Report - setup222.exe

Downloader PE64 PE File
ScreenShot
Created 2024.06.17 13:29 Machine s1_win7_x6403
Filename setup222.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
5
Behavior Score
3.0
ZERO API file : malware
VT API (file) 32 detected (Casdet, malicious, high confidence, Vzf2, Attribute, HighConfidence, MalwareX, zzkxf, Detected, ai score=80, R002H01FD24, PossibleThreat, confidence)
md5 8677376c509f0c66d1f02c6b66d7ef90
sha256 f7afac39d2754ac953bf129ee094c8b092e349cdf35f1ba23c2c76a0229f9e96
ssdeep 1536:xcUkaFWP1/og2gnKHNk9DsMvWhuZMTz2PdA24LhtpgcIPfuaNZ:xchd1/NKU1u+A0fuQ
imphash f56402b453896e6c8e5cdd3b6ac705fa
impfuzzy 24:qfjBcVpb9L0uBbS6bi690h29HD4Tg94upAbzAKaihfHRtBy7JYDMLSYSySPyjwWp:qfNcVrL5B5rkdk1YwLSYSV0RCS9
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 32 AntiVirus engines on VirusTotal as malicious
watch Attempts to create or modify system certificates
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Creates executable files on the filesystem
notice Performs some HTTP requests
info Collects information to fingerprint the system (MachineGuid

Rules (3cnts)

Level Name Description Collection
watch Network_Downloader File Downloader binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (4cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://apps.identrust.com/roots/dstrootcax3.p7c US Akamai International B.V. 23.210.247.48 clean
boredombusters.online US CLOUDFLARENET 104.21.44.95 mailcious
172.67.198.131 US CLOUDFLARENET 172.67.198.131 clean
121.254.136.18 KR LG DACOM Corporation 121.254.136.18 clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x1400082c8 CloseHandle
 0x1400082d0 CreateProcessW
 0x1400082d8 DeleteCriticalSection
 0x1400082e0 EnterCriticalSection
 0x1400082e8 GetLastError
 0x1400082f0 InitializeCriticalSection
 0x1400082f8 LeaveCriticalSection
 0x140008300 SetUnhandledExceptionFilter
 0x140008308 Sleep
 0x140008310 TlsGetValue
 0x140008318 VirtualProtect
 0x140008320 VirtualQuery
api-ms-win-crt-environment-l1-1-0.dll
 0x140008330 __p__environ
 0x140008338 __p__wenviron
api-ms-win-crt-heap-l1-1-0.dll
 0x140008348 _set_new_mode
 0x140008350 calloc
 0x140008358 free
 0x140008360 malloc
api-ms-win-crt-math-l1-1-0.dll
 0x140008370 __setusermatherr
api-ms-win-crt-private-l1-1-0.dll
 0x140008380 __C_specific_handler
 0x140008388 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
 0x140008398 __p___argc
 0x1400083a0 __p___argv
 0x1400083a8 __p___wargv
 0x1400083b0 _cexit
 0x1400083b8 _configure_narrow_argv
 0x1400083c0 _configure_wide_argv
 0x1400083c8 _crt_at_quick_exit
 0x1400083d0 _crt_atexit
 0x1400083d8 _exit
 0x1400083e0 _initialize_narrow_environment
 0x1400083e8 _initialize_wide_environment
 0x1400083f0 _initterm
 0x1400083f8 _set_app_type
 0x140008400 _set_invalid_parameter_handler
 0x140008408 abort
 0x140008410 exit
 0x140008418 signal
api-ms-win-crt-stdio-l1-1-0.dll
 0x140008428 __acrt_iob_func
 0x140008430 __p__commode
 0x140008438 __p__fmode
 0x140008440 __stdio_common_vfprintf
 0x140008448 __stdio_common_vfwprintf
 0x140008450 fwrite
api-ms-win-crt-string-l1-1-0.dll
 0x140008460 strlen
 0x140008468 strncmp
api-ms-win-crt-time-l1-1-0.dll
 0x140008478 __daylight
 0x140008480 __timezone
 0x140008488 __tzname
 0x140008490 _tzset
urlmon.dll
 0x1400084a0 URLDownloadToFileW

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure