Report - Setup2.exe

Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32
ScreenShot
Created 2024.08.21 13:46 Machine s1_win7_x6401
Filename Setup2.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
2
Behavior Score
2.6
ZERO API file : malware
VT API (file) 43 detected (malicious, high confidence, Kryptik, Vw2w, Attribute, HighConfidence, Artemis, Barys, Cryptnot, TrojanPSW, CryptBot, du8Y4XG1zuF, lkoxs, AMADEY, YXEHQZ, Detected, ai score=85, CCJD, TERNBI, ZexaF, @@Z@aGJn11c, GdSda, QQPass, QQRob, Pnkl, confidence, 3DGW)
md5 37263ede84012177cab167dc23457074
sha256 9afd9e70b6f166cfc6de30e206dff5963073a6faeff5bcc93ee131df79894fc2
ssdeep 98304:RYXXi4g+Xlxnn0wG9lY/3HeEqD1iG05rY:REXiJ+Xlxnn5Ydpb8rY
imphash 92a00f4d0a4448266e9c638fdb1341b9
impfuzzy 24:8fiFCDcn+kLEGTX5XG0bhkNJl6vlbDcqxZ96HGXZQ:8fiJ+k4GTXJG0bhkNJl6vRwqt6HGG
  Network IP location

Signature (5cnts)

Level Description
danger File has been identified by 43 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Resolves a suspicious Top Level Domain (TLD)
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system

Rules (5cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Admin_Tool_IN_Zero Admin Tool Sysinternals binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
fivexc5pt.top Unknown clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0xf361e0 DeleteCriticalSection
 0xf361e4 EnterCriticalSection
 0xf361e8 FreeLibrary
 0xf361ec GetLastError
 0xf361f0 GetModuleHandleA
 0xf361f4 GetModuleHandleW
 0xf361f8 GetProcAddress
 0xf361fc GetStartupInfoA
 0xf36200 GetTempPathA
 0xf36204 InitializeCriticalSection
 0xf36208 IsDBCSLeadByteEx
 0xf3620c LeaveCriticalSection
 0xf36210 LoadLibraryA
 0xf36214 MultiByteToWideChar
 0xf36218 SetUnhandledExceptionFilter
 0xf3621c Sleep
 0xf36220 TlsGetValue
 0xf36224 VirtualProtect
 0xf36228 VirtualQuery
 0xf3622c WideCharToMultiByte
 0xf36230 lstrlenA
msvcrt.dll
 0xf36238 __getmainargs
 0xf3623c __initenv
 0xf36240 __lconv_init
 0xf36244 __mb_cur_max
 0xf36248 __p__acmdln
 0xf3624c __p__commode
 0xf36250 __p__fmode
 0xf36254 __set_app_type
 0xf36258 __setusermatherr
 0xf3625c _amsg_exit
 0xf36260 _assert
 0xf36264 _cexit
 0xf36268 _errno
 0xf3626c _chsize
 0xf36270 _filelengthi64
 0xf36274 _fileno
 0xf36278 _initterm
 0xf3627c _iob
 0xf36280 _lock
 0xf36284 _onexit
 0xf36288 _unlock
 0xf3628c abort
 0xf36290 atoi
 0xf36294 calloc
 0xf36298 exit
 0xf3629c fclose
 0xf362a0 fflush
 0xf362a4 fgetpos
 0xf362a8 fopen
 0xf362ac fputc
 0xf362b0 fread
 0xf362b4 free
 0xf362b8 freopen
 0xf362bc fsetpos
 0xf362c0 fwrite
 0xf362c4 getc
 0xf362c8 islower
 0xf362cc isspace
 0xf362d0 isupper
 0xf362d4 isxdigit
 0xf362d8 localeconv
 0xf362dc malloc
 0xf362e0 memcmp
 0xf362e4 memcpy
 0xf362e8 memmove
 0xf362ec memset
 0xf362f0 mktime
 0xf362f4 localtime
 0xf362f8 difftime
 0xf362fc _mkdir
 0xf36300 perror
 0xf36304 puts
 0xf36308 realloc
 0xf3630c remove
 0xf36310 setlocale
 0xf36314 signal
 0xf36318 strchr
 0xf3631c strcmp
 0xf36320 strcpy
 0xf36324 strerror
 0xf36328 strlen
 0xf3632c strncmp
 0xf36330 strncpy
 0xf36334 strtol
 0xf36338 strtoul
 0xf3633c tolower
 0xf36340 ungetc
 0xf36344 vfprintf
 0xf36348 time
 0xf3634c wcslen
 0xf36350 wcstombs
 0xf36354 _stat
 0xf36358 _utime
 0xf3635c _fileno
 0xf36360 _chmod
SHELL32.dll
 0xf36368 ShellExecuteA

EAT(Export Address Table) Library

0x53814a main


Similarity measure (PE file only) - Checking for service failure