ScreenShot
| Created | 2021.09.15 18:15 | Machine | s1_win7_x6402 |
| Filename | setup.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Save, confidence, 100%, ZexaF, rq0@a887svaG, Kryptik, Eldorado, Attribute, HighConfidence, Reline, A + Troj, Krypt, susgen, Tnega, score, ai score=88, Unsafe, CLASSIC, Static AI, Malicious PE) | ||
| md5 | 498d616eef919be56eb9760a0d749500 | ||
| sha256 | 3a51d7178b120209414c12b1247ded02bef39cc060bc9905300eb4c7b6e860d0 | ||
| ssdeep | 6144:SL9LNkItY7fJ8KvCOzQs6o69NkhmuqtdL:E5lt2f6OzFp69WYt | ||
| imphash | 8291759aef0e46c8057b5d52bd12239f | ||
| impfuzzy | 24:Qoc0ZaQr3/wJ1e5DXOLhbXh1OqfdYE7/J3Jqtqiyv4OT42l9NWjMvheNpb:BZaQr3/0bLIqfrVwtqbpc2plof | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x434000 GetLocaleInfoA
0x434004 LoadResource
0x434008 ReadConsoleA
0x43400c InterlockedDecrement
0x434010 GetCurrentProcess
0x434014 GetEnvironmentStringsW
0x434018 GetUserDefaultLCID
0x43401c FindActCtxSectionStringA
0x434020 GetUserDefaultLangID
0x434024 QueryActCtxW
0x434028 InitializeCriticalSection
0x43402c ReadConsoleInputA
0x434030 GetSystemWindowsDirectoryA
0x434034 LeaveCriticalSection
0x434038 PulseEvent
0x43403c VerifyVersionInfoA
0x434040 WriteConsoleW
0x434044 GetModuleFileNameW
0x434048 ReleaseSemaphore
0x43404c GetConsoleOutputCP
0x434050 GetProcAddress
0x434054 PrepareTape
0x434058 OpenMutexA
0x43405c LocalAlloc
0x434060 GlobalGetAtomNameW
0x434064 WaitForMultipleObjects
0x434068 SetSystemTime
0x43406c GetModuleFileNameA
0x434070 GetModuleHandleA
0x434074 FindFirstVolumeA
0x434078 AddConsoleAliasA
0x43407c GetProfileSectionW
0x434080 GetCommandLineW
0x434084 HeapAlloc
0x434088 GetStartupInfoW
0x43408c DeleteCriticalSection
0x434090 EnterCriticalSection
0x434094 HeapFree
0x434098 VirtualFree
0x43409c VirtualAlloc
0x4340a0 HeapReAlloc
0x4340a4 HeapCreate
0x4340a8 GetModuleHandleW
0x4340ac Sleep
0x4340b0 ExitProcess
0x4340b4 WriteFile
0x4340b8 GetStdHandle
0x4340bc TlsGetValue
0x4340c0 TlsAlloc
0x4340c4 TlsSetValue
0x4340c8 TlsFree
0x4340cc InterlockedIncrement
0x4340d0 SetLastError
0x4340d4 GetCurrentThreadId
0x4340d8 GetLastError
0x4340dc HeapSize
0x4340e0 TerminateProcess
0x4340e4 UnhandledExceptionFilter
0x4340e8 SetUnhandledExceptionFilter
0x4340ec IsDebuggerPresent
0x4340f0 RtlUnwind
0x4340f4 SetHandleCount
0x4340f8 GetFileType
0x4340fc GetStartupInfoA
0x434100 SetFilePointer
0x434104 CloseHandle
0x434108 FreeEnvironmentStringsW
0x43410c QueryPerformanceCounter
0x434110 GetTickCount
0x434114 GetCurrentProcessId
0x434118 GetSystemTimeAsFileTime
0x43411c InitializeCriticalSectionAndSpinCount
0x434120 LoadLibraryA
0x434124 GetCPInfo
0x434128 GetACP
0x43412c GetOEMCP
0x434130 IsValidCodePage
0x434134 WideCharToMultiByte
0x434138 CreateFileA
0x43413c RaiseException
0x434140 SetStdHandle
0x434144 GetConsoleCP
0x434148 GetConsoleMode
0x43414c FlushFileBuffers
0x434150 GetStringTypeA
0x434154 MultiByteToWideChar
0x434158 GetStringTypeW
0x43415c LCMapStringA
0x434160 LCMapStringW
0x434164 SetEndOfFile
0x434168 GetProcessHeap
0x43416c ReadFile
0x434170 WriteConsoleA
USER32.dll
0x434178 RealChildWindowFromPoint
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12
KERNEL32.dll
0x434000 GetLocaleInfoA
0x434004 LoadResource
0x434008 ReadConsoleA
0x43400c InterlockedDecrement
0x434010 GetCurrentProcess
0x434014 GetEnvironmentStringsW
0x434018 GetUserDefaultLCID
0x43401c FindActCtxSectionStringA
0x434020 GetUserDefaultLangID
0x434024 QueryActCtxW
0x434028 InitializeCriticalSection
0x43402c ReadConsoleInputA
0x434030 GetSystemWindowsDirectoryA
0x434034 LeaveCriticalSection
0x434038 PulseEvent
0x43403c VerifyVersionInfoA
0x434040 WriteConsoleW
0x434044 GetModuleFileNameW
0x434048 ReleaseSemaphore
0x43404c GetConsoleOutputCP
0x434050 GetProcAddress
0x434054 PrepareTape
0x434058 OpenMutexA
0x43405c LocalAlloc
0x434060 GlobalGetAtomNameW
0x434064 WaitForMultipleObjects
0x434068 SetSystemTime
0x43406c GetModuleFileNameA
0x434070 GetModuleHandleA
0x434074 FindFirstVolumeA
0x434078 AddConsoleAliasA
0x43407c GetProfileSectionW
0x434080 GetCommandLineW
0x434084 HeapAlloc
0x434088 GetStartupInfoW
0x43408c DeleteCriticalSection
0x434090 EnterCriticalSection
0x434094 HeapFree
0x434098 VirtualFree
0x43409c VirtualAlloc
0x4340a0 HeapReAlloc
0x4340a4 HeapCreate
0x4340a8 GetModuleHandleW
0x4340ac Sleep
0x4340b0 ExitProcess
0x4340b4 WriteFile
0x4340b8 GetStdHandle
0x4340bc TlsGetValue
0x4340c0 TlsAlloc
0x4340c4 TlsSetValue
0x4340c8 TlsFree
0x4340cc InterlockedIncrement
0x4340d0 SetLastError
0x4340d4 GetCurrentThreadId
0x4340d8 GetLastError
0x4340dc HeapSize
0x4340e0 TerminateProcess
0x4340e4 UnhandledExceptionFilter
0x4340e8 SetUnhandledExceptionFilter
0x4340ec IsDebuggerPresent
0x4340f0 RtlUnwind
0x4340f4 SetHandleCount
0x4340f8 GetFileType
0x4340fc GetStartupInfoA
0x434100 SetFilePointer
0x434104 CloseHandle
0x434108 FreeEnvironmentStringsW
0x43410c QueryPerformanceCounter
0x434110 GetTickCount
0x434114 GetCurrentProcessId
0x434118 GetSystemTimeAsFileTime
0x43411c InitializeCriticalSectionAndSpinCount
0x434120 LoadLibraryA
0x434124 GetCPInfo
0x434128 GetACP
0x43412c GetOEMCP
0x434130 IsValidCodePage
0x434134 WideCharToMultiByte
0x434138 CreateFileA
0x43413c RaiseException
0x434140 SetStdHandle
0x434144 GetConsoleCP
0x434148 GetConsoleMode
0x43414c FlushFileBuffers
0x434150 GetStringTypeA
0x434154 MultiByteToWideChar
0x434158 GetStringTypeW
0x43415c LCMapStringA
0x434160 LCMapStringW
0x434164 SetEndOfFile
0x434168 GetProcessHeap
0x43416c ReadFile
0x434170 WriteConsoleA
USER32.dll
0x434178 RealChildWindowFromPoint
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12