ScreenShot
| Created | 2022.12.13 17:27 | Machine | s1_win7_x6401 |
| Filename | setup.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetect, malware2, malicious, high confidence, score, Artemis, Unsafe, Anya, Strab, Tedy, ZexaF, EvX@ae@SePoO, Attribute, HighConfidence, GenKryptik, GDOD, TrojanX, SmallAgent, ai score=87, MachineLearning, Anomalous, Kryptik, CLOUD, susgen, PossibleThreat) | ||
| md5 | 74ec11c582f37ac01c64d7d272e924fe | ||
| sha256 | 8b7011f3551a3ba449d06b7b26830ff0a66861fb22cbd50454d8f9297f2bf362 | ||
| ssdeep | 24576:l7LZ7EeJEjNKrKvH1q5IXCm87+eQ6R5Px+lCYoyiezz9+cxBge2PqQAWD:vWCKvH1q5ISP7+BU+l4yaD | ||
| imphash | 545349dda8d13c4ab678a9966d7c7a40 | ||
| impfuzzy | 24:xjlTP1I9c1IdzkJmHZg1mRYxtcbnD6kxHuOZyvDwRXf2plWm4iz51hwkgt/:TK9JBTg1myxtcxuDsXfSIm405D/gt/ | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x54b008 HeapAlloc
0x54b00c WaitForSingleObject
0x54b010 GetTickCount
0x54b014 GetProcessHeap
0x54b018 IsBadReadPtr
0x54b01c GetConsoleTitleA
0x54b020 Sleep
0x54b024 FormatMessageW
0x54b028 HeapCreate
0x54b02c GetFileAttributesW
0x54b030 SetConsoleTitleA
0x54b034 RaiseException
0x54b038 GetLastError
0x54b03c GetCurrentDirectoryW
0x54b040 SetLastError
0x54b044 TlsGetValue
0x54b048 GetCurrentConsoleFont
0x54b04c GetThreadId
0x54b050 GetCurrentThreadId
0x54b054 TlsAlloc
0x54b058 CloseHandle
0x54b05c GetCurrentProcessId
0x54b060 CreateThread
0x54b064 IsValidCodePage
0x54b068 ExitProcess
0x54b06c TerminateProcess
0x54b070 GetCurrentProcess
0x54b074 UnhandledExceptionFilter
0x54b078 SetUnhandledExceptionFilter
0x54b07c IsDebuggerPresent
0x54b080 GetStartupInfoW
0x54b084 RtlUnwind
0x54b088 HeapFree
0x54b08c GetModuleHandleW
0x54b090 GetProcAddress
0x54b094 TlsSetValue
0x54b098 TlsFree
0x54b09c InterlockedIncrement
0x54b0a0 InterlockedDecrement
0x54b0a4 HeapSize
0x54b0a8 WriteFile
0x54b0ac GetStdHandle
0x54b0b0 GetModuleFileNameA
0x54b0b4 GetModuleFileNameW
0x54b0b8 FreeEnvironmentStringsW
0x54b0bc GetEnvironmentStringsW
0x54b0c0 GetCommandLineW
0x54b0c4 SetHandleCount
0x54b0c8 GetFileType
0x54b0cc GetStartupInfoA
0x54b0d0 DeleteCriticalSection
0x54b0d4 VirtualFree
0x54b0d8 QueryPerformanceCounter
0x54b0dc GetSystemTimeAsFileTime
0x54b0e0 LeaveCriticalSection
0x54b0e4 EnterCriticalSection
0x54b0e8 VirtualAlloc
0x54b0ec HeapReAlloc
0x54b0f0 GetCPInfo
0x54b0f4 GetACP
0x54b0f8 GetOEMCP
0x54b0fc LoadLibraryA
0x54b100 InitializeCriticalSectionAndSpinCount
0x54b104 LCMapStringA
0x54b108 WideCharToMultiByte
0x54b10c MultiByteToWideChar
0x54b110 LCMapStringW
0x54b114 GetStringTypeA
0x54b118 GetStringTypeW
0x54b11c GetLocaleInfoA
0x54b120 GetModuleHandleA
USER32.dll
0x54b128 GetDC
0x54b12c GetForegroundWindow
0x54b130 ReleaseDC
0x54b134 GetActiveWindow
0x54b138 MessageBoxW
0x54b13c GetLastActivePopup
GDI32.dll
0x54b000 GetDeviceCaps
EAT(Export Address Table) is none
KERNEL32.dll
0x54b008 HeapAlloc
0x54b00c WaitForSingleObject
0x54b010 GetTickCount
0x54b014 GetProcessHeap
0x54b018 IsBadReadPtr
0x54b01c GetConsoleTitleA
0x54b020 Sleep
0x54b024 FormatMessageW
0x54b028 HeapCreate
0x54b02c GetFileAttributesW
0x54b030 SetConsoleTitleA
0x54b034 RaiseException
0x54b038 GetLastError
0x54b03c GetCurrentDirectoryW
0x54b040 SetLastError
0x54b044 TlsGetValue
0x54b048 GetCurrentConsoleFont
0x54b04c GetThreadId
0x54b050 GetCurrentThreadId
0x54b054 TlsAlloc
0x54b058 CloseHandle
0x54b05c GetCurrentProcessId
0x54b060 CreateThread
0x54b064 IsValidCodePage
0x54b068 ExitProcess
0x54b06c TerminateProcess
0x54b070 GetCurrentProcess
0x54b074 UnhandledExceptionFilter
0x54b078 SetUnhandledExceptionFilter
0x54b07c IsDebuggerPresent
0x54b080 GetStartupInfoW
0x54b084 RtlUnwind
0x54b088 HeapFree
0x54b08c GetModuleHandleW
0x54b090 GetProcAddress
0x54b094 TlsSetValue
0x54b098 TlsFree
0x54b09c InterlockedIncrement
0x54b0a0 InterlockedDecrement
0x54b0a4 HeapSize
0x54b0a8 WriteFile
0x54b0ac GetStdHandle
0x54b0b0 GetModuleFileNameA
0x54b0b4 GetModuleFileNameW
0x54b0b8 FreeEnvironmentStringsW
0x54b0bc GetEnvironmentStringsW
0x54b0c0 GetCommandLineW
0x54b0c4 SetHandleCount
0x54b0c8 GetFileType
0x54b0cc GetStartupInfoA
0x54b0d0 DeleteCriticalSection
0x54b0d4 VirtualFree
0x54b0d8 QueryPerformanceCounter
0x54b0dc GetSystemTimeAsFileTime
0x54b0e0 LeaveCriticalSection
0x54b0e4 EnterCriticalSection
0x54b0e8 VirtualAlloc
0x54b0ec HeapReAlloc
0x54b0f0 GetCPInfo
0x54b0f4 GetACP
0x54b0f8 GetOEMCP
0x54b0fc LoadLibraryA
0x54b100 InitializeCriticalSectionAndSpinCount
0x54b104 LCMapStringA
0x54b108 WideCharToMultiByte
0x54b10c MultiByteToWideChar
0x54b110 LCMapStringW
0x54b114 GetStringTypeA
0x54b118 GetStringTypeW
0x54b11c GetLocaleInfoA
0x54b120 GetModuleHandleA
USER32.dll
0x54b128 GetDC
0x54b12c GetForegroundWindow
0x54b130 ReleaseDC
0x54b134 GetActiveWindow
0x54b138 MessageBoxW
0x54b13c GetLastActivePopup
GDI32.dll
0x54b000 GetDeviceCaps
EAT(Export Address Table) is none