ScreenShot
| Created | 2025.04.06 22:16 | Machine | s1_win7_x6401 |
| Filename | iediagcmd.exe | ||
| Type | PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 0305fb4024c0b14e295bc682e68b147b | ||
| sha256 | 79504ac69b590f7925f2faef9232f3c135bbb032d65747b1dc7ece3ba8a57a2d | ||
| ssdeep | 6144:bOPK8sVqDKJcfh2mq1Zi2HCHiIa/wITWe9Rlvm/JKgbMWKJcfh2m21ZZ:b1ADpq1Zi2HOaIITgKEp21ZZ | ||
| imphash | 8ad7d3f07924e8c2b7127391afd2da11 | ||
| impfuzzy | 24:G0q4eSNJlDgP6zaVU1u8SynhfQ4uKMFwxnqMf4EP1EQM0Xxr0:Zq4eSeZe88RnhfQ4uK/nqMB2H0X50 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | Is_DotNET_EXE | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x140018160 _vsnwprintf
0x140018168 _callnewh
0x140018170 malloc
0x140018178 ?terminate@@YAXXZ
0x140018180 _amsg_exit
0x140018188 _cexit
0x140018190 ??3@YAXPEAX@Z
0x140018198 memcpy
0x1400181a0 memset
0x1400181a8 _itow
0x1400181b0 _errno
KERNEL32.dll
0x140018028 SetLastError
0x140018030 GetModuleHandleA
0x140018038 GetProcAddress
0x140018040 GetVersion
0x140018048 GetLastError
0x140018050 VirtualQuery
0x140018058 TerminateProcess
0x140018060 GetCurrentProcess
0x140018068 Sleep
0x140018070 UnhandledExceptionFilter
0x140018078 RtlVirtualUnwind
0x140018080 RtlLookupFunctionEntry
0x140018088 RtlCaptureContext
0x140018090 RaiseException
0x140018098 LoadLibraryW
0x1400180a0 FreeLibrary
0x1400180a8 GetTickCount
0x1400180b0 GetSystemTimeAsFileTime
0x1400180b8 GetCurrentThreadId
0x1400180c0 GetCurrentProcessId
0x1400180c8 OutputDebugStringA
0x1400180d0 SetUnhandledExceptionFilter
0x1400180d8 QueryPerformanceCounter
mscoree.dll
0x140018148 CorBindToRuntimeEx
0x140018150 _CorExeMain
ole32.dll
0x1400181c0 CoCreateInstance
COMCTL32.dll
0x140018000 None
0x140018008 None
0x140018010 None
0x140018018 None
OLEACC.dll
0x1400180e8 ObjectFromLresult
OLEAUT32.dll
0x1400180f8 VariantInit
0x140018100 SysFreeString
0x140018108 VariantClear
0x140018110 SysAllocStringLen
0x140018118 SysStringLen
0x140018120 SysAllocString
USER32.dll
0x140018130 RegisterWindowMessageW
0x140018138 SendMessageTimeoutW
EAT(Export Address Table) is none
msvcrt.dll
0x140018160 _vsnwprintf
0x140018168 _callnewh
0x140018170 malloc
0x140018178 ?terminate@@YAXXZ
0x140018180 _amsg_exit
0x140018188 _cexit
0x140018190 ??3@YAXPEAX@Z
0x140018198 memcpy
0x1400181a0 memset
0x1400181a8 _itow
0x1400181b0 _errno
KERNEL32.dll
0x140018028 SetLastError
0x140018030 GetModuleHandleA
0x140018038 GetProcAddress
0x140018040 GetVersion
0x140018048 GetLastError
0x140018050 VirtualQuery
0x140018058 TerminateProcess
0x140018060 GetCurrentProcess
0x140018068 Sleep
0x140018070 UnhandledExceptionFilter
0x140018078 RtlVirtualUnwind
0x140018080 RtlLookupFunctionEntry
0x140018088 RtlCaptureContext
0x140018090 RaiseException
0x140018098 LoadLibraryW
0x1400180a0 FreeLibrary
0x1400180a8 GetTickCount
0x1400180b0 GetSystemTimeAsFileTime
0x1400180b8 GetCurrentThreadId
0x1400180c0 GetCurrentProcessId
0x1400180c8 OutputDebugStringA
0x1400180d0 SetUnhandledExceptionFilter
0x1400180d8 QueryPerformanceCounter
mscoree.dll
0x140018148 CorBindToRuntimeEx
0x140018150 _CorExeMain
ole32.dll
0x1400181c0 CoCreateInstance
COMCTL32.dll
0x140018000 None
0x140018008 None
0x140018010 None
0x140018018 None
OLEACC.dll
0x1400180e8 ObjectFromLresult
OLEAUT32.dll
0x1400180f8 VariantInit
0x140018100 SysFreeString
0x140018108 VariantClear
0x140018110 SysAllocStringLen
0x140018118 SysStringLen
0x140018120 SysAllocString
USER32.dll
0x140018130 RegisterWindowMessageW
0x140018138 SendMessageTimeoutW
EAT(Export Address Table) is none