ScreenShot
| Created | 2024.01.06 17:20 | Machine | s1_win7_x6401 |
| Filename | setup.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 54 detected (AIDetectMalware, Scar, malicious, high confidence, GenericKD, MultiPlug, Artemis, unsafe, Ve05, Attribute, HighConfidence, a variant of Generik, HTHAXXJ, txcz, TrojanX, Gencirc, uazdt, REDLINE, YXDLMZ, Detected, ABRisk, DERM, Znyonm, SmokeLoader, Malware@#21v7m5v9qoauh, score, TrojanPSW, ai score=87, hbppntGHPkK, susgen, PossibleThreat, confidence, 100%) | ||
| md5 | b13686dff2f18689d5e340d107c7e45a | ||
| sha256 | 5e2c4665bb61b0bae08f322597c60bbe219fb4274d2f7f284e721bfa2676cfff | ||
| ssdeep | 196608:LW3rT3hfT8aBjDuDmoCnq8nzqmuHWBpm8UpHO/66lmov6himssnqnf:LW3rbhfTnODRCnq8Q0+c6povLXd | ||
| imphash | c9b1cf94f229a8b0e0f98fb16eb8a6bf | ||
| impfuzzy | 24:QsXxWDCeDP9HtWOovbOGMUD1ubvgmWDMyl3LU19O807G4TMuhJUhYj9adNDW:QsXxQC49Nx361oIhGOFGdhla | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| watch | Drops a binary and executes it |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (18cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | wget_command | wget command | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x1400df000 SHFileOperationW
0x1400df008 SHGetFolderPathW
KERNEL32.dll
0x1400df018 CloseHandle
0x1400df020 CreateDirectoryW
0x1400df028 CreateFileW
0x1400df030 CreateProcessW
0x1400df038 DeleteCriticalSection
0x1400df040 EncodePointer
0x1400df048 EnterCriticalSection
0x1400df050 ExitProcess
0x1400df058 FindClose
0x1400df060 FindFirstFileExW
0x1400df068 FindNextFileW
0x1400df070 FindResourceA
0x1400df078 FlsAlloc
0x1400df080 FlsFree
0x1400df088 FlsGetValue
0x1400df090 FlsSetValue
0x1400df098 FlushFileBuffers
0x1400df0a0 FormatMessageA
0x1400df0a8 FreeEnvironmentStringsW
0x1400df0b0 FreeLibrary
0x1400df0b8 GetACP
0x1400df0c0 GetCPInfo
0x1400df0c8 GetCommandLineA
0x1400df0d0 GetCommandLineW
0x1400df0d8 GetConsoleMode
0x1400df0e0 GetConsoleOutputCP
0x1400df0e8 GetCurrentProcess
0x1400df0f0 GetCurrentProcessId
0x1400df0f8 GetCurrentThreadId
0x1400df100 GetEnvironmentStringsW
0x1400df108 GetExitCodeProcess
0x1400df110 GetFileAttributesW
0x1400df118 GetFileSizeEx
0x1400df120 GetFileType
0x1400df128 GetLastError
0x1400df130 GetModuleFileNameW
0x1400df138 GetModuleHandleExW
0x1400df140 GetModuleHandleW
0x1400df148 GetOEMCP
0x1400df150 GetProcAddress
0x1400df158 GetProcessHeap
0x1400df160 GetStartupInfoW
0x1400df168 GetStdHandle
0x1400df170 GetStringTypeW
0x1400df178 GetSystemTimeAsFileTime
0x1400df180 GetTempPathW
0x1400df188 HeapAlloc
0x1400df190 HeapFree
0x1400df198 HeapReAlloc
0x1400df1a0 HeapSize
0x1400df1a8 InitializeCriticalSectionAndSpinCount
0x1400df1b0 InitializeSListHead
0x1400df1b8 IsDebuggerPresent
0x1400df1c0 IsProcessorFeaturePresent
0x1400df1c8 IsValidCodePage
0x1400df1d0 LCMapStringW
0x1400df1d8 LeaveCriticalSection
0x1400df1e0 LoadLibraryExW
0x1400df1e8 LoadResource
0x1400df1f0 LockResource
0x1400df1f8 MultiByteToWideChar
0x1400df200 QueryPerformanceCounter
0x1400df208 RaiseException
0x1400df210 RtlCaptureContext
0x1400df218 RtlLookupFunctionEntry
0x1400df220 RtlPcToFileHeader
0x1400df228 RtlUnwindEx
0x1400df230 RtlVirtualUnwind
0x1400df238 SetConsoleCtrlHandler
0x1400df240 SetEnvironmentVariableA
0x1400df248 SetFilePointerEx
0x1400df250 SetLastError
0x1400df258 SetStdHandle
0x1400df260 SetUnhandledExceptionFilter
0x1400df268 SizeofResource
0x1400df270 Sleep
0x1400df278 TerminateProcess
0x1400df280 TlsAlloc
0x1400df288 TlsFree
0x1400df290 TlsGetValue
0x1400df298 TlsSetValue
0x1400df2a0 UnhandledExceptionFilter
0x1400df2a8 WaitForSingleObject
0x1400df2b0 WideCharToMultiByte
0x1400df2b8 WriteConsoleW
0x1400df2c0 WriteFile
KERNEL32.dll
0x1400df2d0 HeapAlloc
0x1400df2d8 HeapFree
0x1400df2e0 ExitProcess
0x1400df2e8 LoadLibraryA
0x1400df2f0 GetModuleHandleA
0x1400df2f8 GetProcAddress
EAT(Export Address Table) is none
SHELL32.dll
0x1400df000 SHFileOperationW
0x1400df008 SHGetFolderPathW
KERNEL32.dll
0x1400df018 CloseHandle
0x1400df020 CreateDirectoryW
0x1400df028 CreateFileW
0x1400df030 CreateProcessW
0x1400df038 DeleteCriticalSection
0x1400df040 EncodePointer
0x1400df048 EnterCriticalSection
0x1400df050 ExitProcess
0x1400df058 FindClose
0x1400df060 FindFirstFileExW
0x1400df068 FindNextFileW
0x1400df070 FindResourceA
0x1400df078 FlsAlloc
0x1400df080 FlsFree
0x1400df088 FlsGetValue
0x1400df090 FlsSetValue
0x1400df098 FlushFileBuffers
0x1400df0a0 FormatMessageA
0x1400df0a8 FreeEnvironmentStringsW
0x1400df0b0 FreeLibrary
0x1400df0b8 GetACP
0x1400df0c0 GetCPInfo
0x1400df0c8 GetCommandLineA
0x1400df0d0 GetCommandLineW
0x1400df0d8 GetConsoleMode
0x1400df0e0 GetConsoleOutputCP
0x1400df0e8 GetCurrentProcess
0x1400df0f0 GetCurrentProcessId
0x1400df0f8 GetCurrentThreadId
0x1400df100 GetEnvironmentStringsW
0x1400df108 GetExitCodeProcess
0x1400df110 GetFileAttributesW
0x1400df118 GetFileSizeEx
0x1400df120 GetFileType
0x1400df128 GetLastError
0x1400df130 GetModuleFileNameW
0x1400df138 GetModuleHandleExW
0x1400df140 GetModuleHandleW
0x1400df148 GetOEMCP
0x1400df150 GetProcAddress
0x1400df158 GetProcessHeap
0x1400df160 GetStartupInfoW
0x1400df168 GetStdHandle
0x1400df170 GetStringTypeW
0x1400df178 GetSystemTimeAsFileTime
0x1400df180 GetTempPathW
0x1400df188 HeapAlloc
0x1400df190 HeapFree
0x1400df198 HeapReAlloc
0x1400df1a0 HeapSize
0x1400df1a8 InitializeCriticalSectionAndSpinCount
0x1400df1b0 InitializeSListHead
0x1400df1b8 IsDebuggerPresent
0x1400df1c0 IsProcessorFeaturePresent
0x1400df1c8 IsValidCodePage
0x1400df1d0 LCMapStringW
0x1400df1d8 LeaveCriticalSection
0x1400df1e0 LoadLibraryExW
0x1400df1e8 LoadResource
0x1400df1f0 LockResource
0x1400df1f8 MultiByteToWideChar
0x1400df200 QueryPerformanceCounter
0x1400df208 RaiseException
0x1400df210 RtlCaptureContext
0x1400df218 RtlLookupFunctionEntry
0x1400df220 RtlPcToFileHeader
0x1400df228 RtlUnwindEx
0x1400df230 RtlVirtualUnwind
0x1400df238 SetConsoleCtrlHandler
0x1400df240 SetEnvironmentVariableA
0x1400df248 SetFilePointerEx
0x1400df250 SetLastError
0x1400df258 SetStdHandle
0x1400df260 SetUnhandledExceptionFilter
0x1400df268 SizeofResource
0x1400df270 Sleep
0x1400df278 TerminateProcess
0x1400df280 TlsAlloc
0x1400df288 TlsFree
0x1400df290 TlsGetValue
0x1400df298 TlsSetValue
0x1400df2a0 UnhandledExceptionFilter
0x1400df2a8 WaitForSingleObject
0x1400df2b0 WideCharToMultiByte
0x1400df2b8 WriteConsoleW
0x1400df2c0 WriteFile
KERNEL32.dll
0x1400df2d0 HeapAlloc
0x1400df2d8 HeapFree
0x1400df2e0 ExitProcess
0x1400df2e8 LoadLibraryA
0x1400df2f0 GetModuleHandleA
0x1400df2f8 GetProcAddress
EAT(Export Address Table) is none