ScreenShot
| Created | 2023.08.09 17:02 | Machine | s1_win7_x6403 |
| Filename | setup294.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | |||
| md5 | bf6993bcabf40b1643e5d7abf6710762 | ||
| sha256 | 32d2a1a85be09b98b1ad7991d0db9696c5467422abe13dabd1fc044269efcad9 | ||
| ssdeep | 49152:mDkUrjygtaIflML9IewfxyFhoPfKRGjSAJVy4CyqAC2UoJE4JL+HLE/y3/KQNI:m4USgJ2IFsqSRGe+WgLHqw/y3SR | ||
| imphash | fa8d20faea9ef7b4e2b7fbfe93442593 | ||
| impfuzzy | 48:J9FprOcLy1XFjn6S3NYfBtDXMKc+pncEpFH:JVrFLy1XFLDufBtDXMKc+pn7pFH | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Drops an executable to the user AppData folder |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (17cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x429000 GetLastError
0x429004 SetLastError
0x429008 FormatMessageW
0x42900c GetFileType
0x429010 GetStdHandle
0x429014 WriteFile
0x429018 ReadFile
0x42901c FlushFileBuffers
0x429020 SetEndOfFile
0x429024 SetFilePointer
0x429028 SetFileTime
0x42902c CloseHandle
0x429030 CreateFileW
0x429034 GetCurrentProcessId
0x429038 CreateDirectoryW
0x42903c SetFileAttributesW
0x429040 GetFileAttributesW
0x429044 DeleteFileW
0x429048 MoveFileW
0x42904c FindClose
0x429050 FindFirstFileW
0x429054 FindNextFileW
0x429058 GetVersionExW
0x42905c GetCurrentDirectoryW
0x429060 GetFullPathNameW
0x429064 FoldStringW
0x429068 GetModuleFileNameW
0x42906c GetModuleHandleW
0x429070 FindResourceW
0x429074 FreeLibrary
0x429078 GetProcAddress
0x42907c ExitProcess
0x429080 SetThreadExecutionState
0x429084 Sleep
0x429088 LoadLibraryW
0x42908c GetSystemDirectoryW
0x429090 CompareStringW
0x429094 AllocConsole
0x429098 FreeConsole
0x42909c AttachConsole
0x4290a0 WriteConsoleW
0x4290a4 SystemTimeToTzSpecificLocalTime
0x4290a8 TzSpecificLocalTimeToSystemTime
0x4290ac SystemTimeToFileTime
0x4290b0 LocalFileTimeToFileTime
0x4290b4 FileTimeToSystemTime
0x4290b8 GetCPInfo
0x4290bc IsDBCSLeadByte
0x4290c0 MultiByteToWideChar
0x4290c4 WideCharToMultiByte
0x4290c8 GlobalAlloc
0x4290cc LockResource
0x4290d0 GlobalLock
0x4290d4 GlobalUnlock
0x4290d8 GlobalFree
0x4290dc LoadResource
0x4290e0 SizeofResource
0x4290e4 SetCurrentDirectoryW
0x4290e8 GetTimeFormatW
0x4290ec GetDateFormatW
0x4290f0 LocalFree
0x4290f4 GetCurrentProcess
0x4290f8 GetExitCodeProcess
0x4290fc WaitForSingleObject
0x429100 GetLocalTime
0x429104 GetTickCount
0x429108 MapViewOfFile
0x42910c UnmapViewOfFile
0x429110 CreateFileMappingW
0x429114 OpenFileMappingW
0x429118 GetCommandLineW
0x42911c SetEnvironmentVariableW
0x429120 ExpandEnvironmentStringsW
0x429124 GetTempPathW
0x429128 MoveFileExW
0x42912c GetLocaleInfoW
0x429130 GetNumberFormatW
0x429134 GetOEMCP
0x429138 DecodePointer
0x42913c SetFilePointerEx
0x429140 GetConsoleMode
0x429144 GetConsoleCP
0x429148 HeapSize
0x42914c SetStdHandle
0x429150 GetProcessHeap
0x429154 FreeEnvironmentStringsW
0x429158 GetEnvironmentStringsW
0x42915c RaiseException
0x429160 GetSystemInfo
0x429164 VirtualProtect
0x429168 VirtualQuery
0x42916c LoadLibraryExA
0x429170 IsProcessorFeaturePresent
0x429174 IsDebuggerPresent
0x429178 UnhandledExceptionFilter
0x42917c SetUnhandledExceptionFilter
0x429180 GetStartupInfoW
0x429184 QueryPerformanceCounter
0x429188 GetCurrentThreadId
0x42918c GetSystemTimeAsFileTime
0x429190 InitializeSListHead
0x429194 TerminateProcess
0x429198 RtlUnwind
0x42919c EncodePointer
0x4291a0 EnterCriticalSection
0x4291a4 LeaveCriticalSection
0x4291a8 DeleteCriticalSection
0x4291ac InitializeCriticalSectionAndSpinCount
0x4291b0 TlsAlloc
0x4291b4 TlsGetValue
0x4291b8 TlsSetValue
0x4291bc TlsFree
0x4291c0 LoadLibraryExW
0x4291c4 QueryPerformanceFrequency
0x4291c8 GetModuleHandleExW
0x4291cc GetModuleFileNameA
0x4291d0 GetACP
0x4291d4 HeapFree
0x4291d8 HeapAlloc
0x4291dc HeapReAlloc
0x4291e0 GetStringTypeW
0x4291e4 LCMapStringW
0x4291e8 FindFirstFileExA
0x4291ec FindNextFileA
0x4291f0 IsValidCodePage
0x4291f4 GetCommandLineA
OLEAUT32.dll
0x4291fc VariantClear
gdiplus.dll
0x429204 GdipCreateBitmapFromStream
0x429208 GdipAlloc
0x42920c GdipCloneImage
0x429210 GdipDisposeImage
0x429214 GdipCreateBitmapFromStreamICM
0x429218 GdipCreateHBITMAPFromBitmap
0x42921c GdiplusStartup
0x429220 GdiplusShutdown
0x429224 GdipFree
EAT(Export Address Table) Library
KERNEL32.dll
0x429000 GetLastError
0x429004 SetLastError
0x429008 FormatMessageW
0x42900c GetFileType
0x429010 GetStdHandle
0x429014 WriteFile
0x429018 ReadFile
0x42901c FlushFileBuffers
0x429020 SetEndOfFile
0x429024 SetFilePointer
0x429028 SetFileTime
0x42902c CloseHandle
0x429030 CreateFileW
0x429034 GetCurrentProcessId
0x429038 CreateDirectoryW
0x42903c SetFileAttributesW
0x429040 GetFileAttributesW
0x429044 DeleteFileW
0x429048 MoveFileW
0x42904c FindClose
0x429050 FindFirstFileW
0x429054 FindNextFileW
0x429058 GetVersionExW
0x42905c GetCurrentDirectoryW
0x429060 GetFullPathNameW
0x429064 FoldStringW
0x429068 GetModuleFileNameW
0x42906c GetModuleHandleW
0x429070 FindResourceW
0x429074 FreeLibrary
0x429078 GetProcAddress
0x42907c ExitProcess
0x429080 SetThreadExecutionState
0x429084 Sleep
0x429088 LoadLibraryW
0x42908c GetSystemDirectoryW
0x429090 CompareStringW
0x429094 AllocConsole
0x429098 FreeConsole
0x42909c AttachConsole
0x4290a0 WriteConsoleW
0x4290a4 SystemTimeToTzSpecificLocalTime
0x4290a8 TzSpecificLocalTimeToSystemTime
0x4290ac SystemTimeToFileTime
0x4290b0 LocalFileTimeToFileTime
0x4290b4 FileTimeToSystemTime
0x4290b8 GetCPInfo
0x4290bc IsDBCSLeadByte
0x4290c0 MultiByteToWideChar
0x4290c4 WideCharToMultiByte
0x4290c8 GlobalAlloc
0x4290cc LockResource
0x4290d0 GlobalLock
0x4290d4 GlobalUnlock
0x4290d8 GlobalFree
0x4290dc LoadResource
0x4290e0 SizeofResource
0x4290e4 SetCurrentDirectoryW
0x4290e8 GetTimeFormatW
0x4290ec GetDateFormatW
0x4290f0 LocalFree
0x4290f4 GetCurrentProcess
0x4290f8 GetExitCodeProcess
0x4290fc WaitForSingleObject
0x429100 GetLocalTime
0x429104 GetTickCount
0x429108 MapViewOfFile
0x42910c UnmapViewOfFile
0x429110 CreateFileMappingW
0x429114 OpenFileMappingW
0x429118 GetCommandLineW
0x42911c SetEnvironmentVariableW
0x429120 ExpandEnvironmentStringsW
0x429124 GetTempPathW
0x429128 MoveFileExW
0x42912c GetLocaleInfoW
0x429130 GetNumberFormatW
0x429134 GetOEMCP
0x429138 DecodePointer
0x42913c SetFilePointerEx
0x429140 GetConsoleMode
0x429144 GetConsoleCP
0x429148 HeapSize
0x42914c SetStdHandle
0x429150 GetProcessHeap
0x429154 FreeEnvironmentStringsW
0x429158 GetEnvironmentStringsW
0x42915c RaiseException
0x429160 GetSystemInfo
0x429164 VirtualProtect
0x429168 VirtualQuery
0x42916c LoadLibraryExA
0x429170 IsProcessorFeaturePresent
0x429174 IsDebuggerPresent
0x429178 UnhandledExceptionFilter
0x42917c SetUnhandledExceptionFilter
0x429180 GetStartupInfoW
0x429184 QueryPerformanceCounter
0x429188 GetCurrentThreadId
0x42918c GetSystemTimeAsFileTime
0x429190 InitializeSListHead
0x429194 TerminateProcess
0x429198 RtlUnwind
0x42919c EncodePointer
0x4291a0 EnterCriticalSection
0x4291a4 LeaveCriticalSection
0x4291a8 DeleteCriticalSection
0x4291ac InitializeCriticalSectionAndSpinCount
0x4291b0 TlsAlloc
0x4291b4 TlsGetValue
0x4291b8 TlsSetValue
0x4291bc TlsFree
0x4291c0 LoadLibraryExW
0x4291c4 QueryPerformanceFrequency
0x4291c8 GetModuleHandleExW
0x4291cc GetModuleFileNameA
0x4291d0 GetACP
0x4291d4 HeapFree
0x4291d8 HeapAlloc
0x4291dc HeapReAlloc
0x4291e0 GetStringTypeW
0x4291e4 LCMapStringW
0x4291e8 FindFirstFileExA
0x4291ec FindNextFileA
0x4291f0 IsValidCodePage
0x4291f4 GetCommandLineA
OLEAUT32.dll
0x4291fc VariantClear
gdiplus.dll
0x429204 GdipCreateBitmapFromStream
0x429208 GdipAlloc
0x42920c GdipCloneImage
0x429210 GdipDisposeImage
0x429214 GdipCreateBitmapFromStreamICM
0x429218 GdipCreateHBITMAPFromBitmap
0x42921c GdiplusStartup
0x429220 GdiplusShutdown
0x429224 GdipFree
EAT(Export Address Table) Library