ScreenShot
| Created | 2024.04.22 13:16 | Machine | s1_win7_x6403 |
| Filename | setup294.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 27 detected (AIDetectMalware, Ciusky, malicious, confidence, Vundo, high confidence, Fero, ccmw, Generic@AI, RDML, 1eQ80gUzoMwdLMcXD, yufA, ai score=88, Wacatac, BScope, Cryprar, Static AI, Malicious SFX, Kryptik, HVWI) | ||
| md5 | 0cb2c7acebecb2db200e6987c69d2afa | ||
| sha256 | 9f072311758777f037cda8e57697a29ab403ae33b39590653a497f24151416fc | ||
| ssdeep | 98304:QRXgfBfKEXPCrGqoVhkNuX/i+TeCkg6en14et7DY7:iBo/k2q6RY7 | ||
| imphash | 082d9eac0e630d0d5aee6a677ef22e52 | ||
| impfuzzy | 48:J9gOdzKckbxXF9Bi+fcIX1IuNxhGt0/XCI03x:JGGKckbxXFji+fcIX1IGGt0/XCIKx | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (18cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43c000 GetLastError
0x43c004 FormatMessageW
0x43c008 LocalFree
0x43c00c SetLastError
0x43c010 CreateHardLinkW
0x43c014 SetFileTime
0x43c018 GetCurrentProcess
0x43c01c CloseHandle
0x43c020 CreateFileW
0x43c024 DeviceIoControl
0x43c028 RemoveDirectoryW
0x43c02c DeleteFileW
0x43c030 GetLongPathNameW
0x43c034 GetShortPathNameW
0x43c038 MoveFileW
0x43c03c GetStdHandle
0x43c040 WriteFile
0x43c044 ReadFile
0x43c048 SetFilePointer
0x43c04c SetEndOfFile
0x43c050 FlushFileBuffers
0x43c054 GetFileType
0x43c058 CreateDirectoryW
0x43c05c GetFileAttributesW
0x43c060 SetFileAttributesW
0x43c064 GetCurrentProcessId
0x43c068 FindClose
0x43c06c FindFirstFileW
0x43c070 FindNextFileW
0x43c074 GetVersionExW
0x43c078 GetFullPathNameW
0x43c07c FoldStringW
0x43c080 GetModuleFileNameW
0x43c084 SetCurrentDirectoryW
0x43c088 GetCurrentDirectoryW
0x43c08c GetModuleHandleW
0x43c090 FindResourceW
0x43c094 FreeLibrary
0x43c098 GetProcAddress
0x43c09c ExpandEnvironmentStringsW
0x43c0a0 SetThreadExecutionState
0x43c0a4 CompareStringW
0x43c0a8 AllocConsole
0x43c0ac AttachConsole
0x43c0b0 WriteConsoleW
0x43c0b4 Sleep
0x43c0b8 FreeConsole
0x43c0bc ExitProcess
0x43c0c0 GetSystemDirectoryW
0x43c0c4 LoadLibraryW
0x43c0c8 InitializeCriticalSection
0x43c0cc DeleteCriticalSection
0x43c0d0 EnterCriticalSection
0x43c0d4 LeaveCriticalSection
0x43c0d8 CreateThread
0x43c0dc WaitForSingleObject
0x43c0e0 GetProcessAffinityMask
0x43c0e4 CreateSemaphoreW
0x43c0e8 CreateEventW
0x43c0ec ReleaseSemaphore
0x43c0f0 SetThreadPriority
0x43c0f4 SetEvent
0x43c0f8 ResetEvent
0x43c0fc FileTimeToLocalFileTime
0x43c100 FileTimeToSystemTime
0x43c104 SystemTimeToTzSpecificLocalTime
0x43c108 SystemTimeToFileTime
0x43c10c LocalFileTimeToFileTime
0x43c110 TzSpecificLocalTimeToSystemTime
0x43c114 GetSystemTime
0x43c118 WideCharToMultiByte
0x43c11c MultiByteToWideChar
0x43c120 GetCPInfo
0x43c124 IsDBCSLeadByte
0x43c128 GlobalAlloc
0x43c12c SizeofResource
0x43c130 LoadResource
0x43c134 LockResource
0x43c138 GlobalLock
0x43c13c GlobalUnlock
0x43c140 GlobalFree
0x43c144 GetDateFormatW
0x43c148 GetTimeFormatW
0x43c14c GlobalMemoryStatusEx
0x43c150 GetLocaleInfoW
0x43c154 GetNumberFormatW
0x43c158 GetCommandLineW
0x43c15c OpenFileMappingW
0x43c160 MapViewOfFile
0x43c164 UnmapViewOfFile
0x43c168 SetEnvironmentVariableW
0x43c16c GetLocalTime
0x43c170 GetTickCount
0x43c174 CreateFileMappingW
0x43c178 MoveFileExW
0x43c17c GetTempPathW
0x43c180 GetExitCodeProcess
0x43c184 DecodePointer
0x43c188 GetConsoleMode
0x43c18c GetConsoleOutputCP
0x43c190 HeapSize
0x43c194 SetFilePointerEx
0x43c198 GetStringTypeW
0x43c19c SetStdHandle
0x43c1a0 GetProcessHeap
0x43c1a4 LCMapStringW
0x43c1a8 FreeEnvironmentStringsW
0x43c1ac RaiseException
0x43c1b0 GetSystemInfo
0x43c1b4 VirtualProtect
0x43c1b8 VirtualQuery
0x43c1bc LoadLibraryExA
0x43c1c0 UnhandledExceptionFilter
0x43c1c4 SetUnhandledExceptionFilter
0x43c1c8 TerminateProcess
0x43c1cc IsProcessorFeaturePresent
0x43c1d0 InitializeCriticalSectionAndSpinCount
0x43c1d4 WaitForSingleObjectEx
0x43c1d8 IsDebuggerPresent
0x43c1dc GetStartupInfoW
0x43c1e0 QueryPerformanceCounter
0x43c1e4 GetCurrentThreadId
0x43c1e8 GetSystemTimeAsFileTime
0x43c1ec InitializeSListHead
0x43c1f0 RtlUnwind
0x43c1f4 EncodePointer
0x43c1f8 TlsAlloc
0x43c1fc TlsGetValue
0x43c200 TlsSetValue
0x43c204 TlsFree
0x43c208 LoadLibraryExW
0x43c20c QueryPerformanceFrequency
0x43c210 GetModuleHandleExW
0x43c214 HeapFree
0x43c218 HeapAlloc
0x43c21c HeapReAlloc
0x43c220 FindFirstFileExW
0x43c224 IsValidCodePage
0x43c228 GetACP
0x43c22c GetOEMCP
0x43c230 GetCommandLineA
0x43c234 GetEnvironmentStringsW
OLEAUT32.dll
0x43c23c SysAllocString
0x43c240 SysFreeString
0x43c244 VariantClear
gdiplus.dll
0x43c24c GdipCreateBitmapFromStream
0x43c250 GdipAlloc
0x43c254 GdipFree
0x43c258 GdipCloneImage
0x43c25c GdipDisposeImage
0x43c260 GdipCreateHBITMAPFromBitmap
0x43c264 GdiplusStartup
0x43c268 GdiplusShutdown
EAT(Export Address Table) Library
KERNEL32.dll
0x43c000 GetLastError
0x43c004 FormatMessageW
0x43c008 LocalFree
0x43c00c SetLastError
0x43c010 CreateHardLinkW
0x43c014 SetFileTime
0x43c018 GetCurrentProcess
0x43c01c CloseHandle
0x43c020 CreateFileW
0x43c024 DeviceIoControl
0x43c028 RemoveDirectoryW
0x43c02c DeleteFileW
0x43c030 GetLongPathNameW
0x43c034 GetShortPathNameW
0x43c038 MoveFileW
0x43c03c GetStdHandle
0x43c040 WriteFile
0x43c044 ReadFile
0x43c048 SetFilePointer
0x43c04c SetEndOfFile
0x43c050 FlushFileBuffers
0x43c054 GetFileType
0x43c058 CreateDirectoryW
0x43c05c GetFileAttributesW
0x43c060 SetFileAttributesW
0x43c064 GetCurrentProcessId
0x43c068 FindClose
0x43c06c FindFirstFileW
0x43c070 FindNextFileW
0x43c074 GetVersionExW
0x43c078 GetFullPathNameW
0x43c07c FoldStringW
0x43c080 GetModuleFileNameW
0x43c084 SetCurrentDirectoryW
0x43c088 GetCurrentDirectoryW
0x43c08c GetModuleHandleW
0x43c090 FindResourceW
0x43c094 FreeLibrary
0x43c098 GetProcAddress
0x43c09c ExpandEnvironmentStringsW
0x43c0a0 SetThreadExecutionState
0x43c0a4 CompareStringW
0x43c0a8 AllocConsole
0x43c0ac AttachConsole
0x43c0b0 WriteConsoleW
0x43c0b4 Sleep
0x43c0b8 FreeConsole
0x43c0bc ExitProcess
0x43c0c0 GetSystemDirectoryW
0x43c0c4 LoadLibraryW
0x43c0c8 InitializeCriticalSection
0x43c0cc DeleteCriticalSection
0x43c0d0 EnterCriticalSection
0x43c0d4 LeaveCriticalSection
0x43c0d8 CreateThread
0x43c0dc WaitForSingleObject
0x43c0e0 GetProcessAffinityMask
0x43c0e4 CreateSemaphoreW
0x43c0e8 CreateEventW
0x43c0ec ReleaseSemaphore
0x43c0f0 SetThreadPriority
0x43c0f4 SetEvent
0x43c0f8 ResetEvent
0x43c0fc FileTimeToLocalFileTime
0x43c100 FileTimeToSystemTime
0x43c104 SystemTimeToTzSpecificLocalTime
0x43c108 SystemTimeToFileTime
0x43c10c LocalFileTimeToFileTime
0x43c110 TzSpecificLocalTimeToSystemTime
0x43c114 GetSystemTime
0x43c118 WideCharToMultiByte
0x43c11c MultiByteToWideChar
0x43c120 GetCPInfo
0x43c124 IsDBCSLeadByte
0x43c128 GlobalAlloc
0x43c12c SizeofResource
0x43c130 LoadResource
0x43c134 LockResource
0x43c138 GlobalLock
0x43c13c GlobalUnlock
0x43c140 GlobalFree
0x43c144 GetDateFormatW
0x43c148 GetTimeFormatW
0x43c14c GlobalMemoryStatusEx
0x43c150 GetLocaleInfoW
0x43c154 GetNumberFormatW
0x43c158 GetCommandLineW
0x43c15c OpenFileMappingW
0x43c160 MapViewOfFile
0x43c164 UnmapViewOfFile
0x43c168 SetEnvironmentVariableW
0x43c16c GetLocalTime
0x43c170 GetTickCount
0x43c174 CreateFileMappingW
0x43c178 MoveFileExW
0x43c17c GetTempPathW
0x43c180 GetExitCodeProcess
0x43c184 DecodePointer
0x43c188 GetConsoleMode
0x43c18c GetConsoleOutputCP
0x43c190 HeapSize
0x43c194 SetFilePointerEx
0x43c198 GetStringTypeW
0x43c19c SetStdHandle
0x43c1a0 GetProcessHeap
0x43c1a4 LCMapStringW
0x43c1a8 FreeEnvironmentStringsW
0x43c1ac RaiseException
0x43c1b0 GetSystemInfo
0x43c1b4 VirtualProtect
0x43c1b8 VirtualQuery
0x43c1bc LoadLibraryExA
0x43c1c0 UnhandledExceptionFilter
0x43c1c4 SetUnhandledExceptionFilter
0x43c1c8 TerminateProcess
0x43c1cc IsProcessorFeaturePresent
0x43c1d0 InitializeCriticalSectionAndSpinCount
0x43c1d4 WaitForSingleObjectEx
0x43c1d8 IsDebuggerPresent
0x43c1dc GetStartupInfoW
0x43c1e0 QueryPerformanceCounter
0x43c1e4 GetCurrentThreadId
0x43c1e8 GetSystemTimeAsFileTime
0x43c1ec InitializeSListHead
0x43c1f0 RtlUnwind
0x43c1f4 EncodePointer
0x43c1f8 TlsAlloc
0x43c1fc TlsGetValue
0x43c200 TlsSetValue
0x43c204 TlsFree
0x43c208 LoadLibraryExW
0x43c20c QueryPerformanceFrequency
0x43c210 GetModuleHandleExW
0x43c214 HeapFree
0x43c218 HeapAlloc
0x43c21c HeapReAlloc
0x43c220 FindFirstFileExW
0x43c224 IsValidCodePage
0x43c228 GetACP
0x43c22c GetOEMCP
0x43c230 GetCommandLineA
0x43c234 GetEnvironmentStringsW
OLEAUT32.dll
0x43c23c SysAllocString
0x43c240 SysFreeString
0x43c244 VariantClear
gdiplus.dll
0x43c24c GdipCreateBitmapFromStream
0x43c250 GdipAlloc
0x43c254 GdipFree
0x43c258 GdipCloneImage
0x43c25c GdipDisposeImage
0x43c260 GdipCreateHBITMAPFromBitmap
0x43c264 GdiplusStartup
0x43c268 GdiplusShutdown
EAT(Export Address Table) Library