ScreenShot
| Created | 2024.01.20 18:07 | Machine | s1_win7_x6401 |
| Filename | SetupPowerGREPDemo.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 17 detected (AIDetectMalware, Artemis, unsafe, Vjmb, Attribute, HighConfidence, a variant of Generik, NWVIAQV, Outbreak, Detected, Sabsik, Znyonm, MALICIOUS, PossibleThreat) | ||
| md5 | a29a203a471bcfaf00f00386bc60aee6 | ||
| sha256 | a5f1498dc8e50a7e9963ed8b55e575100cb69c88c55da2d5e7db97df8c4aa948 | ||
| ssdeep | 98304:t1WMEE+OPwN9l2fRgddw304vSyEh5B+3ZQRVYF:PlEEOj2fRdPvSfZs | ||
| imphash | ed09c5c4cacb27832d351757dabfe0a6 | ||
| impfuzzy | 48:qJrK1QxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJeCxMCyamCRHu42xQ2HPXiX1PgblTJo | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | wget_command | wget command | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140d2f484 AddAtomA
0x140d2f48c AddVectoredExceptionHandler
0x140d2f494 CloseHandle
0x140d2f49c CreateEventA
0x140d2f4a4 CreateFileA
0x140d2f4ac CreateIoCompletionPort
0x140d2f4b4 CreateMutexA
0x140d2f4bc CreateSemaphoreA
0x140d2f4c4 CreateThread
0x140d2f4cc CreateWaitableTimerA
0x140d2f4d4 CreateWaitableTimerExW
0x140d2f4dc DeleteAtom
0x140d2f4e4 DeleteCriticalSection
0x140d2f4ec DuplicateHandle
0x140d2f4f4 EnterCriticalSection
0x140d2f4fc ExitProcess
0x140d2f504 FindAtomA
0x140d2f50c FormatMessageA
0x140d2f514 FreeEnvironmentStringsW
0x140d2f51c GetAtomNameA
0x140d2f524 GetConsoleMode
0x140d2f52c GetCurrentProcess
0x140d2f534 GetCurrentProcessId
0x140d2f53c GetCurrentThread
0x140d2f544 GetCurrentThreadId
0x140d2f54c GetEnvironmentStringsW
0x140d2f554 GetErrorMode
0x140d2f55c GetHandleInformation
0x140d2f564 GetLastError
0x140d2f56c GetProcAddress
0x140d2f574 GetProcessAffinityMask
0x140d2f57c GetQueuedCompletionStatusEx
0x140d2f584 GetStartupInfoA
0x140d2f58c GetStdHandle
0x140d2f594 GetSystemDirectoryA
0x140d2f59c GetSystemInfo
0x140d2f5a4 GetSystemTimeAsFileTime
0x140d2f5ac GetThreadContext
0x140d2f5b4 GetThreadPriority
0x140d2f5bc GetTickCount
0x140d2f5c4 InitializeCriticalSection
0x140d2f5cc IsDBCSLeadByteEx
0x140d2f5d4 IsDebuggerPresent
0x140d2f5dc LeaveCriticalSection
0x140d2f5e4 LoadLibraryExW
0x140d2f5ec LoadLibraryW
0x140d2f5f4 LocalFree
0x140d2f5fc MultiByteToWideChar
0x140d2f604 OpenProcess
0x140d2f60c OutputDebugStringA
0x140d2f614 PostQueuedCompletionStatus
0x140d2f61c QueryPerformanceCounter
0x140d2f624 QueryPerformanceFrequency
0x140d2f62c RaiseException
0x140d2f634 RaiseFailFastException
0x140d2f63c ReleaseMutex
0x140d2f644 ReleaseSemaphore
0x140d2f64c RemoveVectoredExceptionHandler
0x140d2f654 ResetEvent
0x140d2f65c ResumeThread
0x140d2f664 SetConsoleCtrlHandler
0x140d2f66c SetErrorMode
0x140d2f674 SetEvent
0x140d2f67c SetLastError
0x140d2f684 SetProcessAffinityMask
0x140d2f68c SetProcessPriorityBoost
0x140d2f694 SetThreadContext
0x140d2f69c SetThreadPriority
0x140d2f6a4 SetUnhandledExceptionFilter
0x140d2f6ac SetWaitableTimer
0x140d2f6b4 Sleep
0x140d2f6bc SuspendThread
0x140d2f6c4 SwitchToThread
0x140d2f6cc TlsAlloc
0x140d2f6d4 TlsGetValue
0x140d2f6dc TlsSetValue
0x140d2f6e4 TryEnterCriticalSection
0x140d2f6ec VirtualAlloc
0x140d2f6f4 VirtualFree
0x140d2f6fc VirtualProtect
0x140d2f704 VirtualQuery
0x140d2f70c WaitForMultipleObjects
0x140d2f714 WaitForSingleObject
0x140d2f71c WerGetFlags
0x140d2f724 WerSetFlags
0x140d2f72c WideCharToMultiByte
0x140d2f734 WriteConsoleW
0x140d2f73c WriteFile
0x140d2f744 __C_specific_handler
msvcrt.dll
0x140d2f754 ___lc_codepage_func
0x140d2f75c ___mb_cur_max_func
0x140d2f764 __getmainargs
0x140d2f76c __initenv
0x140d2f774 __iob_func
0x140d2f77c __lconv_init
0x140d2f784 __set_app_type
0x140d2f78c __setusermatherr
0x140d2f794 _acmdln
0x140d2f79c _amsg_exit
0x140d2f7a4 _beginthread
0x140d2f7ac _beginthreadex
0x140d2f7b4 _cexit
0x140d2f7bc _commode
0x140d2f7c4 _endthreadex
0x140d2f7cc _errno
0x140d2f7d4 _fmode
0x140d2f7dc _initterm
0x140d2f7e4 _lock
0x140d2f7ec _memccpy
0x140d2f7f4 _onexit
0x140d2f7fc _setjmp
0x140d2f804 _strdup
0x140d2f80c _ultoa
0x140d2f814 _unlock
0x140d2f81c abort
0x140d2f824 calloc
0x140d2f82c exit
0x140d2f834 fprintf
0x140d2f83c fputc
0x140d2f844 free
0x140d2f84c fwrite
0x140d2f854 localeconv
0x140d2f85c longjmp
0x140d2f864 malloc
0x140d2f86c memcpy
0x140d2f874 memmove
0x140d2f87c memset
0x140d2f884 printf
0x140d2f88c realloc
0x140d2f894 signal
0x140d2f89c strerror
0x140d2f8a4 strlen
0x140d2f8ac strncmp
0x140d2f8b4 vfprintf
0x140d2f8bc wcslen
EAT(Export Address Table) Library
0x140d2c8b0 _cgo_dummy_export
KERNEL32.dll
0x140d2f484 AddAtomA
0x140d2f48c AddVectoredExceptionHandler
0x140d2f494 CloseHandle
0x140d2f49c CreateEventA
0x140d2f4a4 CreateFileA
0x140d2f4ac CreateIoCompletionPort
0x140d2f4b4 CreateMutexA
0x140d2f4bc CreateSemaphoreA
0x140d2f4c4 CreateThread
0x140d2f4cc CreateWaitableTimerA
0x140d2f4d4 CreateWaitableTimerExW
0x140d2f4dc DeleteAtom
0x140d2f4e4 DeleteCriticalSection
0x140d2f4ec DuplicateHandle
0x140d2f4f4 EnterCriticalSection
0x140d2f4fc ExitProcess
0x140d2f504 FindAtomA
0x140d2f50c FormatMessageA
0x140d2f514 FreeEnvironmentStringsW
0x140d2f51c GetAtomNameA
0x140d2f524 GetConsoleMode
0x140d2f52c GetCurrentProcess
0x140d2f534 GetCurrentProcessId
0x140d2f53c GetCurrentThread
0x140d2f544 GetCurrentThreadId
0x140d2f54c GetEnvironmentStringsW
0x140d2f554 GetErrorMode
0x140d2f55c GetHandleInformation
0x140d2f564 GetLastError
0x140d2f56c GetProcAddress
0x140d2f574 GetProcessAffinityMask
0x140d2f57c GetQueuedCompletionStatusEx
0x140d2f584 GetStartupInfoA
0x140d2f58c GetStdHandle
0x140d2f594 GetSystemDirectoryA
0x140d2f59c GetSystemInfo
0x140d2f5a4 GetSystemTimeAsFileTime
0x140d2f5ac GetThreadContext
0x140d2f5b4 GetThreadPriority
0x140d2f5bc GetTickCount
0x140d2f5c4 InitializeCriticalSection
0x140d2f5cc IsDBCSLeadByteEx
0x140d2f5d4 IsDebuggerPresent
0x140d2f5dc LeaveCriticalSection
0x140d2f5e4 LoadLibraryExW
0x140d2f5ec LoadLibraryW
0x140d2f5f4 LocalFree
0x140d2f5fc MultiByteToWideChar
0x140d2f604 OpenProcess
0x140d2f60c OutputDebugStringA
0x140d2f614 PostQueuedCompletionStatus
0x140d2f61c QueryPerformanceCounter
0x140d2f624 QueryPerformanceFrequency
0x140d2f62c RaiseException
0x140d2f634 RaiseFailFastException
0x140d2f63c ReleaseMutex
0x140d2f644 ReleaseSemaphore
0x140d2f64c RemoveVectoredExceptionHandler
0x140d2f654 ResetEvent
0x140d2f65c ResumeThread
0x140d2f664 SetConsoleCtrlHandler
0x140d2f66c SetErrorMode
0x140d2f674 SetEvent
0x140d2f67c SetLastError
0x140d2f684 SetProcessAffinityMask
0x140d2f68c SetProcessPriorityBoost
0x140d2f694 SetThreadContext
0x140d2f69c SetThreadPriority
0x140d2f6a4 SetUnhandledExceptionFilter
0x140d2f6ac SetWaitableTimer
0x140d2f6b4 Sleep
0x140d2f6bc SuspendThread
0x140d2f6c4 SwitchToThread
0x140d2f6cc TlsAlloc
0x140d2f6d4 TlsGetValue
0x140d2f6dc TlsSetValue
0x140d2f6e4 TryEnterCriticalSection
0x140d2f6ec VirtualAlloc
0x140d2f6f4 VirtualFree
0x140d2f6fc VirtualProtect
0x140d2f704 VirtualQuery
0x140d2f70c WaitForMultipleObjects
0x140d2f714 WaitForSingleObject
0x140d2f71c WerGetFlags
0x140d2f724 WerSetFlags
0x140d2f72c WideCharToMultiByte
0x140d2f734 WriteConsoleW
0x140d2f73c WriteFile
0x140d2f744 __C_specific_handler
msvcrt.dll
0x140d2f754 ___lc_codepage_func
0x140d2f75c ___mb_cur_max_func
0x140d2f764 __getmainargs
0x140d2f76c __initenv
0x140d2f774 __iob_func
0x140d2f77c __lconv_init
0x140d2f784 __set_app_type
0x140d2f78c __setusermatherr
0x140d2f794 _acmdln
0x140d2f79c _amsg_exit
0x140d2f7a4 _beginthread
0x140d2f7ac _beginthreadex
0x140d2f7b4 _cexit
0x140d2f7bc _commode
0x140d2f7c4 _endthreadex
0x140d2f7cc _errno
0x140d2f7d4 _fmode
0x140d2f7dc _initterm
0x140d2f7e4 _lock
0x140d2f7ec _memccpy
0x140d2f7f4 _onexit
0x140d2f7fc _setjmp
0x140d2f804 _strdup
0x140d2f80c _ultoa
0x140d2f814 _unlock
0x140d2f81c abort
0x140d2f824 calloc
0x140d2f82c exit
0x140d2f834 fprintf
0x140d2f83c fputc
0x140d2f844 free
0x140d2f84c fwrite
0x140d2f854 localeconv
0x140d2f85c longjmp
0x140d2f864 malloc
0x140d2f86c memcpy
0x140d2f874 memmove
0x140d2f87c memset
0x140d2f884 printf
0x140d2f88c realloc
0x140d2f894 signal
0x140d2f89c strerror
0x140d2f8a4 strlen
0x140d2f8ac strncmp
0x140d2f8b4 vfprintf
0x140d2f8bc wcslen
EAT(Export Address Table) Library
0x140d2c8b0 _cgo_dummy_export