ScreenShot
| Created | 2023.10.04 09:38 | Machine | s1_win7_x6401 |
| Filename | BonitSetup.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | |||
| md5 | 22bddfd1a372bb47701d241dcc17660b | ||
| sha256 | 5f1251f3bc4c36f49b623bef0d45a4805098284753e232263da842fe857793b4 | ||
| ssdeep | 1572864:P2syXKJyoidBRGQ53ffLogxfj3K3PPAzrvmarBpo4vv7:P2syXFv9UOm3AXSS7 | ||
| imphash | dc8d52d7bb9aec3a7e2ae53078ff6c6e | ||
| impfuzzy | 48:wEASDc/XOb8tASveJ/lla3AFrE8qQ7Lz5tkO6Uy+bNKQJ4zn9P7+Ov5Aky1b/No4:fRDc/XJtD5bfG6ttkKsx | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| watch | Drops 62 unknown file mime types indicative of ransomware writing encrypted files back to disk |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (21cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | RedLine_Stealer_b_Zero | RedLine stealer | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | Obsidium_Zero | Obsidium protector file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| notice | Javascript_Blob | use blob(Binary Large Objec) javascript | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | ftp_command | ftp command | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x409070 WritePrivateProfileStringW
0x409074 MoveFileW
0x409078 MultiByteToWideChar
0x40907c WideCharToMultiByte
0x409080 GetFileSize
0x409084 GetTickCount
0x409088 GetModuleFileNameW
0x40908c GetCommandLineW
0x409090 SetEnvironmentVariableW
0x409094 GetTempPathW
0x409098 SetErrorMode
0x40909c GetCurrentProcess
0x4090a0 ExitProcess
0x4090a4 GetVersion
0x4090a8 GetWindowsDirectoryW
0x4090ac CopyFileW
0x4090b0 GetDiskFreeSpaceW
0x4090b4 CreateThread
0x4090b8 GlobalUnlock
0x4090bc GetPrivateProfileStringW
0x4090c0 lstrcpynW
0x4090c4 lstrlenW
0x4090c8 CreateDirectoryW
0x4090cc CreateFileW
0x4090d0 GetTempFileNameW
0x4090d4 RemoveDirectoryW
0x4090d8 WriteFile
0x4090dc WaitForSingleObject
0x4090e0 GetExitCodeProcess
0x4090e4 CreateProcessW
0x4090e8 GetSystemDirectoryW
0x4090ec GetModuleHandleA
0x4090f0 GetProcAddress
0x4090f4 lstrcmpiA
0x4090f8 lstrcpyA
0x4090fc lstrcatW
0x409100 MoveFileExW
0x409104 lstrlenA
0x409108 lstrcmpiW
0x40910c lstrcmpW
0x409110 MulDiv
0x409114 GlobalFree
0x409118 GlobalAlloc
0x40911c LoadLibraryExW
0x409120 GetModuleHandleW
0x409124 FreeLibrary
0x409128 Sleep
0x40912c GetLastError
0x409130 CloseHandle
0x409134 SetFileTime
0x409138 SetFilePointer
0x40913c SetFileAttributesW
0x409140 ReadFile
0x409144 GetShortPathNameW
0x409148 GetFullPathNameW
0x40914c GetFileAttributesW
0x409150 ExpandEnvironmentStringsW
0x409154 FindNextFileW
0x409158 FindFirstFileW
0x40915c FindClose
0x409160 DeleteFileW
0x409164 CompareFileTime
0x409168 SearchPathW
0x40916c SetCurrentDirectoryW
0x409170 GlobalLock
USER32.dll
0x409194 EndDialog
0x409198 CheckDlgButton
0x40919c IsDlgButtonChecked
0x4091a0 OpenClipboard
0x4091a4 CloseClipboard
0x4091a8 SetClipboardData
0x4091ac EmptyClipboard
0x4091b0 GetAsyncKeyState
0x4091b4 IsWindowEnabled
0x4091b8 GetSystemMetrics
0x4091bc GetSystemMenu
0x4091c0 CreatePopupMenu
0x4091c4 EnableMenuItem
0x4091c8 AppendMenuW
0x4091cc TrackPopupMenu
0x4091d0 GetWindowRect
0x4091d4 SetCursor
0x4091d8 ScreenToClient
0x4091dc GetSysColor
0x4091e0 GetWindowLongW
0x4091e4 SetClassLongW
0x4091e8 DialogBoxParamW
0x4091ec LoadCursorW
0x4091f0 SystemParametersInfoW
0x4091f4 wvsprintfW
0x4091f8 wsprintfA
0x4091fc DispatchMessageW
0x409200 PeekMessageW
0x409204 SetDlgItemTextW
0x409208 GetDlgItemTextW
0x40920c CharNextA
0x409210 CharPrevW
0x409214 MessageBoxIndirectW
0x409218 GetMessagePos
0x40921c CharNextW
0x409220 ExitWindowsEx
0x409224 SetWindowTextW
0x409228 SetTimer
0x40922c CreateDialogParamW
0x409230 DestroyWindow
0x409234 LoadImageW
0x409238 SetWindowLongW
0x40923c IsWindowVisible
0x409240 SetWindowPos
0x409244 CreateWindowExW
0x409248 GetClassInfoW
0x40924c RegisterClassW
0x409250 LoadBitmapW
0x409254 CallWindowProcW
0x409258 InvalidateRect
0x40925c ReleaseDC
0x409260 GetDC
0x409264 SetForegroundWindow
0x409268 EnableWindow
0x40926c GetDlgItem
0x409270 ShowWindow
0x409274 IsWindow
0x409278 PostQuitMessage
0x40927c SendMessageTimeoutW
0x409280 SendMessageW
0x409284 wsprintfW
0x409288 FillRect
0x40928c GetClientRect
0x409290 EndPaint
0x409294 BeginPaint
0x409298 DrawTextW
0x40929c DefWindowProcW
0x4092a0 FindWindowExW
GDI32.dll
0x40904c SetBkColor
0x409050 GetDeviceCaps
0x409054 SetTextColor
0x409058 SetBkMode
0x40905c SelectObject
0x409060 DeleteObject
0x409064 CreateFontIndirectW
0x409068 CreateBrushIndirect
SHELL32.dll
0x409178 ShellExecuteExW
0x40917c SHBrowseForFolderW
0x409180 SHGetPathFromIDListW
0x409184 SHGetFileInfoW
0x409188 SHFileOperationW
0x40918c SHGetSpecialFolderLocation
ADVAPI32.dll
0x409000 RegEnumValueW
0x409004 OpenProcessToken
0x409008 RegSetValueExW
0x40900c RegQueryValueExW
0x409010 RegOpenKeyExW
0x409014 RegCreateKeyExW
0x409018 SetFileSecurityW
0x40901c LookupPrivilegeValueW
0x409020 RegCloseKey
0x409024 RegDeleteKeyW
0x409028 RegDeleteValueW
0x40902c RegEnumKeyW
0x409030 AdjustTokenPrivileges
COMCTL32.dll
0x409038 ImageList_Create
0x40903c ImageList_Destroy
0x409040 None
0x409044 ImageList_AddMasked
ole32.dll
0x4092a8 OleInitialize
0x4092ac OleUninitialize
0x4092b0 CoTaskMemFree
0x4092b4 CoCreateInstance
EAT(Export Address Table) is none
KERNEL32.dll
0x409070 WritePrivateProfileStringW
0x409074 MoveFileW
0x409078 MultiByteToWideChar
0x40907c WideCharToMultiByte
0x409080 GetFileSize
0x409084 GetTickCount
0x409088 GetModuleFileNameW
0x40908c GetCommandLineW
0x409090 SetEnvironmentVariableW
0x409094 GetTempPathW
0x409098 SetErrorMode
0x40909c GetCurrentProcess
0x4090a0 ExitProcess
0x4090a4 GetVersion
0x4090a8 GetWindowsDirectoryW
0x4090ac CopyFileW
0x4090b0 GetDiskFreeSpaceW
0x4090b4 CreateThread
0x4090b8 GlobalUnlock
0x4090bc GetPrivateProfileStringW
0x4090c0 lstrcpynW
0x4090c4 lstrlenW
0x4090c8 CreateDirectoryW
0x4090cc CreateFileW
0x4090d0 GetTempFileNameW
0x4090d4 RemoveDirectoryW
0x4090d8 WriteFile
0x4090dc WaitForSingleObject
0x4090e0 GetExitCodeProcess
0x4090e4 CreateProcessW
0x4090e8 GetSystemDirectoryW
0x4090ec GetModuleHandleA
0x4090f0 GetProcAddress
0x4090f4 lstrcmpiA
0x4090f8 lstrcpyA
0x4090fc lstrcatW
0x409100 MoveFileExW
0x409104 lstrlenA
0x409108 lstrcmpiW
0x40910c lstrcmpW
0x409110 MulDiv
0x409114 GlobalFree
0x409118 GlobalAlloc
0x40911c LoadLibraryExW
0x409120 GetModuleHandleW
0x409124 FreeLibrary
0x409128 Sleep
0x40912c GetLastError
0x409130 CloseHandle
0x409134 SetFileTime
0x409138 SetFilePointer
0x40913c SetFileAttributesW
0x409140 ReadFile
0x409144 GetShortPathNameW
0x409148 GetFullPathNameW
0x40914c GetFileAttributesW
0x409150 ExpandEnvironmentStringsW
0x409154 FindNextFileW
0x409158 FindFirstFileW
0x40915c FindClose
0x409160 DeleteFileW
0x409164 CompareFileTime
0x409168 SearchPathW
0x40916c SetCurrentDirectoryW
0x409170 GlobalLock
USER32.dll
0x409194 EndDialog
0x409198 CheckDlgButton
0x40919c IsDlgButtonChecked
0x4091a0 OpenClipboard
0x4091a4 CloseClipboard
0x4091a8 SetClipboardData
0x4091ac EmptyClipboard
0x4091b0 GetAsyncKeyState
0x4091b4 IsWindowEnabled
0x4091b8 GetSystemMetrics
0x4091bc GetSystemMenu
0x4091c0 CreatePopupMenu
0x4091c4 EnableMenuItem
0x4091c8 AppendMenuW
0x4091cc TrackPopupMenu
0x4091d0 GetWindowRect
0x4091d4 SetCursor
0x4091d8 ScreenToClient
0x4091dc GetSysColor
0x4091e0 GetWindowLongW
0x4091e4 SetClassLongW
0x4091e8 DialogBoxParamW
0x4091ec LoadCursorW
0x4091f0 SystemParametersInfoW
0x4091f4 wvsprintfW
0x4091f8 wsprintfA
0x4091fc DispatchMessageW
0x409200 PeekMessageW
0x409204 SetDlgItemTextW
0x409208 GetDlgItemTextW
0x40920c CharNextA
0x409210 CharPrevW
0x409214 MessageBoxIndirectW
0x409218 GetMessagePos
0x40921c CharNextW
0x409220 ExitWindowsEx
0x409224 SetWindowTextW
0x409228 SetTimer
0x40922c CreateDialogParamW
0x409230 DestroyWindow
0x409234 LoadImageW
0x409238 SetWindowLongW
0x40923c IsWindowVisible
0x409240 SetWindowPos
0x409244 CreateWindowExW
0x409248 GetClassInfoW
0x40924c RegisterClassW
0x409250 LoadBitmapW
0x409254 CallWindowProcW
0x409258 InvalidateRect
0x40925c ReleaseDC
0x409260 GetDC
0x409264 SetForegroundWindow
0x409268 EnableWindow
0x40926c GetDlgItem
0x409270 ShowWindow
0x409274 IsWindow
0x409278 PostQuitMessage
0x40927c SendMessageTimeoutW
0x409280 SendMessageW
0x409284 wsprintfW
0x409288 FillRect
0x40928c GetClientRect
0x409290 EndPaint
0x409294 BeginPaint
0x409298 DrawTextW
0x40929c DefWindowProcW
0x4092a0 FindWindowExW
GDI32.dll
0x40904c SetBkColor
0x409050 GetDeviceCaps
0x409054 SetTextColor
0x409058 SetBkMode
0x40905c SelectObject
0x409060 DeleteObject
0x409064 CreateFontIndirectW
0x409068 CreateBrushIndirect
SHELL32.dll
0x409178 ShellExecuteExW
0x40917c SHBrowseForFolderW
0x409180 SHGetPathFromIDListW
0x409184 SHGetFileInfoW
0x409188 SHFileOperationW
0x40918c SHGetSpecialFolderLocation
ADVAPI32.dll
0x409000 RegEnumValueW
0x409004 OpenProcessToken
0x409008 RegSetValueExW
0x40900c RegQueryValueExW
0x409010 RegOpenKeyExW
0x409014 RegCreateKeyExW
0x409018 SetFileSecurityW
0x40901c LookupPrivilegeValueW
0x409020 RegCloseKey
0x409024 RegDeleteKeyW
0x409028 RegDeleteValueW
0x40902c RegEnumKeyW
0x409030 AdjustTokenPrivileges
COMCTL32.dll
0x409038 ImageList_Create
0x40903c ImageList_Destroy
0x409040 None
0x409044 ImageList_AddMasked
ole32.dll
0x4092a8 OleInitialize
0x4092ac OleUninitialize
0x4092b0 CoTaskMemFree
0x4092b4 CoCreateInstance
EAT(Export Address Table) is none