ScreenShot
| Created | 2025.05.04 13:07 | Machine | s1_win7_x6401 |
| Filename | 122cb197-71f5-4458-a146-6060be234002 | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 09375a73a9d657f13a3c5029adeda8e7 | ||
| sha256 | 2eceab88bc69b742fb41a2f5499559c2b1a692b785a1cca03319da4cdc2e7005 | ||
| ssdeep | 98304:sLz9dEhZZxQDcpmdmxPNZi7pf+mpxam+Vsxvm:sLz4ZYyNw1+mn6sxu | ||
| imphash | 6cc6f8feb4dc79fe489fddcfb10215c7 | ||
| impfuzzy | 12:8hvXy5JlJF7wI1AXtAj94x//mlA0lQES5k9BhkwD4g2S:8tyTlJOGAdAJ4x//KA0WESK9Bhkwkg2S | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x419000 CreateFileW
0x419004 ReadFile
0x419008 WriteFile
0x41900c IsDebuggerPresent
0x419010 OutputDebugStringA
0x419014 CloseHandle
0x419018 GetLastError
0x41901c SetLastError
0x419020 Sleep
0x419024 GetCurrentProcess
0x419028 GlobalMemoryStatusEx
0x41902c GetSystemInfo
0x419030 GetTickCount
0x419034 GetTickCount64
0x419038 GetModuleHandleA
0x41903c GetModuleHandleW
USER32.dll
0x419044 TranslateMessage
0x419048 DispatchMessageW
0x41904c PeekMessageW
0x419050 SendMessageW
0x419054 DefWindowProcW
0x419058 RegisterClassW
0x41905c CreateWindowExW
0x419060 ShowWindow
0x419064 GetAsyncKeyState
0x419068 UpdateWindow
0x41906c MessageBoxW
0x419070 FindWindowW
EAT(Export Address Table) Library
0x4189b0 CheckSystemFoundLib
0x418990 _CheckSystemCompatibility@4
0x4189c0 _InitializeApp@4
0x4189e0 _ProcessMessages@4
0x418a00 _RefreshDisplay@4
0x418a20 _RegisterWindowClass@8
0x418a40 _UpdateConfiguration@4
0x418a60 _ValidateLicense@4
0x418a40 _VerifySystemIntegrity@4
KERNEL32.dll
0x419000 CreateFileW
0x419004 ReadFile
0x419008 WriteFile
0x41900c IsDebuggerPresent
0x419010 OutputDebugStringA
0x419014 CloseHandle
0x419018 GetLastError
0x41901c SetLastError
0x419020 Sleep
0x419024 GetCurrentProcess
0x419028 GlobalMemoryStatusEx
0x41902c GetSystemInfo
0x419030 GetTickCount
0x419034 GetTickCount64
0x419038 GetModuleHandleA
0x41903c GetModuleHandleW
USER32.dll
0x419044 TranslateMessage
0x419048 DispatchMessageW
0x41904c PeekMessageW
0x419050 SendMessageW
0x419054 DefWindowProcW
0x419058 RegisterClassW
0x41905c CreateWindowExW
0x419060 ShowWindow
0x419064 GetAsyncKeyState
0x419068 UpdateWindow
0x41906c MessageBoxW
0x419070 FindWindowW
EAT(Export Address Table) Library
0x4189b0 CheckSystemFoundLib
0x418990 _CheckSystemCompatibility@4
0x4189c0 _InitializeApp@4
0x4189e0 _ProcessMessages@4
0x418a00 _RefreshDisplay@4
0x418a20 _RegisterWindowClass@8
0x418a40 _UpdateConfiguration@4
0x418a60 _ValidateLicense@4
0x418a40 _VerifySystemIntegrity@4