ScreenShot
| Created | 2024.04.01 07:37 | Machine | s1_win7_x6403 |
| Filename | ISetup10.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | eedbb21196d92b9ef5857d13ff848d6e | ||
| sha256 | abd4ca6f61fd0e58b778e812ee05a48155adb14178eb716c70bcd2a129cd5c56 | ||
| ssdeep | 6144:8F6TAKHbrwOfmjN6pkFU3jb7bxbgd5RCOTtop5sfSxzFTfcXMZaX:66TAKBOB6pkgBgdHRpoph/SMUX | ||
| imphash | aa3b3c495b764f201db0b7628adaf6ca | ||
| impfuzzy | 24:OztkrkRNUTgfPBl5QkK5JcDoEdQBRv9pTJGtKu9XiOovIG0oj3Nc7v96SBZatGAX:O6SFpd+lpTQTG0ENcL96SCttAQ1 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x410010 SetHandleInformation
0x410014 _lcreat
0x410018 MoveFileWithProgressA
0x41001c GetConsoleAliasesLengthA
0x410020 GetNumberFormatA
0x410024 ReadConsoleW
0x410028 GetVolumeInformationA
0x41002c GlobalFindAtomA
0x410030 SetCommConfig
0x410034 InitializeCriticalSectionAndSpinCount
0x410038 ReadConsoleInputA
0x41003c GetSystemPowerStatus
0x410040 FindNextVolumeW
0x410044 GetConsoleAliasW
0x410048 WriteConsoleW
0x41004c FileTimeToSystemTime
0x410050 CreateFileW
0x410054 ExitThread
0x410058 ZombifyActCtx
0x41005c ChangeTimerQueueTimer
0x410060 SetLastError
0x410064 GetProcAddress
0x410068 LoadLibraryA
0x41006c InterlockedExchangeAdd
0x410070 LocalAlloc
0x410074 RemoveDirectoryW
0x410078 QueryDosDeviceW
0x41007c GetModuleFileNameA
0x410080 FindFirstVolumeMountPointA
0x410084 GetCurrentDirectoryA
0x410088 CompareStringA
0x41008c PeekConsoleInputA
0x410090 GetWindowsDirectoryW
0x410094 GetTempPathA
0x410098 OutputDebugStringW
0x41009c FlushFileBuffers
0x4100a0 SetStdHandle
0x4100a4 GetLocaleInfoA
0x4100a8 FindResourceW
0x4100ac GetLastError
0x4100b0 GetEnvironmentVariableW
0x4100b4 IsProcessorFeaturePresent
0x4100b8 EncodePointer
0x4100bc DecodePointer
0x4100c0 GetCommandLineA
0x4100c4 RaiseException
0x4100c8 RtlUnwind
0x4100cc ExitProcess
0x4100d0 GetModuleHandleExW
0x4100d4 MultiByteToWideChar
0x4100d8 WideCharToMultiByte
0x4100dc IsDebuggerPresent
0x4100e0 HeapSize
0x4100e4 HeapFree
0x4100e8 GetCurrentThreadId
0x4100ec EnterCriticalSection
0x4100f0 LeaveCriticalSection
0x4100f4 GetStdHandle
0x4100f8 GetFileType
0x4100fc DeleteCriticalSection
0x410100 GetStartupInfoW
0x410104 CloseHandle
0x410108 HeapAlloc
0x41010c GetProcessHeap
0x410110 WriteFile
0x410114 GetModuleFileNameW
0x410118 QueryPerformanceCounter
0x41011c GetCurrentProcessId
0x410120 GetSystemTimeAsFileTime
0x410124 GetEnvironmentStringsW
0x410128 FreeEnvironmentStringsW
0x41012c UnhandledExceptionFilter
0x410130 SetUnhandledExceptionFilter
0x410134 Sleep
0x410138 GetCurrentProcess
0x41013c TerminateProcess
0x410140 TlsAlloc
0x410144 TlsGetValue
0x410148 TlsSetValue
0x41014c TlsFree
0x410150 GetModuleHandleW
0x410154 LoadLibraryExW
0x410158 IsValidCodePage
0x41015c GetACP
0x410160 GetOEMCP
0x410164 GetCPInfo
0x410168 HeapReAlloc
0x41016c LCMapStringW
0x410170 GetConsoleCP
0x410174 GetConsoleMode
0x410178 SetFilePointerEx
0x41017c GetStringTypeW
USER32.dll
0x410184 CharUpperBuffA
0x410188 DrawCaption
GDI32.dll
0x410008 SetTextColor
ADVAPI32.dll
0x410000 ReadEventLogW
EAT(Export Address Table) is none
KERNEL32.dll
0x410010 SetHandleInformation
0x410014 _lcreat
0x410018 MoveFileWithProgressA
0x41001c GetConsoleAliasesLengthA
0x410020 GetNumberFormatA
0x410024 ReadConsoleW
0x410028 GetVolumeInformationA
0x41002c GlobalFindAtomA
0x410030 SetCommConfig
0x410034 InitializeCriticalSectionAndSpinCount
0x410038 ReadConsoleInputA
0x41003c GetSystemPowerStatus
0x410040 FindNextVolumeW
0x410044 GetConsoleAliasW
0x410048 WriteConsoleW
0x41004c FileTimeToSystemTime
0x410050 CreateFileW
0x410054 ExitThread
0x410058 ZombifyActCtx
0x41005c ChangeTimerQueueTimer
0x410060 SetLastError
0x410064 GetProcAddress
0x410068 LoadLibraryA
0x41006c InterlockedExchangeAdd
0x410070 LocalAlloc
0x410074 RemoveDirectoryW
0x410078 QueryDosDeviceW
0x41007c GetModuleFileNameA
0x410080 FindFirstVolumeMountPointA
0x410084 GetCurrentDirectoryA
0x410088 CompareStringA
0x41008c PeekConsoleInputA
0x410090 GetWindowsDirectoryW
0x410094 GetTempPathA
0x410098 OutputDebugStringW
0x41009c FlushFileBuffers
0x4100a0 SetStdHandle
0x4100a4 GetLocaleInfoA
0x4100a8 FindResourceW
0x4100ac GetLastError
0x4100b0 GetEnvironmentVariableW
0x4100b4 IsProcessorFeaturePresent
0x4100b8 EncodePointer
0x4100bc DecodePointer
0x4100c0 GetCommandLineA
0x4100c4 RaiseException
0x4100c8 RtlUnwind
0x4100cc ExitProcess
0x4100d0 GetModuleHandleExW
0x4100d4 MultiByteToWideChar
0x4100d8 WideCharToMultiByte
0x4100dc IsDebuggerPresent
0x4100e0 HeapSize
0x4100e4 HeapFree
0x4100e8 GetCurrentThreadId
0x4100ec EnterCriticalSection
0x4100f0 LeaveCriticalSection
0x4100f4 GetStdHandle
0x4100f8 GetFileType
0x4100fc DeleteCriticalSection
0x410100 GetStartupInfoW
0x410104 CloseHandle
0x410108 HeapAlloc
0x41010c GetProcessHeap
0x410110 WriteFile
0x410114 GetModuleFileNameW
0x410118 QueryPerformanceCounter
0x41011c GetCurrentProcessId
0x410120 GetSystemTimeAsFileTime
0x410124 GetEnvironmentStringsW
0x410128 FreeEnvironmentStringsW
0x41012c UnhandledExceptionFilter
0x410130 SetUnhandledExceptionFilter
0x410134 Sleep
0x410138 GetCurrentProcess
0x41013c TerminateProcess
0x410140 TlsAlloc
0x410144 TlsGetValue
0x410148 TlsSetValue
0x41014c TlsFree
0x410150 GetModuleHandleW
0x410154 LoadLibraryExW
0x410158 IsValidCodePage
0x41015c GetACP
0x410160 GetOEMCP
0x410164 GetCPInfo
0x410168 HeapReAlloc
0x41016c LCMapStringW
0x410170 GetConsoleCP
0x410174 GetConsoleMode
0x410178 SetFilePointerEx
0x41017c GetStringTypeW
USER32.dll
0x410184 CharUpperBuffA
0x410188 DrawCaption
GDI32.dll
0x410008 SetTextColor
ADVAPI32.dll
0x410000 ReadEventLogW
EAT(Export Address Table) is none