ScreenShot
| Created | 2024.10.26 17:31 | Machine | s1_win7_x6403 |
| Filename | payloadSetup-0507.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 37 detected (Pcspeedcat, GenericKD, Unsafe, Vwzd, grayware, confidence, malicious, moderate confidence, VanilLoader, FileRepPup, ieprdg, InnoMod, Static AI, Suspicious PE, Hoax, DeceptPCClean, HackTool, ApplicUnwnt@#3s7l2gqu7ismu, SpeedCat, susgen) | ||
| md5 | 2082c6e8bbbbbad7d3f7f529a7a882e2 | ||
| sha256 | 734051bae45474b991285493b3dd7bd4c06b0c1b1720934eb3064ec4416711e9 | ||
| ssdeep | 196608:Te1/6FXDLa/yBrms/uIzrBcR3PGjjKj1fIJZrve:TXHywys/VBcEf+1fIJZrve | ||
| imphash | 48aa5c8931746a9655524f67b25a47ef | ||
| impfuzzy | 48:o4/c+4QjuC5Q4FNO0MeAXGo4E/gjF5J/RscZr91budS19WOG/iB:oc94A5TNO0MHYZrHeS1oXiB | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| watch | Deletes executed files from disk |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (download) |
| info | mzp_file_format | MZP(Delphi) file format | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x4192fc SysFreeString
0x419300 SysReAllocStringLen
0x419304 SysAllocStringLen
advapi32.dll
0x41930c RegQueryValueExW
0x419310 RegOpenKeyExW
0x419314 RegCloseKey
user32.dll
0x41931c GetKeyboardType
0x419320 LoadStringW
0x419324 MessageBoxA
0x419328 CharNextW
kernel32.dll
0x419330 GetACP
0x419334 Sleep
0x419338 VirtualFree
0x41933c VirtualAlloc
0x419340 GetSystemInfo
0x419344 GetTickCount
0x419348 QueryPerformanceCounter
0x41934c GetVersion
0x419350 GetCurrentThreadId
0x419354 VirtualQuery
0x419358 WideCharToMultiByte
0x41935c MultiByteToWideChar
0x419360 lstrlenW
0x419364 lstrcpynW
0x419368 LoadLibraryExW
0x41936c GetThreadLocale
0x419370 GetStartupInfoA
0x419374 GetProcAddress
0x419378 GetModuleHandleW
0x41937c GetModuleFileNameW
0x419380 GetLocaleInfoW
0x419384 GetCommandLineW
0x419388 FreeLibrary
0x41938c FindFirstFileW
0x419390 FindClose
0x419394 ExitProcess
0x419398 WriteFile
0x41939c UnhandledExceptionFilter
0x4193a0 RtlUnwind
0x4193a4 RaiseException
0x4193a8 GetStdHandle
0x4193ac CloseHandle
kernel32.dll
0x4193b4 TlsSetValue
0x4193b8 TlsGetValue
0x4193bc LocalAlloc
0x4193c0 GetModuleHandleW
user32.dll
0x4193c8 CreateWindowExW
0x4193cc TranslateMessage
0x4193d0 SetWindowLongW
0x4193d4 PeekMessageW
0x4193d8 MsgWaitForMultipleObjects
0x4193dc MessageBoxW
0x4193e0 LoadStringW
0x4193e4 GetSystemMetrics
0x4193e8 ExitWindowsEx
0x4193ec DispatchMessageW
0x4193f0 DestroyWindow
0x4193f4 CharUpperBuffW
0x4193f8 CallWindowProcW
kernel32.dll
0x419400 WriteFile
0x419404 WideCharToMultiByte
0x419408 WaitForSingleObject
0x41940c VirtualQuery
0x419410 VirtualProtect
0x419414 VirtualFree
0x419418 VirtualAlloc
0x41941c SizeofResource
0x419420 SignalObjectAndWait
0x419424 SetLastError
0x419428 SetFilePointer
0x41942c SetEvent
0x419430 SetErrorMode
0x419434 SetEndOfFile
0x419438 ResetEvent
0x41943c RemoveDirectoryW
0x419440 ReadFile
0x419444 MultiByteToWideChar
0x419448 LockResource
0x41944c LoadResource
0x419450 LoadLibraryW
0x419454 GetWindowsDirectoryW
0x419458 GetVersionExW
0x41945c GetUserDefaultLangID
0x419460 GetThreadLocale
0x419464 GetSystemInfo
0x419468 GetStdHandle
0x41946c GetProcAddress
0x419470 GetModuleHandleW
0x419474 GetModuleFileNameW
0x419478 GetLocaleInfoW
0x41947c GetLastError
0x419480 GetFullPathNameW
0x419484 GetFileSize
0x419488 GetFileAttributesW
0x41948c GetExitCodeProcess
0x419490 GetEnvironmentVariableW
0x419494 GetDiskFreeSpaceW
0x419498 GetCurrentProcess
0x41949c GetCommandLineW
0x4194a0 GetCPInfo
0x4194a4 InterlockedExchange
0x4194a8 InterlockedCompareExchange
0x4194ac FreeLibrary
0x4194b0 FormatMessageW
0x4194b4 FindResourceW
0x4194b8 EnumCalendarInfoW
0x4194bc DeleteFileW
0x4194c0 CreateProcessW
0x4194c4 CreateFileW
0x4194c8 CreateEventW
0x4194cc CreateDirectoryW
0x4194d0 CloseHandle
advapi32.dll
0x4194d8 RegQueryValueExW
0x4194dc RegOpenKeyExW
0x4194e0 RegCloseKey
0x4194e4 OpenProcessToken
0x4194e8 LookupPrivilegeValueW
comctl32.dll
0x4194f0 InitCommonControls
kernel32.dll
0x4194f8 Sleep
advapi32.dll
0x419500 AdjustTokenPrivileges
EAT(Export Address Table) is none
oleaut32.dll
0x4192fc SysFreeString
0x419300 SysReAllocStringLen
0x419304 SysAllocStringLen
advapi32.dll
0x41930c RegQueryValueExW
0x419310 RegOpenKeyExW
0x419314 RegCloseKey
user32.dll
0x41931c GetKeyboardType
0x419320 LoadStringW
0x419324 MessageBoxA
0x419328 CharNextW
kernel32.dll
0x419330 GetACP
0x419334 Sleep
0x419338 VirtualFree
0x41933c VirtualAlloc
0x419340 GetSystemInfo
0x419344 GetTickCount
0x419348 QueryPerformanceCounter
0x41934c GetVersion
0x419350 GetCurrentThreadId
0x419354 VirtualQuery
0x419358 WideCharToMultiByte
0x41935c MultiByteToWideChar
0x419360 lstrlenW
0x419364 lstrcpynW
0x419368 LoadLibraryExW
0x41936c GetThreadLocale
0x419370 GetStartupInfoA
0x419374 GetProcAddress
0x419378 GetModuleHandleW
0x41937c GetModuleFileNameW
0x419380 GetLocaleInfoW
0x419384 GetCommandLineW
0x419388 FreeLibrary
0x41938c FindFirstFileW
0x419390 FindClose
0x419394 ExitProcess
0x419398 WriteFile
0x41939c UnhandledExceptionFilter
0x4193a0 RtlUnwind
0x4193a4 RaiseException
0x4193a8 GetStdHandle
0x4193ac CloseHandle
kernel32.dll
0x4193b4 TlsSetValue
0x4193b8 TlsGetValue
0x4193bc LocalAlloc
0x4193c0 GetModuleHandleW
user32.dll
0x4193c8 CreateWindowExW
0x4193cc TranslateMessage
0x4193d0 SetWindowLongW
0x4193d4 PeekMessageW
0x4193d8 MsgWaitForMultipleObjects
0x4193dc MessageBoxW
0x4193e0 LoadStringW
0x4193e4 GetSystemMetrics
0x4193e8 ExitWindowsEx
0x4193ec DispatchMessageW
0x4193f0 DestroyWindow
0x4193f4 CharUpperBuffW
0x4193f8 CallWindowProcW
kernel32.dll
0x419400 WriteFile
0x419404 WideCharToMultiByte
0x419408 WaitForSingleObject
0x41940c VirtualQuery
0x419410 VirtualProtect
0x419414 VirtualFree
0x419418 VirtualAlloc
0x41941c SizeofResource
0x419420 SignalObjectAndWait
0x419424 SetLastError
0x419428 SetFilePointer
0x41942c SetEvent
0x419430 SetErrorMode
0x419434 SetEndOfFile
0x419438 ResetEvent
0x41943c RemoveDirectoryW
0x419440 ReadFile
0x419444 MultiByteToWideChar
0x419448 LockResource
0x41944c LoadResource
0x419450 LoadLibraryW
0x419454 GetWindowsDirectoryW
0x419458 GetVersionExW
0x41945c GetUserDefaultLangID
0x419460 GetThreadLocale
0x419464 GetSystemInfo
0x419468 GetStdHandle
0x41946c GetProcAddress
0x419470 GetModuleHandleW
0x419474 GetModuleFileNameW
0x419478 GetLocaleInfoW
0x41947c GetLastError
0x419480 GetFullPathNameW
0x419484 GetFileSize
0x419488 GetFileAttributesW
0x41948c GetExitCodeProcess
0x419490 GetEnvironmentVariableW
0x419494 GetDiskFreeSpaceW
0x419498 GetCurrentProcess
0x41949c GetCommandLineW
0x4194a0 GetCPInfo
0x4194a4 InterlockedExchange
0x4194a8 InterlockedCompareExchange
0x4194ac FreeLibrary
0x4194b0 FormatMessageW
0x4194b4 FindResourceW
0x4194b8 EnumCalendarInfoW
0x4194bc DeleteFileW
0x4194c0 CreateProcessW
0x4194c4 CreateFileW
0x4194c8 CreateEventW
0x4194cc CreateDirectoryW
0x4194d0 CloseHandle
advapi32.dll
0x4194d8 RegQueryValueExW
0x4194dc RegOpenKeyExW
0x4194e0 RegCloseKey
0x4194e4 OpenProcessToken
0x4194e8 LookupPrivilegeValueW
comctl32.dll
0x4194f0 InitCommonControls
kernel32.dll
0x4194f8 Sleep
advapi32.dll
0x419500 AdjustTokenPrivileges
EAT(Export Address Table) is none