ScreenShot
| Created | 2021.06.25 00:07 | Machine | s1_win7_x6402 |
| Filename | INSTALL.EXE | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 7415aea4d76ea8d2706a6441be814b03 | ||
| sha256 | 4a74922eb09b96a1b50236fa2e4c517e9bfde2c7418afaa6de4cbb57301ff2d7 | ||
| ssdeep | 12288:smOSSPAWkQDl3+ND8hRTScTWYUTKMy/bkqpctmOASvoWKrTq6uRtRmPL:heY1QDlqD8hvT6ThyTkgctmO4WR6Ei | ||
| imphash | f826a48a91e12587dc916c9291b4021e | ||
| impfuzzy | 48:dFLfcTdxOHayDl8epGdB4CAEcsL9taLnSPnJeRzlh6UySvH/gRSpfjw/5r4CKlo7:dBfcRx+ayDlXpCCsLnaLnS6/Wk6 | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Deletes executed files from disk |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Performs some HTTP requests |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x42d010 None
MPR.dll
0x42d224 WNetEnumResourceW
0x42d228 WNetGetUniversalNameW
0x42d22c WNetOpenEnumW
0x42d230 WNetCloseEnum
UxTheme.dll
0x42d2c8 SetWindowTheme
KERNEL32.dll
0x42d048 DeleteCriticalSection
0x42d04c EnterCriticalSection
0x42d050 LeaveCriticalSection
0x42d054 InterlockedDecrement
0x42d058 WideCharToMultiByte
0x42d05c MultiByteToWideChar
0x42d060 InterlockedExchangeAdd
0x42d064 InterlockedIncrement
0x42d068 GetLastError
0x42d06c LoadLibraryW
0x42d070 GetFileInformationByHandle
0x42d074 GetLogicalDriveStringsW
0x42d078 GetVolumeInformationW
0x42d07c WriteFile
0x42d080 ReadFile
0x42d084 SetFilePointer
0x42d088 LockFile
0x42d08c LockFileEx
0x42d090 UnlockFile
0x42d094 UnlockFileEx
0x42d098 FlushFileBuffers
0x42d09c SetEndOfFile
0x42d0a0 SetFileValidData
0x42d0a4 SetErrorMode
0x42d0a8 SetFileTime
0x42d0ac SetLastError
0x42d0b0 GetFileTime
0x42d0b4 SystemTimeToFileTime
0x42d0b8 FileTimeToSystemTime
0x42d0bc CreateFileW
0x42d0c0 Sleep
0x42d0c4 DeleteFileW
0x42d0c8 GetFileAttributesW
0x42d0cc CreateDirectoryW
0x42d0d0 RemoveDirectoryW
0x42d0d4 FindFirstFileW
0x42d0d8 FindClose
0x42d0dc SetFileAttributesW
0x42d0e0 FindFirstFileExW
0x42d0e4 FindNextFileW
0x42d0e8 GetTempPathW
0x42d0ec GetCurrentDirectoryW
0x42d0f0 GetTempFileNameW
0x42d0f4 GetFullPathNameW
0x42d0f8 GetDriveTypeW
0x42d0fc QueryDosDeviceW
0x42d100 FreeLibrary
0x42d104 OpenProcess
0x42d108 TerminateProcess
0x42d10c HeapSize
0x42d110 InitializeCriticalSection
0x42d114 CompareStringW
0x42d118 CompareStringA
0x42d11c GetPrivateProfileStringW
0x42d120 GetTimeZoneInformation
0x42d124 GetVersionExW
0x42d128 GetCurrentProcess
0x42d12c CreateProcessW
0x42d130 LCMapStringW
0x42d134 GetPrivateProfileIntW
0x42d138 SetEnvironmentVariableW
0x42d13c GetExitCodeProcess
0x42d140 FreeEnvironmentStringsW
0x42d144 GetEnvironmentStringsW
0x42d148 GetCommandLineW
0x42d14c GetCommandLineA
0x42d150 GetCPInfo
0x42d154 GetOEMCP
0x42d158 IsValidCodePage
0x42d15c FindNextFileA
0x42d160 FindFirstFileExA
0x42d164 HeapReAlloc
0x42d168 SetStdHandle
0x42d16c WriteConsoleW
0x42d170 DecodePointer
0x42d174 GetStringTypeW
0x42d178 HeapAlloc
0x42d17c HeapFree
0x42d180 GetACP
0x42d184 GetModuleHandleExW
0x42d188 ExitProcess
0x42d18c GetModuleFileNameA
0x42d190 GetStdHandle
0x42d194 SystemTimeToTzSpecificLocalTime
0x42d198 PeekNamedPipe
0x42d19c GetFileType
0x42d1a0 LoadLibraryExW
0x42d1a4 TlsFree
0x42d1a8 TlsSetValue
0x42d1ac TlsGetValue
0x42d1b0 TlsAlloc
0x42d1b4 InitializeCriticalSectionAndSpinCount
0x42d1b8 RtlUnwind
0x42d1bc LocalFree
0x42d1c0 LockResource
0x42d1c4 LoadResource
0x42d1c8 FindResourceW
0x42d1cc FormatMessageW
0x42d1d0 GetProcAddress
0x42d1d4 GetModuleHandleW
0x42d1d8 CloseHandle
0x42d1dc SetEnvironmentVariableA
0x42d1e0 GetProcessHeap
0x42d1e4 GetModuleFileNameW
0x42d1e8 GetConsoleCP
0x42d1ec GetConsoleMode
0x42d1f0 SetFilePointerEx
0x42d1f4 RaiseException
0x42d1f8 IsProcessorFeaturePresent
0x42d1fc GetStartupInfoW
0x42d200 SetUnhandledExceptionFilter
0x42d204 UnhandledExceptionFilter
0x42d208 IsDebuggerPresent
0x42d20c InitializeSListHead
0x42d210 GetSystemTimeAsFileTime
0x42d214 QueryPerformanceCounter
0x42d218 GetCurrentProcessId
0x42d21c GetCurrentThreadId
USER32.dll
0x42d24c GetDlgItemTextW
0x42d250 IsDlgButtonChecked
0x42d254 CheckDlgButton
0x42d258 GetDlgItem
0x42d25c SetDlgItemTextW
0x42d260 SetWindowPos
0x42d264 GetParent
0x42d268 DialogBoxParamW
0x42d26c EndDialog
0x42d270 IsWindow
0x42d274 MessageBoxW
0x42d278 CharUpperBuffW
0x42d27c CharUpperW
0x42d280 SendDlgItemMessageW
0x42d284 LoadStringW
0x42d288 FillRect
0x42d28c DestroyWindow
0x42d290 ReleaseDC
0x42d294 DrawTextW
0x42d298 GetDC
0x42d29c UpdateWindow
0x42d2a0 ShowWindow
0x42d2a4 SendMessageW
0x42d2a8 GetClientRect
0x42d2ac GetSystemMetrics
0x42d2b0 CreateWindowExW
0x42d2b4 RegisterClassW
0x42d2b8 LoadIconW
0x42d2bc DefWindowProcW
0x42d2c0 SetWindowTextW
GDI32.dll
0x42d018 GetStockObject
0x42d01c SetROP2
0x42d020 LineTo
0x42d024 MoveToEx
0x42d028 CreatePen
0x42d02c DeleteObject
0x42d030 SelectObject
0x42d034 CreateFontIndirectW
0x42d038 SetTextColor
0x42d03c SetBkMode
0x42d040 CreateSolidBrush
ADVAPI32.dll
0x42d000 RegCloseKey
0x42d004 RegQueryValueExW
0x42d008 RegOpenKeyExW
SHELL32.dll
0x42d238 SHGetPathFromIDListW
0x42d23c ShellExecuteExW
0x42d240 ShellExecuteW
0x42d244 SHBrowseForFolderW
ole32.dll
0x42d2d0 OleInitialize
EAT(Export Address Table) Library
0x4017c4 CommandeComposante
COMCTL32.dll
0x42d010 None
MPR.dll
0x42d224 WNetEnumResourceW
0x42d228 WNetGetUniversalNameW
0x42d22c WNetOpenEnumW
0x42d230 WNetCloseEnum
UxTheme.dll
0x42d2c8 SetWindowTheme
KERNEL32.dll
0x42d048 DeleteCriticalSection
0x42d04c EnterCriticalSection
0x42d050 LeaveCriticalSection
0x42d054 InterlockedDecrement
0x42d058 WideCharToMultiByte
0x42d05c MultiByteToWideChar
0x42d060 InterlockedExchangeAdd
0x42d064 InterlockedIncrement
0x42d068 GetLastError
0x42d06c LoadLibraryW
0x42d070 GetFileInformationByHandle
0x42d074 GetLogicalDriveStringsW
0x42d078 GetVolumeInformationW
0x42d07c WriteFile
0x42d080 ReadFile
0x42d084 SetFilePointer
0x42d088 LockFile
0x42d08c LockFileEx
0x42d090 UnlockFile
0x42d094 UnlockFileEx
0x42d098 FlushFileBuffers
0x42d09c SetEndOfFile
0x42d0a0 SetFileValidData
0x42d0a4 SetErrorMode
0x42d0a8 SetFileTime
0x42d0ac SetLastError
0x42d0b0 GetFileTime
0x42d0b4 SystemTimeToFileTime
0x42d0b8 FileTimeToSystemTime
0x42d0bc CreateFileW
0x42d0c0 Sleep
0x42d0c4 DeleteFileW
0x42d0c8 GetFileAttributesW
0x42d0cc CreateDirectoryW
0x42d0d0 RemoveDirectoryW
0x42d0d4 FindFirstFileW
0x42d0d8 FindClose
0x42d0dc SetFileAttributesW
0x42d0e0 FindFirstFileExW
0x42d0e4 FindNextFileW
0x42d0e8 GetTempPathW
0x42d0ec GetCurrentDirectoryW
0x42d0f0 GetTempFileNameW
0x42d0f4 GetFullPathNameW
0x42d0f8 GetDriveTypeW
0x42d0fc QueryDosDeviceW
0x42d100 FreeLibrary
0x42d104 OpenProcess
0x42d108 TerminateProcess
0x42d10c HeapSize
0x42d110 InitializeCriticalSection
0x42d114 CompareStringW
0x42d118 CompareStringA
0x42d11c GetPrivateProfileStringW
0x42d120 GetTimeZoneInformation
0x42d124 GetVersionExW
0x42d128 GetCurrentProcess
0x42d12c CreateProcessW
0x42d130 LCMapStringW
0x42d134 GetPrivateProfileIntW
0x42d138 SetEnvironmentVariableW
0x42d13c GetExitCodeProcess
0x42d140 FreeEnvironmentStringsW
0x42d144 GetEnvironmentStringsW
0x42d148 GetCommandLineW
0x42d14c GetCommandLineA
0x42d150 GetCPInfo
0x42d154 GetOEMCP
0x42d158 IsValidCodePage
0x42d15c FindNextFileA
0x42d160 FindFirstFileExA
0x42d164 HeapReAlloc
0x42d168 SetStdHandle
0x42d16c WriteConsoleW
0x42d170 DecodePointer
0x42d174 GetStringTypeW
0x42d178 HeapAlloc
0x42d17c HeapFree
0x42d180 GetACP
0x42d184 GetModuleHandleExW
0x42d188 ExitProcess
0x42d18c GetModuleFileNameA
0x42d190 GetStdHandle
0x42d194 SystemTimeToTzSpecificLocalTime
0x42d198 PeekNamedPipe
0x42d19c GetFileType
0x42d1a0 LoadLibraryExW
0x42d1a4 TlsFree
0x42d1a8 TlsSetValue
0x42d1ac TlsGetValue
0x42d1b0 TlsAlloc
0x42d1b4 InitializeCriticalSectionAndSpinCount
0x42d1b8 RtlUnwind
0x42d1bc LocalFree
0x42d1c0 LockResource
0x42d1c4 LoadResource
0x42d1c8 FindResourceW
0x42d1cc FormatMessageW
0x42d1d0 GetProcAddress
0x42d1d4 GetModuleHandleW
0x42d1d8 CloseHandle
0x42d1dc SetEnvironmentVariableA
0x42d1e0 GetProcessHeap
0x42d1e4 GetModuleFileNameW
0x42d1e8 GetConsoleCP
0x42d1ec GetConsoleMode
0x42d1f0 SetFilePointerEx
0x42d1f4 RaiseException
0x42d1f8 IsProcessorFeaturePresent
0x42d1fc GetStartupInfoW
0x42d200 SetUnhandledExceptionFilter
0x42d204 UnhandledExceptionFilter
0x42d208 IsDebuggerPresent
0x42d20c InitializeSListHead
0x42d210 GetSystemTimeAsFileTime
0x42d214 QueryPerformanceCounter
0x42d218 GetCurrentProcessId
0x42d21c GetCurrentThreadId
USER32.dll
0x42d24c GetDlgItemTextW
0x42d250 IsDlgButtonChecked
0x42d254 CheckDlgButton
0x42d258 GetDlgItem
0x42d25c SetDlgItemTextW
0x42d260 SetWindowPos
0x42d264 GetParent
0x42d268 DialogBoxParamW
0x42d26c EndDialog
0x42d270 IsWindow
0x42d274 MessageBoxW
0x42d278 CharUpperBuffW
0x42d27c CharUpperW
0x42d280 SendDlgItemMessageW
0x42d284 LoadStringW
0x42d288 FillRect
0x42d28c DestroyWindow
0x42d290 ReleaseDC
0x42d294 DrawTextW
0x42d298 GetDC
0x42d29c UpdateWindow
0x42d2a0 ShowWindow
0x42d2a4 SendMessageW
0x42d2a8 GetClientRect
0x42d2ac GetSystemMetrics
0x42d2b0 CreateWindowExW
0x42d2b4 RegisterClassW
0x42d2b8 LoadIconW
0x42d2bc DefWindowProcW
0x42d2c0 SetWindowTextW
GDI32.dll
0x42d018 GetStockObject
0x42d01c SetROP2
0x42d020 LineTo
0x42d024 MoveToEx
0x42d028 CreatePen
0x42d02c DeleteObject
0x42d030 SelectObject
0x42d034 CreateFontIndirectW
0x42d038 SetTextColor
0x42d03c SetBkMode
0x42d040 CreateSolidBrush
ADVAPI32.dll
0x42d000 RegCloseKey
0x42d004 RegQueryValueExW
0x42d008 RegOpenKeyExW
SHELL32.dll
0x42d238 SHGetPathFromIDListW
0x42d23c ShellExecuteExW
0x42d240 ShellExecuteW
0x42d244 SHBrowseForFolderW
ole32.dll
0x42d2d0 OleInitialize
EAT(Export Address Table) Library
0x4017c4 CommandeComposante