ScreenShot
| Created | 2024.01.13 02:03 | Machine | s1_win7_x6401 |
| Filename | PtzObsPluginInstaller.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (Common, malicious, high confidence, score, Lazy, unsafe, Attribute, HighConfidence, Artemis, MalwareX, Detected, ai score=84, PossibleThreat, ABRisk, ETEN, Neshta, FileInfector, Chgt, R002H09JR23, susgen, confidence) | ||
| md5 | cdad3cdfd93b23b07ad59be8cf406af6 | ||
| sha256 | 3e7a582a8859f1f836685b16d14048c1130326bbb296066e1c85d3cdc07f3d52 | ||
| ssdeep | 49152:lncxbi7BaNCaQ4KLyGKo3LJ+sD1oLQ+PUWrxUwAedoF75RVYC2d:2x0bLyGjdF1kKeK1QC2d | ||
| imphash | 3a3b12be84f04c9142a9f50675c4841c | ||
| impfuzzy | 24:HtX+cpVWcD02tMS17BgdlJBl3eDoF+oHv1GM+0aZxCpOovbOPZQwRX1/mi3:4cpV5HtMS17BgDpx+QmZn3Sw/b3 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140026020 FindResourceW
0x140026028 LockResource
0x140026030 HeapSize
0x140026038 CreateFileW
0x140026040 SizeofResource
0x140026048 CreateDirectoryA
0x140026050 WriteConsoleW
0x140026058 LoadResource
0x140026060 WideCharToMultiByte
0x140026068 GetProcessHeap
0x140026070 SetStdHandle
0x140026078 EnterCriticalSection
0x140026080 LeaveCriticalSection
0x140026088 InitializeCriticalSectionEx
0x140026090 DeleteCriticalSection
0x140026098 EncodePointer
0x1400260a0 DecodePointer
0x1400260a8 MultiByteToWideChar
0x1400260b0 LCMapStringEx
0x1400260b8 GetStringTypeW
0x1400260c0 GetCPInfo
0x1400260c8 RtlCaptureContext
0x1400260d0 RtlLookupFunctionEntry
0x1400260d8 RtlVirtualUnwind
0x1400260e0 UnhandledExceptionFilter
0x1400260e8 SetUnhandledExceptionFilter
0x1400260f0 GetCurrentProcess
0x1400260f8 TerminateProcess
0x140026100 IsProcessorFeaturePresent
0x140026108 QueryPerformanceCounter
0x140026110 GetCurrentProcessId
0x140026118 GetCurrentThreadId
0x140026120 GetSystemTimeAsFileTime
0x140026128 InitializeSListHead
0x140026130 IsDebuggerPresent
0x140026138 GetStartupInfoW
0x140026140 GetModuleHandleW
0x140026148 RtlUnwindEx
0x140026150 RtlPcToFileHeader
0x140026158 RaiseException
0x140026160 GetLastError
0x140026168 SetLastError
0x140026170 InitializeCriticalSectionAndSpinCount
0x140026178 TlsAlloc
0x140026180 TlsGetValue
0x140026188 TlsSetValue
0x140026190 TlsFree
0x140026198 FreeLibrary
0x1400261a0 GetProcAddress
0x1400261a8 LoadLibraryExW
0x1400261b0 RtlUnwind
0x1400261b8 GetStdHandle
0x1400261c0 WriteFile
0x1400261c8 GetModuleFileNameW
0x1400261d0 ExitProcess
0x1400261d8 GetModuleHandleExW
0x1400261e0 GetFileSizeEx
0x1400261e8 SetFilePointerEx
0x1400261f0 GetFileType
0x1400261f8 FlushFileBuffers
0x140026200 GetConsoleOutputCP
0x140026208 GetConsoleMode
0x140026210 HeapFree
0x140026218 CloseHandle
0x140026220 HeapAlloc
0x140026228 FlsAlloc
0x140026230 FlsGetValue
0x140026238 FlsSetValue
0x140026240 FlsFree
0x140026248 LCMapStringW
0x140026250 GetLocaleInfoW
0x140026258 IsValidLocale
0x140026260 GetUserDefaultLCID
0x140026268 EnumSystemLocalesW
0x140026270 ReadFile
0x140026278 ReadConsoleW
0x140026280 HeapReAlloc
0x140026288 FindClose
0x140026290 FindFirstFileExW
0x140026298 FindNextFileW
0x1400262a0 IsValidCodePage
0x1400262a8 GetACP
0x1400262b0 GetOEMCP
0x1400262b8 GetCommandLineA
0x1400262c0 GetCommandLineW
0x1400262c8 GetEnvironmentStringsW
0x1400262d0 FreeEnvironmentStringsW
0x1400262d8 SetEndOfFile
USER32.dll
0x1400262f8 MessageBoxW
ADVAPI32.dll
0x140026000 RegOpenKeyW
0x140026008 RegQueryValueExW
0x140026010 RegCloseKey
SHELL32.dll
0x1400262e8 SHGetFolderPathA
EAT(Export Address Table) is none
KERNEL32.dll
0x140026020 FindResourceW
0x140026028 LockResource
0x140026030 HeapSize
0x140026038 CreateFileW
0x140026040 SizeofResource
0x140026048 CreateDirectoryA
0x140026050 WriteConsoleW
0x140026058 LoadResource
0x140026060 WideCharToMultiByte
0x140026068 GetProcessHeap
0x140026070 SetStdHandle
0x140026078 EnterCriticalSection
0x140026080 LeaveCriticalSection
0x140026088 InitializeCriticalSectionEx
0x140026090 DeleteCriticalSection
0x140026098 EncodePointer
0x1400260a0 DecodePointer
0x1400260a8 MultiByteToWideChar
0x1400260b0 LCMapStringEx
0x1400260b8 GetStringTypeW
0x1400260c0 GetCPInfo
0x1400260c8 RtlCaptureContext
0x1400260d0 RtlLookupFunctionEntry
0x1400260d8 RtlVirtualUnwind
0x1400260e0 UnhandledExceptionFilter
0x1400260e8 SetUnhandledExceptionFilter
0x1400260f0 GetCurrentProcess
0x1400260f8 TerminateProcess
0x140026100 IsProcessorFeaturePresent
0x140026108 QueryPerformanceCounter
0x140026110 GetCurrentProcessId
0x140026118 GetCurrentThreadId
0x140026120 GetSystemTimeAsFileTime
0x140026128 InitializeSListHead
0x140026130 IsDebuggerPresent
0x140026138 GetStartupInfoW
0x140026140 GetModuleHandleW
0x140026148 RtlUnwindEx
0x140026150 RtlPcToFileHeader
0x140026158 RaiseException
0x140026160 GetLastError
0x140026168 SetLastError
0x140026170 InitializeCriticalSectionAndSpinCount
0x140026178 TlsAlloc
0x140026180 TlsGetValue
0x140026188 TlsSetValue
0x140026190 TlsFree
0x140026198 FreeLibrary
0x1400261a0 GetProcAddress
0x1400261a8 LoadLibraryExW
0x1400261b0 RtlUnwind
0x1400261b8 GetStdHandle
0x1400261c0 WriteFile
0x1400261c8 GetModuleFileNameW
0x1400261d0 ExitProcess
0x1400261d8 GetModuleHandleExW
0x1400261e0 GetFileSizeEx
0x1400261e8 SetFilePointerEx
0x1400261f0 GetFileType
0x1400261f8 FlushFileBuffers
0x140026200 GetConsoleOutputCP
0x140026208 GetConsoleMode
0x140026210 HeapFree
0x140026218 CloseHandle
0x140026220 HeapAlloc
0x140026228 FlsAlloc
0x140026230 FlsGetValue
0x140026238 FlsSetValue
0x140026240 FlsFree
0x140026248 LCMapStringW
0x140026250 GetLocaleInfoW
0x140026258 IsValidLocale
0x140026260 GetUserDefaultLCID
0x140026268 EnumSystemLocalesW
0x140026270 ReadFile
0x140026278 ReadConsoleW
0x140026280 HeapReAlloc
0x140026288 FindClose
0x140026290 FindFirstFileExW
0x140026298 FindNextFileW
0x1400262a0 IsValidCodePage
0x1400262a8 GetACP
0x1400262b0 GetOEMCP
0x1400262b8 GetCommandLineA
0x1400262c0 GetCommandLineW
0x1400262c8 GetEnvironmentStringsW
0x1400262d0 FreeEnvironmentStringsW
0x1400262d8 SetEndOfFile
USER32.dll
0x1400262f8 MessageBoxW
ADVAPI32.dll
0x140026000 RegOpenKeyW
0x140026008 RegQueryValueExW
0x140026010 RegCloseKey
SHELL32.dll
0x1400262e8 SHGetFolderPathA
EAT(Export Address Table) is none