ScreenShot
| Created | 2021.04.13 10:17 | Machine | s1_win7_x6401 |
| Filename | setup%20-%202021-04-09T114140.132.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (AIDetect, malware1, GenericKDZ, FTKE, Unsafe, Save, malicious, confidence, 100%, ZexaF, uGW@ayYF, Kryptik, HKIW, Bsymem, Ranumbot, CLOUD, DownLoader38, Static AI, Malicious PE, Mokes, qtkbj, ai score=100, kcloud, score, MalPE, R415606, BScope, Wacatac, GdSda, Outbreak, GenKryptik, FDVZ, HwoChz8A) | ||
| md5 | 000e43fe0944da48d0e033d95a7cf1e0 | ||
| sha256 | 2b2b2b7bb20ce4a49a3e58b7177661c6dc19aa01d1550ea6a352ef92a3ee99b2 | ||
| ssdeep | 6144:FFRkpULl0VzIwFm8fEzHgLH4oAvGb585hAcBToHtX:FFRbhkIyjkgLYoAvCkAcBToHZ | ||
| imphash | 5c9f82cdabd8e2926163412888fe3f28 | ||
| impfuzzy | 48:qiFOLbu8m/epPtWG6cjPMuD8cpNKd6ANZS1:qisLcAPtWG6cjPF8cpNG64s | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x3da1000 HeapReAlloc
0x3da1004 RemoveVectoredExceptionHandler
0x3da1008 EnumDateFormatsExW
0x3da100c FindResourceExW
0x3da1010 WriteConsoleOutputCharacterA
0x3da1014 LoadResource
0x3da1018 SetWaitableTimer
0x3da101c GetCurrentProcess
0x3da1020 HeapFree
0x3da1024 GetModuleHandleExW
0x3da1028 GlobalLock
0x3da102c CancelWaitableTimer
0x3da1030 LockFile
0x3da1034 SetTapeParameters
0x3da1038 GetModuleHandleW
0x3da103c GetConsoleAliasesA
0x3da1040 TzSpecificLocalTimeToSystemTime
0x3da1044 GetLocaleInfoW
0x3da1048 GetSystemTimeAdjustment
0x3da104c InterlockedPopEntrySList
0x3da1050 GetFileAttributesA
0x3da1054 GetCompressedFileSizeA
0x3da1058 GetTimeZoneInformation
0x3da105c GetEnvironmentVariableA
0x3da1060 DisconnectNamedPipe
0x3da1064 VirtualUnlock
0x3da1068 GetProcAddress
0x3da106c GetAtomNameA
0x3da1070 LocalAlloc
0x3da1074 AddAtomA
0x3da1078 GlobalFindAtomW
0x3da107c GlobalUnWire
0x3da1080 lstrcatW
0x3da1084 FatalExit
0x3da1088 GetFileTime
0x3da108c GetConsoleCursorInfo
0x3da1090 EnumCalendarInfoExA
0x3da1094 LocalFree
0x3da1098 LCMapStringW
0x3da109c CompareStringW
0x3da10a0 CompareStringA
0x3da10a4 TerminateProcess
0x3da10a8 UnhandledExceptionFilter
0x3da10ac SetUnhandledExceptionFilter
0x3da10b0 IsDebuggerPresent
0x3da10b4 GetStartupInfoW
0x3da10b8 RaiseException
0x3da10bc RtlUnwind
0x3da10c0 HeapAlloc
0x3da10c4 GetLastError
0x3da10c8 EnterCriticalSection
0x3da10cc LeaveCriticalSection
0x3da10d0 TlsGetValue
0x3da10d4 TlsAlloc
0x3da10d8 TlsSetValue
0x3da10dc TlsFree
0x3da10e0 InterlockedIncrement
0x3da10e4 SetLastError
0x3da10e8 GetCurrentThreadId
0x3da10ec InterlockedDecrement
0x3da10f0 GetCurrentThread
0x3da10f4 Sleep
0x3da10f8 ExitProcess
0x3da10fc WriteFile
0x3da1100 GetStdHandle
0x3da1104 GetModuleFileNameA
0x3da1108 GetModuleFileNameW
0x3da110c FreeEnvironmentStringsW
0x3da1110 GetEnvironmentStringsW
0x3da1114 GetCommandLineW
0x3da1118 SetHandleCount
0x3da111c GetFileType
0x3da1120 GetStartupInfoA
0x3da1124 DeleteCriticalSection
0x3da1128 HeapCreate
0x3da112c HeapDestroy
0x3da1130 VirtualFree
0x3da1134 QueryPerformanceCounter
0x3da1138 GetTickCount
0x3da113c GetCurrentProcessId
0x3da1140 GetSystemTimeAsFileTime
0x3da1144 SetFilePointer
0x3da1148 WideCharToMultiByte
0x3da114c GetConsoleCP
0x3da1150 GetConsoleMode
0x3da1154 GetCPInfo
0x3da1158 GetACP
0x3da115c GetOEMCP
0x3da1160 IsValidCodePage
0x3da1164 FatalAppExitA
0x3da1168 VirtualAlloc
0x3da116c MultiByteToWideChar
0x3da1170 CloseHandle
0x3da1174 CreateFileA
0x3da1178 InitializeCriticalSectionAndSpinCount
0x3da117c HeapSize
0x3da1180 SetConsoleCtrlHandler
0x3da1184 FreeLibrary
0x3da1188 InterlockedExchange
0x3da118c LoadLibraryA
0x3da1190 SetStdHandle
0x3da1194 WriteConsoleA
0x3da1198 GetConsoleOutputCP
0x3da119c WriteConsoleW
0x3da11a0 LCMapStringA
0x3da11a4 GetStringTypeA
0x3da11a8 GetStringTypeW
0x3da11ac GetTimeFormatA
0x3da11b0 GetDateFormatA
0x3da11b4 GetUserDefaultLCID
0x3da11b8 GetLocaleInfoA
0x3da11bc EnumSystemLocalesA
0x3da11c0 IsValidLocale
0x3da11c4 FlushFileBuffers
0x3da11c8 ReadFile
0x3da11cc SetEndOfFile
0x3da11d0 GetProcessHeap
0x3da11d4 SetEnvironmentVariableA
USER32.dll
0x3da11dc GetProcessDefaultLayout
EAT(Export Address Table) Library
0x43ea50 Lolipops
0x43ea30 NoMoreLies
0x43ea40 Robinson
KERNEL32.dll
0x3da1000 HeapReAlloc
0x3da1004 RemoveVectoredExceptionHandler
0x3da1008 EnumDateFormatsExW
0x3da100c FindResourceExW
0x3da1010 WriteConsoleOutputCharacterA
0x3da1014 LoadResource
0x3da1018 SetWaitableTimer
0x3da101c GetCurrentProcess
0x3da1020 HeapFree
0x3da1024 GetModuleHandleExW
0x3da1028 GlobalLock
0x3da102c CancelWaitableTimer
0x3da1030 LockFile
0x3da1034 SetTapeParameters
0x3da1038 GetModuleHandleW
0x3da103c GetConsoleAliasesA
0x3da1040 TzSpecificLocalTimeToSystemTime
0x3da1044 GetLocaleInfoW
0x3da1048 GetSystemTimeAdjustment
0x3da104c InterlockedPopEntrySList
0x3da1050 GetFileAttributesA
0x3da1054 GetCompressedFileSizeA
0x3da1058 GetTimeZoneInformation
0x3da105c GetEnvironmentVariableA
0x3da1060 DisconnectNamedPipe
0x3da1064 VirtualUnlock
0x3da1068 GetProcAddress
0x3da106c GetAtomNameA
0x3da1070 LocalAlloc
0x3da1074 AddAtomA
0x3da1078 GlobalFindAtomW
0x3da107c GlobalUnWire
0x3da1080 lstrcatW
0x3da1084 FatalExit
0x3da1088 GetFileTime
0x3da108c GetConsoleCursorInfo
0x3da1090 EnumCalendarInfoExA
0x3da1094 LocalFree
0x3da1098 LCMapStringW
0x3da109c CompareStringW
0x3da10a0 CompareStringA
0x3da10a4 TerminateProcess
0x3da10a8 UnhandledExceptionFilter
0x3da10ac SetUnhandledExceptionFilter
0x3da10b0 IsDebuggerPresent
0x3da10b4 GetStartupInfoW
0x3da10b8 RaiseException
0x3da10bc RtlUnwind
0x3da10c0 HeapAlloc
0x3da10c4 GetLastError
0x3da10c8 EnterCriticalSection
0x3da10cc LeaveCriticalSection
0x3da10d0 TlsGetValue
0x3da10d4 TlsAlloc
0x3da10d8 TlsSetValue
0x3da10dc TlsFree
0x3da10e0 InterlockedIncrement
0x3da10e4 SetLastError
0x3da10e8 GetCurrentThreadId
0x3da10ec InterlockedDecrement
0x3da10f0 GetCurrentThread
0x3da10f4 Sleep
0x3da10f8 ExitProcess
0x3da10fc WriteFile
0x3da1100 GetStdHandle
0x3da1104 GetModuleFileNameA
0x3da1108 GetModuleFileNameW
0x3da110c FreeEnvironmentStringsW
0x3da1110 GetEnvironmentStringsW
0x3da1114 GetCommandLineW
0x3da1118 SetHandleCount
0x3da111c GetFileType
0x3da1120 GetStartupInfoA
0x3da1124 DeleteCriticalSection
0x3da1128 HeapCreate
0x3da112c HeapDestroy
0x3da1130 VirtualFree
0x3da1134 QueryPerformanceCounter
0x3da1138 GetTickCount
0x3da113c GetCurrentProcessId
0x3da1140 GetSystemTimeAsFileTime
0x3da1144 SetFilePointer
0x3da1148 WideCharToMultiByte
0x3da114c GetConsoleCP
0x3da1150 GetConsoleMode
0x3da1154 GetCPInfo
0x3da1158 GetACP
0x3da115c GetOEMCP
0x3da1160 IsValidCodePage
0x3da1164 FatalAppExitA
0x3da1168 VirtualAlloc
0x3da116c MultiByteToWideChar
0x3da1170 CloseHandle
0x3da1174 CreateFileA
0x3da1178 InitializeCriticalSectionAndSpinCount
0x3da117c HeapSize
0x3da1180 SetConsoleCtrlHandler
0x3da1184 FreeLibrary
0x3da1188 InterlockedExchange
0x3da118c LoadLibraryA
0x3da1190 SetStdHandle
0x3da1194 WriteConsoleA
0x3da1198 GetConsoleOutputCP
0x3da119c WriteConsoleW
0x3da11a0 LCMapStringA
0x3da11a4 GetStringTypeA
0x3da11a8 GetStringTypeW
0x3da11ac GetTimeFormatA
0x3da11b0 GetDateFormatA
0x3da11b4 GetUserDefaultLCID
0x3da11b8 GetLocaleInfoA
0x3da11bc EnumSystemLocalesA
0x3da11c0 IsValidLocale
0x3da11c4 FlushFileBuffers
0x3da11c8 ReadFile
0x3da11cc SetEndOfFile
0x3da11d0 GetProcessHeap
0x3da11d4 SetEnvironmentVariableA
USER32.dll
0x3da11dc GetProcessDefaultLayout
EAT(Export Address Table) Library
0x43ea50 Lolipops
0x43ea30 NoMoreLies
0x43ea40 Robinson