ScreenShot
| Created | 2024.06.14 09:28 | Machine | s1_win7_x6401 |
| Filename | setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956056.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (Common, malicious, high confidence, GenericKDZ, Unsafe, Vvbv, xycsah, Genric, cg4jjrc1DLF, lhkgd, R03BC0XDT24, Detected, ai score=86, GrayWare, Caypnamer, Casdet, ABDownloader, PGBU, R646446, Neshta, FileInfector, susgen, confidence) | ||
| md5 | 2b2690881f0030510504113baf20831b | ||
| sha256 | c2ffdc8abad170351313c2cf2dc4f6ef3f9c320543f0608a37dbf75da2e2b539 | ||
| ssdeep | 6144:jPTc+NurrbUTp1YC+P6PPPTP2PdN2WHPPjLB:jYpUDYCu | ||
| imphash | 5c1e1a097c044357c4eefded92c1ce68 | ||
| impfuzzy | 24:6mDBOOle0u//+1HRnlyv96J3XJT4NfjQzSgwd:ycu//+HK9aZcNfj+W | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Foreign language identified in PE resource |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140007000 GetCurrentThread
0x140007008 LoadLibraryW
0x140007010 GetProcAddress
0x140007018 QueueUserAPC
0x140007020 GetModuleHandleA
0x140007028 VirtualProtect
0x140007030 GetCommandLineW
0x140007038 GetStartupInfoW
0x140007040 GetLastError
0x140007048 HeapFree
0x140007050 EncodePointer
0x140007058 DecodePointer
0x140007060 HeapAlloc
0x140007068 RaiseException
0x140007070 RtlPcToFileHeader
0x140007078 SetUnhandledExceptionFilter
0x140007080 GetModuleHandleW
0x140007088 ExitProcess
0x140007090 WriteFile
0x140007098 GetStdHandle
0x1400070a0 GetModuleFileNameW
0x1400070a8 RtlUnwindEx
0x1400070b0 FreeEnvironmentStringsW
0x1400070b8 GetEnvironmentStringsW
0x1400070c0 SetHandleCount
0x1400070c8 InitializeCriticalSectionAndSpinCount
0x1400070d0 GetFileType
0x1400070d8 DeleteCriticalSection
0x1400070e0 FlsGetValue
0x1400070e8 FlsSetValue
0x1400070f0 FlsFree
0x1400070f8 SetLastError
0x140007100 GetCurrentThreadId
0x140007108 FlsAlloc
0x140007110 HeapSetInformation
0x140007118 GetVersion
0x140007120 HeapCreate
0x140007128 QueryPerformanceCounter
0x140007130 GetTickCount
0x140007138 GetCurrentProcessId
0x140007140 GetSystemTimeAsFileTime
0x140007148 Sleep
0x140007150 HeapSize
0x140007158 LeaveCriticalSection
0x140007160 EnterCriticalSection
0x140007168 UnhandledExceptionFilter
0x140007170 IsDebuggerPresent
0x140007178 RtlVirtualUnwind
0x140007180 RtlLookupFunctionEntry
0x140007188 RtlCaptureContext
0x140007190 TerminateProcess
0x140007198 GetCurrentProcess
0x1400071a0 GetCPInfo
0x1400071a8 GetACP
0x1400071b0 GetOEMCP
0x1400071b8 IsValidCodePage
0x1400071c0 HeapReAlloc
0x1400071c8 WideCharToMultiByte
0x1400071d0 LCMapStringW
0x1400071d8 MultiByteToWideChar
0x1400071e0 GetStringTypeW
USER32.dll
0x1400071f0 MessageBoxW
EAT(Export Address Table) is none
KERNEL32.dll
0x140007000 GetCurrentThread
0x140007008 LoadLibraryW
0x140007010 GetProcAddress
0x140007018 QueueUserAPC
0x140007020 GetModuleHandleA
0x140007028 VirtualProtect
0x140007030 GetCommandLineW
0x140007038 GetStartupInfoW
0x140007040 GetLastError
0x140007048 HeapFree
0x140007050 EncodePointer
0x140007058 DecodePointer
0x140007060 HeapAlloc
0x140007068 RaiseException
0x140007070 RtlPcToFileHeader
0x140007078 SetUnhandledExceptionFilter
0x140007080 GetModuleHandleW
0x140007088 ExitProcess
0x140007090 WriteFile
0x140007098 GetStdHandle
0x1400070a0 GetModuleFileNameW
0x1400070a8 RtlUnwindEx
0x1400070b0 FreeEnvironmentStringsW
0x1400070b8 GetEnvironmentStringsW
0x1400070c0 SetHandleCount
0x1400070c8 InitializeCriticalSectionAndSpinCount
0x1400070d0 GetFileType
0x1400070d8 DeleteCriticalSection
0x1400070e0 FlsGetValue
0x1400070e8 FlsSetValue
0x1400070f0 FlsFree
0x1400070f8 SetLastError
0x140007100 GetCurrentThreadId
0x140007108 FlsAlloc
0x140007110 HeapSetInformation
0x140007118 GetVersion
0x140007120 HeapCreate
0x140007128 QueryPerformanceCounter
0x140007130 GetTickCount
0x140007138 GetCurrentProcessId
0x140007140 GetSystemTimeAsFileTime
0x140007148 Sleep
0x140007150 HeapSize
0x140007158 LeaveCriticalSection
0x140007160 EnterCriticalSection
0x140007168 UnhandledExceptionFilter
0x140007170 IsDebuggerPresent
0x140007178 RtlVirtualUnwind
0x140007180 RtlLookupFunctionEntry
0x140007188 RtlCaptureContext
0x140007190 TerminateProcess
0x140007198 GetCurrentProcess
0x1400071a0 GetCPInfo
0x1400071a8 GetACP
0x1400071b0 GetOEMCP
0x1400071b8 IsValidCodePage
0x1400071c0 HeapReAlloc
0x1400071c8 WideCharToMultiByte
0x1400071d0 LCMapStringW
0x1400071d8 MultiByteToWideChar
0x1400071e0 GetStringTypeW
USER32.dll
0x1400071f0 MessageBoxW
EAT(Export Address Table) is none