ScreenShot
| Created | 2021.07.13 09:38 | Machine | s1_win7_x6401 |
| Filename | flashplayerpp_install_cn.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 12 detected (pdfxt@0, TrojDownloader, kcloud, Wacapew, Artemis, Static AI, Suspicious PE, HgEASYQA) | ||
| md5 | b516ece6fab6a089d4540de2cdb7ffce | ||
| sha256 | 8fdff97d01ee42d71b7d0acb3e4a121701604d04654acae723bc8096cd191e39 | ||
| ssdeep | 12288:5D+iqEAAAAAAAAAAAAAAAXAbAAAAAAAAAAAAAAAAAAAAAbAAAgAxAAAAAAAAAA+9:ct | ||
| imphash | d1bdfe028755aafcd9dbfecf8127d1a1 | ||
| impfuzzy | 24:xKtrsJf3pMjGcXlLjVZD502tIS1CUJe99zYoUOovbOtv9NRZHu9pFSS9:ctrsZ1cXHtIS1CzZYi3F9JS9 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140016018 HeapSize
0x140016020 Sleep
0x140016028 GetLastError
0x140016030 HeapReAlloc
0x140016038 RaiseException
0x140016040 HeapAlloc
0x140016048 GetSystemDefaultLangID
0x140016050 HeapDestroy
0x140016058 DeleteCriticalSection
0x140016060 GetProcessHeap
0x140016068 WinExec
0x140016070 WriteConsoleW
0x140016078 CreateFileW
0x140016080 InitializeCriticalSectionEx
0x140016088 SetErrorMode
0x140016090 HeapFree
0x140016098 GetConsoleMode
0x1400160a0 IsDebuggerPresent
0x1400160a8 OutputDebugStringW
0x1400160b0 EnterCriticalSection
0x1400160b8 LeaveCriticalSection
0x1400160c0 CloseHandle
0x1400160c8 InitializeCriticalSectionAndSpinCount
0x1400160d0 SetEvent
0x1400160d8 ResetEvent
0x1400160e0 WaitForSingleObjectEx
0x1400160e8 CreateEventW
0x1400160f0 GetModuleHandleW
0x1400160f8 GetProcAddress
0x140016100 RtlCaptureContext
0x140016108 RtlLookupFunctionEntry
0x140016110 RtlVirtualUnwind
0x140016118 UnhandledExceptionFilter
0x140016120 SetUnhandledExceptionFilter
0x140016128 GetCurrentProcess
0x140016130 TerminateProcess
0x140016138 IsProcessorFeaturePresent
0x140016140 GetStartupInfoW
0x140016148 QueryPerformanceCounter
0x140016150 GetCurrentProcessId
0x140016158 GetCurrentThreadId
0x140016160 GetSystemTimeAsFileTime
0x140016168 InitializeSListHead
0x140016170 RtlUnwindEx
0x140016178 SetLastError
0x140016180 EncodePointer
0x140016188 TlsAlloc
0x140016190 TlsGetValue
0x140016198 TlsSetValue
0x1400161a0 TlsFree
0x1400161a8 FreeLibrary
0x1400161b0 LoadLibraryExW
0x1400161b8 RtlPcToFileHeader
0x1400161c0 ExitProcess
0x1400161c8 GetModuleHandleExW
0x1400161d0 GetModuleFileNameW
0x1400161d8 GetStdHandle
0x1400161e0 WriteFile
0x1400161e8 GetCommandLineA
0x1400161f0 GetCommandLineW
0x1400161f8 GetFileType
0x140016200 CompareStringW
0x140016208 LCMapStringW
0x140016210 FindClose
0x140016218 FindFirstFileExW
0x140016220 FindNextFileW
0x140016228 IsValidCodePage
0x140016230 GetACP
0x140016238 GetOEMCP
0x140016240 GetCPInfo
0x140016248 MultiByteToWideChar
0x140016250 WideCharToMultiByte
0x140016258 GetEnvironmentStringsW
0x140016260 FreeEnvironmentStringsW
0x140016268 SetEnvironmentVariableW
0x140016270 SetStdHandle
0x140016278 GetStringTypeW
0x140016280 SetFilePointerEx
0x140016288 FlushFileBuffers
0x140016290 GetConsoleCP
ADVAPI32.dll
0x140016000 RegOpenKeyExW
0x140016008 GetUserNameW
urlmon.dll
0x1400162a0 URLDownloadToFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x140016018 HeapSize
0x140016020 Sleep
0x140016028 GetLastError
0x140016030 HeapReAlloc
0x140016038 RaiseException
0x140016040 HeapAlloc
0x140016048 GetSystemDefaultLangID
0x140016050 HeapDestroy
0x140016058 DeleteCriticalSection
0x140016060 GetProcessHeap
0x140016068 WinExec
0x140016070 WriteConsoleW
0x140016078 CreateFileW
0x140016080 InitializeCriticalSectionEx
0x140016088 SetErrorMode
0x140016090 HeapFree
0x140016098 GetConsoleMode
0x1400160a0 IsDebuggerPresent
0x1400160a8 OutputDebugStringW
0x1400160b0 EnterCriticalSection
0x1400160b8 LeaveCriticalSection
0x1400160c0 CloseHandle
0x1400160c8 InitializeCriticalSectionAndSpinCount
0x1400160d0 SetEvent
0x1400160d8 ResetEvent
0x1400160e0 WaitForSingleObjectEx
0x1400160e8 CreateEventW
0x1400160f0 GetModuleHandleW
0x1400160f8 GetProcAddress
0x140016100 RtlCaptureContext
0x140016108 RtlLookupFunctionEntry
0x140016110 RtlVirtualUnwind
0x140016118 UnhandledExceptionFilter
0x140016120 SetUnhandledExceptionFilter
0x140016128 GetCurrentProcess
0x140016130 TerminateProcess
0x140016138 IsProcessorFeaturePresent
0x140016140 GetStartupInfoW
0x140016148 QueryPerformanceCounter
0x140016150 GetCurrentProcessId
0x140016158 GetCurrentThreadId
0x140016160 GetSystemTimeAsFileTime
0x140016168 InitializeSListHead
0x140016170 RtlUnwindEx
0x140016178 SetLastError
0x140016180 EncodePointer
0x140016188 TlsAlloc
0x140016190 TlsGetValue
0x140016198 TlsSetValue
0x1400161a0 TlsFree
0x1400161a8 FreeLibrary
0x1400161b0 LoadLibraryExW
0x1400161b8 RtlPcToFileHeader
0x1400161c0 ExitProcess
0x1400161c8 GetModuleHandleExW
0x1400161d0 GetModuleFileNameW
0x1400161d8 GetStdHandle
0x1400161e0 WriteFile
0x1400161e8 GetCommandLineA
0x1400161f0 GetCommandLineW
0x1400161f8 GetFileType
0x140016200 CompareStringW
0x140016208 LCMapStringW
0x140016210 FindClose
0x140016218 FindFirstFileExW
0x140016220 FindNextFileW
0x140016228 IsValidCodePage
0x140016230 GetACP
0x140016238 GetOEMCP
0x140016240 GetCPInfo
0x140016248 MultiByteToWideChar
0x140016250 WideCharToMultiByte
0x140016258 GetEnvironmentStringsW
0x140016260 FreeEnvironmentStringsW
0x140016268 SetEnvironmentVariableW
0x140016270 SetStdHandle
0x140016278 GetStringTypeW
0x140016280 SetFilePointerEx
0x140016288 FlushFileBuffers
0x140016290 GetConsoleCP
ADVAPI32.dll
0x140016000 RegOpenKeyExW
0x140016008 GetUserNameW
urlmon.dll
0x1400162a0 URLDownloadToFileW
EAT(Export Address Table) is none