ScreenShot
| Created | 2025.05.06 21:32 | Machine | s1_win7_x6403 |
| Filename | x.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 0000638ebbfe0d620abe6ca32abb1b58 | ||
| sha256 | 267ec6176c1111d9ffcf32fcfa6aa65917e64d1556dcbbd8989ee6bbebc2e72f | ||
| ssdeep | 49152:eYArhqi2aYBhDkVfe1YoJbgwIdg6QYF6CV3QR3SBlXVx+1Fhiu+v:eYqhqi2awBbhQdp36kQRiBz+U3v | ||
| imphash | de41d4e0545d977de6ca665131bb479a | ||
| impfuzzy | 12:FMHHGf5XGXKiEG6eGJyJk6lTpJq/iZJAgRJRJJoARZqRVPXJHqc:FMGf5XGf6ZgJkoDq6ZJ9fjBcV9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x140009270 __C_specific_handler
0x140009278 __getmainargs
0x140009280 __initenv
0x140009288 __iob_func
0x140009290 __set_app_type
0x140009298 __setusermatherr
0x1400092a0 _amsg_exit
0x1400092a8 _cexit
0x1400092b0 _commode
0x1400092b8 _fmode
0x1400092c0 _initterm
0x1400092c8 _onexit
0x1400092d0 _wcsicmp
0x1400092d8 _wcsnicmp
0x1400092e0 abort
0x1400092e8 calloc
0x1400092f0 exit
0x1400092f8 fprintf
0x140009300 free
0x140009308 fwrite
0x140009310 malloc
0x140009318 memcpy
0x140009320 memset
0x140009328 signal
0x140009330 strlen
0x140009338 strncmp
0x140009340 vfprintf
0x140009348 wcscat
0x140009350 wcscpy
0x140009358 wcslen
0x140009360 wcsncmp
KERNEL32.dll
0x140009370 DeleteCriticalSection
0x140009378 EnterCriticalSection
0x140009380 GetLastError
0x140009388 InitializeCriticalSection
0x140009390 LeaveCriticalSection
0x140009398 SetUnhandledExceptionFilter
0x1400093a0 Sleep
0x1400093a8 TlsGetValue
0x1400093b0 VirtualProtect
0x1400093b8 VirtualQuery
EAT(Export Address Table) is none
msvcrt.dll
0x140009270 __C_specific_handler
0x140009278 __getmainargs
0x140009280 __initenv
0x140009288 __iob_func
0x140009290 __set_app_type
0x140009298 __setusermatherr
0x1400092a0 _amsg_exit
0x1400092a8 _cexit
0x1400092b0 _commode
0x1400092b8 _fmode
0x1400092c0 _initterm
0x1400092c8 _onexit
0x1400092d0 _wcsicmp
0x1400092d8 _wcsnicmp
0x1400092e0 abort
0x1400092e8 calloc
0x1400092f0 exit
0x1400092f8 fprintf
0x140009300 free
0x140009308 fwrite
0x140009310 malloc
0x140009318 memcpy
0x140009320 memset
0x140009328 signal
0x140009330 strlen
0x140009338 strncmp
0x140009340 vfprintf
0x140009348 wcscat
0x140009350 wcscpy
0x140009358 wcslen
0x140009360 wcsncmp
KERNEL32.dll
0x140009370 DeleteCriticalSection
0x140009378 EnterCriticalSection
0x140009380 GetLastError
0x140009388 InitializeCriticalSection
0x140009390 LeaveCriticalSection
0x140009398 SetUnhandledExceptionFilter
0x1400093a0 Sleep
0x1400093a8 TlsGetValue
0x1400093b0 VirtualProtect
0x1400093b8 VirtualQuery
EAT(Export Address Table) is none