ScreenShot
| Created | 2024.09.13 09:27 | Machine | s1_win7_x6401 |
| Filename | setup3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 2ff26b3561bd1921720cc328a0199d4c | ||
| sha256 | 858831ce9cfa1918180de13739ca391883c489610baad54e16211b7f41471a43 | ||
| ssdeep | 3072:6h8i47NSmllQkrJkBoGdsr8da5Yrq2FKdp9rofxdI3njVJ:0I7NSmlHCB4rMrr1YProfx6/ | ||
| imphash | 77da7fc025dd19c7c3076ff7a8104a58 | ||
| impfuzzy | 48:Yvr3v0+ZQy0dReSx4mztseIK9TDcvuACn:srPqykReS5tseIQTDcvmn | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418008 GetComputerNameA
0x41800c GetNumaNodeProcessorMask
0x418010 CopyFileExW
0x418014 GetConsoleAliasExesLengthA
0x418018 InterlockedIncrement
0x41801c OpenJobObjectA
0x418020 QueryDosDeviceA
0x418024 CallNamedPipeW
0x418028 FreeEnvironmentStringsA
0x41802c GetModuleHandleW
0x418030 GetConsoleAliasesLengthA
0x418034 GetUserDefaultLangID
0x418038 GetPriorityClass
0x41803c GetEnvironmentStrings
0x418040 LoadLibraryW
0x418044 GetConsoleMode
0x418048 Sleep
0x41804c CopyFileW
0x418050 WriteConsoleOutputA
0x418054 HeapDestroy
0x418058 GetFileAttributesA
0x41805c GlobalFlags
0x418060 GetBinaryTypeA
0x418064 GetStartupInfoW
0x418068 DisconnectNamedPipe
0x41806c GetShortPathNameA
0x418070 CreateDirectoryA
0x418074 GetCommandLineW
0x418078 FillConsoleOutputCharacterW
0x41807c GetLastError
0x418080 GetProcAddress
0x418084 SetStdHandle
0x418088 EnterCriticalSection
0x41808c SearchPathA
0x418090 BuildCommDCBW
0x418094 GetNumaHighestNodeNumber
0x418098 LoadLibraryA
0x41809c InterlockedExchangeAdd
0x4180a0 OpenWaitableTimerW
0x4180a4 LocalAlloc
0x4180a8 WritePrivateProfileStringA
0x4180ac FoldStringA
0x4180b0 GetModuleFileNameA
0x4180b4 GetDefaultCommConfigA
0x4180b8 SetConsoleTitleW
0x4180bc WaitForDebugEvent
0x4180c0 SetCalendarInfoA
0x4180c4 FindAtomW
0x4180c8 GlobalReAlloc
0x4180cc SetFileAttributesW
0x4180d0 GetVolumeInformationW
0x4180d4 WriteConsoleW
0x4180d8 CloseHandle
0x4180dc GetConsoleAliasesW
0x4180e0 DebugActiveProcess
0x4180e4 HeapAlloc
0x4180e8 EncodePointer
0x4180ec DecodePointer
0x4180f0 MultiByteToWideChar
0x4180f4 HeapSetInformation
0x4180f8 TerminateProcess
0x4180fc GetCurrentProcess
0x418100 UnhandledExceptionFilter
0x418104 SetUnhandledExceptionFilter
0x418108 IsDebuggerPresent
0x41810c ExitProcess
0x418110 WriteFile
0x418114 GetStdHandle
0x418118 GetModuleFileNameW
0x41811c HeapCreate
0x418120 LeaveCriticalSection
0x418124 SetHandleCount
0x418128 InitializeCriticalSectionAndSpinCount
0x41812c GetFileType
0x418130 DeleteCriticalSection
0x418134 HeapSize
0x418138 GetCPInfo
0x41813c InterlockedDecrement
0x418140 GetACP
0x418144 GetOEMCP
0x418148 IsValidCodePage
0x41814c TlsAlloc
0x418150 TlsGetValue
0x418154 TlsSetValue
0x418158 TlsFree
0x41815c SetLastError
0x418160 GetCurrentThreadId
0x418164 FreeEnvironmentStringsW
0x418168 GetEnvironmentStringsW
0x41816c QueryPerformanceCounter
0x418170 GetTickCount
0x418174 GetCurrentProcessId
0x418178 GetSystemTimeAsFileTime
0x41817c HeapFree
0x418180 ReadFile
0x418184 RtlUnwind
0x418188 HeapReAlloc
0x41818c WideCharToMultiByte
0x418190 LCMapStringW
0x418194 GetStringTypeW
0x418198 GetConsoleCP
0x41819c FlushFileBuffers
0x4181a0 SetFilePointer
0x4181a4 IsProcessorFeaturePresent
0x4181a8 CreateFileW
USER32.dll
0x4181b0 GetUserObjectInformationA
ADVAPI32.dll
0x418000 RegCreateKeyA
EAT(Export Address Table) is none
KERNEL32.dll
0x418008 GetComputerNameA
0x41800c GetNumaNodeProcessorMask
0x418010 CopyFileExW
0x418014 GetConsoleAliasExesLengthA
0x418018 InterlockedIncrement
0x41801c OpenJobObjectA
0x418020 QueryDosDeviceA
0x418024 CallNamedPipeW
0x418028 FreeEnvironmentStringsA
0x41802c GetModuleHandleW
0x418030 GetConsoleAliasesLengthA
0x418034 GetUserDefaultLangID
0x418038 GetPriorityClass
0x41803c GetEnvironmentStrings
0x418040 LoadLibraryW
0x418044 GetConsoleMode
0x418048 Sleep
0x41804c CopyFileW
0x418050 WriteConsoleOutputA
0x418054 HeapDestroy
0x418058 GetFileAttributesA
0x41805c GlobalFlags
0x418060 GetBinaryTypeA
0x418064 GetStartupInfoW
0x418068 DisconnectNamedPipe
0x41806c GetShortPathNameA
0x418070 CreateDirectoryA
0x418074 GetCommandLineW
0x418078 FillConsoleOutputCharacterW
0x41807c GetLastError
0x418080 GetProcAddress
0x418084 SetStdHandle
0x418088 EnterCriticalSection
0x41808c SearchPathA
0x418090 BuildCommDCBW
0x418094 GetNumaHighestNodeNumber
0x418098 LoadLibraryA
0x41809c InterlockedExchangeAdd
0x4180a0 OpenWaitableTimerW
0x4180a4 LocalAlloc
0x4180a8 WritePrivateProfileStringA
0x4180ac FoldStringA
0x4180b0 GetModuleFileNameA
0x4180b4 GetDefaultCommConfigA
0x4180b8 SetConsoleTitleW
0x4180bc WaitForDebugEvent
0x4180c0 SetCalendarInfoA
0x4180c4 FindAtomW
0x4180c8 GlobalReAlloc
0x4180cc SetFileAttributesW
0x4180d0 GetVolumeInformationW
0x4180d4 WriteConsoleW
0x4180d8 CloseHandle
0x4180dc GetConsoleAliasesW
0x4180e0 DebugActiveProcess
0x4180e4 HeapAlloc
0x4180e8 EncodePointer
0x4180ec DecodePointer
0x4180f0 MultiByteToWideChar
0x4180f4 HeapSetInformation
0x4180f8 TerminateProcess
0x4180fc GetCurrentProcess
0x418100 UnhandledExceptionFilter
0x418104 SetUnhandledExceptionFilter
0x418108 IsDebuggerPresent
0x41810c ExitProcess
0x418110 WriteFile
0x418114 GetStdHandle
0x418118 GetModuleFileNameW
0x41811c HeapCreate
0x418120 LeaveCriticalSection
0x418124 SetHandleCount
0x418128 InitializeCriticalSectionAndSpinCount
0x41812c GetFileType
0x418130 DeleteCriticalSection
0x418134 HeapSize
0x418138 GetCPInfo
0x41813c InterlockedDecrement
0x418140 GetACP
0x418144 GetOEMCP
0x418148 IsValidCodePage
0x41814c TlsAlloc
0x418150 TlsGetValue
0x418154 TlsSetValue
0x418158 TlsFree
0x41815c SetLastError
0x418160 GetCurrentThreadId
0x418164 FreeEnvironmentStringsW
0x418168 GetEnvironmentStringsW
0x41816c QueryPerformanceCounter
0x418170 GetTickCount
0x418174 GetCurrentProcessId
0x418178 GetSystemTimeAsFileTime
0x41817c HeapFree
0x418180 ReadFile
0x418184 RtlUnwind
0x418188 HeapReAlloc
0x41818c WideCharToMultiByte
0x418190 LCMapStringW
0x418194 GetStringTypeW
0x418198 GetConsoleCP
0x41819c FlushFileBuffers
0x4181a0 SetFilePointer
0x4181a4 IsProcessorFeaturePresent
0x4181a8 CreateFileW
USER32.dll
0x4181b0 GetUserObjectInformationA
ADVAPI32.dll
0x418000 RegCreateKeyA
EAT(Export Address Table) is none