ScreenShot
| Created | 2023.10.07 16:14 | Machine | s1_win7_x6401 |
| Filename | setup294.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | a2058836ff17b81908237731b8258974 | ||
| sha256 | f9f095bf21163e0c01b37a068bd75d0ceac4f6b620bafe8fead4623df558c3e1 | ||
| ssdeep | 49152:ufkXM8Wb2huuAmID/uWQpkGztNRAtx6S1ue7M9Jegh2lYPPT+:Ixb2ArLNmkGLWtxnMbenlYPPT+ | ||
| imphash | 4ba3ea0d6362a841ec66a1fc0a1b874f | ||
| impfuzzy | 48:oBA6UyokRyjS/Svn6gAkK/glSYcx02GIeXGSqIYa9eR4yOA9Bfcmp:oBQ4fRGIeXGSqIYa9eR4yR/fcy | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
OLEAUT32.dll
0x41b154 SysAllocStringLen
0x41b158 VariantClear
0x41b15c SysStringLen
USER32.dll
0x41b16c DialogBoxParamW
0x41b170 SetWindowLongW
0x41b174 GetWindowLongW
0x41b178 GetDlgItem
0x41b17c SetTimer
0x41b180 LoadStringW
0x41b184 CharUpperW
0x41b188 DestroyWindow
0x41b18c EndDialog
0x41b190 PostMessageW
0x41b194 SetWindowTextW
0x41b198 ShowWindow
0x41b19c MessageBoxW
0x41b1a0 SendMessageW
0x41b1a4 LoadIconW
0x41b1a8 KillTimer
SHELL32.dll
0x41b164 ShellExecuteExW
MSVCRT.dll
0x41b0e4 _controlfp
0x41b0e8 __set_app_type
0x41b0ec __p__fmode
0x41b0f0 __p__commode
0x41b0f4 _adjust_fdiv
0x41b0f8 __setusermatherr
0x41b0fc _initterm
0x41b100 __getmainargs
0x41b104 _acmdln
0x41b108 exit
0x41b10c _XcptFilter
0x41b110 _exit
0x41b114 ?terminate@@YAXXZ
0x41b118 ??1type_info@@UAE@XZ
0x41b11c _except_handler3
0x41b120 _beginthreadex
0x41b124 memset
0x41b128 wcsstr
0x41b12c free
0x41b130 malloc
0x41b134 memcpy
0x41b138 _CxxThrowException
0x41b13c _purecall
0x41b140 memmove
0x41b144 memcmp
0x41b148 wcscmp
0x41b14c __CxxFrameHandler
KERNEL32.dll
0x41b000 GetStartupInfoA
0x41b004 InitializeCriticalSection
0x41b008 ReleaseSemaphore
0x41b00c CreateSemaphoreW
0x41b010 ResetEvent
0x41b014 SetEvent
0x41b018 CreateEventW
0x41b01c GetVersion
0x41b020 VirtualFree
0x41b024 VirtualAlloc
0x41b028 Sleep
0x41b02c GetStdHandle
0x41b030 GlobalMemoryStatus
0x41b034 GetSystemInfo
0x41b038 GetCurrentProcess
0x41b03c GetProcessAffinityMask
0x41b040 SetEndOfFile
0x41b044 WriteFile
0x41b048 ReadFile
0x41b04c SetFilePointer
0x41b050 GetFileSize
0x41b054 GetFileInformationByHandle
0x41b058 GetFileAttributesW
0x41b05c GetModuleHandleA
0x41b060 FindNextFileW
0x41b064 FindFirstFileW
0x41b068 FindClose
0x41b06c GetCurrentThreadId
0x41b070 GetTickCount
0x41b074 GetCurrentProcessId
0x41b078 GetCurrentDirectoryW
0x41b07c SetCurrentDirectoryW
0x41b080 SetLastError
0x41b084 DeleteFileW
0x41b088 CreateDirectoryW
0x41b08c GetModuleHandleW
0x41b090 GetProcAddress
0x41b094 RemoveDirectoryW
0x41b098 SetFileAttributesW
0x41b09c CreateFileW
0x41b0a0 SetFileTime
0x41b0a4 GetSystemDirectoryW
0x41b0a8 GetTempPathW
0x41b0ac FormatMessageW
0x41b0b0 LocalFree
0x41b0b4 GetModuleFileNameW
0x41b0b8 LoadLibraryExW
0x41b0bc DeleteCriticalSection
0x41b0c0 EnterCriticalSection
0x41b0c4 LeaveCriticalSection
0x41b0c8 GetLastError
0x41b0cc GetVersionExW
0x41b0d0 GetCommandLineW
0x41b0d4 CreateProcessW
0x41b0d8 CloseHandle
0x41b0dc WaitForSingleObject
EAT(Export Address Table) is none
OLEAUT32.dll
0x41b154 SysAllocStringLen
0x41b158 VariantClear
0x41b15c SysStringLen
USER32.dll
0x41b16c DialogBoxParamW
0x41b170 SetWindowLongW
0x41b174 GetWindowLongW
0x41b178 GetDlgItem
0x41b17c SetTimer
0x41b180 LoadStringW
0x41b184 CharUpperW
0x41b188 DestroyWindow
0x41b18c EndDialog
0x41b190 PostMessageW
0x41b194 SetWindowTextW
0x41b198 ShowWindow
0x41b19c MessageBoxW
0x41b1a0 SendMessageW
0x41b1a4 LoadIconW
0x41b1a8 KillTimer
SHELL32.dll
0x41b164 ShellExecuteExW
MSVCRT.dll
0x41b0e4 _controlfp
0x41b0e8 __set_app_type
0x41b0ec __p__fmode
0x41b0f0 __p__commode
0x41b0f4 _adjust_fdiv
0x41b0f8 __setusermatherr
0x41b0fc _initterm
0x41b100 __getmainargs
0x41b104 _acmdln
0x41b108 exit
0x41b10c _XcptFilter
0x41b110 _exit
0x41b114 ?terminate@@YAXXZ
0x41b118 ??1type_info@@UAE@XZ
0x41b11c _except_handler3
0x41b120 _beginthreadex
0x41b124 memset
0x41b128 wcsstr
0x41b12c free
0x41b130 malloc
0x41b134 memcpy
0x41b138 _CxxThrowException
0x41b13c _purecall
0x41b140 memmove
0x41b144 memcmp
0x41b148 wcscmp
0x41b14c __CxxFrameHandler
KERNEL32.dll
0x41b000 GetStartupInfoA
0x41b004 InitializeCriticalSection
0x41b008 ReleaseSemaphore
0x41b00c CreateSemaphoreW
0x41b010 ResetEvent
0x41b014 SetEvent
0x41b018 CreateEventW
0x41b01c GetVersion
0x41b020 VirtualFree
0x41b024 VirtualAlloc
0x41b028 Sleep
0x41b02c GetStdHandle
0x41b030 GlobalMemoryStatus
0x41b034 GetSystemInfo
0x41b038 GetCurrentProcess
0x41b03c GetProcessAffinityMask
0x41b040 SetEndOfFile
0x41b044 WriteFile
0x41b048 ReadFile
0x41b04c SetFilePointer
0x41b050 GetFileSize
0x41b054 GetFileInformationByHandle
0x41b058 GetFileAttributesW
0x41b05c GetModuleHandleA
0x41b060 FindNextFileW
0x41b064 FindFirstFileW
0x41b068 FindClose
0x41b06c GetCurrentThreadId
0x41b070 GetTickCount
0x41b074 GetCurrentProcessId
0x41b078 GetCurrentDirectoryW
0x41b07c SetCurrentDirectoryW
0x41b080 SetLastError
0x41b084 DeleteFileW
0x41b088 CreateDirectoryW
0x41b08c GetModuleHandleW
0x41b090 GetProcAddress
0x41b094 RemoveDirectoryW
0x41b098 SetFileAttributesW
0x41b09c CreateFileW
0x41b0a0 SetFileTime
0x41b0a4 GetSystemDirectoryW
0x41b0a8 GetTempPathW
0x41b0ac FormatMessageW
0x41b0b0 LocalFree
0x41b0b4 GetModuleFileNameW
0x41b0b8 LoadLibraryExW
0x41b0bc DeleteCriticalSection
0x41b0c0 EnterCriticalSection
0x41b0c4 LeaveCriticalSection
0x41b0c8 GetLastError
0x41b0cc GetVersionExW
0x41b0d0 GetCommandLineW
0x41b0d4 CreateProcessW
0x41b0d8 CloseHandle
0x41b0dc WaitForSingleObject
EAT(Export Address Table) is none