ScreenShot
| Created | 2024.08.08 16:07 | Machine | s1_win7_x6401 |
| Filename | Launcher_Setup.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (AIDetectMalware, malicious, high confidence, score, Artemis, Unsafe, Vxcm, Attribute, HighConfidence, a variant of WinGo, CoinMiner, CLASSIC, AGEN, Packed2, IcedID, Detected, Wacatac, qwiupl, 9FB9NQ, ABTrojan, KTHM, Chgt, Gencirc, Miner) | ||
| md5 | 6c1f3f90da84d774ee602dd603a5a22e | ||
| sha256 | 0ef487a74c9432e7664ac6dec0fe7227cef529f1f853f135551e77eb7ee1beb6 | ||
| ssdeep | 196608:Bxu8qA0BUzkxvGZumVhIwjgU+BYTK0f822q5Hvz:BlqA6GZuGhrgU+Brq822mHr | ||
| imphash | 6a40a4f7eaa6168dea2368a2ebe729cc | ||
| impfuzzy | 96:wJexMCyamrRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wgryXLe3SFomQ6+STjz | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x141d0749c AddAtomA
0x141d074a4 AddVectoredContinueHandler
0x141d074ac AddVectoredExceptionHandler
0x141d074b4 CloseHandle
0x141d074bc CreateEventA
0x141d074c4 CreateFileA
0x141d074cc CreateIoCompletionPort
0x141d074d4 CreateMutexA
0x141d074dc CreateSemaphoreA
0x141d074e4 CreateThread
0x141d074ec CreateWaitableTimerExW
0x141d074f4 DeleteAtom
0x141d074fc DeleteCriticalSection
0x141d07504 DuplicateHandle
0x141d0750c EnterCriticalSection
0x141d07514 ExitProcess
0x141d0751c FindAtomA
0x141d07524 FormatMessageA
0x141d0752c FreeEnvironmentStringsW
0x141d07534 GetAtomNameA
0x141d0753c GetConsoleMode
0x141d07544 GetCurrentProcess
0x141d0754c GetCurrentProcessId
0x141d07554 GetCurrentThread
0x141d0755c GetCurrentThreadId
0x141d07564 GetEnvironmentStringsW
0x141d0756c GetErrorMode
0x141d07574 GetHandleInformation
0x141d0757c GetLastError
0x141d07584 GetModuleHandleA
0x141d0758c GetProcAddress
0x141d07594 GetProcessAffinityMask
0x141d0759c GetQueuedCompletionStatusEx
0x141d075a4 GetStartupInfoA
0x141d075ac GetStdHandle
0x141d075b4 GetSystemDirectoryA
0x141d075bc GetSystemInfo
0x141d075c4 GetSystemTimeAsFileTime
0x141d075cc GetThreadContext
0x141d075d4 GetThreadPriority
0x141d075dc GetTickCount
0x141d075e4 InitializeCriticalSection
0x141d075ec IsDBCSLeadByteEx
0x141d075f4 IsDebuggerPresent
0x141d075fc LeaveCriticalSection
0x141d07604 LoadLibraryExW
0x141d0760c LoadLibraryW
0x141d07614 LocalFree
0x141d0761c MultiByteToWideChar
0x141d07624 OpenProcess
0x141d0762c OutputDebugStringA
0x141d07634 PostQueuedCompletionStatus
0x141d0763c QueryPerformanceCounter
0x141d07644 QueryPerformanceFrequency
0x141d0764c RaiseException
0x141d07654 RaiseFailFastException
0x141d0765c ReleaseMutex
0x141d07664 ReleaseSemaphore
0x141d0766c RemoveVectoredExceptionHandler
0x141d07674 ResetEvent
0x141d0767c ResumeThread
0x141d07684 RtlLookupFunctionEntry
0x141d0768c RtlVirtualUnwind
0x141d07694 SetConsoleCtrlHandler
0x141d0769c SetErrorMode
0x141d076a4 SetEvent
0x141d076ac SetLastError
0x141d076b4 SetProcessAffinityMask
0x141d076bc SetProcessPriorityBoost
0x141d076c4 SetThreadContext
0x141d076cc SetThreadPriority
0x141d076d4 SetUnhandledExceptionFilter
0x141d076dc SetWaitableTimer
0x141d076e4 Sleep
0x141d076ec SuspendThread
0x141d076f4 SwitchToThread
0x141d076fc TlsAlloc
0x141d07704 TlsGetValue
0x141d0770c TlsSetValue
0x141d07714 TryEnterCriticalSection
0x141d0771c VirtualAlloc
0x141d07724 VirtualFree
0x141d0772c VirtualProtect
0x141d07734 VirtualQuery
0x141d0773c WaitForMultipleObjects
0x141d07744 WaitForSingleObject
0x141d0774c WerGetFlags
0x141d07754 WerSetFlags
0x141d0775c WideCharToMultiByte
0x141d07764 WriteConsoleW
0x141d0776c WriteFile
0x141d07774 __C_specific_handler
msvcrt.dll
0x141d07784 ___lc_codepage_func
0x141d0778c ___mb_cur_max_func
0x141d07794 __getmainargs
0x141d0779c __initenv
0x141d077a4 __iob_func
0x141d077ac __lconv_init
0x141d077b4 __set_app_type
0x141d077bc __setusermatherr
0x141d077c4 _acmdln
0x141d077cc _amsg_exit
0x141d077d4 _beginthread
0x141d077dc _beginthreadex
0x141d077e4 _cexit
0x141d077ec _commode
0x141d077f4 _endthreadex
0x141d077fc _errno
0x141d07804 _fmode
0x141d0780c _initterm
0x141d07814 _lock
0x141d0781c _memccpy
0x141d07824 _onexit
0x141d0782c _setjmp
0x141d07834 _strdup
0x141d0783c _ultoa
0x141d07844 _unlock
0x141d0784c abort
0x141d07854 calloc
0x141d0785c exit
0x141d07864 fprintf
0x141d0786c fputc
0x141d07874 free
0x141d0787c fwrite
0x141d07884 localeconv
0x141d0788c longjmp
0x141d07894 malloc
0x141d0789c memcpy
0x141d078a4 memmove
0x141d078ac memset
0x141d078b4 printf
0x141d078bc realloc
0x141d078c4 signal
0x141d078cc strerror
0x141d078d4 strlen
0x141d078dc strncmp
0x141d078e4 vfprintf
0x141d078ec wcslen
EAT(Export Address Table) Library
0x141d04890 _cgo_dummy_export
0x140cd9510 secp256k1GoPanicError
0x140cd94c0 secp256k1GoPanicIllegal
KERNEL32.dll
0x141d0749c AddAtomA
0x141d074a4 AddVectoredContinueHandler
0x141d074ac AddVectoredExceptionHandler
0x141d074b4 CloseHandle
0x141d074bc CreateEventA
0x141d074c4 CreateFileA
0x141d074cc CreateIoCompletionPort
0x141d074d4 CreateMutexA
0x141d074dc CreateSemaphoreA
0x141d074e4 CreateThread
0x141d074ec CreateWaitableTimerExW
0x141d074f4 DeleteAtom
0x141d074fc DeleteCriticalSection
0x141d07504 DuplicateHandle
0x141d0750c EnterCriticalSection
0x141d07514 ExitProcess
0x141d0751c FindAtomA
0x141d07524 FormatMessageA
0x141d0752c FreeEnvironmentStringsW
0x141d07534 GetAtomNameA
0x141d0753c GetConsoleMode
0x141d07544 GetCurrentProcess
0x141d0754c GetCurrentProcessId
0x141d07554 GetCurrentThread
0x141d0755c GetCurrentThreadId
0x141d07564 GetEnvironmentStringsW
0x141d0756c GetErrorMode
0x141d07574 GetHandleInformation
0x141d0757c GetLastError
0x141d07584 GetModuleHandleA
0x141d0758c GetProcAddress
0x141d07594 GetProcessAffinityMask
0x141d0759c GetQueuedCompletionStatusEx
0x141d075a4 GetStartupInfoA
0x141d075ac GetStdHandle
0x141d075b4 GetSystemDirectoryA
0x141d075bc GetSystemInfo
0x141d075c4 GetSystemTimeAsFileTime
0x141d075cc GetThreadContext
0x141d075d4 GetThreadPriority
0x141d075dc GetTickCount
0x141d075e4 InitializeCriticalSection
0x141d075ec IsDBCSLeadByteEx
0x141d075f4 IsDebuggerPresent
0x141d075fc LeaveCriticalSection
0x141d07604 LoadLibraryExW
0x141d0760c LoadLibraryW
0x141d07614 LocalFree
0x141d0761c MultiByteToWideChar
0x141d07624 OpenProcess
0x141d0762c OutputDebugStringA
0x141d07634 PostQueuedCompletionStatus
0x141d0763c QueryPerformanceCounter
0x141d07644 QueryPerformanceFrequency
0x141d0764c RaiseException
0x141d07654 RaiseFailFastException
0x141d0765c ReleaseMutex
0x141d07664 ReleaseSemaphore
0x141d0766c RemoveVectoredExceptionHandler
0x141d07674 ResetEvent
0x141d0767c ResumeThread
0x141d07684 RtlLookupFunctionEntry
0x141d0768c RtlVirtualUnwind
0x141d07694 SetConsoleCtrlHandler
0x141d0769c SetErrorMode
0x141d076a4 SetEvent
0x141d076ac SetLastError
0x141d076b4 SetProcessAffinityMask
0x141d076bc SetProcessPriorityBoost
0x141d076c4 SetThreadContext
0x141d076cc SetThreadPriority
0x141d076d4 SetUnhandledExceptionFilter
0x141d076dc SetWaitableTimer
0x141d076e4 Sleep
0x141d076ec SuspendThread
0x141d076f4 SwitchToThread
0x141d076fc TlsAlloc
0x141d07704 TlsGetValue
0x141d0770c TlsSetValue
0x141d07714 TryEnterCriticalSection
0x141d0771c VirtualAlloc
0x141d07724 VirtualFree
0x141d0772c VirtualProtect
0x141d07734 VirtualQuery
0x141d0773c WaitForMultipleObjects
0x141d07744 WaitForSingleObject
0x141d0774c WerGetFlags
0x141d07754 WerSetFlags
0x141d0775c WideCharToMultiByte
0x141d07764 WriteConsoleW
0x141d0776c WriteFile
0x141d07774 __C_specific_handler
msvcrt.dll
0x141d07784 ___lc_codepage_func
0x141d0778c ___mb_cur_max_func
0x141d07794 __getmainargs
0x141d0779c __initenv
0x141d077a4 __iob_func
0x141d077ac __lconv_init
0x141d077b4 __set_app_type
0x141d077bc __setusermatherr
0x141d077c4 _acmdln
0x141d077cc _amsg_exit
0x141d077d4 _beginthread
0x141d077dc _beginthreadex
0x141d077e4 _cexit
0x141d077ec _commode
0x141d077f4 _endthreadex
0x141d077fc _errno
0x141d07804 _fmode
0x141d0780c _initterm
0x141d07814 _lock
0x141d0781c _memccpy
0x141d07824 _onexit
0x141d0782c _setjmp
0x141d07834 _strdup
0x141d0783c _ultoa
0x141d07844 _unlock
0x141d0784c abort
0x141d07854 calloc
0x141d0785c exit
0x141d07864 fprintf
0x141d0786c fputc
0x141d07874 free
0x141d0787c fwrite
0x141d07884 localeconv
0x141d0788c longjmp
0x141d07894 malloc
0x141d0789c memcpy
0x141d078a4 memmove
0x141d078ac memset
0x141d078b4 printf
0x141d078bc realloc
0x141d078c4 signal
0x141d078cc strerror
0x141d078d4 strlen
0x141d078dc strncmp
0x141d078e4 vfprintf
0x141d078ec wcslen
EAT(Export Address Table) Library
0x141d04890 _cgo_dummy_export
0x140cd9510 secp256k1GoPanicError
0x140cd94c0 secp256k1GoPanicIllegal