ScreenShot
| Created | 2025.04.05 01:31 | Machine | s1_win7_x6401 |
| Filename | License.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 2 detected (Discord, MALICIOUS) | ||
| md5 | 35585060bb1b65654fee82799996e9d0 | ||
| sha256 | eeabf2ab0f987a3fbf99a51387712f7f387afe709940d401159d6df397eeb409 | ||
| ssdeep | 12288:vePeKtMk9UOyjefSphh+6/72LgxYokYqxWDaWp:2P/GkwRlyLgxhkYqx9Wp | ||
| imphash | 020387d10d5936b3fbcfc8b4ba421f7b | ||
| impfuzzy | 48:J9jOXRpLy1XFjsX1Pfc++6W3CYgfbtSXCBiJyX:JdcpLy1XFgX1Pfc++V/GbtSXCBiJyX | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | Win32_WinRAR_SFX_Zero | Win32 WinRAR SFX | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14003b000 GetLastError
0x14003b008 SetLastError
0x14003b010 FormatMessageW
0x14003b018 GetCurrentProcess
0x14003b020 DeviceIoControl
0x14003b028 SetFileTime
0x14003b030 CloseHandle
0x14003b038 CreateDirectoryW
0x14003b040 RemoveDirectoryW
0x14003b048 CreateFileW
0x14003b050 DeleteFileW
0x14003b058 CreateHardLinkW
0x14003b060 GetShortPathNameW
0x14003b068 GetLongPathNameW
0x14003b070 MoveFileW
0x14003b078 GetFileType
0x14003b080 GetStdHandle
0x14003b088 WriteFile
0x14003b090 ReadFile
0x14003b098 FlushFileBuffers
0x14003b0a0 SetEndOfFile
0x14003b0a8 SetFilePointer
0x14003b0b0 GetCurrentProcessId
0x14003b0b8 SetFileAttributesW
0x14003b0c0 GetFileAttributesW
0x14003b0c8 FindClose
0x14003b0d0 FindFirstFileW
0x14003b0d8 FindNextFileW
0x14003b0e0 GetVersionExW
0x14003b0e8 GetCurrentDirectoryW
0x14003b0f0 GetFullPathNameW
0x14003b0f8 FoldStringW
0x14003b100 GetModuleFileNameW
0x14003b108 GetModuleHandleW
0x14003b110 FindResourceW
0x14003b118 FreeLibrary
0x14003b120 GetProcAddress
0x14003b128 ExitProcess
0x14003b130 SetThreadExecutionState
0x14003b138 Sleep
0x14003b140 LoadLibraryW
0x14003b148 GetSystemDirectoryW
0x14003b150 CompareStringW
0x14003b158 AllocConsole
0x14003b160 FreeConsole
0x14003b168 AttachConsole
0x14003b170 WriteConsoleW
0x14003b178 GetProcessAffinityMask
0x14003b180 CreateThread
0x14003b188 SetThreadPriority
0x14003b190 InitializeCriticalSection
0x14003b198 EnterCriticalSection
0x14003b1a0 LeaveCriticalSection
0x14003b1a8 DeleteCriticalSection
0x14003b1b0 SetEvent
0x14003b1b8 ResetEvent
0x14003b1c0 ReleaseSemaphore
0x14003b1c8 WaitForSingleObject
0x14003b1d0 CreateEventW
0x14003b1d8 CreateSemaphoreW
0x14003b1e0 GetSystemTime
0x14003b1e8 SystemTimeToTzSpecificLocalTime
0x14003b1f0 TzSpecificLocalTimeToSystemTime
0x14003b1f8 SystemTimeToFileTime
0x14003b200 FileTimeToLocalFileTime
0x14003b208 LocalFileTimeToFileTime
0x14003b210 FileTimeToSystemTime
0x14003b218 GetCPInfo
0x14003b220 IsDBCSLeadByte
0x14003b228 MultiByteToWideChar
0x14003b230 WideCharToMultiByte
0x14003b238 GlobalAlloc
0x14003b240 LockResource
0x14003b248 GlobalLock
0x14003b250 GlobalUnlock
0x14003b258 GlobalFree
0x14003b260 LoadResource
0x14003b268 SizeofResource
0x14003b270 SetCurrentDirectoryW
0x14003b278 GetTimeFormatW
0x14003b280 GetDateFormatW
0x14003b288 LocalFree
0x14003b290 GetExitCodeProcess
0x14003b298 GetLocalTime
0x14003b2a0 GetTickCount
0x14003b2a8 MapViewOfFile
0x14003b2b0 UnmapViewOfFile
0x14003b2b8 CreateFileMappingW
0x14003b2c0 OpenFileMappingW
0x14003b2c8 GetCommandLineW
0x14003b2d0 SetEnvironmentVariableW
0x14003b2d8 ExpandEnvironmentStringsW
0x14003b2e0 GetTempPathW
0x14003b2e8 MoveFileExW
0x14003b2f0 GetLocaleInfoW
0x14003b2f8 GetNumberFormatW
0x14003b300 SetFilePointerEx
0x14003b308 GetConsoleMode
0x14003b310 GetConsoleCP
0x14003b318 HeapSize
0x14003b320 SetStdHandle
0x14003b328 GetProcessHeap
0x14003b330 FreeEnvironmentStringsW
0x14003b338 GetEnvironmentStringsW
0x14003b340 GetCommandLineA
0x14003b348 GetOEMCP
0x14003b350 IsValidCodePage
0x14003b358 RaiseException
0x14003b360 GetSystemInfo
0x14003b368 VirtualProtect
0x14003b370 VirtualQuery
0x14003b378 LoadLibraryExA
0x14003b380 RtlCaptureContext
0x14003b388 RtlLookupFunctionEntry
0x14003b390 RtlVirtualUnwind
0x14003b398 IsDebuggerPresent
0x14003b3a0 UnhandledExceptionFilter
0x14003b3a8 SetUnhandledExceptionFilter
0x14003b3b0 GetStartupInfoW
0x14003b3b8 IsProcessorFeaturePresent
0x14003b3c0 QueryPerformanceCounter
0x14003b3c8 GetCurrentThreadId
0x14003b3d0 GetSystemTimeAsFileTime
0x14003b3d8 InitializeSListHead
0x14003b3e0 RtlUnwindEx
0x14003b3e8 RtlPcToFileHeader
0x14003b3f0 EncodePointer
0x14003b3f8 InitializeCriticalSectionAndSpinCount
0x14003b400 TlsAlloc
0x14003b408 TlsGetValue
0x14003b410 TlsSetValue
0x14003b418 TlsFree
0x14003b420 LoadLibraryExW
0x14003b428 TerminateProcess
0x14003b430 QueryPerformanceFrequency
0x14003b438 GetModuleHandleExW
0x14003b440 GetModuleFileNameA
0x14003b448 GetACP
0x14003b450 HeapFree
0x14003b458 HeapReAlloc
0x14003b460 HeapAlloc
0x14003b468 GetStringTypeW
0x14003b470 LCMapStringW
0x14003b478 FindFirstFileExA
0x14003b480 FindNextFileA
OLEAUT32.dll
0x14003b490 SysAllocString
0x14003b498 SysFreeString
0x14003b4a0 VariantClear
gdiplus.dll
0x14003b4b0 GdipCloneImage
0x14003b4b8 GdipFree
0x14003b4c0 GdipDisposeImage
0x14003b4c8 GdipCreateBitmapFromStream
0x14003b4d0 GdipCreateHBITMAPFromBitmap
0x14003b4d8 GdiplusStartup
0x14003b4e0 GdiplusShutdown
0x14003b4e8 GdipAlloc
EAT(Export Address Table) Library
KERNEL32.dll
0x14003b000 GetLastError
0x14003b008 SetLastError
0x14003b010 FormatMessageW
0x14003b018 GetCurrentProcess
0x14003b020 DeviceIoControl
0x14003b028 SetFileTime
0x14003b030 CloseHandle
0x14003b038 CreateDirectoryW
0x14003b040 RemoveDirectoryW
0x14003b048 CreateFileW
0x14003b050 DeleteFileW
0x14003b058 CreateHardLinkW
0x14003b060 GetShortPathNameW
0x14003b068 GetLongPathNameW
0x14003b070 MoveFileW
0x14003b078 GetFileType
0x14003b080 GetStdHandle
0x14003b088 WriteFile
0x14003b090 ReadFile
0x14003b098 FlushFileBuffers
0x14003b0a0 SetEndOfFile
0x14003b0a8 SetFilePointer
0x14003b0b0 GetCurrentProcessId
0x14003b0b8 SetFileAttributesW
0x14003b0c0 GetFileAttributesW
0x14003b0c8 FindClose
0x14003b0d0 FindFirstFileW
0x14003b0d8 FindNextFileW
0x14003b0e0 GetVersionExW
0x14003b0e8 GetCurrentDirectoryW
0x14003b0f0 GetFullPathNameW
0x14003b0f8 FoldStringW
0x14003b100 GetModuleFileNameW
0x14003b108 GetModuleHandleW
0x14003b110 FindResourceW
0x14003b118 FreeLibrary
0x14003b120 GetProcAddress
0x14003b128 ExitProcess
0x14003b130 SetThreadExecutionState
0x14003b138 Sleep
0x14003b140 LoadLibraryW
0x14003b148 GetSystemDirectoryW
0x14003b150 CompareStringW
0x14003b158 AllocConsole
0x14003b160 FreeConsole
0x14003b168 AttachConsole
0x14003b170 WriteConsoleW
0x14003b178 GetProcessAffinityMask
0x14003b180 CreateThread
0x14003b188 SetThreadPriority
0x14003b190 InitializeCriticalSection
0x14003b198 EnterCriticalSection
0x14003b1a0 LeaveCriticalSection
0x14003b1a8 DeleteCriticalSection
0x14003b1b0 SetEvent
0x14003b1b8 ResetEvent
0x14003b1c0 ReleaseSemaphore
0x14003b1c8 WaitForSingleObject
0x14003b1d0 CreateEventW
0x14003b1d8 CreateSemaphoreW
0x14003b1e0 GetSystemTime
0x14003b1e8 SystemTimeToTzSpecificLocalTime
0x14003b1f0 TzSpecificLocalTimeToSystemTime
0x14003b1f8 SystemTimeToFileTime
0x14003b200 FileTimeToLocalFileTime
0x14003b208 LocalFileTimeToFileTime
0x14003b210 FileTimeToSystemTime
0x14003b218 GetCPInfo
0x14003b220 IsDBCSLeadByte
0x14003b228 MultiByteToWideChar
0x14003b230 WideCharToMultiByte
0x14003b238 GlobalAlloc
0x14003b240 LockResource
0x14003b248 GlobalLock
0x14003b250 GlobalUnlock
0x14003b258 GlobalFree
0x14003b260 LoadResource
0x14003b268 SizeofResource
0x14003b270 SetCurrentDirectoryW
0x14003b278 GetTimeFormatW
0x14003b280 GetDateFormatW
0x14003b288 LocalFree
0x14003b290 GetExitCodeProcess
0x14003b298 GetLocalTime
0x14003b2a0 GetTickCount
0x14003b2a8 MapViewOfFile
0x14003b2b0 UnmapViewOfFile
0x14003b2b8 CreateFileMappingW
0x14003b2c0 OpenFileMappingW
0x14003b2c8 GetCommandLineW
0x14003b2d0 SetEnvironmentVariableW
0x14003b2d8 ExpandEnvironmentStringsW
0x14003b2e0 GetTempPathW
0x14003b2e8 MoveFileExW
0x14003b2f0 GetLocaleInfoW
0x14003b2f8 GetNumberFormatW
0x14003b300 SetFilePointerEx
0x14003b308 GetConsoleMode
0x14003b310 GetConsoleCP
0x14003b318 HeapSize
0x14003b320 SetStdHandle
0x14003b328 GetProcessHeap
0x14003b330 FreeEnvironmentStringsW
0x14003b338 GetEnvironmentStringsW
0x14003b340 GetCommandLineA
0x14003b348 GetOEMCP
0x14003b350 IsValidCodePage
0x14003b358 RaiseException
0x14003b360 GetSystemInfo
0x14003b368 VirtualProtect
0x14003b370 VirtualQuery
0x14003b378 LoadLibraryExA
0x14003b380 RtlCaptureContext
0x14003b388 RtlLookupFunctionEntry
0x14003b390 RtlVirtualUnwind
0x14003b398 IsDebuggerPresent
0x14003b3a0 UnhandledExceptionFilter
0x14003b3a8 SetUnhandledExceptionFilter
0x14003b3b0 GetStartupInfoW
0x14003b3b8 IsProcessorFeaturePresent
0x14003b3c0 QueryPerformanceCounter
0x14003b3c8 GetCurrentThreadId
0x14003b3d0 GetSystemTimeAsFileTime
0x14003b3d8 InitializeSListHead
0x14003b3e0 RtlUnwindEx
0x14003b3e8 RtlPcToFileHeader
0x14003b3f0 EncodePointer
0x14003b3f8 InitializeCriticalSectionAndSpinCount
0x14003b400 TlsAlloc
0x14003b408 TlsGetValue
0x14003b410 TlsSetValue
0x14003b418 TlsFree
0x14003b420 LoadLibraryExW
0x14003b428 TerminateProcess
0x14003b430 QueryPerformanceFrequency
0x14003b438 GetModuleHandleExW
0x14003b440 GetModuleFileNameA
0x14003b448 GetACP
0x14003b450 HeapFree
0x14003b458 HeapReAlloc
0x14003b460 HeapAlloc
0x14003b468 GetStringTypeW
0x14003b470 LCMapStringW
0x14003b478 FindFirstFileExA
0x14003b480 FindNextFileA
OLEAUT32.dll
0x14003b490 SysAllocString
0x14003b498 SysFreeString
0x14003b4a0 VariantClear
gdiplus.dll
0x14003b4b0 GdipCloneImage
0x14003b4b8 GdipFree
0x14003b4c0 GdipDisposeImage
0x14003b4c8 GdipCreateBitmapFromStream
0x14003b4d0 GdipCreateHBITMAPFromBitmap
0x14003b4d8 GdiplusStartup
0x14003b4e0 GdiplusShutdown
0x14003b4e8 GdipAlloc
EAT(Export Address Table) Library