ScreenShot
Created | 2024.06.07 09:49 | Machine | s1_win7_x6403 |
Filename | setup-lightshot.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 20 detected (Malicious, score, CoinMiner, Unsafe, Save, moderate confidence, Generic@AI, RDML, fgfwUXAapHkzJulE3MA42w, Generic ML PUA, Wacapew, ZedlaF, ru8@aeulFink) | ||
md5 | 42d41456f2eccff630138c1ac9d50d1f | ||
sha256 | 1184e49148bacb2652d94849149ba98650ce30fb381d65a3b0b1c1a194115651 | ||
ssdeep | 24576:/6nVMk+HIj90cldHK+xAEsSwI6WnzkVCscpaoORD3KGzDKlz2Ev3rKXC+RYKe1gp:yVz7tXJsKLWl1DzDK8e+S+q58o1Hw7 | ||
imphash | 99ee65c2db82c04251a5c24f214c8892 | ||
impfuzzy | 48:S9lOXRycLbc1XFjsX1Pfc++6s1EfGt0/XCIcLFH:SzcycLbc1XFgX1Pfc++AGt0/XCIcLFH |
Network IP location
Signature (10cnts)
Level | Description |
---|---|
warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Creates a shortcut to an executable file |
notice | Creates executable files on the filesystem |
notice | Drops a binary and executes it |
info | Collects information to fingerprint the system (MachineGuid |
info | Queries for the computername |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
info | The file contains an unknown PE resource name possibly indicative of a packer |
info | This executable has a PDB path |
Rules (17cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
watch | Win32_WinRAR_SFX_Zero | Win32 WinRAR SFX | binaries (upload) |
info | IsDLL | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (upload) |
info | lnk_file_format | Microsoft Windows Shortcut File Format | binaries (download) |
info | Lnk_Format_Zero | LNK Format | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | url_file_format | Microsoft Windows Internet Shortcut File Format | binaries (download) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43c000 LocalFree
0x43c004 GetLastError
0x43c008 SetLastError
0x43c00c FormatMessageW
0x43c010 GetCurrentProcess
0x43c014 DeviceIoControl
0x43c018 SetFileTime
0x43c01c CloseHandle
0x43c020 RemoveDirectoryW
0x43c024 CreateFileW
0x43c028 DeleteFileW
0x43c02c CreateHardLinkW
0x43c030 GetShortPathNameW
0x43c034 GetLongPathNameW
0x43c038 MoveFileW
0x43c03c GetFileType
0x43c040 GetStdHandle
0x43c044 WriteFile
0x43c048 ReadFile
0x43c04c FlushFileBuffers
0x43c050 SetEndOfFile
0x43c054 SetFilePointer
0x43c058 GetCurrentProcessId
0x43c05c CreateDirectoryW
0x43c060 SetFileAttributesW
0x43c064 GetFileAttributesW
0x43c068 FindClose
0x43c06c FindFirstFileW
0x43c070 FindNextFileW
0x43c074 InterlockedDecrement
0x43c078 GetVersionExW
0x43c07c GetModuleFileNameW
0x43c080 SetCurrentDirectoryW
0x43c084 GetCurrentDirectoryW
0x43c088 GetFullPathNameW
0x43c08c FoldStringW
0x43c090 GetModuleHandleW
0x43c094 FindResourceW
0x43c098 FreeLibrary
0x43c09c GetProcAddress
0x43c0a0 ExpandEnvironmentStringsW
0x43c0a4 ExitProcess
0x43c0a8 SetThreadExecutionState
0x43c0ac Sleep
0x43c0b0 LoadLibraryW
0x43c0b4 GetSystemDirectoryW
0x43c0b8 CompareStringW
0x43c0bc AllocConsole
0x43c0c0 FreeConsole
0x43c0c4 AttachConsole
0x43c0c8 WriteConsoleW
0x43c0cc GetProcessAffinityMask
0x43c0d0 CreateThread
0x43c0d4 SetThreadPriority
0x43c0d8 InitializeCriticalSection
0x43c0dc EnterCriticalSection
0x43c0e0 LeaveCriticalSection
0x43c0e4 DeleteCriticalSection
0x43c0e8 SetEvent
0x43c0ec ResetEvent
0x43c0f0 ReleaseSemaphore
0x43c0f4 WaitForSingleObject
0x43c0f8 CreateEventW
0x43c0fc CreateSemaphoreW
0x43c100 GetSystemTime
0x43c104 SystemTimeToTzSpecificLocalTime
0x43c108 TzSpecificLocalTimeToSystemTime
0x43c10c SystemTimeToFileTime
0x43c110 FileTimeToLocalFileTime
0x43c114 LocalFileTimeToFileTime
0x43c118 FileTimeToSystemTime
0x43c11c GetCPInfo
0x43c120 IsDBCSLeadByte
0x43c124 MultiByteToWideChar
0x43c128 WideCharToMultiByte
0x43c12c GlobalAlloc
0x43c130 LockResource
0x43c134 GlobalLock
0x43c138 GlobalUnlock
0x43c13c GlobalFree
0x43c140 GlobalMemoryStatusEx
0x43c144 LoadResource
0x43c148 SizeofResource
0x43c14c GetTimeFormatW
0x43c150 GetDateFormatW
0x43c154 GetExitCodeProcess
0x43c158 GetLocalTime
0x43c15c GetTickCount
0x43c160 MapViewOfFile
0x43c164 UnmapViewOfFile
0x43c168 CreateFileMappingW
0x43c16c OpenFileMappingW
0x43c170 GetCommandLineW
0x43c174 SetEnvironmentVariableW
0x43c178 GetTempPathW
0x43c17c MoveFileExW
0x43c180 GetLocaleInfoW
0x43c184 GetNumberFormatW
0x43c188 DecodePointer
0x43c18c SetFilePointerEx
0x43c190 GetConsoleMode
0x43c194 GetConsoleCP
0x43c198 HeapSize
0x43c19c SetStdHandle
0x43c1a0 GetProcessHeap
0x43c1a4 FreeEnvironmentStringsW
0x43c1a8 GetEnvironmentStringsW
0x43c1ac GetCommandLineA
0x43c1b0 GetOEMCP
0x43c1b4 IsValidCodePage
0x43c1b8 RaiseException
0x43c1bc GetSystemInfo
0x43c1c0 VirtualProtect
0x43c1c4 VirtualQuery
0x43c1c8 LoadLibraryExA
0x43c1cc UnhandledExceptionFilter
0x43c1d0 SetUnhandledExceptionFilter
0x43c1d4 TerminateProcess
0x43c1d8 IsProcessorFeaturePresent
0x43c1dc InitializeCriticalSectionAndSpinCount
0x43c1e0 WaitForSingleObjectEx
0x43c1e4 IsDebuggerPresent
0x43c1e8 GetStartupInfoW
0x43c1ec QueryPerformanceCounter
0x43c1f0 GetCurrentThreadId
0x43c1f4 GetSystemTimeAsFileTime
0x43c1f8 InitializeSListHead
0x43c1fc RtlUnwind
0x43c200 EncodePointer
0x43c204 TlsAlloc
0x43c208 TlsGetValue
0x43c20c TlsSetValue
0x43c210 TlsFree
0x43c214 LoadLibraryExW
0x43c218 QueryPerformanceFrequency
0x43c21c GetModuleHandleExW
0x43c220 GetModuleFileNameA
0x43c224 GetACP
0x43c228 HeapFree
0x43c22c HeapAlloc
0x43c230 GetStringTypeW
0x43c234 HeapReAlloc
0x43c238 LCMapStringW
0x43c23c FindFirstFileExA
0x43c240 FindNextFileA
OLEAUT32.dll
0x43c248 SysAllocString
0x43c24c SysFreeString
0x43c250 VariantClear
gdiplus.dll
0x43c258 GdipAlloc
0x43c25c GdipDisposeImage
0x43c260 GdipCloneImage
0x43c264 GdipCreateBitmapFromStream
0x43c268 GdipCreateBitmapFromStreamICM
0x43c26c GdipCreateHBITMAPFromBitmap
0x43c270 GdiplusStartup
0x43c274 GdiplusShutdown
0x43c278 GdipFree
EAT(Export Address Table) Library
KERNEL32.dll
0x43c000 LocalFree
0x43c004 GetLastError
0x43c008 SetLastError
0x43c00c FormatMessageW
0x43c010 GetCurrentProcess
0x43c014 DeviceIoControl
0x43c018 SetFileTime
0x43c01c CloseHandle
0x43c020 RemoveDirectoryW
0x43c024 CreateFileW
0x43c028 DeleteFileW
0x43c02c CreateHardLinkW
0x43c030 GetShortPathNameW
0x43c034 GetLongPathNameW
0x43c038 MoveFileW
0x43c03c GetFileType
0x43c040 GetStdHandle
0x43c044 WriteFile
0x43c048 ReadFile
0x43c04c FlushFileBuffers
0x43c050 SetEndOfFile
0x43c054 SetFilePointer
0x43c058 GetCurrentProcessId
0x43c05c CreateDirectoryW
0x43c060 SetFileAttributesW
0x43c064 GetFileAttributesW
0x43c068 FindClose
0x43c06c FindFirstFileW
0x43c070 FindNextFileW
0x43c074 InterlockedDecrement
0x43c078 GetVersionExW
0x43c07c GetModuleFileNameW
0x43c080 SetCurrentDirectoryW
0x43c084 GetCurrentDirectoryW
0x43c088 GetFullPathNameW
0x43c08c FoldStringW
0x43c090 GetModuleHandleW
0x43c094 FindResourceW
0x43c098 FreeLibrary
0x43c09c GetProcAddress
0x43c0a0 ExpandEnvironmentStringsW
0x43c0a4 ExitProcess
0x43c0a8 SetThreadExecutionState
0x43c0ac Sleep
0x43c0b0 LoadLibraryW
0x43c0b4 GetSystemDirectoryW
0x43c0b8 CompareStringW
0x43c0bc AllocConsole
0x43c0c0 FreeConsole
0x43c0c4 AttachConsole
0x43c0c8 WriteConsoleW
0x43c0cc GetProcessAffinityMask
0x43c0d0 CreateThread
0x43c0d4 SetThreadPriority
0x43c0d8 InitializeCriticalSection
0x43c0dc EnterCriticalSection
0x43c0e0 LeaveCriticalSection
0x43c0e4 DeleteCriticalSection
0x43c0e8 SetEvent
0x43c0ec ResetEvent
0x43c0f0 ReleaseSemaphore
0x43c0f4 WaitForSingleObject
0x43c0f8 CreateEventW
0x43c0fc CreateSemaphoreW
0x43c100 GetSystemTime
0x43c104 SystemTimeToTzSpecificLocalTime
0x43c108 TzSpecificLocalTimeToSystemTime
0x43c10c SystemTimeToFileTime
0x43c110 FileTimeToLocalFileTime
0x43c114 LocalFileTimeToFileTime
0x43c118 FileTimeToSystemTime
0x43c11c GetCPInfo
0x43c120 IsDBCSLeadByte
0x43c124 MultiByteToWideChar
0x43c128 WideCharToMultiByte
0x43c12c GlobalAlloc
0x43c130 LockResource
0x43c134 GlobalLock
0x43c138 GlobalUnlock
0x43c13c GlobalFree
0x43c140 GlobalMemoryStatusEx
0x43c144 LoadResource
0x43c148 SizeofResource
0x43c14c GetTimeFormatW
0x43c150 GetDateFormatW
0x43c154 GetExitCodeProcess
0x43c158 GetLocalTime
0x43c15c GetTickCount
0x43c160 MapViewOfFile
0x43c164 UnmapViewOfFile
0x43c168 CreateFileMappingW
0x43c16c OpenFileMappingW
0x43c170 GetCommandLineW
0x43c174 SetEnvironmentVariableW
0x43c178 GetTempPathW
0x43c17c MoveFileExW
0x43c180 GetLocaleInfoW
0x43c184 GetNumberFormatW
0x43c188 DecodePointer
0x43c18c SetFilePointerEx
0x43c190 GetConsoleMode
0x43c194 GetConsoleCP
0x43c198 HeapSize
0x43c19c SetStdHandle
0x43c1a0 GetProcessHeap
0x43c1a4 FreeEnvironmentStringsW
0x43c1a8 GetEnvironmentStringsW
0x43c1ac GetCommandLineA
0x43c1b0 GetOEMCP
0x43c1b4 IsValidCodePage
0x43c1b8 RaiseException
0x43c1bc GetSystemInfo
0x43c1c0 VirtualProtect
0x43c1c4 VirtualQuery
0x43c1c8 LoadLibraryExA
0x43c1cc UnhandledExceptionFilter
0x43c1d0 SetUnhandledExceptionFilter
0x43c1d4 TerminateProcess
0x43c1d8 IsProcessorFeaturePresent
0x43c1dc InitializeCriticalSectionAndSpinCount
0x43c1e0 WaitForSingleObjectEx
0x43c1e4 IsDebuggerPresent
0x43c1e8 GetStartupInfoW
0x43c1ec QueryPerformanceCounter
0x43c1f0 GetCurrentThreadId
0x43c1f4 GetSystemTimeAsFileTime
0x43c1f8 InitializeSListHead
0x43c1fc RtlUnwind
0x43c200 EncodePointer
0x43c204 TlsAlloc
0x43c208 TlsGetValue
0x43c20c TlsSetValue
0x43c210 TlsFree
0x43c214 LoadLibraryExW
0x43c218 QueryPerformanceFrequency
0x43c21c GetModuleHandleExW
0x43c220 GetModuleFileNameA
0x43c224 GetACP
0x43c228 HeapFree
0x43c22c HeapAlloc
0x43c230 GetStringTypeW
0x43c234 HeapReAlloc
0x43c238 LCMapStringW
0x43c23c FindFirstFileExA
0x43c240 FindNextFileA
OLEAUT32.dll
0x43c248 SysAllocString
0x43c24c SysFreeString
0x43c250 VariantClear
gdiplus.dll
0x43c258 GdipAlloc
0x43c25c GdipDisposeImage
0x43c260 GdipCloneImage
0x43c264 GdipCreateBitmapFromStream
0x43c268 GdipCreateBitmapFromStreamICM
0x43c26c GdipCreateHBITMAPFromBitmap
0x43c270 GdiplusStartup
0x43c274 GdiplusShutdown
0x43c278 GdipFree
EAT(Export Address Table) Library