ScreenShot
| Created | 2024.10.21 13:51 | Machine | s1_win7_x6403 |
| Filename | 6_Setup.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 32 detected (AIDetectMalware, WinGo, Artemis, Vw0j, Attribute, HighConfidence, malicious, high confidence, a variant of WinGo, Lumma, Redcap, uquob, LUMMASTEALER, YXEJPZ, score, Static AI, Suspicious PE, Detected, GrayWare, Puwaders, Wacatac, ABRisk, XJNR, LummaC2, OneSafePCCleaner, C9nj) | ||
| md5 | 8b938c2fc147c133573ba0f73dea242f | ||
| sha256 | 92694fdb2bc371a82770953dc4f5581e28fe6055fcf5807429295e1e992a8dc5 | ||
| ssdeep | 98304:rXrZ9ldBJCKnuu313+Orn0P8dBZ6+XymX6AZTBQ6ejG09w:RxucrwP80+1TBQljG09 | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x13af760 WriteFile
0x13af764 WriteConsoleW
0x13af768 WerSetFlags
0x13af76c WerGetFlags
0x13af770 WaitForMultipleObjects
0x13af774 WaitForSingleObject
0x13af778 VirtualQuery
0x13af77c VirtualFree
0x13af780 VirtualAlloc
0x13af784 TlsAlloc
0x13af788 SwitchToThread
0x13af78c SuspendThread
0x13af790 SetWaitableTimer
0x13af794 SetUnhandledExceptionFilter
0x13af798 SetProcessPriorityBoost
0x13af79c SetEvent
0x13af7a0 SetErrorMode
0x13af7a4 SetConsoleCtrlHandler
0x13af7a8 ResumeThread
0x13af7ac RaiseFailFastException
0x13af7b0 PostQueuedCompletionStatus
0x13af7b4 LoadLibraryW
0x13af7b8 LoadLibraryExW
0x13af7bc SetThreadContext
0x13af7c0 GetThreadContext
0x13af7c4 GetSystemInfo
0x13af7c8 GetSystemDirectoryA
0x13af7cc GetStdHandle
0x13af7d0 GetQueuedCompletionStatusEx
0x13af7d4 GetProcessAffinityMask
0x13af7d8 GetProcAddress
0x13af7dc GetErrorMode
0x13af7e0 GetEnvironmentStringsW
0x13af7e4 GetCurrentThreadId
0x13af7e8 GetConsoleMode
0x13af7ec FreeEnvironmentStringsW
0x13af7f0 ExitProcess
0x13af7f4 DuplicateHandle
0x13af7f8 CreateWaitableTimerExW
0x13af7fc CreateThread
0x13af800 CreateIoCompletionPort
0x13af804 CreateEventA
0x13af808 CloseHandle
0x13af80c AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x13af760 WriteFile
0x13af764 WriteConsoleW
0x13af768 WerSetFlags
0x13af76c WerGetFlags
0x13af770 WaitForMultipleObjects
0x13af774 WaitForSingleObject
0x13af778 VirtualQuery
0x13af77c VirtualFree
0x13af780 VirtualAlloc
0x13af784 TlsAlloc
0x13af788 SwitchToThread
0x13af78c SuspendThread
0x13af790 SetWaitableTimer
0x13af794 SetUnhandledExceptionFilter
0x13af798 SetProcessPriorityBoost
0x13af79c SetEvent
0x13af7a0 SetErrorMode
0x13af7a4 SetConsoleCtrlHandler
0x13af7a8 ResumeThread
0x13af7ac RaiseFailFastException
0x13af7b0 PostQueuedCompletionStatus
0x13af7b4 LoadLibraryW
0x13af7b8 LoadLibraryExW
0x13af7bc SetThreadContext
0x13af7c0 GetThreadContext
0x13af7c4 GetSystemInfo
0x13af7c8 GetSystemDirectoryA
0x13af7cc GetStdHandle
0x13af7d0 GetQueuedCompletionStatusEx
0x13af7d4 GetProcessAffinityMask
0x13af7d8 GetProcAddress
0x13af7dc GetErrorMode
0x13af7e0 GetEnvironmentStringsW
0x13af7e4 GetCurrentThreadId
0x13af7e8 GetConsoleMode
0x13af7ec FreeEnvironmentStringsW
0x13af7f0 ExitProcess
0x13af7f4 DuplicateHandle
0x13af7f8 CreateWaitableTimerExW
0x13af7fc CreateThread
0x13af800 CreateIoCompletionPort
0x13af804 CreateEventA
0x13af808 CloseHandle
0x13af80c AddVectoredExceptionHandler
EAT(Export Address Table) is none