ScreenShot
| Created | 2023.06.05 16:49 | Machine | s1_win7_x6403 |
| Filename | Setup.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (AIDetectMalware, Convagent, malicious, high confidence, Mikey, unsafe, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, HTQK, score, CrypterX, CLOUD, RedLineNET, Artemis, high, Casdet, Detected, ai score=89, FakeMS, Genetic, AMADEY, YXDFEZ, FalseSign, Itgl, HTSE) | ||
| md5 | c28cc92a7c78b96bec58fa3e5398074a | ||
| sha256 | 26bc9287f34be69cef7beca9e91c4a4f1de6f5934d9bc643f8d8de7754bda294 | ||
| ssdeep | 12288:ir0/cxQev8EC1QdxTq+Oii1VUf0aJvb/x:e0/Tevs1QdNNg/Uf0aJvDx | ||
| imphash | 562d80e80506d670bb0daaf0cbeebb79 | ||
| impfuzzy | 24:mDjk2+fcM1t0jOov1lwnJ3cQFQHRyvnRT4YjMZEZr9plIE:I+fcM1t0CHZcoRcGZXT | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a000 GetProcAddress
0x41a004 GetModuleHandleA
0x41a008 MultiByteToWideChar
0x41a00c DeleteAtom
0x41a010 InterlockedIncrement
0x41a014 InterlockedDecrement
0x41a018 Sleep
0x41a01c InitializeCriticalSection
0x41a020 DeleteCriticalSection
0x41a024 EnterCriticalSection
0x41a028 LeaveCriticalSection
0x41a02c RtlUnwind
0x41a030 TerminateProcess
0x41a034 GetCurrentProcess
0x41a038 UnhandledExceptionFilter
0x41a03c SetUnhandledExceptionFilter
0x41a040 IsDebuggerPresent
0x41a044 RaiseException
0x41a048 GetCommandLineA
0x41a04c GetLastError
0x41a050 HeapFree
0x41a054 LCMapStringA
0x41a058 WideCharToMultiByte
0x41a05c LCMapStringW
0x41a060 GetCPInfo
0x41a064 HeapAlloc
0x41a068 GetModuleHandleW
0x41a06c TlsGetValue
0x41a070 TlsAlloc
0x41a074 TlsSetValue
0x41a078 TlsFree
0x41a07c SetLastError
0x41a080 GetCurrentThreadId
0x41a084 ExitProcess
0x41a088 WriteFile
0x41a08c GetStdHandle
0x41a090 GetModuleFileNameA
0x41a094 FreeEnvironmentStringsA
0x41a098 GetEnvironmentStrings
0x41a09c FreeEnvironmentStringsW
0x41a0a0 GetEnvironmentStringsW
0x41a0a4 SetHandleCount
0x41a0a8 GetFileType
0x41a0ac GetStartupInfoA
0x41a0b0 HeapCreate
0x41a0b4 VirtualFree
0x41a0b8 QueryPerformanceCounter
0x41a0bc GetTickCount
0x41a0c0 GetCurrentProcessId
0x41a0c4 GetSystemTimeAsFileTime
0x41a0c8 VirtualAlloc
0x41a0cc HeapReAlloc
0x41a0d0 GetConsoleCP
0x41a0d4 GetConsoleMode
0x41a0d8 FlushFileBuffers
0x41a0dc ReadFile
0x41a0e0 SetFilePointer
0x41a0e4 CloseHandle
0x41a0e8 HeapSize
0x41a0ec GetACP
0x41a0f0 GetOEMCP
0x41a0f4 IsValidCodePage
0x41a0f8 GetLocaleInfoA
0x41a0fc GetStringTypeA
0x41a100 GetStringTypeW
0x41a104 GetUserDefaultLCID
0x41a108 EnumSystemLocalesA
0x41a10c IsValidLocale
0x41a110 LoadLibraryA
0x41a114 InitializeCriticalSectionAndSpinCount
0x41a118 WriteConsoleA
0x41a11c GetConsoleOutputCP
0x41a120 WriteConsoleW
0x41a124 SetStdHandle
0x41a128 GetLocaleInfoW
0x41a12c CreateFileA
EAT(Export Address Table) is none
KERNEL32.dll
0x41a000 GetProcAddress
0x41a004 GetModuleHandleA
0x41a008 MultiByteToWideChar
0x41a00c DeleteAtom
0x41a010 InterlockedIncrement
0x41a014 InterlockedDecrement
0x41a018 Sleep
0x41a01c InitializeCriticalSection
0x41a020 DeleteCriticalSection
0x41a024 EnterCriticalSection
0x41a028 LeaveCriticalSection
0x41a02c RtlUnwind
0x41a030 TerminateProcess
0x41a034 GetCurrentProcess
0x41a038 UnhandledExceptionFilter
0x41a03c SetUnhandledExceptionFilter
0x41a040 IsDebuggerPresent
0x41a044 RaiseException
0x41a048 GetCommandLineA
0x41a04c GetLastError
0x41a050 HeapFree
0x41a054 LCMapStringA
0x41a058 WideCharToMultiByte
0x41a05c LCMapStringW
0x41a060 GetCPInfo
0x41a064 HeapAlloc
0x41a068 GetModuleHandleW
0x41a06c TlsGetValue
0x41a070 TlsAlloc
0x41a074 TlsSetValue
0x41a078 TlsFree
0x41a07c SetLastError
0x41a080 GetCurrentThreadId
0x41a084 ExitProcess
0x41a088 WriteFile
0x41a08c GetStdHandle
0x41a090 GetModuleFileNameA
0x41a094 FreeEnvironmentStringsA
0x41a098 GetEnvironmentStrings
0x41a09c FreeEnvironmentStringsW
0x41a0a0 GetEnvironmentStringsW
0x41a0a4 SetHandleCount
0x41a0a8 GetFileType
0x41a0ac GetStartupInfoA
0x41a0b0 HeapCreate
0x41a0b4 VirtualFree
0x41a0b8 QueryPerformanceCounter
0x41a0bc GetTickCount
0x41a0c0 GetCurrentProcessId
0x41a0c4 GetSystemTimeAsFileTime
0x41a0c8 VirtualAlloc
0x41a0cc HeapReAlloc
0x41a0d0 GetConsoleCP
0x41a0d4 GetConsoleMode
0x41a0d8 FlushFileBuffers
0x41a0dc ReadFile
0x41a0e0 SetFilePointer
0x41a0e4 CloseHandle
0x41a0e8 HeapSize
0x41a0ec GetACP
0x41a0f0 GetOEMCP
0x41a0f4 IsValidCodePage
0x41a0f8 GetLocaleInfoA
0x41a0fc GetStringTypeA
0x41a100 GetStringTypeW
0x41a104 GetUserDefaultLCID
0x41a108 EnumSystemLocalesA
0x41a10c IsValidLocale
0x41a110 LoadLibraryA
0x41a114 InitializeCriticalSectionAndSpinCount
0x41a118 WriteConsoleA
0x41a11c GetConsoleOutputCP
0x41a120 WriteConsoleW
0x41a124 SetStdHandle
0x41a128 GetLocaleInfoW
0x41a12c CreateFileA
EAT(Export Address Table) is none