetFileAttributesA
0x10022018 CreateFileW
0x1002201c QueryPerformanceCounter
0x10022020 QueryPerformanceFrequency
0x10022024 WideCharToMultiByte
0x10022028 InitializeCriticalSectionEx
0x1002202c GetSystemTimeAsFileTime
0x10022030 GetModuleHandleW
0x10022034 GetProcAddress
0x10022038 EnterCriticalSection
0x1002203c LeaveCriticalSection
0x10022040 DeleteCriticalSection
0x10022044 EncodePointer
0x10022048 DecodePointer
0x1002204c MultiByteToWideChar
0x10022050 LCMapStringEx
0x10022054 GetStringTypeW
0x10022058 GetCPInfo
0x1002205c UnhandledExceptionFilter
0x10022060 SetUnhandledExceptionFilter
0x10022064 GetCurrentProcess
0x10022068 TerminateProcess
0x1002206c IsProcessorFeaturePresent
0x10022070 IsDebuggerPresent
0x10022074 GetStartupInfoW
0x10022078 GetCurrentProcessId
0x1002207c GetCurrentThreadId
0x10022080 InitializeSListHead
0x10022084 RtlUnwind
0x10022088 RaiseException
0x1002208c InterlockedFlushSList
0x10022090 SetLastError
0x10022094 InitializeCriticalSectionAndSpinCount
0x10022098 TlsAlloc
0x1002209c TlsGetValue
0x100220a0 TlsSetValue
0x100220a4 TlsFree
0x100220a8 FreeLibrary
0x100220ac LoadLibraryExW
0x100220b0 ExitProcess
0x100220b4 GetModuleHandleExW
0x100220b8 GetModuleFileNameA
0x100220bc HeapFree
0x100220c0 HeapAlloc
0x100220c4 GetACP
0x100220c8 GetStdHandle
0x100220cc GetFileType
0x100220d0 LCMapStringW
0x100220d4 GetLocaleInfoW
0x100220d8 IsValidLocale
0x100220dc GetUserDefaultLCID
0x100220e0 EnumSystemLocalesW
0x100220e4 FlushFileBuffers
0x100220e8 WriteFile
0x100220ec GetConsoleCP
0x100220f0 GetConsoleMode
0x100220f4 ReadFile
0x100220f8 ReadConsoleW
0x100220fc SetFilePointerEx
0x10022100 HeapReAlloc
0x10022104 FindClose
0x10022108 FindFirstFileExA
0x1002210c FindNextFileA
0x10022110 IsValidCodePage
0x10022114 GetOEMCP
0x10022118 GetCommandLineA
0x1002211c GetCommandLineW
0x10022120 GetEnvironmentStringsW
0x10022124 FreeEnvironmentStringsW
0x10022128 GetProcessHeap
0x1002212c SetStdHandle
0x10022130 HeapSize
0x10022134 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x10022000 CreateProcessW
0x10022004 GetLastError
0x10022008 WaitForSingleObject
0x1002200c CloseHandle
0x10022010 Sleep
0x10022014 GetFileAttributesA
0x10022018 CreateFileW
0x1002201c QueryPerformanceCounter
0x10022020 QueryPerformanceFrequency
0x10022024 WideCharToMultiByte
0x10022028 InitializeCriticalSectionEx
0x1002202c GetSystemTimeAsFileTime
0x10022030 GetModuleHandleW
0x10022034 GetProcAddress
0x10022038 EnterCriticalSection
0x1002203c LeaveCriticalSection
0x10022040 DeleteCriticalSection
0x10022044 EncodePointer
0x10022048 DecodePointer
0x1002204c MultiByteToWideChar
0x10022050 LCMapStringEx
0x10022054 GetStringTypeW
0x10022058 GetCPInfo
0x1002205c UnhandledExceptionFilter
0x10022060 SetUnhandledExceptionFilter
0x10022064 GetCurrentProcess
0x10022068 TerminateProcess
0x1002206c IsProcessorFeaturePresent
0x10022070 IsDebuggerPresent
0x10022074 GetStartupInfoW
0x10022078 GetCurrentProcessId
0x1002207c GetCurrentThreadId
0x10022080 InitializeSListHead
0x10022084 RtlUnwind
0x10022088 RaiseException
0x1002208c InterlockedFlushSList
0x10022090 SetLastError
0x10022094 InitializeCriticalSectionAndSpinCount
0x10022098 TlsAlloc
0x1002209c TlsGetValue
0x100220a0 TlsSetValue
0x100220a4 TlsFree
0x100220a8 FreeLibrary
0x100220ac LoadLibraryExW
0x100220b0 ExitProcess
0x100220b4 GetModuleHandleExW
0x100220b8 GetModuleFileNameA
0x100220bc HeapFree
0x100220c0 HeapAlloc
0x100220c4 GetACP
0x100220c8 GetStdHandle
0x100220cc GetFileType
0x100220d0 LCMapStringW
0x100220d4 GetLocaleInfoW
0x100220d8 IsValidLocale
0x100220dc GetUserDefaultLCID
0x100220e0 EnumSystemLocalesW
0x100220e4 FlushFileBuffers
0x100220e8 WriteFile
0x100220ec GetConsoleCP
0x100220f0 GetConsoleMode
0x100220f4 ReadFile
0x100220f8 ReadConsoleW
0x100220fc SetFilePointerEx
0x10022100 HeapReAlloc
0x10022104 FindClose
0x10022108 FindFirstFileExA
0x1002210c FindNextFileA
0x10022110 IsValidCodePage
0x10022114 GetOEMCP
0x10022118 GetCommandLineA
0x1002211c GetCommandLineW
0x10022120 GetEnvironmentStringsW
0x10022124 FreeEnvironmentStringsW
0x10022128 GetProcessHeap
0x1002212c SetStdHandle
0x10022130 HeapSize
0x10022134 WriteConsoleW
EAT(Export Address Table) is none