Report - instd.exe

Malicious Packer Malicious Library PE File PE32
ScreenShot
Created 2021.11.01 18:00 Machine s1_win7_x6401
Filename instd.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
7
Behavior Score
1.8
ZERO API file : clean
VT API (file) 46 detected (AIDetect, malware1, Malicious, high confidence, score, Unsafe, Save, Attribute, HighConfidence, a variant of Generik, HOTRTHM, Zenpak, UnclassifiedMalware@0, Upatre, kcloud, Sabsik, Artemis, ai score=100, BScope, Mufila, MachineLearning, Anomalous, R002H07JU21, Generic@ML, RDMK, 5Mo5Q4NVKDVk0zFMidBEzQ, ns9gDCep0oM, Static AI, Malicious PE, PossibleThreat, confidence)
md5 eea1c3d1ab9dd50b3dae826b35c8b138
sha256 7e148999439b83e74d823e98f7a82e4bd75d5e259e4c6351aabbb446eb9dfcc8
ssdeep 6144:lRqUj7H4qyEcBDcUGi9ghYW2bGj9Gz+NpYg5iYI5Lw6/30iEtE/6uz6HgNQHJxWU:lRq47H/tcBDcUG6ghSW9GiNpYJYI5U6M
imphash ca4c54abb883e5c1afbe2edfacafd15e
impfuzzy 12:/B+5QGu4Gv+GXR1y5hF89qAxDZ1mBZGqe:/B+5T0v+GGVFmDZ1gk
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 46 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable uses a known packer

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

MSVCRT.dll
 0x42f030 _controlfp
 0x42f034 _except_handler3
 0x42f038 __set_app_type
 0x42f03c __p__fmode
 0x42f040 __p__commode
 0x42f044 _adjust_fdiv
 0x42f048 __setusermatherr
 0x42f04c _initterm
 0x42f050 __wgetmainargs
 0x42f054 _wcmdln
 0x42f058 exit
 0x42f05c _XcptFilter
 0x42f060 _exit
 0x42f064 srand
 0x42f068 rand
 0x42f06c memset
KERNEL32.dll
 0x42f000 GetStartupInfoW
 0x42f004 GetModuleHandleW
 0x42f008 lstrcmpiW
 0x42f00c LoadLibraryA
 0x42f010 VirtualAlloc
 0x42f014 GetProcAddress
 0x42f018 VirtualAllocExNuma
 0x42f01c VirtualFree
 0x42f020 GetCurrentProcess
 0x42f024 ExitProcess
 0x42f028 GetSystemTimeAsFileTime

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure