ScreenShot
| Created | 2024.06.21 16:42 | Machine | s1_win7_x6401 |
| Filename | AdBlock-1.7.5-install.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 52 detected (AIDetectMalware, Gatak, malicious, high confidence, score, GenericKD, Unsafe, Vcjh, Attribute, HighConfidence, GenKryptik, GYOY, TrojanX, YzY0Og1zgZH+0uIA, qoscg, R002C0XET24, Detected, ai score=84, CobaltStrike, ABRisk, OGGJ, Chgt, OiVkHKNpHHs, MxResIcn, PossibleThreat, confidence) | ||
| md5 | 85a156ed1856c0eda8d7d6b60ef9ab31 | ||
| sha256 | f4e2ecf1687aeb33747d1647221b97049762108dc1445d2677a4f5976ae4362b | ||
| ssdeep | 49152:Mt7sX+x2XAGZkuT/Ymi9AGVxC+N7h55KBO8t64jF5gfqnO:6EyJcjjQfqn | ||
| imphash | ed37602397e78085e01f2627992a34cb | ||
| impfuzzy | 48:FiBzS1YtSkc+ppQuYR9+c1bRJs3Kziu3CSuJzJXxM3tjkoklPD9ZxceC0GO7IQIh:OS1YtSkc+ppQuYSF6ldjVvP | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140245038 SetFilePointerEx
0x140245040 GetConsoleMode
0x140245048 GetConsoleOutputCP
0x140245050 FlushFileBuffers
0x140245058 HeapReAlloc
0x140245060 HeapSize
0x140245068 GetProcessHeap
0x140245070 LCMapStringW
0x140245078 FlsFree
0x140245080 FlsSetValue
0x140245088 FlsGetValue
0x140245090 FlsAlloc
0x140245098 CreateFileW
0x1402450a0 GetStringTypeW
0x1402450a8 GetFileType
0x1402450b0 SetStdHandle
0x1402450b8 FreeEnvironmentStringsW
0x1402450c0 GetEnvironmentStringsW
0x1402450c8 WideCharToMultiByte
0x1402450d0 MultiByteToWideChar
0x1402450d8 GetCommandLineW
0x1402450e0 GetCommandLineA
0x1402450e8 GetCPInfo
0x1402450f0 GetOEMCP
0x1402450f8 GetACP
0x140245100 IsValidCodePage
0x140245108 FindNextFileW
0x140245110 CloseHandle
0x140245118 WriteConsoleW
0x140245120 FindFirstFileExW
0x140245128 FindClose
0x140245130 HeapFree
0x140245138 HeapAlloc
0x140245140 HeapCreate
0x140245148 LoadLibraryA
0x140245150 GetProcAddress
0x140245158 GetModuleHandleA
0x140245160 QueryPerformanceCounter
0x140245168 GetCurrentProcessId
0x140245170 GetCurrentThreadId
0x140245178 GetSystemTimeAsFileTime
0x140245180 InitializeSListHead
0x140245188 RtlCaptureContext
0x140245190 RtlLookupFunctionEntry
0x140245198 RtlVirtualUnwind
0x1402451a0 IsDebuggerPresent
0x1402451a8 UnhandledExceptionFilter
0x1402451b0 SetUnhandledExceptionFilter
0x1402451b8 GetStartupInfoW
0x1402451c0 IsProcessorFeaturePresent
0x1402451c8 GetModuleHandleW
0x1402451d0 RtlUnwindEx
0x1402451d8 GetLastError
0x1402451e0 SetLastError
0x1402451e8 EnterCriticalSection
0x1402451f0 LeaveCriticalSection
0x1402451f8 DeleteCriticalSection
0x140245200 InitializeCriticalSectionAndSpinCount
0x140245208 TlsAlloc
0x140245210 TlsGetValue
0x140245218 TlsSetValue
0x140245220 TlsFree
0x140245228 FreeLibrary
0x140245230 LoadLibraryExW
0x140245238 EncodePointer
0x140245240 RaiseException
0x140245248 RtlPcToFileHeader
0x140245250 GetStdHandle
0x140245258 WriteFile
0x140245260 GetModuleFileNameW
0x140245268 GetCurrentProcess
0x140245270 ExitProcess
0x140245278 TerminateProcess
0x140245280 GetModuleHandleExW
USER32.dll
0x140245290 DrawCaption
0x140245298 AnyPopup
0x1402452a0 CreateDialogParamW
0x1402452a8 GetDlgItem
0x1402452b0 IsDlgButtonChecked
0x1402452b8 ChangeClipboardChain
0x1402452c0 EnumClipboardFormats
0x1402452c8 IsClipboardFormatAvailable
0x1402452d0 GetPriorityClipboardFormat
0x1402452d8 CharUpperW
0x1402452e0 CharPrevExA
0x1402452e8 InternalGetWindowText
0x1402452f0 MapDialogRect
0x1402452f8 LookupIconIdFromDirectoryEx
0x140245300 IsGUIThread
0x140245308 DeregisterShellHookWindow
0x140245310 SetWindowLongW
0x140245318 GetWindowLongW
0x140245320 SubtractRect
0x140245328 SetRect
0x140245330 GetCursorPos
0x140245338 EnumPropsW
0x140245340 SetScrollRange
0x140245348 GetWindowRgnBox
0x140245350 GetWindowRgn
0x140245358 GetUpdateRect
0x140245360 UpdateWindow
0x140245368 SetMenuDefaultItem
0x140245370 GetMenuItemInfoW
0x140245378 GetMenuCheckMarkDimensions
0x140245380 SetMenuItemBitmaps
0x140245388 ModifyMenuW
0x140245390 KillTimer
0x140245398 GetCapture
WINSPOOL.DRV
0x1402453c8 FindNextPrinterChangeNotification
0x1402453d0 ReadPrinter
0x1402453d8 AbortPrinter
0x1402453e0 WritePrinter
0x1402453e8 ScheduleJob
ADVAPI32.dll
0x140245000 DecryptFileW
VERSION.dll
0x1402453a8 VerInstallFileW
0x1402453b0 VerFindFileW
0x1402453b8 GetFileVersionInfoW
COMCTL32.dll
0x140245010 PropertySheetW
0x140245018 None
0x140245020 None
0x140245028 None
gdiplus.dll
0x1402453f8 GdiplusStartup
EAT(Export Address Table) is none
KERNEL32.dll
0x140245038 SetFilePointerEx
0x140245040 GetConsoleMode
0x140245048 GetConsoleOutputCP
0x140245050 FlushFileBuffers
0x140245058 HeapReAlloc
0x140245060 HeapSize
0x140245068 GetProcessHeap
0x140245070 LCMapStringW
0x140245078 FlsFree
0x140245080 FlsSetValue
0x140245088 FlsGetValue
0x140245090 FlsAlloc
0x140245098 CreateFileW
0x1402450a0 GetStringTypeW
0x1402450a8 GetFileType
0x1402450b0 SetStdHandle
0x1402450b8 FreeEnvironmentStringsW
0x1402450c0 GetEnvironmentStringsW
0x1402450c8 WideCharToMultiByte
0x1402450d0 MultiByteToWideChar
0x1402450d8 GetCommandLineW
0x1402450e0 GetCommandLineA
0x1402450e8 GetCPInfo
0x1402450f0 GetOEMCP
0x1402450f8 GetACP
0x140245100 IsValidCodePage
0x140245108 FindNextFileW
0x140245110 CloseHandle
0x140245118 WriteConsoleW
0x140245120 FindFirstFileExW
0x140245128 FindClose
0x140245130 HeapFree
0x140245138 HeapAlloc
0x140245140 HeapCreate
0x140245148 LoadLibraryA
0x140245150 GetProcAddress
0x140245158 GetModuleHandleA
0x140245160 QueryPerformanceCounter
0x140245168 GetCurrentProcessId
0x140245170 GetCurrentThreadId
0x140245178 GetSystemTimeAsFileTime
0x140245180 InitializeSListHead
0x140245188 RtlCaptureContext
0x140245190 RtlLookupFunctionEntry
0x140245198 RtlVirtualUnwind
0x1402451a0 IsDebuggerPresent
0x1402451a8 UnhandledExceptionFilter
0x1402451b0 SetUnhandledExceptionFilter
0x1402451b8 GetStartupInfoW
0x1402451c0 IsProcessorFeaturePresent
0x1402451c8 GetModuleHandleW
0x1402451d0 RtlUnwindEx
0x1402451d8 GetLastError
0x1402451e0 SetLastError
0x1402451e8 EnterCriticalSection
0x1402451f0 LeaveCriticalSection
0x1402451f8 DeleteCriticalSection
0x140245200 InitializeCriticalSectionAndSpinCount
0x140245208 TlsAlloc
0x140245210 TlsGetValue
0x140245218 TlsSetValue
0x140245220 TlsFree
0x140245228 FreeLibrary
0x140245230 LoadLibraryExW
0x140245238 EncodePointer
0x140245240 RaiseException
0x140245248 RtlPcToFileHeader
0x140245250 GetStdHandle
0x140245258 WriteFile
0x140245260 GetModuleFileNameW
0x140245268 GetCurrentProcess
0x140245270 ExitProcess
0x140245278 TerminateProcess
0x140245280 GetModuleHandleExW
USER32.dll
0x140245290 DrawCaption
0x140245298 AnyPopup
0x1402452a0 CreateDialogParamW
0x1402452a8 GetDlgItem
0x1402452b0 IsDlgButtonChecked
0x1402452b8 ChangeClipboardChain
0x1402452c0 EnumClipboardFormats
0x1402452c8 IsClipboardFormatAvailable
0x1402452d0 GetPriorityClipboardFormat
0x1402452d8 CharUpperW
0x1402452e0 CharPrevExA
0x1402452e8 InternalGetWindowText
0x1402452f0 MapDialogRect
0x1402452f8 LookupIconIdFromDirectoryEx
0x140245300 IsGUIThread
0x140245308 DeregisterShellHookWindow
0x140245310 SetWindowLongW
0x140245318 GetWindowLongW
0x140245320 SubtractRect
0x140245328 SetRect
0x140245330 GetCursorPos
0x140245338 EnumPropsW
0x140245340 SetScrollRange
0x140245348 GetWindowRgnBox
0x140245350 GetWindowRgn
0x140245358 GetUpdateRect
0x140245360 UpdateWindow
0x140245368 SetMenuDefaultItem
0x140245370 GetMenuItemInfoW
0x140245378 GetMenuCheckMarkDimensions
0x140245380 SetMenuItemBitmaps
0x140245388 ModifyMenuW
0x140245390 KillTimer
0x140245398 GetCapture
WINSPOOL.DRV
0x1402453c8 FindNextPrinterChangeNotification
0x1402453d0 ReadPrinter
0x1402453d8 AbortPrinter
0x1402453e0 WritePrinter
0x1402453e8 ScheduleJob
ADVAPI32.dll
0x140245000 DecryptFileW
VERSION.dll
0x1402453a8 VerInstallFileW
0x1402453b0 VerFindFileW
0x1402453b8 GetFileVersionInfoW
COMCTL32.dll
0x140245010 PropertySheetW
0x140245018 None
0x140245020 None
0x140245028 None
gdiplus.dll
0x1402453f8 GdiplusStartup
EAT(Export Address Table) is none