ScreenShot
| Created | 2024.09.19 10:32 | Machine | s1_win7_x6403 |
| Filename | 66eaee5323f5d_setup3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (AIDetectMalware, Malicious, score, Unsafe, confidence, 100%, Attribute, HighConfidence, high confidence, PWSX, Kryptik@AI, RDML, dJRJm5YpjjqGzux6u1KhSQ, Real Protect, high, Static AI, Suspicious PE, SmokeLoader, Caynamer, R658943, Artemis, susgen) | ||
| md5 | a7d7d48f4a9bb7718ec17d11fba9cad8 | ||
| sha256 | de74bd2a1d74bfb4f73d97a1e652c2a5bd778ae108df31ede4dd96950485118c | ||
| ssdeep | 3072:E8TNLO/NZxvu9aR10ocAbdyKA5RKuAYcug3JqO9Emf/n:E8TNLO/JiaRGGOAYc5Jq6EmHn | ||
| imphash | c29aa390145c8ce09b0dc56c0ae599ef | ||
| impfuzzy | 24:1Lkrk8bG2SPuLrmUOovzrQbkhMi1JcDiuxudQBSJ/COb+yzuh7ta2cfLkeJ3cyvw:+K1PMIudRg/7t7cfhN9k2cJqMADq | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418000 FillConsoleOutputCharacterA
0x418004 GetNumaNodeProcessorMask
0x418008 GetConsoleAliasesLengthW
0x41800c GetDefaultCommConfigW
0x418010 QueryDosDeviceA
0x418014 GetEnvironmentStringsW
0x418018 GetComputerNameW
0x41801c SleepEx
0x418020 ConnectNamedPipe
0x418024 CallNamedPipeW
0x418028 FreeEnvironmentStringsA
0x41802c GetModuleHandleW
0x418030 ReadConsoleOutputA
0x418034 GetCommandLineA
0x418038 GetPriorityClass
0x41803c LoadLibraryW
0x418040 SetSystemTimeAdjustment
0x418044 GetConsoleAliasExesLengthW
0x418048 HeapCreate
0x41804c SetConsoleMode
0x418050 GetFileAttributesW
0x418054 GetModuleFileNameW
0x418058 GetBinaryTypeW
0x41805c SetConsoleTitleA
0x418060 GetStartupInfoA
0x418064 GetLastError
0x418068 GetProcAddress
0x41806c SetStdHandle
0x418070 SearchPathA
0x418074 BuildCommDCBW
0x418078 InterlockedExchangeAdd
0x41807c OpenWaitableTimerW
0x418080 LocalAlloc
0x418084 SetCommMask
0x418088 FoldStringA
0x41808c WaitForMultipleObjects
0x418090 GetModuleHandleA
0x418094 FreeEnvironmentStringsW
0x418098 PurgeComm
0x41809c WaitForDebugEvent
0x4180a0 GetShortPathNameW
0x4180a4 SetCalendarInfoA
0x4180a8 FindAtomW
0x4180ac GlobalReAlloc
0x4180b0 CopyFileExA
0x4180b4 GetVolumeInformationW
0x4180b8 CreateFileA
0x4180bc HeapFree
0x4180c0 MultiByteToWideChar
0x4180c4 HeapAlloc
0x4180c8 Sleep
0x4180cc ExitProcess
0x4180d0 GetStartupInfoW
0x4180d4 TerminateProcess
0x4180d8 GetCurrentProcess
0x4180dc UnhandledExceptionFilter
0x4180e0 SetUnhandledExceptionFilter
0x4180e4 IsDebuggerPresent
0x4180e8 VirtualFree
0x4180ec DeleteCriticalSection
0x4180f0 LeaveCriticalSection
0x4180f4 EnterCriticalSection
0x4180f8 VirtualAlloc
0x4180fc HeapReAlloc
0x418100 GetCPInfo
0x418104 InterlockedIncrement
0x418108 InterlockedDecrement
0x41810c GetACP
0x418110 GetOEMCP
0x418114 IsValidCodePage
0x418118 TlsGetValue
0x41811c TlsAlloc
0x418120 TlsSetValue
0x418124 TlsFree
0x418128 SetLastError
0x41812c GetCurrentThreadId
0x418130 WriteFile
0x418134 GetStdHandle
0x418138 GetModuleFileNameA
0x41813c SetHandleCount
0x418140 GetFileType
0x418144 HeapSize
0x418148 LoadLibraryA
0x41814c InitializeCriticalSectionAndSpinCount
0x418150 GetCommandLineW
0x418154 QueryPerformanceCounter
0x418158 GetTickCount
0x41815c GetCurrentProcessId
0x418160 GetSystemTimeAsFileTime
0x418164 RtlUnwind
0x418168 LCMapStringA
0x41816c WideCharToMultiByte
0x418170 LCMapStringW
0x418174 GetStringTypeA
0x418178 GetStringTypeW
0x41817c GetLocaleInfoA
0x418180 ReadFile
0x418184 GetConsoleCP
0x418188 GetConsoleMode
0x41818c FlushFileBuffers
0x418190 SetFilePointer
0x418194 CloseHandle
0x418198 WriteConsoleA
0x41819c GetConsoleOutputCP
0x4181a0 WriteConsoleW
USER32.dll
0x4181a8 GetActiveWindow
0x4181ac GetUserObjectInformationA
EAT(Export Address Table) is none
KERNEL32.dll
0x418000 FillConsoleOutputCharacterA
0x418004 GetNumaNodeProcessorMask
0x418008 GetConsoleAliasesLengthW
0x41800c GetDefaultCommConfigW
0x418010 QueryDosDeviceA
0x418014 GetEnvironmentStringsW
0x418018 GetComputerNameW
0x41801c SleepEx
0x418020 ConnectNamedPipe
0x418024 CallNamedPipeW
0x418028 FreeEnvironmentStringsA
0x41802c GetModuleHandleW
0x418030 ReadConsoleOutputA
0x418034 GetCommandLineA
0x418038 GetPriorityClass
0x41803c LoadLibraryW
0x418040 SetSystemTimeAdjustment
0x418044 GetConsoleAliasExesLengthW
0x418048 HeapCreate
0x41804c SetConsoleMode
0x418050 GetFileAttributesW
0x418054 GetModuleFileNameW
0x418058 GetBinaryTypeW
0x41805c SetConsoleTitleA
0x418060 GetStartupInfoA
0x418064 GetLastError
0x418068 GetProcAddress
0x41806c SetStdHandle
0x418070 SearchPathA
0x418074 BuildCommDCBW
0x418078 InterlockedExchangeAdd
0x41807c OpenWaitableTimerW
0x418080 LocalAlloc
0x418084 SetCommMask
0x418088 FoldStringA
0x41808c WaitForMultipleObjects
0x418090 GetModuleHandleA
0x418094 FreeEnvironmentStringsW
0x418098 PurgeComm
0x41809c WaitForDebugEvent
0x4180a0 GetShortPathNameW
0x4180a4 SetCalendarInfoA
0x4180a8 FindAtomW
0x4180ac GlobalReAlloc
0x4180b0 CopyFileExA
0x4180b4 GetVolumeInformationW
0x4180b8 CreateFileA
0x4180bc HeapFree
0x4180c0 MultiByteToWideChar
0x4180c4 HeapAlloc
0x4180c8 Sleep
0x4180cc ExitProcess
0x4180d0 GetStartupInfoW
0x4180d4 TerminateProcess
0x4180d8 GetCurrentProcess
0x4180dc UnhandledExceptionFilter
0x4180e0 SetUnhandledExceptionFilter
0x4180e4 IsDebuggerPresent
0x4180e8 VirtualFree
0x4180ec DeleteCriticalSection
0x4180f0 LeaveCriticalSection
0x4180f4 EnterCriticalSection
0x4180f8 VirtualAlloc
0x4180fc HeapReAlloc
0x418100 GetCPInfo
0x418104 InterlockedIncrement
0x418108 InterlockedDecrement
0x41810c GetACP
0x418110 GetOEMCP
0x418114 IsValidCodePage
0x418118 TlsGetValue
0x41811c TlsAlloc
0x418120 TlsSetValue
0x418124 TlsFree
0x418128 SetLastError
0x41812c GetCurrentThreadId
0x418130 WriteFile
0x418134 GetStdHandle
0x418138 GetModuleFileNameA
0x41813c SetHandleCount
0x418140 GetFileType
0x418144 HeapSize
0x418148 LoadLibraryA
0x41814c InitializeCriticalSectionAndSpinCount
0x418150 GetCommandLineW
0x418154 QueryPerformanceCounter
0x418158 GetTickCount
0x41815c GetCurrentProcessId
0x418160 GetSystemTimeAsFileTime
0x418164 RtlUnwind
0x418168 LCMapStringA
0x41816c WideCharToMultiByte
0x418170 LCMapStringW
0x418174 GetStringTypeA
0x418178 GetStringTypeW
0x41817c GetLocaleInfoA
0x418180 ReadFile
0x418184 GetConsoleCP
0x418188 GetConsoleMode
0x41818c FlushFileBuffers
0x418190 SetFilePointer
0x418194 CloseHandle
0x418198 WriteConsoleA
0x41819c GetConsoleOutputCP
0x4181a0 WriteConsoleW
USER32.dll
0x4181a8 GetActiveWindow
0x4181ac GetUserObjectInformationA
EAT(Export Address Table) is none