ScreenShot
| Created | 2024.06.14 09:20 | Machine | s1_win7_x6401 |
| Filename | setup%E7%9B%AE%E5%BD%95%E8%A1%A8%E6%A0%BC%E5%90%8D%E5%8D%956001.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 16 detected (malicious, high confidence, Unsafe, CLOUD, Outbreak, Wacatac, susgen, confidence) | ||
| md5 | b8cc81e57efd30cab09d0256f79f7098 | ||
| sha256 | 7dba56fbf54f5a0182c11785c1799a85b45a574146017503627a9024ce14af36 | ||
| ssdeep | 3072:tI6Tiy8AHpdBnKOtevDAMD086dAHXhaasQuP:t7TVHzBnuvBD086QXhaasQuP | ||
| imphash | d37028e529a716cc20565d1059dc6360 | ||
| impfuzzy | 24:VmDaO8tQzvle0ut+1HRnlyv96J3XJT4NfSgwd:+8tWut+HK9aZcNfXW | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140007000 LoadLibraryW
0x140007008 GetProcAddress
0x140007010 GetCommandLineW
0x140007018 GetStartupInfoW
0x140007020 TerminateProcess
0x140007028 GetCurrentProcess
0x140007030 UnhandledExceptionFilter
0x140007038 SetUnhandledExceptionFilter
0x140007040 IsDebuggerPresent
0x140007048 RtlVirtualUnwind
0x140007050 RtlLookupFunctionEntry
0x140007058 RtlCaptureContext
0x140007060 GetLastError
0x140007068 HeapFree
0x140007070 EncodePointer
0x140007078 DecodePointer
0x140007080 HeapAlloc
0x140007088 RaiseException
0x140007090 RtlPcToFileHeader
0x140007098 GetModuleHandleW
0x1400070a0 ExitProcess
0x1400070a8 WriteFile
0x1400070b0 GetStdHandle
0x1400070b8 GetModuleFileNameW
0x1400070c0 RtlUnwindEx
0x1400070c8 FreeEnvironmentStringsW
0x1400070d0 GetEnvironmentStringsW
0x1400070d8 SetHandleCount
0x1400070e0 InitializeCriticalSectionAndSpinCount
0x1400070e8 GetFileType
0x1400070f0 DeleteCriticalSection
0x1400070f8 FlsGetValue
0x140007100 FlsSetValue
0x140007108 FlsFree
0x140007110 SetLastError
0x140007118 GetCurrentThreadId
0x140007120 FlsAlloc
0x140007128 HeapSetInformation
0x140007130 GetVersion
0x140007138 HeapCreate
0x140007140 QueryPerformanceCounter
0x140007148 GetTickCount
0x140007150 GetCurrentProcessId
0x140007158 GetSystemTimeAsFileTime
0x140007160 Sleep
0x140007168 HeapSize
0x140007170 LeaveCriticalSection
0x140007178 EnterCriticalSection
0x140007180 GetCPInfo
0x140007188 GetACP
0x140007190 GetOEMCP
0x140007198 IsValidCodePage
0x1400071a0 HeapReAlloc
0x1400071a8 WideCharToMultiByte
0x1400071b0 LCMapStringW
0x1400071b8 MultiByteToWideChar
0x1400071c0 GetStringTypeW
USER32.dll
0x1400071d0 MessageBoxW
EAT(Export Address Table) is none
KERNEL32.dll
0x140007000 LoadLibraryW
0x140007008 GetProcAddress
0x140007010 GetCommandLineW
0x140007018 GetStartupInfoW
0x140007020 TerminateProcess
0x140007028 GetCurrentProcess
0x140007030 UnhandledExceptionFilter
0x140007038 SetUnhandledExceptionFilter
0x140007040 IsDebuggerPresent
0x140007048 RtlVirtualUnwind
0x140007050 RtlLookupFunctionEntry
0x140007058 RtlCaptureContext
0x140007060 GetLastError
0x140007068 HeapFree
0x140007070 EncodePointer
0x140007078 DecodePointer
0x140007080 HeapAlloc
0x140007088 RaiseException
0x140007090 RtlPcToFileHeader
0x140007098 GetModuleHandleW
0x1400070a0 ExitProcess
0x1400070a8 WriteFile
0x1400070b0 GetStdHandle
0x1400070b8 GetModuleFileNameW
0x1400070c0 RtlUnwindEx
0x1400070c8 FreeEnvironmentStringsW
0x1400070d0 GetEnvironmentStringsW
0x1400070d8 SetHandleCount
0x1400070e0 InitializeCriticalSectionAndSpinCount
0x1400070e8 GetFileType
0x1400070f0 DeleteCriticalSection
0x1400070f8 FlsGetValue
0x140007100 FlsSetValue
0x140007108 FlsFree
0x140007110 SetLastError
0x140007118 GetCurrentThreadId
0x140007120 FlsAlloc
0x140007128 HeapSetInformation
0x140007130 GetVersion
0x140007138 HeapCreate
0x140007140 QueryPerformanceCounter
0x140007148 GetTickCount
0x140007150 GetCurrentProcessId
0x140007158 GetSystemTimeAsFileTime
0x140007160 Sleep
0x140007168 HeapSize
0x140007170 LeaveCriticalSection
0x140007178 EnterCriticalSection
0x140007180 GetCPInfo
0x140007188 GetACP
0x140007190 GetOEMCP
0x140007198 IsValidCodePage
0x1400071a0 HeapReAlloc
0x1400071a8 WideCharToMultiByte
0x1400071b0 LCMapStringW
0x1400071b8 MultiByteToWideChar
0x1400071c0 GetStringTypeW
USER32.dll
0x1400071d0 MessageBoxW
EAT(Export Address Table) is none