ScreenShot
| Created | 2024.10.24 10:23 | Machine | s1_win7_x6401 |
| Filename | setup3.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | f45a742212418d4e6134e92289008093 | ||
| sha256 | 0e22df51fc7e70931682f78d831ba5f187e7b180316be318eed2f9dae083bb10 | ||
| ssdeep | 3072:FlYl4HCHXyrW7J+DP0+NZb55aIUznpE53yi92sm8Q8wcb:FlCsKy09bpa3yi92J8bwc | ||
| imphash | 8ae3508711de539274df47107c4b2432 | ||
| impfuzzy | 48:L61W89F/OyQyVdR12TktoKh9acRfmsqMt:Y/TO3y3R12QtoK3acRfmsq8 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d008 PeekNamedPipe
0x41d00c MoveFileExA
0x41d010 CallNamedPipeA
0x41d014 DeleteVolumeMountPointA
0x41d018 InterlockedDecrement
0x41d01c SetDefaultCommConfigW
0x41d020 GetEnvironmentStringsW
0x41d024 GlobalLock
0x41d028 GetTimeFormatA
0x41d02c GetModuleHandleW
0x41d030 FormatMessageA
0x41d034 GetConsoleCP
0x41d038 GlobalAlloc
0x41d03c GetLocaleInfoW
0x41d040 FatalAppExitW
0x41d044 CopyFileW
0x41d048 GetSystemWow64DirectoryW
0x41d04c GetVersionExW
0x41d050 GetStringTypeExW
0x41d054 HeapCreate
0x41d058 GetFileAttributesW
0x41d05c GetBinaryTypeA
0x41d060 GetModuleFileNameW
0x41d064 GetConsoleFontSize
0x41d068 RaiseException
0x41d06c SetLastError
0x41d070 GetNumaNodeProcessorMask
0x41d074 GetProcAddress
0x41d078 GetLongPathNameA
0x41d07c MoveFileW
0x41d080 SetStdHandle
0x41d084 BuildCommDCBW
0x41d088 GetNumaHighestNodeNumber
0x41d08c ResetEvent
0x41d090 LoadLibraryA
0x41d094 InterlockedExchangeAdd
0x41d098 OpenWaitableTimerW
0x41d09c SetCalendarInfoW
0x41d0a0 WritePrivateProfileStringA
0x41d0a4 SetCommMask
0x41d0a8 GetOEMCP
0x41d0ac SetConsoleTitleW
0x41d0b0 FreeEnvironmentStringsW
0x41d0b4 PurgeComm
0x41d0b8 FindAtomW
0x41d0bc ReadConsoleOutputCharacterW
0x41d0c0 OpenFileMappingA
0x41d0c4 LocalFree
0x41d0c8 LCMapStringW
0x41d0cc LocalFileTimeToFileTime
0x41d0d0 CloseHandle
0x41d0d4 WriteConsoleW
0x41d0d8 lstrcmpiA
0x41d0dc GetComputerNameA
0x41d0e0 GetConsoleOutputCP
0x41d0e4 WriteConsoleA
0x41d0e8 GetCommandLineA
0x41d0ec GetStartupInfoA
0x41d0f0 TerminateProcess
0x41d0f4 GetCurrentProcess
0x41d0f8 UnhandledExceptionFilter
0x41d0fc SetUnhandledExceptionFilter
0x41d100 IsDebuggerPresent
0x41d104 HeapAlloc
0x41d108 TlsGetValue
0x41d10c TlsAlloc
0x41d110 TlsSetValue
0x41d114 TlsFree
0x41d118 InterlockedIncrement
0x41d11c GetCurrentThreadId
0x41d120 GetLastError
0x41d124 Sleep
0x41d128 HeapSize
0x41d12c ExitProcess
0x41d130 WriteFile
0x41d134 GetStdHandle
0x41d138 GetModuleFileNameA
0x41d13c FreeEnvironmentStringsA
0x41d140 GetEnvironmentStrings
0x41d144 WideCharToMultiByte
0x41d148 SetHandleCount
0x41d14c GetFileType
0x41d150 DeleteCriticalSection
0x41d154 VirtualFree
0x41d158 HeapFree
0x41d15c QueryPerformanceCounter
0x41d160 GetTickCount
0x41d164 GetCurrentProcessId
0x41d168 GetSystemTimeAsFileTime
0x41d16c LeaveCriticalSection
0x41d170 EnterCriticalSection
0x41d174 VirtualAlloc
0x41d178 HeapReAlloc
0x41d17c GetCPInfo
0x41d180 GetACP
0x41d184 IsValidCodePage
0x41d188 InitializeCriticalSectionAndSpinCount
0x41d18c RtlUnwind
0x41d190 LCMapStringA
0x41d194 MultiByteToWideChar
0x41d198 GetStringTypeA
0x41d19c GetStringTypeW
0x41d1a0 GetLocaleInfoA
0x41d1a4 SetFilePointer
0x41d1a8 GetConsoleMode
0x41d1ac FlushFileBuffers
0x41d1b0 CreateFileA
USER32.dll
0x41d1b8 SetFocus
ADVAPI32.dll
0x41d000 QueryServiceLockStatusW
WINHTTP.dll
0x41d1c0 WinHttpOpenRequest
EAT(Export Address Table) is none
KERNEL32.dll
0x41d008 PeekNamedPipe
0x41d00c MoveFileExA
0x41d010 CallNamedPipeA
0x41d014 DeleteVolumeMountPointA
0x41d018 InterlockedDecrement
0x41d01c SetDefaultCommConfigW
0x41d020 GetEnvironmentStringsW
0x41d024 GlobalLock
0x41d028 GetTimeFormatA
0x41d02c GetModuleHandleW
0x41d030 FormatMessageA
0x41d034 GetConsoleCP
0x41d038 GlobalAlloc
0x41d03c GetLocaleInfoW
0x41d040 FatalAppExitW
0x41d044 CopyFileW
0x41d048 GetSystemWow64DirectoryW
0x41d04c GetVersionExW
0x41d050 GetStringTypeExW
0x41d054 HeapCreate
0x41d058 GetFileAttributesW
0x41d05c GetBinaryTypeA
0x41d060 GetModuleFileNameW
0x41d064 GetConsoleFontSize
0x41d068 RaiseException
0x41d06c SetLastError
0x41d070 GetNumaNodeProcessorMask
0x41d074 GetProcAddress
0x41d078 GetLongPathNameA
0x41d07c MoveFileW
0x41d080 SetStdHandle
0x41d084 BuildCommDCBW
0x41d088 GetNumaHighestNodeNumber
0x41d08c ResetEvent
0x41d090 LoadLibraryA
0x41d094 InterlockedExchangeAdd
0x41d098 OpenWaitableTimerW
0x41d09c SetCalendarInfoW
0x41d0a0 WritePrivateProfileStringA
0x41d0a4 SetCommMask
0x41d0a8 GetOEMCP
0x41d0ac SetConsoleTitleW
0x41d0b0 FreeEnvironmentStringsW
0x41d0b4 PurgeComm
0x41d0b8 FindAtomW
0x41d0bc ReadConsoleOutputCharacterW
0x41d0c0 OpenFileMappingA
0x41d0c4 LocalFree
0x41d0c8 LCMapStringW
0x41d0cc LocalFileTimeToFileTime
0x41d0d0 CloseHandle
0x41d0d4 WriteConsoleW
0x41d0d8 lstrcmpiA
0x41d0dc GetComputerNameA
0x41d0e0 GetConsoleOutputCP
0x41d0e4 WriteConsoleA
0x41d0e8 GetCommandLineA
0x41d0ec GetStartupInfoA
0x41d0f0 TerminateProcess
0x41d0f4 GetCurrentProcess
0x41d0f8 UnhandledExceptionFilter
0x41d0fc SetUnhandledExceptionFilter
0x41d100 IsDebuggerPresent
0x41d104 HeapAlloc
0x41d108 TlsGetValue
0x41d10c TlsAlloc
0x41d110 TlsSetValue
0x41d114 TlsFree
0x41d118 InterlockedIncrement
0x41d11c GetCurrentThreadId
0x41d120 GetLastError
0x41d124 Sleep
0x41d128 HeapSize
0x41d12c ExitProcess
0x41d130 WriteFile
0x41d134 GetStdHandle
0x41d138 GetModuleFileNameA
0x41d13c FreeEnvironmentStringsA
0x41d140 GetEnvironmentStrings
0x41d144 WideCharToMultiByte
0x41d148 SetHandleCount
0x41d14c GetFileType
0x41d150 DeleteCriticalSection
0x41d154 VirtualFree
0x41d158 HeapFree
0x41d15c QueryPerformanceCounter
0x41d160 GetTickCount
0x41d164 GetCurrentProcessId
0x41d168 GetSystemTimeAsFileTime
0x41d16c LeaveCriticalSection
0x41d170 EnterCriticalSection
0x41d174 VirtualAlloc
0x41d178 HeapReAlloc
0x41d17c GetCPInfo
0x41d180 GetACP
0x41d184 IsValidCodePage
0x41d188 InitializeCriticalSectionAndSpinCount
0x41d18c RtlUnwind
0x41d190 LCMapStringA
0x41d194 MultiByteToWideChar
0x41d198 GetStringTypeA
0x41d19c GetStringTypeW
0x41d1a0 GetLocaleInfoA
0x41d1a4 SetFilePointer
0x41d1a8 GetConsoleMode
0x41d1ac FlushFileBuffers
0x41d1b0 CreateFileA
USER32.dll
0x41d1b8 SetFocus
ADVAPI32.dll
0x41d000 QueryServiceLockStatusW
WINHTTP.dll
0x41d1c0 WinHttpOpenRequest
EAT(Export Address Table) is none