ScreenShot
| Created | 2023.09.02 18:40 | Machine | s1_win7_x6403 |
| Filename | Install_WinX64X86.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (AIDetectMalware, Vo3u, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, score, Static AI, Suspicious PE, GrayWare, Wacapew, Casdet, Artemis, Outbreak, PossibleThreat, PALLAS) | ||
| md5 | ebd57653d474ebeb5c5df2c19df6912b | ||
| sha256 | f4b17c300b847ffaee23c8391d8e9816f97e1cecf6ea453dafd3e57da73fd32a | ||
| ssdeep | 98304:3hzMQFcIKsJatIXw4KpLwrWA5dgedb7a2ZO3u0f9gedfjp6/dgWxVwnSM61n3:3hzrFcIKdQlCwrWNeF7JZO3ucgedfj0R | ||
| imphash | 0130bd85ad1b4bdd4689797fdfbef9b9 | ||
| impfuzzy | 24:zdOov+x0Jb9ttDRXIlyvp688T4Rfr1tQzRS5ROaT:zIFs4KpkcRfZtW4RlT | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | themida_packer | themida packer | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x14018d578 GetModuleHandleA
0x14018d580 VirtualProtect
0x14018d588 GetModuleHandleW
0x14018d590 GetModuleFileNameW
0x14018d598 GetCurrentThreadId
0x14018d5a0 FlsSetValue
0x14018d5a8 GetCommandLineA
0x14018d5b0 RtlUnwindEx
0x14018d5b8 EncodePointer
0x14018d5c0 FlsGetValue
0x14018d5c8 FlsFree
0x14018d5d0 SetLastError
0x14018d5d8 GetLastError
0x14018d5e0 FlsAlloc
0x14018d5e8 HeapFree
0x14018d5f0 Sleep
0x14018d5f8 GetProcAddress
0x14018d600 ExitProcess
0x14018d608 DecodePointer
0x14018d610 SetHandleCount
0x14018d618 GetStdHandle
0x14018d620 InitializeCriticalSectionAndSpinCount
0x14018d628 GetFileType
0x14018d630 GetStartupInfoW
0x14018d638 DeleteCriticalSection
0x14018d640 GetModuleFileNameA
0x14018d648 FreeEnvironmentStringsW
0x14018d650 WideCharToMultiByte
0x14018d658 GetEnvironmentStringsW
0x14018d660 HeapSetInformation
0x14018d668 GetVersion
0x14018d670 HeapCreate
0x14018d678 HeapDestroy
0x14018d680 QueryPerformanceCounter
0x14018d688 GetTickCount
0x14018d690 GetCurrentProcessId
0x14018d698 GetSystemTimeAsFileTime
0x14018d6a0 LeaveCriticalSection
0x14018d6a8 EnterCriticalSection
0x14018d6b0 GetCPInfo
0x14018d6b8 GetACP
0x14018d6c0 GetOEMCP
0x14018d6c8 IsValidCodePage
0x14018d6d0 HeapAlloc
0x14018d6d8 HeapReAlloc
0x14018d6e0 LoadLibraryW
0x14018d6e8 UnhandledExceptionFilter
0x14018d6f0 SetUnhandledExceptionFilter
0x14018d6f8 IsDebuggerPresent
0x14018d700 RtlVirtualUnwind
0x14018d708 RtlLookupFunctionEntry
0x14018d710 RtlCaptureContext
0x14018d718 TerminateProcess
0x14018d720 GetCurrentProcess
0x14018d728 WriteFile
0x14018d730 LCMapStringW
0x14018d738 MultiByteToWideChar
0x14018d740 GetStringTypeW
0x14018d748 HeapSize
USER32.dll
0x14018d758 ShowWindow
ADVAPI32.dll
0x14018d768 ConvertSidToStringSidW
SHELL32.dll
0x14018d778 SHGetFolderPathW
CRYPT32.dll
0x14018d788 CryptUnprotectData
NETAPI32.dll
0x14018d798 NetUserEnum
WS2_32.dll
0x14018d7a8 recv
EAT(Export Address Table) is none
kernel32.dll
0x14018d578 GetModuleHandleA
0x14018d580 VirtualProtect
0x14018d588 GetModuleHandleW
0x14018d590 GetModuleFileNameW
0x14018d598 GetCurrentThreadId
0x14018d5a0 FlsSetValue
0x14018d5a8 GetCommandLineA
0x14018d5b0 RtlUnwindEx
0x14018d5b8 EncodePointer
0x14018d5c0 FlsGetValue
0x14018d5c8 FlsFree
0x14018d5d0 SetLastError
0x14018d5d8 GetLastError
0x14018d5e0 FlsAlloc
0x14018d5e8 HeapFree
0x14018d5f0 Sleep
0x14018d5f8 GetProcAddress
0x14018d600 ExitProcess
0x14018d608 DecodePointer
0x14018d610 SetHandleCount
0x14018d618 GetStdHandle
0x14018d620 InitializeCriticalSectionAndSpinCount
0x14018d628 GetFileType
0x14018d630 GetStartupInfoW
0x14018d638 DeleteCriticalSection
0x14018d640 GetModuleFileNameA
0x14018d648 FreeEnvironmentStringsW
0x14018d650 WideCharToMultiByte
0x14018d658 GetEnvironmentStringsW
0x14018d660 HeapSetInformation
0x14018d668 GetVersion
0x14018d670 HeapCreate
0x14018d678 HeapDestroy
0x14018d680 QueryPerformanceCounter
0x14018d688 GetTickCount
0x14018d690 GetCurrentProcessId
0x14018d698 GetSystemTimeAsFileTime
0x14018d6a0 LeaveCriticalSection
0x14018d6a8 EnterCriticalSection
0x14018d6b0 GetCPInfo
0x14018d6b8 GetACP
0x14018d6c0 GetOEMCP
0x14018d6c8 IsValidCodePage
0x14018d6d0 HeapAlloc
0x14018d6d8 HeapReAlloc
0x14018d6e0 LoadLibraryW
0x14018d6e8 UnhandledExceptionFilter
0x14018d6f0 SetUnhandledExceptionFilter
0x14018d6f8 IsDebuggerPresent
0x14018d700 RtlVirtualUnwind
0x14018d708 RtlLookupFunctionEntry
0x14018d710 RtlCaptureContext
0x14018d718 TerminateProcess
0x14018d720 GetCurrentProcess
0x14018d728 WriteFile
0x14018d730 LCMapStringW
0x14018d738 MultiByteToWideChar
0x14018d740 GetStringTypeW
0x14018d748 HeapSize
USER32.dll
0x14018d758 ShowWindow
ADVAPI32.dll
0x14018d768 ConvertSidToStringSidW
SHELL32.dll
0x14018d778 SHGetFolderPathW
CRYPT32.dll
0x14018d788 CryptUnprotectData
NETAPI32.dll
0x14018d798 NetUserEnum
WS2_32.dll
0x14018d7a8 recv
EAT(Export Address Table) is none