ScreenShot
| Created | 2021.10.13 19:50 | Machine | s1_win7_x6402 |
| Filename | install.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (malicious, high confidence, Bulz, Artemis, Save, Balamid, Generic ML PUA, Unsafe, Score, kxxng, ai score=86, Tnega, Static AI, Suspicious PE, PossibleThreat, confidence) | ||
| md5 | 3ce561ff43324e120f554a04926948e2 | ||
| sha256 | 4de168b8d8439e1a1d77804f935b96e8f410b935c706ab17460ba3c7a6c74e81 | ||
| ssdeep | 98304:Z3Hn3FrhvFlTPTHRcqm/RWbUFl+tSPOg0Ryq7R9YBZn5V562ka:ZHR5PnR2/ItT1wq4n5V3n | ||
| imphash | ab2ba2cd627342a99318bbdfb697241c | ||
| impfuzzy | 12:9BnlYcL8wDfTdZtck+mSUC5kBZGoQtXJxZGb9AJcDfA5kLfP9m:7EwXtpC58QtXJHc9NDI5Q8 | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
WSOCK32.dll
0x140890000 gethostbyname
WINMM.dll
0x140890010 mixerGetLineInfoW
VERSION.dll
0x140890020 GetFileVersionInfoW
COMCTL32.dll
0x140890030 ImageList_Create
PSAPI.DLL
0x140890040 GetProcessImageFileNameW
WININET.dll
0x140890050 InternetOpenW
KERNEL32.dll
0x140890060 GetVersionExW
0x140890068 GetVersion
USER32.dll
0x140890078 MessageBeep
GDI32.dll
0x140890088 GetPixel
COMDLG32.dll
0x140890098 CommDlgExtendedError
ADVAPI32.dll
0x1408900a8 RegDeleteKeyW
SHELL32.dll
0x1408900b8 DragQueryPoint
ole32.dll
0x1408900c8 OleInitialize
OLEAUT32.dll
0x1408900d8 SafeArrayGetLBound
WTSAPI32.dll
0x1408900e8 WTSSendMessageW
KERNEL32.dll
0x1408900f8 FlsSetValue
USER32.dll
0x140890108 GetProcessWindowStation
KERNEL32.dll
0x140890118 LocalAlloc
0x140890120 LocalFree
0x140890128 GetModuleFileNameW
0x140890130 GetProcessAffinityMask
0x140890138 SetProcessAffinityMask
0x140890140 SetThreadAffinityMask
0x140890148 Sleep
0x140890150 ExitProcess
0x140890158 FreeLibrary
0x140890160 LoadLibraryA
0x140890168 GetModuleHandleA
0x140890170 GetProcAddress
USER32.dll
0x140890180 GetProcessWindowStation
0x140890188 GetUserObjectInformationW
EAT(Export Address Table) Library
WSOCK32.dll
0x140890000 gethostbyname
WINMM.dll
0x140890010 mixerGetLineInfoW
VERSION.dll
0x140890020 GetFileVersionInfoW
COMCTL32.dll
0x140890030 ImageList_Create
PSAPI.DLL
0x140890040 GetProcessImageFileNameW
WININET.dll
0x140890050 InternetOpenW
KERNEL32.dll
0x140890060 GetVersionExW
0x140890068 GetVersion
USER32.dll
0x140890078 MessageBeep
GDI32.dll
0x140890088 GetPixel
COMDLG32.dll
0x140890098 CommDlgExtendedError
ADVAPI32.dll
0x1408900a8 RegDeleteKeyW
SHELL32.dll
0x1408900b8 DragQueryPoint
ole32.dll
0x1408900c8 OleInitialize
OLEAUT32.dll
0x1408900d8 SafeArrayGetLBound
WTSAPI32.dll
0x1408900e8 WTSSendMessageW
KERNEL32.dll
0x1408900f8 FlsSetValue
USER32.dll
0x140890108 GetProcessWindowStation
KERNEL32.dll
0x140890118 LocalAlloc
0x140890120 LocalFree
0x140890128 GetModuleFileNameW
0x140890130 GetProcessAffinityMask
0x140890138 SetProcessAffinityMask
0x140890140 SetThreadAffinityMask
0x140890148 Sleep
0x140890150 ExitProcess
0x140890158 FreeLibrary
0x140890160 LoadLibraryA
0x140890168 GetModuleHandleA
0x140890170 GetProcAddress
USER32.dll
0x140890180 GetProcessWindowStation
0x140890188 GetUserObjectInformationW
EAT(Export Address Table) Library