ScreenShot
| Created | 2025.04.21 17:48 | Machine | s1_win7_x6403 |
| Filename | eZp5zCz.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 1fc27b282f32c078dd2dfcdcc7696236 | ||
| sha256 | 7ed131e9cf7d7f87b0c7e95e121025f35f526c927e8dda59196c9022870193b1 | ||
| ssdeep | 24576:MPIt+AtP8o1BZyiCZvr3O8KsewWkprcLhlxhX6F/FhlxhX6F/k:8s518Jr3BrcNB6ZB62 | ||
| imphash | 130d5621ef2323889c6e1ed2746329fe | ||
| impfuzzy | 24:hWnxWDoelQtWOovbOGMUD1uUvgkWDpZWylnjBLPxQXRKT07GyiJUTYji:hWxQo5x361PMZxJjBbxQrGyJTr | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400a7628 AcquireSRWLockExclusive
0x1400a7630 CloseHandle
0x1400a7638 CreateFileA
0x1400a7640 CreateFileW
0x1400a7648 CreateThread
0x1400a7650 DecodePointer
0x1400a7658 DeleteCriticalSection
0x1400a7660 EncodePointer
0x1400a7668 EnterCriticalSection
0x1400a7670 EnumSystemLocalesW
0x1400a7678 ExitProcess
0x1400a7680 FindClose
0x1400a7688 FindFirstFileExW
0x1400a7690 FindNextFileW
0x1400a7698 FlsAlloc
0x1400a76a0 FlsFree
0x1400a76a8 FlsGetValue
0x1400a76b0 FlsSetValue
0x1400a76b8 FlushFileBuffers
0x1400a76c0 FreeEnvironmentStringsW
0x1400a76c8 FreeLibrary
0x1400a76d0 GetACP
0x1400a76d8 GetCPInfo
0x1400a76e0 GetCommandLineA
0x1400a76e8 GetCommandLineW
0x1400a76f0 GetConsoleMode
0x1400a76f8 GetConsoleOutputCP
0x1400a7700 GetCurrentProcess
0x1400a7708 GetCurrentProcessId
0x1400a7710 GetCurrentThreadId
0x1400a7718 GetEnvironmentStringsW
0x1400a7720 GetFileSize
0x1400a7728 GetFileSizeEx
0x1400a7730 GetFileType
0x1400a7738 GetLastError
0x1400a7740 GetLocaleInfoW
0x1400a7748 GetModuleFileNameW
0x1400a7750 GetModuleHandleA
0x1400a7758 GetModuleHandleExW
0x1400a7760 GetModuleHandleW
0x1400a7768 GetOEMCP
0x1400a7770 GetProcAddress
0x1400a7778 GetProcessHeap
0x1400a7780 GetStartupInfoW
0x1400a7788 GetStdHandle
0x1400a7790 GetStringTypeW
0x1400a7798 GetSystemTimeAsFileTime
0x1400a77a0 GetUserDefaultLCID
0x1400a77a8 HeapAlloc
0x1400a77b0 HeapFree
0x1400a77b8 HeapReAlloc
0x1400a77c0 HeapSize
0x1400a77c8 InitializeCriticalSectionAndSpinCount
0x1400a77d0 InitializeCriticalSectionEx
0x1400a77d8 InitializeSListHead
0x1400a77e0 IsDebuggerPresent
0x1400a77e8 IsProcessorFeaturePresent
0x1400a77f0 IsValidCodePage
0x1400a77f8 IsValidLocale
0x1400a7800 LCMapStringEx
0x1400a7808 LCMapStringW
0x1400a7810 LeaveCriticalSection
0x1400a7818 LoadLibraryExW
0x1400a7820 MultiByteToWideChar
0x1400a7828 QueryPerformanceCounter
0x1400a7830 QueryPerformanceFrequency
0x1400a7838 RaiseException
0x1400a7840 ReadConsoleW
0x1400a7848 ReadFile
0x1400a7850 ReleaseSRWLockExclusive
0x1400a7858 RtlCaptureContext
0x1400a7860 RtlLookupFunctionEntry
0x1400a7868 RtlPcToFileHeader
0x1400a7870 RtlUnwind
0x1400a7878 RtlUnwindEx
0x1400a7880 RtlVirtualUnwind
0x1400a7888 SetFilePointerEx
0x1400a7890 SetLastError
0x1400a7898 SetStdHandle
0x1400a78a0 SetUnhandledExceptionFilter
0x1400a78a8 Sleep
0x1400a78b0 SleepConditionVariableSRW
0x1400a78b8 TerminateProcess
0x1400a78c0 TlsAlloc
0x1400a78c8 TlsFree
0x1400a78d0 TlsGetValue
0x1400a78d8 TlsSetValue
0x1400a78e0 UnhandledExceptionFilter
0x1400a78e8 WaitForSingleObject
0x1400a78f0 WakeAllConditionVariable
0x1400a78f8 WideCharToMultiByte
0x1400a7900 WriteConsoleW
0x1400a7908 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x1400a7628 AcquireSRWLockExclusive
0x1400a7630 CloseHandle
0x1400a7638 CreateFileA
0x1400a7640 CreateFileW
0x1400a7648 CreateThread
0x1400a7650 DecodePointer
0x1400a7658 DeleteCriticalSection
0x1400a7660 EncodePointer
0x1400a7668 EnterCriticalSection
0x1400a7670 EnumSystemLocalesW
0x1400a7678 ExitProcess
0x1400a7680 FindClose
0x1400a7688 FindFirstFileExW
0x1400a7690 FindNextFileW
0x1400a7698 FlsAlloc
0x1400a76a0 FlsFree
0x1400a76a8 FlsGetValue
0x1400a76b0 FlsSetValue
0x1400a76b8 FlushFileBuffers
0x1400a76c0 FreeEnvironmentStringsW
0x1400a76c8 FreeLibrary
0x1400a76d0 GetACP
0x1400a76d8 GetCPInfo
0x1400a76e0 GetCommandLineA
0x1400a76e8 GetCommandLineW
0x1400a76f0 GetConsoleMode
0x1400a76f8 GetConsoleOutputCP
0x1400a7700 GetCurrentProcess
0x1400a7708 GetCurrentProcessId
0x1400a7710 GetCurrentThreadId
0x1400a7718 GetEnvironmentStringsW
0x1400a7720 GetFileSize
0x1400a7728 GetFileSizeEx
0x1400a7730 GetFileType
0x1400a7738 GetLastError
0x1400a7740 GetLocaleInfoW
0x1400a7748 GetModuleFileNameW
0x1400a7750 GetModuleHandleA
0x1400a7758 GetModuleHandleExW
0x1400a7760 GetModuleHandleW
0x1400a7768 GetOEMCP
0x1400a7770 GetProcAddress
0x1400a7778 GetProcessHeap
0x1400a7780 GetStartupInfoW
0x1400a7788 GetStdHandle
0x1400a7790 GetStringTypeW
0x1400a7798 GetSystemTimeAsFileTime
0x1400a77a0 GetUserDefaultLCID
0x1400a77a8 HeapAlloc
0x1400a77b0 HeapFree
0x1400a77b8 HeapReAlloc
0x1400a77c0 HeapSize
0x1400a77c8 InitializeCriticalSectionAndSpinCount
0x1400a77d0 InitializeCriticalSectionEx
0x1400a77d8 InitializeSListHead
0x1400a77e0 IsDebuggerPresent
0x1400a77e8 IsProcessorFeaturePresent
0x1400a77f0 IsValidCodePage
0x1400a77f8 IsValidLocale
0x1400a7800 LCMapStringEx
0x1400a7808 LCMapStringW
0x1400a7810 LeaveCriticalSection
0x1400a7818 LoadLibraryExW
0x1400a7820 MultiByteToWideChar
0x1400a7828 QueryPerformanceCounter
0x1400a7830 QueryPerformanceFrequency
0x1400a7838 RaiseException
0x1400a7840 ReadConsoleW
0x1400a7848 ReadFile
0x1400a7850 ReleaseSRWLockExclusive
0x1400a7858 RtlCaptureContext
0x1400a7860 RtlLookupFunctionEntry
0x1400a7868 RtlPcToFileHeader
0x1400a7870 RtlUnwind
0x1400a7878 RtlUnwindEx
0x1400a7880 RtlVirtualUnwind
0x1400a7888 SetFilePointerEx
0x1400a7890 SetLastError
0x1400a7898 SetStdHandle
0x1400a78a0 SetUnhandledExceptionFilter
0x1400a78a8 Sleep
0x1400a78b0 SleepConditionVariableSRW
0x1400a78b8 TerminateProcess
0x1400a78c0 TlsAlloc
0x1400a78c8 TlsFree
0x1400a78d0 TlsGetValue
0x1400a78d8 TlsSetValue
0x1400a78e0 UnhandledExceptionFilter
0x1400a78e8 WaitForSingleObject
0x1400a78f0 WakeAllConditionVariable
0x1400a78f8 WideCharToMultiByte
0x1400a7900 WriteConsoleW
0x1400a7908 WriteFile
EAT(Export Address Table) is none