ScreenShot
| Created | 2024.08.12 09:17 | Machine | s1_win7_x6403 |
| Filename | InstallerPack_20.1.23770_win64.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 33 detected (AIDetectMalware, Rugmi, malicious, moderate confidence, Unsafe, Penguish, ipyqi, STEALC, Detected, VCQGXY, ABTrojan, DVWK, PyengyLoader, Gencirc, susgen, Behavior) | ||
| md5 | d4e494aac738b34231cb341acb16b961 | ||
| sha256 | eda401786b61b9b555596c6f88f1ea858c8946491b6a37688d6c7c859cb3a04a | ||
| ssdeep | 98304:XT0oyl9J0T4FdTM4tSpnctPL+EyYLgTjzKlgknJ1g9+JXlxso:XTpg9J0S0nctaQAu9L7so | ||
| imphash | 42d651751c1d75ed4fa8fe71751854ff | ||
| impfuzzy | 96:n70QcxmmKBTljc7jVmfsvbvuDv7ADz+B5cy1rkrxzXkkTlXFRozoMBteaU:70sBTK7jgfsvbvx+/1g3lWC | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PNG_Format_Zero | PNG Format | binaries (download) |
Network (7cnts) ?
Suricata ids
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x44a000 RegCloseKey
0x44a004 RegOpenKeyExW
0x44a008 OpenProcessToken
0x44a00c AdjustTokenPrivileges
0x44a010 LookupPrivilegeValueW
0x44a014 InitiateSystemShutdownExW
0x44a018 GetUserNameW
0x44a01c RegQueryValueExW
0x44a020 RegDeleteValueW
0x44a024 CloseEventLog
0x44a028 OpenEventLogW
0x44a02c ReportEventW
0x44a030 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x44a034 DecryptFileW
0x44a038 CreateWellKnownSid
0x44a03c InitializeAcl
0x44a040 SetEntriesInAclW
0x44a044 ChangeServiceConfigW
0x44a048 CloseServiceHandle
0x44a04c ControlService
0x44a050 OpenSCManagerW
0x44a054 OpenServiceW
0x44a058 QueryServiceStatus
0x44a05c SetNamedSecurityInfoW
0x44a060 CheckTokenMembership
0x44a064 AllocateAndInitializeSid
0x44a068 SetEntriesInAclA
0x44a06c SetSecurityDescriptorGroup
0x44a070 SetSecurityDescriptorOwner
0x44a074 SetSecurityDescriptorDacl
0x44a078 InitializeSecurityDescriptor
0x44a07c RegSetValueExW
0x44a080 RegQueryInfoKeyW
0x44a084 RegEnumValueW
0x44a088 RegEnumKeyExW
0x44a08c RegDeleteKeyW
0x44a090 RegCreateKeyExW
0x44a094 GetTokenInformation
0x44a098 CryptDestroyHash
0x44a09c CryptHashData
0x44a0a0 CryptCreateHash
0x44a0a4 CryptGetHashParam
0x44a0a8 CryptReleaseContext
0x44a0ac CryptAcquireContextW
0x44a0b0 QueryServiceConfigW
USER32.dll
0x44a35c PeekMessageW
0x44a360 PostMessageW
0x44a364 IsWindow
0x44a368 WaitForInputIdle
0x44a36c PostQuitMessage
0x44a370 GetMessageW
0x44a374 TranslateMessage
0x44a378 MsgWaitForMultipleObjects
0x44a37c PostThreadMessageW
0x44a380 GetMonitorInfoW
0x44a384 MonitorFromPoint
0x44a388 IsDialogMessageW
0x44a38c LoadCursorW
0x44a390 LoadBitmapW
0x44a394 SetWindowLongW
0x44a398 GetWindowLongW
0x44a39c GetCursorPos
0x44a3a0 MessageBoxW
0x44a3a4 CreateWindowExW
0x44a3a8 UnregisterClassW
0x44a3ac RegisterClassW
0x44a3b0 DefWindowProcW
0x44a3b4 DispatchMessageW
OLEAUT32.dll
0x44a330 VariantInit
0x44a334 SysAllocString
0x44a338 VariantClear
0x44a33c SysFreeString
GDI32.dll
0x44a0b8 DeleteDC
0x44a0bc DeleteObject
0x44a0c0 SelectObject
0x44a0c4 StretchBlt
0x44a0c8 GetObjectW
0x44a0cc CreateCompatibleDC
SHELL32.dll
0x44a34c CommandLineToArgvW
0x44a350 SHGetFolderPathW
0x44a354 ShellExecuteExW
ole32.dll
0x44a3bc CoUninitialize
0x44a3c0 CoInitializeEx
0x44a3c4 CoInitialize
0x44a3c8 StringFromGUID2
0x44a3cc CoCreateInstance
0x44a3d0 CoTaskMemFree
0x44a3d4 CLSIDFromProgID
0x44a3d8 CoInitializeSecurity
KERNEL32.dll
0x44a0d4 GetCPInfo
0x44a0d8 GetOEMCP
0x44a0dc IsValidCodePage
0x44a0e0 CloseHandle
0x44a0e4 CreateFileW
0x44a0e8 GetProcAddress
0x44a0ec LocalFree
0x44a0f0 HeapSetInformation
0x44a0f4 GetLastError
0x44a0f8 GetModuleHandleW
0x44a0fc FormatMessageW
0x44a100 lstrlenA
0x44a104 lstrlenW
0x44a108 MultiByteToWideChar
0x44a10c WideCharToMultiByte
0x44a110 LCMapStringW
0x44a114 Sleep
0x44a118 GetLocalTime
0x44a11c GetModuleFileNameW
0x44a120 ExpandEnvironmentStringsW
0x44a124 GetTempPathW
0x44a128 GetTempFileNameW
0x44a12c CreateDirectoryW
0x44a130 GetFullPathNameW
0x44a134 CompareStringW
0x44a138 GetCurrentProcessId
0x44a13c WriteFile
0x44a140 SetFilePointer
0x44a144 LoadLibraryW
0x44a148 GetSystemDirectoryW
0x44a14c CreateFileA
0x44a150 HeapAlloc
0x44a154 HeapReAlloc
0x44a158 HeapFree
0x44a15c HeapSize
0x44a160 GetProcessHeap
0x44a164 FindClose
0x44a168 GetCommandLineA
0x44a16c GetCurrentDirectoryW
0x44a170 RemoveDirectoryW
0x44a174 SetFileAttributesW
0x44a178 GetFileAttributesW
0x44a17c DeleteFileW
0x44a180 FindFirstFileW
0x44a184 FindNextFileW
0x44a188 MoveFileExW
0x44a18c GetCurrentProcess
0x44a190 GetCurrentThreadId
0x44a194 InitializeCriticalSection
0x44a198 DeleteCriticalSection
0x44a19c ReleaseMutex
0x44a1a0 TlsAlloc
0x44a1a4 TlsGetValue
0x44a1a8 TlsSetValue
0x44a1ac TlsFree
0x44a1b0 CreateProcessW
0x44a1b4 GetVersionExW
0x44a1b8 VerSetConditionMask
0x44a1bc FreeLibrary
0x44a1c0 EnterCriticalSection
0x44a1c4 LeaveCriticalSection
0x44a1c8 GetSystemTime
0x44a1cc GetNativeSystemInfo
0x44a1d0 GetModuleHandleExW
0x44a1d4 GetWindowsDirectoryW
0x44a1d8 GetSystemWow64DirectoryW
0x44a1dc GetCommandLineW
0x44a1e0 VerifyVersionInfoW
0x44a1e4 GetVolumePathNameW
0x44a1e8 GetDateFormatW
0x44a1ec GetUserDefaultUILanguage
0x44a1f0 GetSystemDefaultLangID
0x44a1f4 GetUserDefaultLangID
0x44a1f8 GetStringTypeW
0x44a1fc ReadFile
0x44a200 SetFilePointerEx
0x44a204 DuplicateHandle
0x44a208 InterlockedExchange
0x44a20c InterlockedCompareExchange
0x44a210 LoadLibraryExW
0x44a214 CreateEventW
0x44a218 ProcessIdToSessionId
0x44a21c OpenProcess
0x44a220 GetProcessId
0x44a224 WaitForSingleObject
0x44a228 ConnectNamedPipe
0x44a22c SetNamedPipeHandleState
0x44a230 CreateNamedPipeW
0x44a234 CreateThread
0x44a238 GetExitCodeThread
0x44a23c SetEvent
0x44a240 WaitForMultipleObjects
0x44a244 InterlockedIncrement
0x44a248 InterlockedDecrement
0x44a24c ResetEvent
0x44a250 SetEndOfFile
0x44a254 SetFileTime
0x44a258 LocalFileTimeToFileTime
0x44a25c DosDateTimeToFileTime
0x44a260 CompareStringA
0x44a264 GetExitCodeProcess
0x44a268 SetThreadExecutionState
0x44a26c CopyFileExW
0x44a270 MapViewOfFile
0x44a274 UnmapViewOfFile
0x44a278 CreateMutexW
0x44a27c CreateFileMappingW
0x44a280 GetThreadLocale
0x44a284 FindFirstFileExW
0x44a288 GetEnvironmentStringsW
0x44a28c FreeEnvironmentStringsW
0x44a290 SetStdHandle
0x44a294 GetConsoleCP
0x44a298 GetConsoleMode
0x44a29c FlushFileBuffers
0x44a2a0 DecodePointer
0x44a2a4 WriteConsoleW
0x44a2a8 GetModuleHandleA
0x44a2ac GlobalAlloc
0x44a2b0 GlobalFree
0x44a2b4 GetFileSizeEx
0x44a2b8 CopyFileW
0x44a2bc VirtualAlloc
0x44a2c0 VirtualFree
0x44a2c4 SystemTimeToTzSpecificLocalTime
0x44a2c8 GetTimeZoneInformation
0x44a2cc SystemTimeToFileTime
0x44a2d0 GetSystemInfo
0x44a2d4 VirtualProtect
0x44a2d8 VirtualQuery
0x44a2dc GetComputerNameW
0x44a2e0 SetCurrentDirectoryW
0x44a2e4 GetFileType
0x44a2e8 GetACP
0x44a2ec ExitProcess
0x44a2f0 GetStdHandle
0x44a2f4 InitializeCriticalSectionAndSpinCount
0x44a2f8 SetLastError
0x44a2fc RtlUnwind
0x44a300 UnhandledExceptionFilter
0x44a304 SetUnhandledExceptionFilter
0x44a308 TerminateProcess
0x44a30c IsProcessorFeaturePresent
0x44a310 QueryPerformanceCounter
0x44a314 GetSystemTimeAsFileTime
0x44a318 InitializeSListHead
0x44a31c IsDebuggerPresent
0x44a320 GetStartupInfoW
0x44a324 RaiseException
0x44a328 LoadLibraryExA
RPCRT4.dll
0x44a344 UuidCreate
EAT(Export Address Table) is none
ADVAPI32.dll
0x44a000 RegCloseKey
0x44a004 RegOpenKeyExW
0x44a008 OpenProcessToken
0x44a00c AdjustTokenPrivileges
0x44a010 LookupPrivilegeValueW
0x44a014 InitiateSystemShutdownExW
0x44a018 GetUserNameW
0x44a01c RegQueryValueExW
0x44a020 RegDeleteValueW
0x44a024 CloseEventLog
0x44a028 OpenEventLogW
0x44a02c ReportEventW
0x44a030 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x44a034 DecryptFileW
0x44a038 CreateWellKnownSid
0x44a03c InitializeAcl
0x44a040 SetEntriesInAclW
0x44a044 ChangeServiceConfigW
0x44a048 CloseServiceHandle
0x44a04c ControlService
0x44a050 OpenSCManagerW
0x44a054 OpenServiceW
0x44a058 QueryServiceStatus
0x44a05c SetNamedSecurityInfoW
0x44a060 CheckTokenMembership
0x44a064 AllocateAndInitializeSid
0x44a068 SetEntriesInAclA
0x44a06c SetSecurityDescriptorGroup
0x44a070 SetSecurityDescriptorOwner
0x44a074 SetSecurityDescriptorDacl
0x44a078 InitializeSecurityDescriptor
0x44a07c RegSetValueExW
0x44a080 RegQueryInfoKeyW
0x44a084 RegEnumValueW
0x44a088 RegEnumKeyExW
0x44a08c RegDeleteKeyW
0x44a090 RegCreateKeyExW
0x44a094 GetTokenInformation
0x44a098 CryptDestroyHash
0x44a09c CryptHashData
0x44a0a0 CryptCreateHash
0x44a0a4 CryptGetHashParam
0x44a0a8 CryptReleaseContext
0x44a0ac CryptAcquireContextW
0x44a0b0 QueryServiceConfigW
USER32.dll
0x44a35c PeekMessageW
0x44a360 PostMessageW
0x44a364 IsWindow
0x44a368 WaitForInputIdle
0x44a36c PostQuitMessage
0x44a370 GetMessageW
0x44a374 TranslateMessage
0x44a378 MsgWaitForMultipleObjects
0x44a37c PostThreadMessageW
0x44a380 GetMonitorInfoW
0x44a384 MonitorFromPoint
0x44a388 IsDialogMessageW
0x44a38c LoadCursorW
0x44a390 LoadBitmapW
0x44a394 SetWindowLongW
0x44a398 GetWindowLongW
0x44a39c GetCursorPos
0x44a3a0 MessageBoxW
0x44a3a4 CreateWindowExW
0x44a3a8 UnregisterClassW
0x44a3ac RegisterClassW
0x44a3b0 DefWindowProcW
0x44a3b4 DispatchMessageW
OLEAUT32.dll
0x44a330 VariantInit
0x44a334 SysAllocString
0x44a338 VariantClear
0x44a33c SysFreeString
GDI32.dll
0x44a0b8 DeleteDC
0x44a0bc DeleteObject
0x44a0c0 SelectObject
0x44a0c4 StretchBlt
0x44a0c8 GetObjectW
0x44a0cc CreateCompatibleDC
SHELL32.dll
0x44a34c CommandLineToArgvW
0x44a350 SHGetFolderPathW
0x44a354 ShellExecuteExW
ole32.dll
0x44a3bc CoUninitialize
0x44a3c0 CoInitializeEx
0x44a3c4 CoInitialize
0x44a3c8 StringFromGUID2
0x44a3cc CoCreateInstance
0x44a3d0 CoTaskMemFree
0x44a3d4 CLSIDFromProgID
0x44a3d8 CoInitializeSecurity
KERNEL32.dll
0x44a0d4 GetCPInfo
0x44a0d8 GetOEMCP
0x44a0dc IsValidCodePage
0x44a0e0 CloseHandle
0x44a0e4 CreateFileW
0x44a0e8 GetProcAddress
0x44a0ec LocalFree
0x44a0f0 HeapSetInformation
0x44a0f4 GetLastError
0x44a0f8 GetModuleHandleW
0x44a0fc FormatMessageW
0x44a100 lstrlenA
0x44a104 lstrlenW
0x44a108 MultiByteToWideChar
0x44a10c WideCharToMultiByte
0x44a110 LCMapStringW
0x44a114 Sleep
0x44a118 GetLocalTime
0x44a11c GetModuleFileNameW
0x44a120 ExpandEnvironmentStringsW
0x44a124 GetTempPathW
0x44a128 GetTempFileNameW
0x44a12c CreateDirectoryW
0x44a130 GetFullPathNameW
0x44a134 CompareStringW
0x44a138 GetCurrentProcessId
0x44a13c WriteFile
0x44a140 SetFilePointer
0x44a144 LoadLibraryW
0x44a148 GetSystemDirectoryW
0x44a14c CreateFileA
0x44a150 HeapAlloc
0x44a154 HeapReAlloc
0x44a158 HeapFree
0x44a15c HeapSize
0x44a160 GetProcessHeap
0x44a164 FindClose
0x44a168 GetCommandLineA
0x44a16c GetCurrentDirectoryW
0x44a170 RemoveDirectoryW
0x44a174 SetFileAttributesW
0x44a178 GetFileAttributesW
0x44a17c DeleteFileW
0x44a180 FindFirstFileW
0x44a184 FindNextFileW
0x44a188 MoveFileExW
0x44a18c GetCurrentProcess
0x44a190 GetCurrentThreadId
0x44a194 InitializeCriticalSection
0x44a198 DeleteCriticalSection
0x44a19c ReleaseMutex
0x44a1a0 TlsAlloc
0x44a1a4 TlsGetValue
0x44a1a8 TlsSetValue
0x44a1ac TlsFree
0x44a1b0 CreateProcessW
0x44a1b4 GetVersionExW
0x44a1b8 VerSetConditionMask
0x44a1bc FreeLibrary
0x44a1c0 EnterCriticalSection
0x44a1c4 LeaveCriticalSection
0x44a1c8 GetSystemTime
0x44a1cc GetNativeSystemInfo
0x44a1d0 GetModuleHandleExW
0x44a1d4 GetWindowsDirectoryW
0x44a1d8 GetSystemWow64DirectoryW
0x44a1dc GetCommandLineW
0x44a1e0 VerifyVersionInfoW
0x44a1e4 GetVolumePathNameW
0x44a1e8 GetDateFormatW
0x44a1ec GetUserDefaultUILanguage
0x44a1f0 GetSystemDefaultLangID
0x44a1f4 GetUserDefaultLangID
0x44a1f8 GetStringTypeW
0x44a1fc ReadFile
0x44a200 SetFilePointerEx
0x44a204 DuplicateHandle
0x44a208 InterlockedExchange
0x44a20c InterlockedCompareExchange
0x44a210 LoadLibraryExW
0x44a214 CreateEventW
0x44a218 ProcessIdToSessionId
0x44a21c OpenProcess
0x44a220 GetProcessId
0x44a224 WaitForSingleObject
0x44a228 ConnectNamedPipe
0x44a22c SetNamedPipeHandleState
0x44a230 CreateNamedPipeW
0x44a234 CreateThread
0x44a238 GetExitCodeThread
0x44a23c SetEvent
0x44a240 WaitForMultipleObjects
0x44a244 InterlockedIncrement
0x44a248 InterlockedDecrement
0x44a24c ResetEvent
0x44a250 SetEndOfFile
0x44a254 SetFileTime
0x44a258 LocalFileTimeToFileTime
0x44a25c DosDateTimeToFileTime
0x44a260 CompareStringA
0x44a264 GetExitCodeProcess
0x44a268 SetThreadExecutionState
0x44a26c CopyFileExW
0x44a270 MapViewOfFile
0x44a274 UnmapViewOfFile
0x44a278 CreateMutexW
0x44a27c CreateFileMappingW
0x44a280 GetThreadLocale
0x44a284 FindFirstFileExW
0x44a288 GetEnvironmentStringsW
0x44a28c FreeEnvironmentStringsW
0x44a290 SetStdHandle
0x44a294 GetConsoleCP
0x44a298 GetConsoleMode
0x44a29c FlushFileBuffers
0x44a2a0 DecodePointer
0x44a2a4 WriteConsoleW
0x44a2a8 GetModuleHandleA
0x44a2ac GlobalAlloc
0x44a2b0 GlobalFree
0x44a2b4 GetFileSizeEx
0x44a2b8 CopyFileW
0x44a2bc VirtualAlloc
0x44a2c0 VirtualFree
0x44a2c4 SystemTimeToTzSpecificLocalTime
0x44a2c8 GetTimeZoneInformation
0x44a2cc SystemTimeToFileTime
0x44a2d0 GetSystemInfo
0x44a2d4 VirtualProtect
0x44a2d8 VirtualQuery
0x44a2dc GetComputerNameW
0x44a2e0 SetCurrentDirectoryW
0x44a2e4 GetFileType
0x44a2e8 GetACP
0x44a2ec ExitProcess
0x44a2f0 GetStdHandle
0x44a2f4 InitializeCriticalSectionAndSpinCount
0x44a2f8 SetLastError
0x44a2fc RtlUnwind
0x44a300 UnhandledExceptionFilter
0x44a304 SetUnhandledExceptionFilter
0x44a308 TerminateProcess
0x44a30c IsProcessorFeaturePresent
0x44a310 QueryPerformanceCounter
0x44a314 GetSystemTimeAsFileTime
0x44a318 InitializeSListHead
0x44a31c IsDebuggerPresent
0x44a320 GetStartupInfoW
0x44a324 RaiseException
0x44a328 LoadLibraryExA
RPCRT4.dll
0x44a344 UuidCreate
EAT(Export Address Table) is none