ScreenShot
| Created | 2025.02.19 11:44 | Machine | s1_win7_x6401 |
| Filename | Banderas.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | |||
| md5 | c0797e1ab7522e82dd0764c42dfa0c67 | ||
| sha256 | c0c59aadd4431da20e79a174f1bc1099f24d1b8627571e5afd43a8a4c2ea92fa | ||
| ssdeep | 24576:px6EOwgwMtbDAZeVLvmMqo9k59yjg660sxaHjnlSjhCP5WncFu:pxJOzZtbDuekr5E9nlMCBWc | ||
| imphash | d42595b695fc008ef2c56aabd8efd68e | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6Ul:AwOuUjXOmokx0nl | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x63c3c0 WriteFile
0x63c3c8 WriteConsoleW
0x63c3d0 WerSetFlags
0x63c3d8 WerGetFlags
0x63c3e0 WaitForMultipleObjects
0x63c3e8 WaitForSingleObject
0x63c3f0 VirtualQuery
0x63c3f8 VirtualFree
0x63c400 VirtualAlloc
0x63c408 TlsAlloc
0x63c410 SwitchToThread
0x63c418 SuspendThread
0x63c420 SetWaitableTimer
0x63c428 SetProcessPriorityBoost
0x63c430 SetEvent
0x63c438 SetErrorMode
0x63c440 SetConsoleCtrlHandler
0x63c448 RtlVirtualUnwind
0x63c450 RtlLookupFunctionEntry
0x63c458 ResumeThread
0x63c460 RaiseFailFastException
0x63c468 PostQueuedCompletionStatus
0x63c470 LoadLibraryW
0x63c478 LoadLibraryExW
0x63c480 SetThreadContext
0x63c488 GetThreadContext
0x63c490 GetSystemInfo
0x63c498 GetSystemDirectoryA
0x63c4a0 GetStdHandle
0x63c4a8 GetQueuedCompletionStatusEx
0x63c4b0 GetProcessAffinityMask
0x63c4b8 GetProcAddress
0x63c4c0 GetErrorMode
0x63c4c8 GetEnvironmentStringsW
0x63c4d0 GetCurrentThreadId
0x63c4d8 GetConsoleMode
0x63c4e0 FreeEnvironmentStringsW
0x63c4e8 ExitProcess
0x63c4f0 DuplicateHandle
0x63c4f8 CreateWaitableTimerExW
0x63c500 CreateThread
0x63c508 CreateIoCompletionPort
0x63c510 CreateEventA
0x63c518 CloseHandle
0x63c520 AddVectoredExceptionHandler
0x63c528 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0x63c3c0 WriteFile
0x63c3c8 WriteConsoleW
0x63c3d0 WerSetFlags
0x63c3d8 WerGetFlags
0x63c3e0 WaitForMultipleObjects
0x63c3e8 WaitForSingleObject
0x63c3f0 VirtualQuery
0x63c3f8 VirtualFree
0x63c400 VirtualAlloc
0x63c408 TlsAlloc
0x63c410 SwitchToThread
0x63c418 SuspendThread
0x63c420 SetWaitableTimer
0x63c428 SetProcessPriorityBoost
0x63c430 SetEvent
0x63c438 SetErrorMode
0x63c440 SetConsoleCtrlHandler
0x63c448 RtlVirtualUnwind
0x63c450 RtlLookupFunctionEntry
0x63c458 ResumeThread
0x63c460 RaiseFailFastException
0x63c468 PostQueuedCompletionStatus
0x63c470 LoadLibraryW
0x63c478 LoadLibraryExW
0x63c480 SetThreadContext
0x63c488 GetThreadContext
0x63c490 GetSystemInfo
0x63c498 GetSystemDirectoryA
0x63c4a0 GetStdHandle
0x63c4a8 GetQueuedCompletionStatusEx
0x63c4b0 GetProcessAffinityMask
0x63c4b8 GetProcAddress
0x63c4c0 GetErrorMode
0x63c4c8 GetEnvironmentStringsW
0x63c4d0 GetCurrentThreadId
0x63c4d8 GetConsoleMode
0x63c4e0 FreeEnvironmentStringsW
0x63c4e8 ExitProcess
0x63c4f0 DuplicateHandle
0x63c4f8 CreateWaitableTimerExW
0x63c500 CreateThread
0x63c508 CreateIoCompletionPort
0x63c510 CreateEventA
0x63c518 CloseHandle
0x63c520 AddVectoredExceptionHandler
0x63c528 AddVectoredContinueHandler
EAT(Export Address Table) is none