ScreenShot
| Created | 2024.06.14 09:17 | Machine | s1_win7_x6401 |
| Filename | setup%E7%9B%AE%E5%BD%95%E8%A1%A8%E6%A0%BC%E5%90%8D%E5%8D%956001.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 6 detected (malicious, high confidence, Injuke, moderate, score, Sabsik, susgen) | ||
| md5 | 7fbc6a95fc41c5bb0fecdd659d641ae9 | ||
| sha256 | 6f230022e87603e77015b30bf28f3a18fb668c290d79a797c5fcb1ba667b6bcf | ||
| ssdeep | 3072:1sTFNXXCODoKGDCEywH4/vikDv24LFYjRPOghNrXA4O8JHtiEIV98HegZUv/+X:aTzSeGDP54/vz0RPOghNrXATQgEIb8sv | ||
| imphash | 1dd621ff12e95cf57bd923accc9fd2d0 | ||
| impfuzzy | 24:VmDmUO8tQzvle0ut+1HRnlyv96J3EFT4NxOaNTc+Z9wd:38tWut+HK9aQcNvK+Z9W | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140014000 LoadLibraryW
0x140014008 GetProcAddress
0x140014010 EnumSystemLocalesA
0x140014018 GetLocaleInfoA
0x140014020 GetCommandLineW
0x140014028 GetStartupInfoW
0x140014030 TerminateProcess
0x140014038 GetCurrentProcess
0x140014040 UnhandledExceptionFilter
0x140014048 SetUnhandledExceptionFilter
0x140014050 IsDebuggerPresent
0x140014058 RtlVirtualUnwind
0x140014060 RtlLookupFunctionEntry
0x140014068 RtlCaptureContext
0x140014070 GetLastError
0x140014078 HeapFree
0x140014080 EncodePointer
0x140014088 DecodePointer
0x140014090 HeapAlloc
0x140014098 RaiseException
0x1400140a0 RtlPcToFileHeader
0x1400140a8 GetModuleHandleW
0x1400140b0 ExitProcess
0x1400140b8 WriteFile
0x1400140c0 GetStdHandle
0x1400140c8 GetModuleFileNameW
0x1400140d0 RtlUnwindEx
0x1400140d8 FreeEnvironmentStringsW
0x1400140e0 GetEnvironmentStringsW
0x1400140e8 SetHandleCount
0x1400140f0 InitializeCriticalSectionAndSpinCount
0x1400140f8 GetFileType
0x140014100 DeleteCriticalSection
0x140014108 FlsGetValue
0x140014110 FlsSetValue
0x140014118 FlsFree
0x140014120 SetLastError
0x140014128 GetCurrentThreadId
0x140014130 GetCurrentThread
0x140014138 FlsAlloc
0x140014140 HeapSetInformation
0x140014148 GetVersion
0x140014150 HeapCreate
0x140014158 HeapDestroy
0x140014160 QueryPerformanceCounter
0x140014168 GetTickCount
0x140014170 GetCurrentProcessId
0x140014178 GetSystemTimeAsFileTime
0x140014180 Sleep
0x140014188 HeapSize
0x140014190 LeaveCriticalSection
0x140014198 FatalAppExitA
0x1400141a0 EnterCriticalSection
0x1400141a8 SetConsoleCtrlHandler
0x1400141b0 FreeLibrary
0x1400141b8 GetLocaleInfoW
0x1400141c0 GetCPInfo
0x1400141c8 GetACP
0x1400141d0 GetOEMCP
0x1400141d8 IsValidCodePage
0x1400141e0 HeapReAlloc
0x1400141e8 WideCharToMultiByte
0x1400141f0 LCMapStringW
0x1400141f8 MultiByteToWideChar
0x140014200 GetStringTypeW
0x140014208 GetUserDefaultLCID
0x140014210 IsValidLocale
USER32.dll
0x140014220 MessageBoxW
EAT(Export Address Table) is none
KERNEL32.dll
0x140014000 LoadLibraryW
0x140014008 GetProcAddress
0x140014010 EnumSystemLocalesA
0x140014018 GetLocaleInfoA
0x140014020 GetCommandLineW
0x140014028 GetStartupInfoW
0x140014030 TerminateProcess
0x140014038 GetCurrentProcess
0x140014040 UnhandledExceptionFilter
0x140014048 SetUnhandledExceptionFilter
0x140014050 IsDebuggerPresent
0x140014058 RtlVirtualUnwind
0x140014060 RtlLookupFunctionEntry
0x140014068 RtlCaptureContext
0x140014070 GetLastError
0x140014078 HeapFree
0x140014080 EncodePointer
0x140014088 DecodePointer
0x140014090 HeapAlloc
0x140014098 RaiseException
0x1400140a0 RtlPcToFileHeader
0x1400140a8 GetModuleHandleW
0x1400140b0 ExitProcess
0x1400140b8 WriteFile
0x1400140c0 GetStdHandle
0x1400140c8 GetModuleFileNameW
0x1400140d0 RtlUnwindEx
0x1400140d8 FreeEnvironmentStringsW
0x1400140e0 GetEnvironmentStringsW
0x1400140e8 SetHandleCount
0x1400140f0 InitializeCriticalSectionAndSpinCount
0x1400140f8 GetFileType
0x140014100 DeleteCriticalSection
0x140014108 FlsGetValue
0x140014110 FlsSetValue
0x140014118 FlsFree
0x140014120 SetLastError
0x140014128 GetCurrentThreadId
0x140014130 GetCurrentThread
0x140014138 FlsAlloc
0x140014140 HeapSetInformation
0x140014148 GetVersion
0x140014150 HeapCreate
0x140014158 HeapDestroy
0x140014160 QueryPerformanceCounter
0x140014168 GetTickCount
0x140014170 GetCurrentProcessId
0x140014178 GetSystemTimeAsFileTime
0x140014180 Sleep
0x140014188 HeapSize
0x140014190 LeaveCriticalSection
0x140014198 FatalAppExitA
0x1400141a0 EnterCriticalSection
0x1400141a8 SetConsoleCtrlHandler
0x1400141b0 FreeLibrary
0x1400141b8 GetLocaleInfoW
0x1400141c0 GetCPInfo
0x1400141c8 GetACP
0x1400141d0 GetOEMCP
0x1400141d8 IsValidCodePage
0x1400141e0 HeapReAlloc
0x1400141e8 WideCharToMultiByte
0x1400141f0 LCMapStringW
0x1400141f8 MultiByteToWideChar
0x140014200 GetStringTypeW
0x140014208 GetUserDefaultLCID
0x140014210 IsValidLocale
USER32.dll
0x140014220 MessageBoxW
EAT(Export Address Table) is none