ScreenShot
| Created | 2024.09.04 09:35 | Machine | s1_win7_x6401 |
| Filename | 66d7540419a3a_installer.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 12 detected (AIDetectMalware, malicious, moderate confidence, AGen, G suspicious, Virut, bwpxnc, SwollenFile, CLASSIC, GenInflated, Donut, HackTool, BundleInstaller) | ||
| md5 | 9a0770b61e54640630a3c8542c5bc7ac | ||
| sha256 | 9526753470158f5c148ba6c12f2dbd0f77cbe830ace567c44b5399d0e05b2b0c | ||
| ssdeep | 98304:wy5/EENF6+Gdav+NqOb1pdHwbsMnKMpgMFboMhW2qIYPyDFG4Z5yJSO3oa:hVzNGdbpBwoMnKMpgWoMhW2jg4LyJv3X | ||
| imphash | ce92706925e359aa40f23197a9743843 | ||
| impfuzzy | 96:dtf6bOHcDhwks4+ycPVsXp546rnkwwb4qqC/yFaeXXAGSmo:Lf6bOkKSZfnkwwb4ZC/mXXNJo | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x14001d020 None
SHELL32.dll
0x14001d3c0 ShellExecuteW
0x14001d3c8 SHBrowseForFolderW
0x14001d3d0 SHGetSpecialFolderPathW
0x14001d3d8 SHGetPathFromIDListW
0x14001d3e0 SHGetFileInfoW
0x14001d3e8 ShellExecuteExW
0x14001d3f0 SHGetMalloc
GDI32.dll
0x14001d030 CreateCompatibleDC
0x14001d038 CreateFontIndirectW
0x14001d040 DeleteObject
0x14001d048 DeleteDC
0x14001d050 GetCurrentObject
0x14001d058 StretchBlt
0x14001d060 GetDeviceCaps
0x14001d068 CreateCompatibleBitmap
0x14001d070 SelectObject
0x14001d078 SetStretchBltMode
0x14001d080 GetObjectW
ADVAPI32.dll
0x14001d000 FreeSid
0x14001d008 AllocateAndInitializeSid
0x14001d010 CheckTokenMembership
USER32.dll
0x14001d400 wvsprintfW
0x14001d408 GetSystemMenu
0x14001d410 EnableMenuItem
0x14001d418 IsWindow
0x14001d420 EnableWindow
0x14001d428 MessageBeep
0x14001d430 LoadIconW
0x14001d438 LoadImageW
0x14001d440 SetWindowsHookExW
0x14001d448 PtInRect
0x14001d450 CallNextHookEx
0x14001d458 DefWindowProcW
0x14001d460 CallWindowProcW
0x14001d468 DrawIconEx
0x14001d470 DialogBoxIndirectParamW
0x14001d478 GetWindow
0x14001d480 ClientToScreen
0x14001d488 GetDC
0x14001d490 DrawTextW
0x14001d498 ShowWindow
0x14001d4a0 SystemParametersInfoW
0x14001d4a8 GetSystemMetrics
0x14001d4b0 SetFocus
0x14001d4b8 UnhookWindowsHookEx
0x14001d4c0 GetWindowLongPtrW
0x14001d4c8 GetClientRect
0x14001d4d0 GetDlgItem
0x14001d4d8 GetKeyState
0x14001d4e0 MessageBoxA
0x14001d4e8 SetWindowTextW
0x14001d4f0 wsprintfA
0x14001d4f8 GetSysColor
0x14001d500 GetWindowTextLengthW
0x14001d508 GetWindowTextW
0x14001d510 GetClassNameA
0x14001d518 GetWindowLongW
0x14001d520 GetMenu
0x14001d528 SetWindowPos
0x14001d530 GetWindowDC
0x14001d538 ReleaseDC
0x14001d540 CopyImage
0x14001d548 GetParent
0x14001d550 GetWindowRect
0x14001d558 CharUpperW
0x14001d560 CreateWindowExW
0x14001d568 SetTimer
0x14001d570 ScreenToClient
0x14001d578 DispatchMessageW
0x14001d580 KillTimer
0x14001d588 DestroyWindow
0x14001d590 EndDialog
0x14001d598 SendMessageW
0x14001d5a0 wsprintfW
0x14001d5a8 SetWindowLongPtrW
0x14001d5b0 GetMessageW
ole32.dll
0x14001d6f0 CreateStreamOnHGlobal
0x14001d6f8 CoInitialize
0x14001d700 CoCreateInstance
OLEAUT32.dll
0x14001d3a0 SysAllocString
0x14001d3a8 VariantClear
0x14001d3b0 OleLoadPicture
KERNEL32.dll
0x14001d090 EnterCriticalSection
0x14001d098 LeaveCriticalSection
0x14001d0a0 WaitForMultipleObjects
0x14001d0a8 SetUnhandledExceptionFilter
0x14001d0b0 QueryPerformanceCounter
0x14001d0b8 GetTickCount
0x14001d0c0 DeleteCriticalSection
0x14001d0c8 SetEndOfFile
0x14001d0d0 SetFileTime
0x14001d0d8 ReadFile
0x14001d0e0 SetFilePointer
0x14001d0e8 GetFileSize
0x14001d0f0 FormatMessageW
0x14001d0f8 lstrcpyW
0x14001d100 LocalFree
0x14001d108 IsBadReadPtr
0x14001d110 GetSystemDirectoryW
0x14001d118 GetCurrentThreadId
0x14001d120 SuspendThread
0x14001d128 TerminateThread
0x14001d130 InitializeCriticalSection
0x14001d138 ResetEvent
0x14001d140 SetEvent
0x14001d148 CreateEventW
0x14001d150 GetVersionExW
0x14001d158 GetModuleFileNameW
0x14001d160 GetCurrentProcess
0x14001d168 SetProcessWorkingSetSize
0x14001d170 SetCurrentDirectoryW
0x14001d178 GetDriveTypeW
0x14001d180 CreateFileW
0x14001d188 GetCommandLineW
0x14001d190 GetStartupInfoW
0x14001d198 CreateProcessW
0x14001d1a0 CreateJobObjectW
0x14001d1a8 AssignProcessToJobObject
0x14001d1b0 CreateIoCompletionPort
0x14001d1b8 SetInformationJobObject
0x14001d1c0 ResumeThread
0x14001d1c8 GetQueuedCompletionStatus
0x14001d1d0 GetExitCodeProcess
0x14001d1d8 CloseHandle
0x14001d1e0 SetEnvironmentVariableW
0x14001d1e8 GetTempPathW
0x14001d1f0 GetSystemTimeAsFileTime
0x14001d1f8 lstrlenW
0x14001d200 CompareFileTime
0x14001d208 SetThreadLocale
0x14001d210 FindFirstFileW
0x14001d218 DeleteFileW
0x14001d220 FindNextFileW
0x14001d228 FindClose
0x14001d230 RemoveDirectoryW
0x14001d238 lstrcmpW
0x14001d240 ExpandEnvironmentStringsW
0x14001d248 WideCharToMultiByte
0x14001d250 VirtualAlloc
0x14001d258 GlobalMemoryStatusEx
0x14001d260 GetEnvironmentVariableW
0x14001d268 lstrcmpiW
0x14001d270 lstrlenA
0x14001d278 GetLocaleInfoW
0x14001d280 MultiByteToWideChar
0x14001d288 GetUserDefaultUILanguage
0x14001d290 GetSystemDefaultUILanguage
0x14001d298 GetSystemDefaultLCID
0x14001d2a0 lstrcmpiA
0x14001d2a8 GlobalAlloc
0x14001d2b0 GlobalFree
0x14001d2b8 MulDiv
0x14001d2c0 FindResourceExA
0x14001d2c8 SizeofResource
0x14001d2d0 LoadResource
0x14001d2d8 LockResource
0x14001d2e0 ExitProcess
0x14001d2e8 lstrcatW
0x14001d2f0 AddVectoredExceptionHandler
0x14001d2f8 RemoveVectoredExceptionHandler
0x14001d300 GetDiskFreeSpaceExW
0x14001d308 SetFileAttributesW
0x14001d310 SetLastError
0x14001d318 Sleep
0x14001d320 GetExitCodeThread
0x14001d328 WaitForSingleObject
0x14001d330 CreateThread
0x14001d338 GetLastError
0x14001d340 SystemTimeToFileTime
0x14001d348 GetLocalTime
0x14001d350 GetFileAttributesW
0x14001d358 CreateDirectoryW
0x14001d360 WriteFile
0x14001d368 GetStdHandle
0x14001d370 VirtualFree
0x14001d378 GetModuleHandleW
0x14001d380 GetProcAddress
0x14001d388 LoadLibraryA
0x14001d390 GetCurrentProcessId
msvcrt.dll
0x14001d5c0 __CxxFrameHandler
0x14001d5c8 _purecall
0x14001d5d0 ??3@YAXPEAX@Z
0x14001d5d8 ??2@YAPEAX_K@Z
0x14001d5e0 memcmp
0x14001d5e8 free
0x14001d5f0 memcpy
0x14001d5f8 _wtol
0x14001d600 memmove
0x14001d608 malloc
0x14001d610 wcsncmp
0x14001d618 strncmp
0x14001d620 _wcsnicmp
0x14001d628 memset
0x14001d630 ?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
0x14001d638 _beginthreadex
0x14001d640 _CxxThrowException
0x14001d648 __C_specific_handler
0x14001d650 _unlock
0x14001d658 __dllonexit
0x14001d660 _lock
0x14001d668 _onexit
0x14001d670 ??1type_info@@UEAA@XZ
0x14001d678 __getmainargs
0x14001d680 _XcptFilter
0x14001d688 _exit
0x14001d690 _ismbblead
0x14001d698 _cexit
0x14001d6a0 exit
0x14001d6a8 _acmdln
0x14001d6b0 _initterm
0x14001d6b8 _amsg_exit
0x14001d6c0 __setusermatherr
0x14001d6c8 _commode
0x14001d6d0 _fmode
0x14001d6d8 __set_app_type
0x14001d6e0 ?terminate@@YAXXZ
EAT(Export Address Table) is none
COMCTL32.dll
0x14001d020 None
SHELL32.dll
0x14001d3c0 ShellExecuteW
0x14001d3c8 SHBrowseForFolderW
0x14001d3d0 SHGetSpecialFolderPathW
0x14001d3d8 SHGetPathFromIDListW
0x14001d3e0 SHGetFileInfoW
0x14001d3e8 ShellExecuteExW
0x14001d3f0 SHGetMalloc
GDI32.dll
0x14001d030 CreateCompatibleDC
0x14001d038 CreateFontIndirectW
0x14001d040 DeleteObject
0x14001d048 DeleteDC
0x14001d050 GetCurrentObject
0x14001d058 StretchBlt
0x14001d060 GetDeviceCaps
0x14001d068 CreateCompatibleBitmap
0x14001d070 SelectObject
0x14001d078 SetStretchBltMode
0x14001d080 GetObjectW
ADVAPI32.dll
0x14001d000 FreeSid
0x14001d008 AllocateAndInitializeSid
0x14001d010 CheckTokenMembership
USER32.dll
0x14001d400 wvsprintfW
0x14001d408 GetSystemMenu
0x14001d410 EnableMenuItem
0x14001d418 IsWindow
0x14001d420 EnableWindow
0x14001d428 MessageBeep
0x14001d430 LoadIconW
0x14001d438 LoadImageW
0x14001d440 SetWindowsHookExW
0x14001d448 PtInRect
0x14001d450 CallNextHookEx
0x14001d458 DefWindowProcW
0x14001d460 CallWindowProcW
0x14001d468 DrawIconEx
0x14001d470 DialogBoxIndirectParamW
0x14001d478 GetWindow
0x14001d480 ClientToScreen
0x14001d488 GetDC
0x14001d490 DrawTextW
0x14001d498 ShowWindow
0x14001d4a0 SystemParametersInfoW
0x14001d4a8 GetSystemMetrics
0x14001d4b0 SetFocus
0x14001d4b8 UnhookWindowsHookEx
0x14001d4c0 GetWindowLongPtrW
0x14001d4c8 GetClientRect
0x14001d4d0 GetDlgItem
0x14001d4d8 GetKeyState
0x14001d4e0 MessageBoxA
0x14001d4e8 SetWindowTextW
0x14001d4f0 wsprintfA
0x14001d4f8 GetSysColor
0x14001d500 GetWindowTextLengthW
0x14001d508 GetWindowTextW
0x14001d510 GetClassNameA
0x14001d518 GetWindowLongW
0x14001d520 GetMenu
0x14001d528 SetWindowPos
0x14001d530 GetWindowDC
0x14001d538 ReleaseDC
0x14001d540 CopyImage
0x14001d548 GetParent
0x14001d550 GetWindowRect
0x14001d558 CharUpperW
0x14001d560 CreateWindowExW
0x14001d568 SetTimer
0x14001d570 ScreenToClient
0x14001d578 DispatchMessageW
0x14001d580 KillTimer
0x14001d588 DestroyWindow
0x14001d590 EndDialog
0x14001d598 SendMessageW
0x14001d5a0 wsprintfW
0x14001d5a8 SetWindowLongPtrW
0x14001d5b0 GetMessageW
ole32.dll
0x14001d6f0 CreateStreamOnHGlobal
0x14001d6f8 CoInitialize
0x14001d700 CoCreateInstance
OLEAUT32.dll
0x14001d3a0 SysAllocString
0x14001d3a8 VariantClear
0x14001d3b0 OleLoadPicture
KERNEL32.dll
0x14001d090 EnterCriticalSection
0x14001d098 LeaveCriticalSection
0x14001d0a0 WaitForMultipleObjects
0x14001d0a8 SetUnhandledExceptionFilter
0x14001d0b0 QueryPerformanceCounter
0x14001d0b8 GetTickCount
0x14001d0c0 DeleteCriticalSection
0x14001d0c8 SetEndOfFile
0x14001d0d0 SetFileTime
0x14001d0d8 ReadFile
0x14001d0e0 SetFilePointer
0x14001d0e8 GetFileSize
0x14001d0f0 FormatMessageW
0x14001d0f8 lstrcpyW
0x14001d100 LocalFree
0x14001d108 IsBadReadPtr
0x14001d110 GetSystemDirectoryW
0x14001d118 GetCurrentThreadId
0x14001d120 SuspendThread
0x14001d128 TerminateThread
0x14001d130 InitializeCriticalSection
0x14001d138 ResetEvent
0x14001d140 SetEvent
0x14001d148 CreateEventW
0x14001d150 GetVersionExW
0x14001d158 GetModuleFileNameW
0x14001d160 GetCurrentProcess
0x14001d168 SetProcessWorkingSetSize
0x14001d170 SetCurrentDirectoryW
0x14001d178 GetDriveTypeW
0x14001d180 CreateFileW
0x14001d188 GetCommandLineW
0x14001d190 GetStartupInfoW
0x14001d198 CreateProcessW
0x14001d1a0 CreateJobObjectW
0x14001d1a8 AssignProcessToJobObject
0x14001d1b0 CreateIoCompletionPort
0x14001d1b8 SetInformationJobObject
0x14001d1c0 ResumeThread
0x14001d1c8 GetQueuedCompletionStatus
0x14001d1d0 GetExitCodeProcess
0x14001d1d8 CloseHandle
0x14001d1e0 SetEnvironmentVariableW
0x14001d1e8 GetTempPathW
0x14001d1f0 GetSystemTimeAsFileTime
0x14001d1f8 lstrlenW
0x14001d200 CompareFileTime
0x14001d208 SetThreadLocale
0x14001d210 FindFirstFileW
0x14001d218 DeleteFileW
0x14001d220 FindNextFileW
0x14001d228 FindClose
0x14001d230 RemoveDirectoryW
0x14001d238 lstrcmpW
0x14001d240 ExpandEnvironmentStringsW
0x14001d248 WideCharToMultiByte
0x14001d250 VirtualAlloc
0x14001d258 GlobalMemoryStatusEx
0x14001d260 GetEnvironmentVariableW
0x14001d268 lstrcmpiW
0x14001d270 lstrlenA
0x14001d278 GetLocaleInfoW
0x14001d280 MultiByteToWideChar
0x14001d288 GetUserDefaultUILanguage
0x14001d290 GetSystemDefaultUILanguage
0x14001d298 GetSystemDefaultLCID
0x14001d2a0 lstrcmpiA
0x14001d2a8 GlobalAlloc
0x14001d2b0 GlobalFree
0x14001d2b8 MulDiv
0x14001d2c0 FindResourceExA
0x14001d2c8 SizeofResource
0x14001d2d0 LoadResource
0x14001d2d8 LockResource
0x14001d2e0 ExitProcess
0x14001d2e8 lstrcatW
0x14001d2f0 AddVectoredExceptionHandler
0x14001d2f8 RemoveVectoredExceptionHandler
0x14001d300 GetDiskFreeSpaceExW
0x14001d308 SetFileAttributesW
0x14001d310 SetLastError
0x14001d318 Sleep
0x14001d320 GetExitCodeThread
0x14001d328 WaitForSingleObject
0x14001d330 CreateThread
0x14001d338 GetLastError
0x14001d340 SystemTimeToFileTime
0x14001d348 GetLocalTime
0x14001d350 GetFileAttributesW
0x14001d358 CreateDirectoryW
0x14001d360 WriteFile
0x14001d368 GetStdHandle
0x14001d370 VirtualFree
0x14001d378 GetModuleHandleW
0x14001d380 GetProcAddress
0x14001d388 LoadLibraryA
0x14001d390 GetCurrentProcessId
msvcrt.dll
0x14001d5c0 __CxxFrameHandler
0x14001d5c8 _purecall
0x14001d5d0 ??3@YAXPEAX@Z
0x14001d5d8 ??2@YAPEAX_K@Z
0x14001d5e0 memcmp
0x14001d5e8 free
0x14001d5f0 memcpy
0x14001d5f8 _wtol
0x14001d600 memmove
0x14001d608 malloc
0x14001d610 wcsncmp
0x14001d618 strncmp
0x14001d620 _wcsnicmp
0x14001d628 memset
0x14001d630 ?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
0x14001d638 _beginthreadex
0x14001d640 _CxxThrowException
0x14001d648 __C_specific_handler
0x14001d650 _unlock
0x14001d658 __dllonexit
0x14001d660 _lock
0x14001d668 _onexit
0x14001d670 ??1type_info@@UEAA@XZ
0x14001d678 __getmainargs
0x14001d680 _XcptFilter
0x14001d688 _exit
0x14001d690 _ismbblead
0x14001d698 _cexit
0x14001d6a0 exit
0x14001d6a8 _acmdln
0x14001d6b0 _initterm
0x14001d6b8 _amsg_exit
0x14001d6c0 __setusermatherr
0x14001d6c8 _commode
0x14001d6d0 _fmode
0x14001d6d8 __set_app_type
0x14001d6e0 ?terminate@@YAXXZ
EAT(Export Address Table) is none