ScreenShot
| Created | 2023.10.13 08:45 | Machine | s1_win7_x6403 |
| Filename | Setup.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 5 detected (AIDetectMalware, malicious, confidence) | ||
| md5 | 635da4ec16e32532e4e1f6919dad1df3 | ||
| sha256 | c7b871b92bd7b5b4c355d3d9eff5ca0e86542243b13492e4a6e963bf4ff39bce | ||
| ssdeep | 12288:CzYxT9lhtufsnffgCFNwh1IRB0eX7mQ/oG4mkPHw1z:XrtuUffNRBZmOB4lPHmz | ||
| imphash | 4ada2bfcf88d48af23bf474cee1c7d0f | ||
| impfuzzy | 24:dDj41ucHVxxvybAc+WcJBlivDXOj902tWS1VgG59uT/dOovbOTv1jMMZp4uKmk3K:dXEc+H++tWS1VgG5sDI3z9ZBKJ0 | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects Avast Antivirus through the presence of a library |
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| notice | Looks up the external IP address |
| notice | Performs some HTTP requests |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (52cnts) ?
Suricata ids
ET POLICY External IP Lookup ip-api.com
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140053028 GetLastError
0x140053030 CloseHandle
0x140053038 CopyFileW
0x140053040 GetComputerNameA
0x140053048 Sleep
0x140053050 MultiByteToWideChar
0x140053058 GetModuleHandleA
0x140053060 CreateMutexW
0x140053068 GetModuleFileNameW
0x140053070 GetCurrentProcess
0x140053078 CreateFileW
0x140053080 ReadConsoleW
0x140053088 SetStdHandle
0x140053090 SetEnvironmentVariableA
0x140053098 FreeEnvironmentStringsW
0x1400530a0 GetEnvironmentStringsW
0x1400530a8 GetOEMCP
0x1400530b0 IsValidCodePage
0x1400530b8 FindNextFileA
0x1400530c0 FindFirstFileExA
0x1400530c8 FindClose
0x1400530d0 SetFilePointerEx
0x1400530d8 CreateThread
0x1400530e0 WriteConsoleW
0x1400530e8 GetModuleFileNameA
0x1400530f0 CreateDirectoryW
0x1400530f8 OutputDebugStringW
0x140053100 OutputDebugStringA
0x140053108 ReadFile
0x140053110 WideCharToMultiByte
0x140053118 EnterCriticalSection
0x140053120 LeaveCriticalSection
0x140053128 DeleteCriticalSection
0x140053130 EncodePointer
0x140053138 DecodePointer
0x140053140 SetLastError
0x140053148 InitializeCriticalSectionAndSpinCount
0x140053150 CreateEventW
0x140053158 TlsAlloc
0x140053160 TlsGetValue
0x140053168 TlsSetValue
0x140053170 TlsFree
0x140053178 GetSystemTimeAsFileTime
0x140053180 GetModuleHandleW
0x140053188 GetProcAddress
0x140053190 CompareStringW
0x140053198 LCMapStringW
0x1400531a0 GetLocaleInfoW
0x1400531a8 GetStringTypeW
0x1400531b0 GetCPInfo
0x1400531b8 SetEvent
0x1400531c0 ResetEvent
0x1400531c8 WaitForSingleObjectEx
0x1400531d0 RtlCaptureContext
0x1400531d8 RtlLookupFunctionEntry
0x1400531e0 RtlVirtualUnwind
0x1400531e8 UnhandledExceptionFilter
0x1400531f0 SetUnhandledExceptionFilter
0x1400531f8 TerminateProcess
0x140053200 IsProcessorFeaturePresent
0x140053208 IsDebuggerPresent
0x140053210 GetStartupInfoW
0x140053218 QueryPerformanceCounter
0x140053220 GetCurrentProcessId
0x140053228 GetCurrentThreadId
0x140053230 InitializeSListHead
0x140053238 RtlPcToFileHeader
0x140053240 RaiseException
0x140053248 RtlUnwindEx
0x140053250 FreeLibrary
0x140053258 LoadLibraryExW
0x140053260 HeapAlloc
0x140053268 HeapSize
0x140053270 HeapValidate
0x140053278 GetSystemInfo
0x140053280 GetModuleHandleExW
0x140053288 ExitProcess
0x140053290 GetStdHandle
0x140053298 WriteFile
0x1400532a0 GetCommandLineA
0x1400532a8 GetCommandLineW
0x1400532b0 GetACP
0x1400532b8 GetFileType
0x1400532c0 FlushFileBuffers
0x1400532c8 GetConsoleCP
0x1400532d0 GetConsoleMode
0x1400532d8 IsValidLocale
0x1400532e0 GetUserDefaultLCID
0x1400532e8 EnumSystemLocalesW
0x1400532f0 HeapFree
0x1400532f8 HeapReAlloc
0x140053300 HeapQueryInformation
0x140053308 GetProcessHeap
ADVAPI32.dll
0x140053000 RegSetValueExW
0x140053008 RegCreateKeyExW
0x140053010 RegCloseKey
0x140053018 GetUserNameA
WININET.dll
0x140053318 InternetReadFile
0x140053320 InternetOpenUrlA
0x140053328 InternetCloseHandle
0x140053330 InternetOpenW
EAT(Export Address Table) is none
KERNEL32.dll
0x140053028 GetLastError
0x140053030 CloseHandle
0x140053038 CopyFileW
0x140053040 GetComputerNameA
0x140053048 Sleep
0x140053050 MultiByteToWideChar
0x140053058 GetModuleHandleA
0x140053060 CreateMutexW
0x140053068 GetModuleFileNameW
0x140053070 GetCurrentProcess
0x140053078 CreateFileW
0x140053080 ReadConsoleW
0x140053088 SetStdHandle
0x140053090 SetEnvironmentVariableA
0x140053098 FreeEnvironmentStringsW
0x1400530a0 GetEnvironmentStringsW
0x1400530a8 GetOEMCP
0x1400530b0 IsValidCodePage
0x1400530b8 FindNextFileA
0x1400530c0 FindFirstFileExA
0x1400530c8 FindClose
0x1400530d0 SetFilePointerEx
0x1400530d8 CreateThread
0x1400530e0 WriteConsoleW
0x1400530e8 GetModuleFileNameA
0x1400530f0 CreateDirectoryW
0x1400530f8 OutputDebugStringW
0x140053100 OutputDebugStringA
0x140053108 ReadFile
0x140053110 WideCharToMultiByte
0x140053118 EnterCriticalSection
0x140053120 LeaveCriticalSection
0x140053128 DeleteCriticalSection
0x140053130 EncodePointer
0x140053138 DecodePointer
0x140053140 SetLastError
0x140053148 InitializeCriticalSectionAndSpinCount
0x140053150 CreateEventW
0x140053158 TlsAlloc
0x140053160 TlsGetValue
0x140053168 TlsSetValue
0x140053170 TlsFree
0x140053178 GetSystemTimeAsFileTime
0x140053180 GetModuleHandleW
0x140053188 GetProcAddress
0x140053190 CompareStringW
0x140053198 LCMapStringW
0x1400531a0 GetLocaleInfoW
0x1400531a8 GetStringTypeW
0x1400531b0 GetCPInfo
0x1400531b8 SetEvent
0x1400531c0 ResetEvent
0x1400531c8 WaitForSingleObjectEx
0x1400531d0 RtlCaptureContext
0x1400531d8 RtlLookupFunctionEntry
0x1400531e0 RtlVirtualUnwind
0x1400531e8 UnhandledExceptionFilter
0x1400531f0 SetUnhandledExceptionFilter
0x1400531f8 TerminateProcess
0x140053200 IsProcessorFeaturePresent
0x140053208 IsDebuggerPresent
0x140053210 GetStartupInfoW
0x140053218 QueryPerformanceCounter
0x140053220 GetCurrentProcessId
0x140053228 GetCurrentThreadId
0x140053230 InitializeSListHead
0x140053238 RtlPcToFileHeader
0x140053240 RaiseException
0x140053248 RtlUnwindEx
0x140053250 FreeLibrary
0x140053258 LoadLibraryExW
0x140053260 HeapAlloc
0x140053268 HeapSize
0x140053270 HeapValidate
0x140053278 GetSystemInfo
0x140053280 GetModuleHandleExW
0x140053288 ExitProcess
0x140053290 GetStdHandle
0x140053298 WriteFile
0x1400532a0 GetCommandLineA
0x1400532a8 GetCommandLineW
0x1400532b0 GetACP
0x1400532b8 GetFileType
0x1400532c0 FlushFileBuffers
0x1400532c8 GetConsoleCP
0x1400532d0 GetConsoleMode
0x1400532d8 IsValidLocale
0x1400532e0 GetUserDefaultLCID
0x1400532e8 EnumSystemLocalesW
0x1400532f0 HeapFree
0x1400532f8 HeapReAlloc
0x140053300 HeapQueryInformation
0x140053308 GetProcessHeap
ADVAPI32.dll
0x140053000 RegSetValueExW
0x140053008 RegCreateKeyExW
0x140053010 RegCloseKey
0x140053018 GetUserNameA
WININET.dll
0x140053318 InternetReadFile
0x140053320 InternetOpenUrlA
0x140053328 InternetCloseHandle
0x140053330 InternetOpenW
EAT(Export Address Table) is none