ScreenShot
| Created | 2025.02.19 11:24 | Machine | s1_win7_x6401 |
| Filename | artifact_x64_test2.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | |||
| md5 | b1e8cabf1133b394028a2ab19df8c80a | ||
| sha256 | aaea8aab1476a17228b00f296c55ff369e85297298bb0b97b122779750234ea0 | ||
| ssdeep | 384:pR4xYK0nsC4k2/tp1kO8wW7US6MSxny8:pR4xYK86p1JW7ULMSxy | ||
| imphash | 9133e54115603c0107b8f985598440d0 | ||
| impfuzzy | 24:Q2kfg1JlDzncJ9aa0mezlMC95XGDZ8k1koDquQZn:gfg1jcJbezlzJGV8k1koqz | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | One or more processes crashed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40923c CloseHandle
0x409244 ConnectNamedPipe
0x40924c CreateFileA
0x409254 CreateNamedPipeA
0x40925c CreateThread
0x409264 DeleteCriticalSection
0x40926c EnterCriticalSection
0x409274 GetCurrentProcess
0x40927c GetCurrentProcessId
0x409284 GetCurrentThreadId
0x40928c GetLastError
0x409294 GetModuleHandleA
0x40929c GetProcAddress
0x4092a4 GetStartupInfoA
0x4092ac GetSystemTimeAsFileTime
0x4092b4 GetTickCount
0x4092bc InitializeCriticalSection
0x4092c4 LeaveCriticalSection
0x4092cc QueryPerformanceCounter
0x4092d4 ReadFile
0x4092dc RtlAddFunctionTable
0x4092e4 RtlCaptureContext
0x4092ec RtlLookupFunctionEntry
0x4092f4 RtlVirtualUnwind
0x4092fc SetUnhandledExceptionFilter
0x409304 Sleep
0x40930c TerminateProcess
0x409314 TlsGetValue
0x40931c UnhandledExceptionFilter
0x409324 VirtualAlloc
0x40932c VirtualProtect
0x409334 VirtualQuery
0x40933c WriteFile
msvcrt.dll
0x40934c __C_specific_handler
0x409354 __dllonexit
0x40935c __getmainargs
0x409364 __initenv
0x40936c __iob_func
0x409374 __lconv_init
0x40937c __set_app_type
0x409384 __setusermatherr
0x40938c _acmdln
0x409394 _amsg_exit
0x40939c _cexit
0x4093a4 _fmode
0x4093ac _initterm
0x4093b4 _lock
0x4093bc _onexit
0x4093c4 _unlock
0x4093cc abort
0x4093d4 calloc
0x4093dc exit
0x4093e4 fprintf
0x4093ec free
0x4093f4 fwrite
0x4093fc malloc
0x409404 memcpy
0x40940c signal
0x409414 sprintf
0x40941c strlen
0x409424 strncmp
0x40942c vfprintf
EAT(Export Address Table) is none
KERNEL32.dll
0x40923c CloseHandle
0x409244 ConnectNamedPipe
0x40924c CreateFileA
0x409254 CreateNamedPipeA
0x40925c CreateThread
0x409264 DeleteCriticalSection
0x40926c EnterCriticalSection
0x409274 GetCurrentProcess
0x40927c GetCurrentProcessId
0x409284 GetCurrentThreadId
0x40928c GetLastError
0x409294 GetModuleHandleA
0x40929c GetProcAddress
0x4092a4 GetStartupInfoA
0x4092ac GetSystemTimeAsFileTime
0x4092b4 GetTickCount
0x4092bc InitializeCriticalSection
0x4092c4 LeaveCriticalSection
0x4092cc QueryPerformanceCounter
0x4092d4 ReadFile
0x4092dc RtlAddFunctionTable
0x4092e4 RtlCaptureContext
0x4092ec RtlLookupFunctionEntry
0x4092f4 RtlVirtualUnwind
0x4092fc SetUnhandledExceptionFilter
0x409304 Sleep
0x40930c TerminateProcess
0x409314 TlsGetValue
0x40931c UnhandledExceptionFilter
0x409324 VirtualAlloc
0x40932c VirtualProtect
0x409334 VirtualQuery
0x40933c WriteFile
msvcrt.dll
0x40934c __C_specific_handler
0x409354 __dllonexit
0x40935c __getmainargs
0x409364 __initenv
0x40936c __iob_func
0x409374 __lconv_init
0x40937c __set_app_type
0x409384 __setusermatherr
0x40938c _acmdln
0x409394 _amsg_exit
0x40939c _cexit
0x4093a4 _fmode
0x4093ac _initterm
0x4093b4 _lock
0x4093bc _onexit
0x4093c4 _unlock
0x4093cc abort
0x4093d4 calloc
0x4093dc exit
0x4093e4 fprintf
0x4093ec free
0x4093f4 fwrite
0x4093fc malloc
0x409404 memcpy
0x40940c signal
0x409414 sprintf
0x40941c strlen
0x409424 strncmp
0x40942c vfprintf
EAT(Export Address Table) is none