ScreenShot
| Created | 2024.08.06 09:14 | Machine | s1_win7_x6401 |
| Filename | Install.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetectMalware, Pucrpt, malicious, high confidence, score, ExNuma, Unsafe, Hacktool, Kryptik, Vcv9, Attribute, HighConfidence, HNPY, GenericRXRE, TrojanX, Crysan, 16hue2QNSkM, ZPACK, ASYNCRAT, YXEHDZ, Real Protect, high, Static AI, Malicious PE, Detected, ai score=82, Bladabindi, QuasarRAT, Eldorado, R442079, BScope, Krypt, Genetic, susgen, confidence, 100%, A9OKG) | ||
| md5 | 59d3bc9ca446bf4fcce3a93cdbce134a | ||
| sha256 | 1a45c674c9c80cee378a210c83c2492baae976727c62bbaf262ee06e6b88c1db | ||
| ssdeep | 6144:3RptkRZIFoIkY/7J81GyQUMTa5+suXqWxHNDf1CPyysAosQSPJHdlLTpn:jHoIfjJ80Rl86xHTCPvsASQJHd | ||
| imphash | 140094f13383e9ae168c4b35b6af3356 | ||
| impfuzzy | 3:ssDhBAtJ1MO/OywSdop3JzsSxqEsSx2ASAy0JS9KTXzhAXw+cazdX0JEBJJJITpe:/1BOZ/OcoBLSRGDGhFJI59OwZJqBs0JD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x4510a0 CreateThread
0x4510a4 ExitProcess
0x4510a8 GetComputerNameA
0x4510ac GetModuleFileNameA
0x4510b0 GetModuleHandleW
0x4510b4 GetProcAddress
0x4510b8 SetErrorMode
0x4510bc Sleep
0x4510c0 VirtualAllocExNuma
Shlwapi.dll
0x45116c PathFindFileNameA
msvcrt.dll
0x4511a4 malloc
0x4511a8 free
0x4511ac memset
0x4511b0 strcmp
0x4511b4 _strcmpi
0x4511b8 strcpy
EAT(Export Address Table) is none
kernel32.dll
0x4510a0 CreateThread
0x4510a4 ExitProcess
0x4510a8 GetComputerNameA
0x4510ac GetModuleFileNameA
0x4510b0 GetModuleHandleW
0x4510b4 GetProcAddress
0x4510b8 SetErrorMode
0x4510bc Sleep
0x4510c0 VirtualAllocExNuma
Shlwapi.dll
0x45116c PathFindFileNameA
msvcrt.dll
0x4511a4 malloc
0x4511a8 free
0x4511ac memset
0x4511b0 strcmp
0x4511b4 _strcmpi
0x4511b8 strcpy
EAT(Export Address Table) is none