ScreenShot
| Created | 2023.11.07 11:24 | Machine | s1_win7_x6401 |
| Filename | setup294.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | a05ee0fea78a297e1a4182ce9d5cd8a4 | ||
| sha256 | 39bde6067ee4bbd4bb868c796cfaa6ce0ca49710534b376764c479566d6b623a | ||
| ssdeep | 49152:UJGiYAC+HI7JeZcNz1z5fLfRDDRAsjIBalBOrQ+gPmc1013x:UIilxI9eK7DDRADalB4xgPmcEh | ||
| imphash | 1d0e3506c01cb61e9312cbea4911e92e | ||
| impfuzzy | 48:oBA6UyokRjS/Svn6gAkK/gylSYcx02GIeXGSqIYayb4yOpZ9Bfcmp:oBP4cRGIeXGSqIYayb4yYZ/fcy | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| watch | Deletes executed files from disk |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
OLEAUT32.dll
0x41b158 SysAllocStringLen
0x41b15c VariantClear
0x41b160 SysStringLen
USER32.dll
0x41b170 DialogBoxParamW
0x41b174 SetWindowLongW
0x41b178 GetWindowLongW
0x41b17c GetDlgItem
0x41b180 LoadStringW
0x41b184 CharUpperW
0x41b188 DestroyWindow
0x41b18c EndDialog
0x41b190 PostMessageW
0x41b194 SetWindowTextW
0x41b198 ShowWindow
0x41b19c MessageBoxW
0x41b1a0 SetTimer
0x41b1a4 SendMessageW
0x41b1a8 LoadIconW
0x41b1ac KillTimer
SHELL32.dll
0x41b168 ShellExecuteExW
MSVCRT.dll
0x41b0e8 _controlfp
0x41b0ec __set_app_type
0x41b0f0 __p__fmode
0x41b0f4 __p__commode
0x41b0f8 _adjust_fdiv
0x41b0fc __setusermatherr
0x41b100 _initterm
0x41b104 __getmainargs
0x41b108 _acmdln
0x41b10c exit
0x41b110 _XcptFilter
0x41b114 _exit
0x41b118 ?terminate@@YAXXZ
0x41b11c ??1type_info@@UAE@XZ
0x41b120 _except_handler3
0x41b124 _beginthreadex
0x41b128 memset
0x41b12c wcsstr
0x41b130 free
0x41b134 malloc
0x41b138 memcpy
0x41b13c _CxxThrowException
0x41b140 _purecall
0x41b144 memmove
0x41b148 memcmp
0x41b14c wcscmp
0x41b150 __CxxFrameHandler
KERNEL32.dll
0x41b000 GetStartupInfoA
0x41b004 InitializeCriticalSection
0x41b008 ReleaseSemaphore
0x41b00c CreateSemaphoreW
0x41b010 ResetEvent
0x41b014 SetEvent
0x41b018 CreateEventW
0x41b01c lstrlenW
0x41b020 lstrcatW
0x41b024 VirtualFree
0x41b028 VirtualAlloc
0x41b02c Sleep
0x41b030 GetStdHandle
0x41b034 GlobalMemoryStatus
0x41b038 GetSystemInfo
0x41b03c GetCurrentProcess
0x41b040 GetProcessAffinityMask
0x41b044 SetEndOfFile
0x41b048 WriteFile
0x41b04c ReadFile
0x41b050 SetFilePointer
0x41b054 GetFileSize
0x41b058 GetFileInformationByHandle
0x41b05c GetFileAttributesW
0x41b060 GetModuleHandleA
0x41b064 FindNextFileW
0x41b068 FindFirstFileW
0x41b06c FindClose
0x41b070 GetCurrentThreadId
0x41b074 GetTickCount
0x41b078 GetTempPathW
0x41b07c GetCurrentDirectoryW
0x41b080 SetCurrentDirectoryW
0x41b084 SetLastError
0x41b088 DeleteFileW
0x41b08c CreateDirectoryW
0x41b090 GetModuleHandleW
0x41b094 GetProcAddress
0x41b098 RemoveDirectoryW
0x41b09c SetFileAttributesW
0x41b0a0 CreateFileW
0x41b0a4 SetFileTime
0x41b0a8 GetSystemDirectoryW
0x41b0ac GetCurrentProcessId
0x41b0b0 FormatMessageW
0x41b0b4 LocalFree
0x41b0b8 GetModuleFileNameW
0x41b0bc LoadLibraryExW
0x41b0c0 DeleteCriticalSection
0x41b0c4 EnterCriticalSection
0x41b0c8 LeaveCriticalSection
0x41b0cc GetLastError
0x41b0d0 GetVersionExW
0x41b0d4 GetCommandLineW
0x41b0d8 CreateProcessW
0x41b0dc CloseHandle
0x41b0e0 WaitForSingleObject
EAT(Export Address Table) is none
OLEAUT32.dll
0x41b158 SysAllocStringLen
0x41b15c VariantClear
0x41b160 SysStringLen
USER32.dll
0x41b170 DialogBoxParamW
0x41b174 SetWindowLongW
0x41b178 GetWindowLongW
0x41b17c GetDlgItem
0x41b180 LoadStringW
0x41b184 CharUpperW
0x41b188 DestroyWindow
0x41b18c EndDialog
0x41b190 PostMessageW
0x41b194 SetWindowTextW
0x41b198 ShowWindow
0x41b19c MessageBoxW
0x41b1a0 SetTimer
0x41b1a4 SendMessageW
0x41b1a8 LoadIconW
0x41b1ac KillTimer
SHELL32.dll
0x41b168 ShellExecuteExW
MSVCRT.dll
0x41b0e8 _controlfp
0x41b0ec __set_app_type
0x41b0f0 __p__fmode
0x41b0f4 __p__commode
0x41b0f8 _adjust_fdiv
0x41b0fc __setusermatherr
0x41b100 _initterm
0x41b104 __getmainargs
0x41b108 _acmdln
0x41b10c exit
0x41b110 _XcptFilter
0x41b114 _exit
0x41b118 ?terminate@@YAXXZ
0x41b11c ??1type_info@@UAE@XZ
0x41b120 _except_handler3
0x41b124 _beginthreadex
0x41b128 memset
0x41b12c wcsstr
0x41b130 free
0x41b134 malloc
0x41b138 memcpy
0x41b13c _CxxThrowException
0x41b140 _purecall
0x41b144 memmove
0x41b148 memcmp
0x41b14c wcscmp
0x41b150 __CxxFrameHandler
KERNEL32.dll
0x41b000 GetStartupInfoA
0x41b004 InitializeCriticalSection
0x41b008 ReleaseSemaphore
0x41b00c CreateSemaphoreW
0x41b010 ResetEvent
0x41b014 SetEvent
0x41b018 CreateEventW
0x41b01c lstrlenW
0x41b020 lstrcatW
0x41b024 VirtualFree
0x41b028 VirtualAlloc
0x41b02c Sleep
0x41b030 GetStdHandle
0x41b034 GlobalMemoryStatus
0x41b038 GetSystemInfo
0x41b03c GetCurrentProcess
0x41b040 GetProcessAffinityMask
0x41b044 SetEndOfFile
0x41b048 WriteFile
0x41b04c ReadFile
0x41b050 SetFilePointer
0x41b054 GetFileSize
0x41b058 GetFileInformationByHandle
0x41b05c GetFileAttributesW
0x41b060 GetModuleHandleA
0x41b064 FindNextFileW
0x41b068 FindFirstFileW
0x41b06c FindClose
0x41b070 GetCurrentThreadId
0x41b074 GetTickCount
0x41b078 GetTempPathW
0x41b07c GetCurrentDirectoryW
0x41b080 SetCurrentDirectoryW
0x41b084 SetLastError
0x41b088 DeleteFileW
0x41b08c CreateDirectoryW
0x41b090 GetModuleHandleW
0x41b094 GetProcAddress
0x41b098 RemoveDirectoryW
0x41b09c SetFileAttributesW
0x41b0a0 CreateFileW
0x41b0a4 SetFileTime
0x41b0a8 GetSystemDirectoryW
0x41b0ac GetCurrentProcessId
0x41b0b0 FormatMessageW
0x41b0b4 LocalFree
0x41b0b8 GetModuleFileNameW
0x41b0bc LoadLibraryExW
0x41b0c0 DeleteCriticalSection
0x41b0c4 EnterCriticalSection
0x41b0c8 LeaveCriticalSection
0x41b0cc GetLastError
0x41b0d0 GetVersionExW
0x41b0d4 GetCommandLineW
0x41b0d8 CreateProcessW
0x41b0dc CloseHandle
0x41b0e0 WaitForSingleObject
EAT(Export Address Table) is none