ScreenShot
| Created | 2023.07.26 09:41 | Machine | s1_win7_x6401 |
| Filename | setup-rc18.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (Common, GenericKD, Artemis, unsafe, Vyrd, grayware, confidence, Attribute, HighConfidence, Malicious, score, Donut, Virut, bwpxnc, TrojanX, CLOUD, Shellcoderunner, Wacatac, Systweak, psyA, Detected, ai score=87, Gencirc, Behavior) | ||
| md5 | c7feee4698e4d22fead87c243d9cb8ad | ||
| sha256 | caa7643ffed1f6042896a2df3c799613bd323193fdfb8da5683832e369494da7 | ||
| ssdeep | 49152:3X7rf/f93D7jDwRpQF5AbLB/1eY+1K1BKbkKjWd2rMei6B:n7bVLD8pm5A3PeY+4sbkzdQPB | ||
| imphash | a94549878c259a0f21633bf9ee3fa800 | ||
| impfuzzy | 6:oI8TJlOiBJAEoZ/OEGDzyRkdc9KJAmsA2bS4QG:ogqABZG/Dz6mhB4QG | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14005629c FreeSid
COMCTL32.dll
0x1400562ac None
GDI32.dll
0x1400562bc DeleteDC
KERNEL32.DLL
0x1400562cc LoadLibraryA
0x1400562d4 ExitProcess
0x1400562dc GetProcAddress
0x1400562e4 VirtualProtect
msvcrt.dll
0x1400562f4 free
ole32.dll
0x140056304 CoInitialize
OLEAUT32.dll
0x140056314 OleLoadPicture
SHELL32.dll
0x140056324 SHGetMalloc
USER32.dll
0x140056334 GetDC
EAT(Export Address Table) is none
ADVAPI32.dll
0x14005629c FreeSid
COMCTL32.dll
0x1400562ac None
GDI32.dll
0x1400562bc DeleteDC
KERNEL32.DLL
0x1400562cc LoadLibraryA
0x1400562d4 ExitProcess
0x1400562dc GetProcAddress
0x1400562e4 VirtualProtect
msvcrt.dll
0x1400562f4 free
ole32.dll
0x140056304 CoInitialize
OLEAUT32.dll
0x140056314 OleLoadPicture
SHELL32.dll
0x140056324 SHGetMalloc
USER32.dll
0x140056334 GetDC
EAT(Export Address Table) is none