ScreenShot
| Created | 2023.09.19 10:33 | Machine | s1_win7_x6402 |
| Filename | Firefox_Installer.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 655878c402fe774ad4af71d78ea7d30f | ||
| sha256 | 95b3ca4e561980e5c145b4d327799b8a1a3c545fc35e9692cc721b1dbeb93c45 | ||
| ssdeep | 6144:maVWdyzOxeA1DfdwX3MmIOiqIRiuDN+L6WiEK5BfBG69AWsY2XITpJ7C5Y5+68:mMROxdDfOnMmXjEp+L6WifD5reRY/Tp+ | ||
| imphash | 05d3dce2be32df01ca249872dd2cc117 | ||
| impfuzzy | 3:swBJAEPw1MO/OywS9KTXzhAXwEQaxRGUCln:dBJAEoZ/OEGDzyRkl | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Performs some HTTP requests |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable uses a known packer |
| info | Tries to locate where the browsers are installed |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | NSIS_Installer | Null Soft Installer | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | JPEG_Format_Zero | JPEG Format | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x445b88 LoadLibraryA
0x445b8c ExitProcess
0x445b90 GetProcAddress
0x445b94 VirtualProtect
MSVCRT.dll
0x445b9c free
EAT(Export Address Table) is none
KERNEL32.DLL
0x445b88 LoadLibraryA
0x445b8c ExitProcess
0x445b90 GetProcAddress
0x445b94 VirtualProtect
MSVCRT.dll
0x445b9c free
EAT(Export Address Table) is none