ScreenShot
| Created | 2024.06.14 09:42 | Machine | s1_win7_x6401 |
| Filename | setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 53 detected (Common, malicious, high confidence, score, NetLoader, Doina, Unsafe, SilverFoxPrompt, swkaa, Genus, Attribute, HighConfidence, Artemis, DropperX, u1ZK0LTan7U, kasgn, R002C0XFD24, Detected, ai score=82, Wacatac, Casdet, ABDownloader, SGPL, Chgt, Gencirc, Static AI, Suspicious PE, susgen, confidence) | ||
| md5 | 50c43ce25a63eb9f2c4b74e215be8135 | ||
| sha256 | 8141aa8c8a19c466ed5d40f7d19e71a54889689711c2f2ca359e6290d24b2888 | ||
| ssdeep | 3072:TLzCQAdvh65bOaTzVlQxI+2SRvp/7UxQV2dehOAGwu1U2:TfCHhgpTzLQW+24vp/7UxQZkwu | ||
| imphash | e1d340e0eb29e7f598c6c5c9d9038cae | ||
| impfuzzy | 24:KdtOOWH+fcxOtuqtmlmldtuojMHDk1HRyv7J3XJT4mZALo:EOV+fcEtu8FDtbUNZcmZUo | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (13cnts) ?
Suricata ids
ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140015000 CreateFileA
0x140015008 GetFileSize
0x140015010 VirtualFree
0x140015018 ReadFile
0x140015020 VirtualAlloc
0x140015028 CloseHandle
0x140015030 DeleteFileA
0x140015038 SetEndOfFile
0x140015040 LoadLibraryW
0x140015048 SetStdHandle
0x140015050 WriteConsoleW
0x140015058 EncodePointer
0x140015060 DecodePointer
0x140015068 Sleep
0x140015070 InitializeCriticalSection
0x140015078 DeleteCriticalSection
0x140015080 EnterCriticalSection
0x140015088 LeaveCriticalSection
0x140015090 GetCommandLineW
0x140015098 GetStartupInfoW
0x1400150a0 RaiseException
0x1400150a8 RtlPcToFileHeader
0x1400150b0 RtlLookupFunctionEntry
0x1400150b8 RtlUnwindEx
0x1400150c0 GetLastError
0x1400150c8 HeapFree
0x1400150d0 WideCharToMultiByte
0x1400150d8 LCMapStringW
0x1400150e0 MultiByteToWideChar
0x1400150e8 GetCPInfo
0x1400150f0 HeapAlloc
0x1400150f8 InitializeCriticalSectionAndSpinCount
0x140015100 UnhandledExceptionFilter
0x140015108 SetUnhandledExceptionFilter
0x140015110 IsDebuggerPresent
0x140015118 RtlVirtualUnwind
0x140015120 RtlCaptureContext
0x140015128 TerminateProcess
0x140015130 GetCurrentProcess
0x140015138 WriteFile
0x140015140 GetConsoleCP
0x140015148 GetConsoleMode
0x140015150 GetProcAddress
0x140015158 GetModuleHandleW
0x140015160 ExitProcess
0x140015168 GetStdHandle
0x140015170 GetModuleFileNameW
0x140015178 FreeEnvironmentStringsW
0x140015180 GetEnvironmentStringsW
0x140015188 SetHandleCount
0x140015190 GetFileType
0x140015198 FlsGetValue
0x1400151a0 FlsSetValue
0x1400151a8 FlsFree
0x1400151b0 SetLastError
0x1400151b8 GetCurrentThreadId
0x1400151c0 FlsAlloc
0x1400151c8 HeapSetInformation
0x1400151d0 GetVersion
0x1400151d8 HeapCreate
0x1400151e0 QueryPerformanceCounter
0x1400151e8 GetTickCount
0x1400151f0 GetCurrentProcessId
0x1400151f8 GetSystemTimeAsFileTime
0x140015200 GetLocaleInfoW
0x140015208 HeapSize
0x140015210 FlushFileBuffers
0x140015218 SetFilePointer
0x140015220 GetACP
0x140015228 GetOEMCP
0x140015230 IsValidCodePage
0x140015238 GetStringTypeW
0x140015240 HeapReAlloc
0x140015248 GetUserDefaultLCID
0x140015250 GetLocaleInfoA
0x140015258 EnumSystemLocalesA
0x140015260 IsValidLocale
0x140015268 CreateFileW
0x140015270 GetProcessHeap
WININET.dll
0x140015280 InternetOpenA
0x140015288 InternetReadFile
0x140015290 InternetOpenUrlA
0x140015298 InternetCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x140015000 CreateFileA
0x140015008 GetFileSize
0x140015010 VirtualFree
0x140015018 ReadFile
0x140015020 VirtualAlloc
0x140015028 CloseHandle
0x140015030 DeleteFileA
0x140015038 SetEndOfFile
0x140015040 LoadLibraryW
0x140015048 SetStdHandle
0x140015050 WriteConsoleW
0x140015058 EncodePointer
0x140015060 DecodePointer
0x140015068 Sleep
0x140015070 InitializeCriticalSection
0x140015078 DeleteCriticalSection
0x140015080 EnterCriticalSection
0x140015088 LeaveCriticalSection
0x140015090 GetCommandLineW
0x140015098 GetStartupInfoW
0x1400150a0 RaiseException
0x1400150a8 RtlPcToFileHeader
0x1400150b0 RtlLookupFunctionEntry
0x1400150b8 RtlUnwindEx
0x1400150c0 GetLastError
0x1400150c8 HeapFree
0x1400150d0 WideCharToMultiByte
0x1400150d8 LCMapStringW
0x1400150e0 MultiByteToWideChar
0x1400150e8 GetCPInfo
0x1400150f0 HeapAlloc
0x1400150f8 InitializeCriticalSectionAndSpinCount
0x140015100 UnhandledExceptionFilter
0x140015108 SetUnhandledExceptionFilter
0x140015110 IsDebuggerPresent
0x140015118 RtlVirtualUnwind
0x140015120 RtlCaptureContext
0x140015128 TerminateProcess
0x140015130 GetCurrentProcess
0x140015138 WriteFile
0x140015140 GetConsoleCP
0x140015148 GetConsoleMode
0x140015150 GetProcAddress
0x140015158 GetModuleHandleW
0x140015160 ExitProcess
0x140015168 GetStdHandle
0x140015170 GetModuleFileNameW
0x140015178 FreeEnvironmentStringsW
0x140015180 GetEnvironmentStringsW
0x140015188 SetHandleCount
0x140015190 GetFileType
0x140015198 FlsGetValue
0x1400151a0 FlsSetValue
0x1400151a8 FlsFree
0x1400151b0 SetLastError
0x1400151b8 GetCurrentThreadId
0x1400151c0 FlsAlloc
0x1400151c8 HeapSetInformation
0x1400151d0 GetVersion
0x1400151d8 HeapCreate
0x1400151e0 QueryPerformanceCounter
0x1400151e8 GetTickCount
0x1400151f0 GetCurrentProcessId
0x1400151f8 GetSystemTimeAsFileTime
0x140015200 GetLocaleInfoW
0x140015208 HeapSize
0x140015210 FlushFileBuffers
0x140015218 SetFilePointer
0x140015220 GetACP
0x140015228 GetOEMCP
0x140015230 IsValidCodePage
0x140015238 GetStringTypeW
0x140015240 HeapReAlloc
0x140015248 GetUserDefaultLCID
0x140015250 GetLocaleInfoA
0x140015258 EnumSystemLocalesA
0x140015260 IsValidLocale
0x140015268 CreateFileW
0x140015270 GetProcessHeap
WININET.dll
0x140015280 InternetOpenA
0x140015288 InternetReadFile
0x140015290 InternetOpenUrlA
0x140015298 InternetCloseHandle
EAT(Export Address Table) is none