ScreenShot
| Created | 2021.06.24 20:39 | Machine | s1_win7_x6402 |
| Filename | setup.txt | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (AIDetect, malware1, malicious, high confidence, GenericKDZ, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, Kryptik, HLMC, Chapak, PWSX, DownLoader39, A + Troj, Zenpak, Glupteba, score, R427255, ai score=89, BScope, Static AI, Malicious PE, susgen, HLLX, ZexaF, Ru0@ae@7mUaI, Genetic) | ||
| md5 | c838695f44eab49e39fdddf95e7a8278 | ||
| sha256 | ad26db45e89bfcb2804b1c39b2eed3e92a98480cb0096746f57362b784cb1df7 | ||
| ssdeep | 12288:jYyJbVZAh5FBFW0Ma3TIIS1nbuTD4vsaNfL3K68bWbPtwGn5DGSRtHn5ye:jbbVZAl+dApwbuTD+saNOWPX0SH5ye | ||
| imphash | 5efa3e27e29df40d2e71bfa7856775bd | ||
| impfuzzy | 48:dWbODA+vK84dVXSEDGk9dIOQfYWaE8fcRhV8hUheLXsIGBg:1EmsVXhhdIMzE8fcRhV8hmeLXsK | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x489000 GetComputerNameA
0x489004 EnumResourceNamesW
0x489008 SearchPathW
0x48900c WriteConsoleInputW
0x489010 CopyFileExW
0x489014 SetEndOfFile
0x489018 GetNumberOfConsoleInputEvents
0x48901c FindResourceExW
0x489020 MapUserPhysicalPages
0x489024 LoadResource
0x489028 InterlockedIncrement
0x48902c ScrollConsoleScreenBufferW
0x489030 CreateDirectoryW
0x489034 GlobalLock
0x489038 GetCommProperties
0x48903c FreeEnvironmentStringsA
0x489040 SetTapeParameters
0x489044 GetModuleHandleW
0x489048 CreateNamedPipeW
0x48904c LocalFlags
0x489050 GetConsoleAliasesLengthA
0x489054 GetPrivateProfileStringW
0x489058 GetWindowsDirectoryA
0x48905c WriteFile
0x489060 SetCommState
0x489064 GetCommandLineA
0x489068 GetSystemWow64DirectoryA
0x48906c WriteFileGather
0x489070 CreateDirectoryExW
0x489074 SetProcessPriorityBoost
0x489078 InitializeCriticalSection
0x48907c TlsSetValue
0x489080 GlobalAlloc
0x489084 LoadLibraryW
0x489088 GetCalendarInfoA
0x48908c SetSystemTimeAdjustment
0x489090 GetSystemWindowsDirectoryA
0x489094 TerminateProcess
0x489098 IsDBCSLeadByte
0x48909c GetBinaryTypeW
0x4890a0 GetOverlappedResult
0x4890a4 CompareStringW
0x4890a8 lstrlenW
0x4890ac GetConsoleOutputCP
0x4890b0 VerifyVersionInfoW
0x4890b4 InterlockedExchange
0x4890b8 ReleaseActCtx
0x4890bc GetFileSizeEx
0x4890c0 SetThreadLocale
0x4890c4 FindFirstFileA
0x4890c8 OpenMutexW
0x4890cc GetCurrentDirectoryW
0x4890d0 GetProcAddress
0x4890d4 SetVolumeLabelW
0x4890d8 WriteProfileSectionA
0x4890dc SetComputerNameA
0x4890e0 SearchPathA
0x4890e4 BuildCommDCBW
0x4890e8 GetLocalTime
0x4890ec OpenMutexA
0x4890f0 OpenWaitableTimerW
0x4890f4 SetConsoleCtrlHandler
0x4890f8 AddAtomW
0x4890fc FindAtomA
0x489100 EnumResourceTypesW
0x489104 SetConsoleCursorInfo
0x489108 CreateIoCompletionPort
0x48910c SetConsoleTitleW
0x489110 FindNextFileW
0x489114 GetConsoleTitleW
0x489118 RequestWakeupLatency
0x48911c GetConsoleCursorInfo
0x489120 GetVersionExA
0x489124 DeleteFileW
0x489128 InterlockedPushEntrySList
0x48912c GetProfileSectionW
0x489130 LCMapStringW
0x489134 AreFileApisANSI
0x489138 GetVolumeInformationW
0x48913c GetModuleHandleA
0x489140 FlushFileBuffers
0x489144 GetStartupInfoA
0x489148 HeapValidate
0x48914c IsBadReadPtr
0x489150 RaiseException
0x489154 DeleteCriticalSection
0x489158 EnterCriticalSection
0x48915c LeaveCriticalSection
0x489160 GetModuleFileNameW
0x489164 SetUnhandledExceptionFilter
0x489168 QueryPerformanceCounter
0x48916c GetTickCount
0x489170 GetCurrentThreadId
0x489174 GetCurrentProcessId
0x489178 GetSystemTimeAsFileTime
0x48917c Sleep
0x489180 InterlockedDecrement
0x489184 ExitProcess
0x489188 GetModuleFileNameA
0x48918c GetEnvironmentStrings
0x489190 FreeEnvironmentStringsW
0x489194 WideCharToMultiByte
0x489198 GetLastError
0x48919c GetEnvironmentStringsW
0x4891a0 SetHandleCount
0x4891a4 GetStdHandle
0x4891a8 GetFileType
0x4891ac TlsGetValue
0x4891b0 TlsAlloc
0x4891b4 TlsFree
0x4891b8 SetLastError
0x4891bc HeapDestroy
0x4891c0 HeapCreate
0x4891c4 HeapFree
0x4891c8 VirtualFree
0x4891cc HeapAlloc
0x4891d0 GetCurrentProcess
0x4891d4 UnhandledExceptionFilter
0x4891d8 IsDebuggerPresent
0x4891dc HeapSize
0x4891e0 HeapReAlloc
0x4891e4 VirtualAlloc
0x4891e8 GetACP
0x4891ec GetOEMCP
0x4891f0 GetCPInfo
0x4891f4 IsValidCodePage
0x4891f8 RtlUnwind
0x4891fc InitializeCriticalSectionAndSpinCount
0x489200 DebugBreak
0x489204 OutputDebugStringA
0x489208 WriteConsoleW
0x48920c OutputDebugStringW
0x489210 LoadLibraryA
0x489214 MultiByteToWideChar
0x489218 LCMapStringA
0x48921c GetStringTypeA
0x489220 GetStringTypeW
0x489224 GetLocaleInfoA
0x489228 SetFilePointer
0x48922c GetConsoleCP
0x489230 GetConsoleMode
0x489234 SetStdHandle
0x489238 WriteConsoleA
0x48923c CreateFileA
0x489240 CloseHandle
USER32.dll
0x489248 GetMenuInfo
0x48924c GetMessageTime
0x489250 GetMenuCheckMarkDimensions
EAT(Export Address Table) is none
KERNEL32.dll
0x489000 GetComputerNameA
0x489004 EnumResourceNamesW
0x489008 SearchPathW
0x48900c WriteConsoleInputW
0x489010 CopyFileExW
0x489014 SetEndOfFile
0x489018 GetNumberOfConsoleInputEvents
0x48901c FindResourceExW
0x489020 MapUserPhysicalPages
0x489024 LoadResource
0x489028 InterlockedIncrement
0x48902c ScrollConsoleScreenBufferW
0x489030 CreateDirectoryW
0x489034 GlobalLock
0x489038 GetCommProperties
0x48903c FreeEnvironmentStringsA
0x489040 SetTapeParameters
0x489044 GetModuleHandleW
0x489048 CreateNamedPipeW
0x48904c LocalFlags
0x489050 GetConsoleAliasesLengthA
0x489054 GetPrivateProfileStringW
0x489058 GetWindowsDirectoryA
0x48905c WriteFile
0x489060 SetCommState
0x489064 GetCommandLineA
0x489068 GetSystemWow64DirectoryA
0x48906c WriteFileGather
0x489070 CreateDirectoryExW
0x489074 SetProcessPriorityBoost
0x489078 InitializeCriticalSection
0x48907c TlsSetValue
0x489080 GlobalAlloc
0x489084 LoadLibraryW
0x489088 GetCalendarInfoA
0x48908c SetSystemTimeAdjustment
0x489090 GetSystemWindowsDirectoryA
0x489094 TerminateProcess
0x489098 IsDBCSLeadByte
0x48909c GetBinaryTypeW
0x4890a0 GetOverlappedResult
0x4890a4 CompareStringW
0x4890a8 lstrlenW
0x4890ac GetConsoleOutputCP
0x4890b0 VerifyVersionInfoW
0x4890b4 InterlockedExchange
0x4890b8 ReleaseActCtx
0x4890bc GetFileSizeEx
0x4890c0 SetThreadLocale
0x4890c4 FindFirstFileA
0x4890c8 OpenMutexW
0x4890cc GetCurrentDirectoryW
0x4890d0 GetProcAddress
0x4890d4 SetVolumeLabelW
0x4890d8 WriteProfileSectionA
0x4890dc SetComputerNameA
0x4890e0 SearchPathA
0x4890e4 BuildCommDCBW
0x4890e8 GetLocalTime
0x4890ec OpenMutexA
0x4890f0 OpenWaitableTimerW
0x4890f4 SetConsoleCtrlHandler
0x4890f8 AddAtomW
0x4890fc FindAtomA
0x489100 EnumResourceTypesW
0x489104 SetConsoleCursorInfo
0x489108 CreateIoCompletionPort
0x48910c SetConsoleTitleW
0x489110 FindNextFileW
0x489114 GetConsoleTitleW
0x489118 RequestWakeupLatency
0x48911c GetConsoleCursorInfo
0x489120 GetVersionExA
0x489124 DeleteFileW
0x489128 InterlockedPushEntrySList
0x48912c GetProfileSectionW
0x489130 LCMapStringW
0x489134 AreFileApisANSI
0x489138 GetVolumeInformationW
0x48913c GetModuleHandleA
0x489140 FlushFileBuffers
0x489144 GetStartupInfoA
0x489148 HeapValidate
0x48914c IsBadReadPtr
0x489150 RaiseException
0x489154 DeleteCriticalSection
0x489158 EnterCriticalSection
0x48915c LeaveCriticalSection
0x489160 GetModuleFileNameW
0x489164 SetUnhandledExceptionFilter
0x489168 QueryPerformanceCounter
0x48916c GetTickCount
0x489170 GetCurrentThreadId
0x489174 GetCurrentProcessId
0x489178 GetSystemTimeAsFileTime
0x48917c Sleep
0x489180 InterlockedDecrement
0x489184 ExitProcess
0x489188 GetModuleFileNameA
0x48918c GetEnvironmentStrings
0x489190 FreeEnvironmentStringsW
0x489194 WideCharToMultiByte
0x489198 GetLastError
0x48919c GetEnvironmentStringsW
0x4891a0 SetHandleCount
0x4891a4 GetStdHandle
0x4891a8 GetFileType
0x4891ac TlsGetValue
0x4891b0 TlsAlloc
0x4891b4 TlsFree
0x4891b8 SetLastError
0x4891bc HeapDestroy
0x4891c0 HeapCreate
0x4891c4 HeapFree
0x4891c8 VirtualFree
0x4891cc HeapAlloc
0x4891d0 GetCurrentProcess
0x4891d4 UnhandledExceptionFilter
0x4891d8 IsDebuggerPresent
0x4891dc HeapSize
0x4891e0 HeapReAlloc
0x4891e4 VirtualAlloc
0x4891e8 GetACP
0x4891ec GetOEMCP
0x4891f0 GetCPInfo
0x4891f4 IsValidCodePage
0x4891f8 RtlUnwind
0x4891fc InitializeCriticalSectionAndSpinCount
0x489200 DebugBreak
0x489204 OutputDebugStringA
0x489208 WriteConsoleW
0x48920c OutputDebugStringW
0x489210 LoadLibraryA
0x489214 MultiByteToWideChar
0x489218 LCMapStringA
0x48921c GetStringTypeA
0x489220 GetStringTypeW
0x489224 GetLocaleInfoA
0x489228 SetFilePointer
0x48922c GetConsoleCP
0x489230 GetConsoleMode
0x489234 SetStdHandle
0x489238 WriteConsoleA
0x48923c CreateFileA
0x489240 CloseHandle
USER32.dll
0x489248 GetMenuInfo
0x48924c GetMessageTime
0x489250 GetMenuCheckMarkDimensions
EAT(Export Address Table) is none