Report - setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe

Generic Malware Malicious Library PE64 PE File
ScreenShot
Created 2024.06.14 09:43 Machine s1_win7_x6403
Filename setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
3
Behavior Score
3.6
ZERO API file : malware
VT API (file) 50 detected (malicious, high confidence, score, Doina, Unsafe, SilverFoxPrompt, swkaa, Genus, Attribute, HighConfidence, DropperX, xycslo, u1ZK0LTan7U, ihhav, R053C0XEC24, Detected, ai score=82, Wacatac, Znyonm, ABDownloader, OMOR, Chgt, Gencirc, susgen, confidence)
md5 e52c00bdc49c2e842a573532762c5f0b
sha256 20a035c052c1dcb7c792692308e4c35a4f8bc9f742760bffcf5c0345e75ebed6
ssdeep 12288:OCHhcdA/7UxQuSl8KTKK4KKDyK5FZ1EEEEmEEE1EEEEEEEEEEElKK1KKK1KKK:Owhb/7UxQpGKTKK4KKDyK5FZ1EEEEmEI
imphash e1d340e0eb29e7f598c6c5c9d9038cae
impfuzzy 24:KdtOOWH+fcxOtuqtmlmldtuojMHDk1HRyv7J3XJT4mZALo:EOV+fcEtu8FDtbUNZcmZUo
  Network IP location

Signature (7cnts)

Level Description
danger File has been identified by 50 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
notice Allocates read-write-execute memory (usually to unpack itself)
notice Foreign language identified in PE resource
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests
info One or more processes crashed

Rules (4cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://8.134.180.138/123.conf Unknown 8.134.180.138 clean
8.134.180.138 Unknown 8.134.180.138 clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x140015000 CreateFileA
 0x140015008 GetFileSize
 0x140015010 VirtualFree
 0x140015018 ReadFile
 0x140015020 VirtualAlloc
 0x140015028 CloseHandle
 0x140015030 DeleteFileA
 0x140015038 SetEndOfFile
 0x140015040 LoadLibraryW
 0x140015048 SetStdHandle
 0x140015050 WriteConsoleW
 0x140015058 EncodePointer
 0x140015060 DecodePointer
 0x140015068 Sleep
 0x140015070 InitializeCriticalSection
 0x140015078 DeleteCriticalSection
 0x140015080 EnterCriticalSection
 0x140015088 LeaveCriticalSection
 0x140015090 GetCommandLineW
 0x140015098 GetStartupInfoW
 0x1400150a0 RaiseException
 0x1400150a8 RtlPcToFileHeader
 0x1400150b0 RtlLookupFunctionEntry
 0x1400150b8 RtlUnwindEx
 0x1400150c0 GetLastError
 0x1400150c8 HeapFree
 0x1400150d0 WideCharToMultiByte
 0x1400150d8 LCMapStringW
 0x1400150e0 MultiByteToWideChar
 0x1400150e8 GetCPInfo
 0x1400150f0 HeapAlloc
 0x1400150f8 InitializeCriticalSectionAndSpinCount
 0x140015100 UnhandledExceptionFilter
 0x140015108 SetUnhandledExceptionFilter
 0x140015110 IsDebuggerPresent
 0x140015118 RtlVirtualUnwind
 0x140015120 RtlCaptureContext
 0x140015128 TerminateProcess
 0x140015130 GetCurrentProcess
 0x140015138 WriteFile
 0x140015140 GetConsoleCP
 0x140015148 GetConsoleMode
 0x140015150 GetProcAddress
 0x140015158 GetModuleHandleW
 0x140015160 ExitProcess
 0x140015168 GetStdHandle
 0x140015170 GetModuleFileNameW
 0x140015178 FreeEnvironmentStringsW
 0x140015180 GetEnvironmentStringsW
 0x140015188 SetHandleCount
 0x140015190 GetFileType
 0x140015198 FlsGetValue
 0x1400151a0 FlsSetValue
 0x1400151a8 FlsFree
 0x1400151b0 SetLastError
 0x1400151b8 GetCurrentThreadId
 0x1400151c0 FlsAlloc
 0x1400151c8 HeapSetInformation
 0x1400151d0 GetVersion
 0x1400151d8 HeapCreate
 0x1400151e0 QueryPerformanceCounter
 0x1400151e8 GetTickCount
 0x1400151f0 GetCurrentProcessId
 0x1400151f8 GetSystemTimeAsFileTime
 0x140015200 GetLocaleInfoW
 0x140015208 HeapSize
 0x140015210 FlushFileBuffers
 0x140015218 SetFilePointer
 0x140015220 GetACP
 0x140015228 GetOEMCP
 0x140015230 IsValidCodePage
 0x140015238 GetStringTypeW
 0x140015240 HeapReAlloc
 0x140015248 GetUserDefaultLCID
 0x140015250 GetLocaleInfoA
 0x140015258 EnumSystemLocalesA
 0x140015260 IsValidLocale
 0x140015268 CreateFileW
 0x140015270 GetProcessHeap
WININET.dll
 0x140015280 InternetOpenA
 0x140015288 InternetReadFile
 0x140015290 InternetOpenUrlA
 0x140015298 InternetCloseHandle

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure