ScreenShot
| Created | 2024.11.01 09:55 | Machine | s1_win7_x6403 |
| Filename | Calibre_Installer.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 45 detected (AIDetectMalware, Deyma, Malicious, score, GenericKD, Unsafe, Attribute, HighConfidence, high confidence, Kryptik, MalwareX, AmsiBypass, CLASSIC, aeapp, Detected, Donut, ABTrojan, ZUBZ, Artemis, Neshta, FileInfector, Chgt, Gencirc, susgen, Akgpp) | ||
| md5 | 3722d2ad2f7e099039229456b7472711 | ||
| sha256 | b45d4d18149c6ba9966559208f3c5303dd9b20eeb43d5cf75aba272f2021364e | ||
| ssdeep | 49152:bBLAtsnsD8dnET/3lAsxx6EC4qHIDW+kEFYs8MW39W0CTvEtUAEo28/8VtznIqUf:bBLAWPdk/SADWPEFYkWvyEtUAEod8VBg | ||
| imphash | 21f0b9c7ad8e2cd2151d01ad6aa5cbd9 | ||
| impfuzzy | 96:8fpcmGWJGaRqtWbxxtto0vAqnHdblxDKXHgh:tactWntto0vATwh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| warning | Suspicious_Obfuscation_Script | Suspicious obfuscation script | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1402b16a8 DeleteCriticalSection
0x1402b16b0 EnterCriticalSection
0x1402b16b8 InitializeCriticalSection
0x1402b16c0 LeaveCriticalSection
0x1402b16c8 RaiseException
0x1402b16d0 RtlUnwindEx
0x1402b16d8 VirtualProtect
0x1402b16e0 VirtualQuery
0x1402b16e8 __C_specific_handler
msvcrt.dll
0x1402b16f8 __getmainargs
0x1402b1700 __initenv
0x1402b1708 __iob_func
0x1402b1710 __set_app_type
0x1402b1718 __setusermatherr
0x1402b1720 _amsg_exit
0x1402b1728 _cexit
0x1402b1730 _commode
0x1402b1738 _fmode
0x1402b1740 _fpreset
0x1402b1748 _initterm
0x1402b1750 _onexit
0x1402b1758 abort
0x1402b1760 calloc
0x1402b1768 exit
0x1402b1770 fprintf
0x1402b1778 free
0x1402b1780 fwrite
0x1402b1788 malloc
0x1402b1790 memcmp
0x1402b1798 memcpy
0x1402b17a0 memmove
0x1402b17a8 memset
0x1402b17b0 signal
0x1402b17b8 strlen
0x1402b17c0 strncmp
0x1402b17c8 vfprintf
ntdll.dll
0x1402b17d8 NtCreateFile
0x1402b17e0 NtReadFile
0x1402b17e8 NtWriteFile
0x1402b17f0 RtlNtStatusToDosError
USERENV.dll
0x1402b1800 GetUserProfileDirectoryW
WS2_32.dll
0x1402b1810 WSACleanup
0x1402b1818 WSADuplicateSocketW
0x1402b1820 WSAGetLastError
0x1402b1828 WSARecv
0x1402b1830 WSASend
0x1402b1838 WSASocketW
0x1402b1840 WSAStartup
0x1402b1848 accept
0x1402b1850 ind
0x1402b1858 closesocket
0x1402b1860 connect
0x1402b1868 freeaddrinfo
0x1402b1870 getaddrinfo
0x1402b1878 getpeername
0x1402b1880 getsockname
0x1402b1888 getsockopt
0x1402b1890 ioctlsocket
0x1402b1898 listen
0x1402b18a0 recv
0x1402b18a8 recvfrom
0x1402b18b0 select
0x1402b18b8 send
0x1402b18c0 sendto
0x1402b18c8 setsockopt
0x1402b18d0 shutdown
KERNEL32.dll
0x1402b18e0 AddVectoredExceptionHandler
0x1402b18e8 CancelIo
0x1402b18f0 CloseHandle
0x1402b18f8 CompareStringOrdinal
0x1402b1900 CopyFileExW
0x1402b1908 CreateDirectoryW
0x1402b1910 CreateEventW
0x1402b1918 CreateFileMappingA
0x1402b1920 CreateFileW
0x1402b1928 CreateHardLinkW
0x1402b1930 CreateNamedPipeW
0x1402b1938 CreateProcessW
0x1402b1940 CreateSymbolicLinkW
0x1402b1948 CreateThread
0x1402b1950 CreateToolhelp32Snapshot
0x1402b1958 CreateWaitableTimerExW
0x1402b1960 DeleteFileW
0x1402b1968 DeleteProcThreadAttributeList
0x1402b1970 DeviceIoControl
0x1402b1978 DuplicateHandle
0x1402b1980 ExitProcess
0x1402b1988 FindClose
0x1402b1990 FindFirstFileW
0x1402b1998 FindNextFileW
0x1402b19a0 FlushFileBuffers
0x1402b19a8 FormatMessageW
0x1402b19b0 FreeEnvironmentStringsW
0x1402b19b8 GetCommandLineW
0x1402b19c0 GetConsoleMode
0x1402b19c8 GetCurrentDirectoryW
0x1402b19d0 GetCurrentProcess
0x1402b19d8 GetCurrentProcessId
0x1402b19e0 GetCurrentThread
0x1402b19e8 GetEnvironmentStringsW
0x1402b19f0 GetEnvironmentVariableW
0x1402b19f8 GetExitCodeProcess
0x1402b1a00 GetFileAttributesW
0x1402b1a08 GetFileInformationByHandle
0x1402b1a10 GetFileInformationByHandleEx
0x1402b1a18 GetFileType
0x1402b1a20 GetFinalPathNameByHandleW
0x1402b1a28 GetFullPathNameW
0x1402b1a30 GetLastError
0x1402b1a38 GetModuleFileNameW
0x1402b1a40 GetModuleHandleA
0x1402b1a48 GetModuleHandleW
0x1402b1a50 GetOverlappedResult
0x1402b1a58 GetProcAddress
0x1402b1a60 GetProcessHeap
0x1402b1a68 GetProcessId
0x1402b1a70 GetStdHandle
0x1402b1a78 GetSystemDirectoryW
0x1402b1a80 GetSystemInfo
0x1402b1a88 GetSystemTimePreciseAsFileTime
0x1402b1a90 GetTempPathW
0x1402b1a98 GetWindowsDirectoryW
0x1402b1aa0 HeapAlloc
0x1402b1aa8 HeapFree
0x1402b1ab0 HeapReAlloc
0x1402b1ab8 InitOnceBeginInitialize
0x1402b1ac0 InitOnceComplete
0x1402b1ac8 InitializeProcThreadAttributeList
0x1402b1ad0 MapViewOfFile
0x1402b1ad8 Module32FirstW
0x1402b1ae0 Module32NextW
0x1402b1ae8 MoveFileExW
0x1402b1af0 MultiByteToWideChar
0x1402b1af8 QueryPerformanceCounter
0x1402b1b00 QueryPerformanceFrequency
0x1402b1b08 ReadConsoleW
0x1402b1b10 ReadFile
0x1402b1b18 ReadFileEx
0x1402b1b20 RemoveDirectoryW
0x1402b1b28 RtlCaptureContext
0x1402b1b30 RtlLookupFunctionEntry
0x1402b1b38 RtlVirtualUnwind
0x1402b1b40 SetCurrentDirectoryW
0x1402b1b48 SetEnvironmentVariableW
0x1402b1b50 SetFileAttributesW
0x1402b1b58 SetFileInformationByHandle
0x1402b1b60 SetFilePointerEx
0x1402b1b68 SetFileTime
0x1402b1b70 SetHandleInformation
0x1402b1b78 SetLastError
0x1402b1b80 SetThreadStackGuarantee
0x1402b1b88 SetUnhandledExceptionFilter
0x1402b1b90 SetWaitableTimer
0x1402b1b98 Sleep
0x1402b1ba0 SleepEx
0x1402b1ba8 SwitchToThread
0x1402b1bb0 TerminateProcess
0x1402b1bb8 TlsAlloc
0x1402b1bc0 TlsFree
0x1402b1bc8 TlsGetValue
0x1402b1bd0 TlsSetValue
0x1402b1bd8 UnmapViewOfFile
0x1402b1be0 UpdateProcThreadAttribute
0x1402b1be8 WaitForMultipleObjects
0x1402b1bf0 WaitForSingleObject
0x1402b1bf8 WideCharToMultiByte
0x1402b1c00 WriteConsoleW
0x1402b1c08 WriteFileEx
0x1402b1c10 lstrlenW
ole32.dll
0x1402b1c20 CoTaskMemFree
SHELL32.dll
0x1402b1c30 SHGetKnownFolderPath
api-ms-win-core-synch-l1-2-0.dll
0x1402b1c40 WaitOnAddress
0x1402b1c48 WakeByAddressAll
0x1402b1c50 WakeByAddressSingle
cryptprimitives.dll
0x1402b1c60 ProcessPrng
EAT(Export Address Table) is none
KERNEL32.dll
0x1402b16a8 DeleteCriticalSection
0x1402b16b0 EnterCriticalSection
0x1402b16b8 InitializeCriticalSection
0x1402b16c0 LeaveCriticalSection
0x1402b16c8 RaiseException
0x1402b16d0 RtlUnwindEx
0x1402b16d8 VirtualProtect
0x1402b16e0 VirtualQuery
0x1402b16e8 __C_specific_handler
msvcrt.dll
0x1402b16f8 __getmainargs
0x1402b1700 __initenv
0x1402b1708 __iob_func
0x1402b1710 __set_app_type
0x1402b1718 __setusermatherr
0x1402b1720 _amsg_exit
0x1402b1728 _cexit
0x1402b1730 _commode
0x1402b1738 _fmode
0x1402b1740 _fpreset
0x1402b1748 _initterm
0x1402b1750 _onexit
0x1402b1758 abort
0x1402b1760 calloc
0x1402b1768 exit
0x1402b1770 fprintf
0x1402b1778 free
0x1402b1780 fwrite
0x1402b1788 malloc
0x1402b1790 memcmp
0x1402b1798 memcpy
0x1402b17a0 memmove
0x1402b17a8 memset
0x1402b17b0 signal
0x1402b17b8 strlen
0x1402b17c0 strncmp
0x1402b17c8 vfprintf
ntdll.dll
0x1402b17d8 NtCreateFile
0x1402b17e0 NtReadFile
0x1402b17e8 NtWriteFile
0x1402b17f0 RtlNtStatusToDosError
USERENV.dll
0x1402b1800 GetUserProfileDirectoryW
WS2_32.dll
0x1402b1810 WSACleanup
0x1402b1818 WSADuplicateSocketW
0x1402b1820 WSAGetLastError
0x1402b1828 WSARecv
0x1402b1830 WSASend
0x1402b1838 WSASocketW
0x1402b1840 WSAStartup
0x1402b1848 accept
0x1402b1850 ind
0x1402b1858 closesocket
0x1402b1860 connect
0x1402b1868 freeaddrinfo
0x1402b1870 getaddrinfo
0x1402b1878 getpeername
0x1402b1880 getsockname
0x1402b1888 getsockopt
0x1402b1890 ioctlsocket
0x1402b1898 listen
0x1402b18a0 recv
0x1402b18a8 recvfrom
0x1402b18b0 select
0x1402b18b8 send
0x1402b18c0 sendto
0x1402b18c8 setsockopt
0x1402b18d0 shutdown
KERNEL32.dll
0x1402b18e0 AddVectoredExceptionHandler
0x1402b18e8 CancelIo
0x1402b18f0 CloseHandle
0x1402b18f8 CompareStringOrdinal
0x1402b1900 CopyFileExW
0x1402b1908 CreateDirectoryW
0x1402b1910 CreateEventW
0x1402b1918 CreateFileMappingA
0x1402b1920 CreateFileW
0x1402b1928 CreateHardLinkW
0x1402b1930 CreateNamedPipeW
0x1402b1938 CreateProcessW
0x1402b1940 CreateSymbolicLinkW
0x1402b1948 CreateThread
0x1402b1950 CreateToolhelp32Snapshot
0x1402b1958 CreateWaitableTimerExW
0x1402b1960 DeleteFileW
0x1402b1968 DeleteProcThreadAttributeList
0x1402b1970 DeviceIoControl
0x1402b1978 DuplicateHandle
0x1402b1980 ExitProcess
0x1402b1988 FindClose
0x1402b1990 FindFirstFileW
0x1402b1998 FindNextFileW
0x1402b19a0 FlushFileBuffers
0x1402b19a8 FormatMessageW
0x1402b19b0 FreeEnvironmentStringsW
0x1402b19b8 GetCommandLineW
0x1402b19c0 GetConsoleMode
0x1402b19c8 GetCurrentDirectoryW
0x1402b19d0 GetCurrentProcess
0x1402b19d8 GetCurrentProcessId
0x1402b19e0 GetCurrentThread
0x1402b19e8 GetEnvironmentStringsW
0x1402b19f0 GetEnvironmentVariableW
0x1402b19f8 GetExitCodeProcess
0x1402b1a00 GetFileAttributesW
0x1402b1a08 GetFileInformationByHandle
0x1402b1a10 GetFileInformationByHandleEx
0x1402b1a18 GetFileType
0x1402b1a20 GetFinalPathNameByHandleW
0x1402b1a28 GetFullPathNameW
0x1402b1a30 GetLastError
0x1402b1a38 GetModuleFileNameW
0x1402b1a40 GetModuleHandleA
0x1402b1a48 GetModuleHandleW
0x1402b1a50 GetOverlappedResult
0x1402b1a58 GetProcAddress
0x1402b1a60 GetProcessHeap
0x1402b1a68 GetProcessId
0x1402b1a70 GetStdHandle
0x1402b1a78 GetSystemDirectoryW
0x1402b1a80 GetSystemInfo
0x1402b1a88 GetSystemTimePreciseAsFileTime
0x1402b1a90 GetTempPathW
0x1402b1a98 GetWindowsDirectoryW
0x1402b1aa0 HeapAlloc
0x1402b1aa8 HeapFree
0x1402b1ab0 HeapReAlloc
0x1402b1ab8 InitOnceBeginInitialize
0x1402b1ac0 InitOnceComplete
0x1402b1ac8 InitializeProcThreadAttributeList
0x1402b1ad0 MapViewOfFile
0x1402b1ad8 Module32FirstW
0x1402b1ae0 Module32NextW
0x1402b1ae8 MoveFileExW
0x1402b1af0 MultiByteToWideChar
0x1402b1af8 QueryPerformanceCounter
0x1402b1b00 QueryPerformanceFrequency
0x1402b1b08 ReadConsoleW
0x1402b1b10 ReadFile
0x1402b1b18 ReadFileEx
0x1402b1b20 RemoveDirectoryW
0x1402b1b28 RtlCaptureContext
0x1402b1b30 RtlLookupFunctionEntry
0x1402b1b38 RtlVirtualUnwind
0x1402b1b40 SetCurrentDirectoryW
0x1402b1b48 SetEnvironmentVariableW
0x1402b1b50 SetFileAttributesW
0x1402b1b58 SetFileInformationByHandle
0x1402b1b60 SetFilePointerEx
0x1402b1b68 SetFileTime
0x1402b1b70 SetHandleInformation
0x1402b1b78 SetLastError
0x1402b1b80 SetThreadStackGuarantee
0x1402b1b88 SetUnhandledExceptionFilter
0x1402b1b90 SetWaitableTimer
0x1402b1b98 Sleep
0x1402b1ba0 SleepEx
0x1402b1ba8 SwitchToThread
0x1402b1bb0 TerminateProcess
0x1402b1bb8 TlsAlloc
0x1402b1bc0 TlsFree
0x1402b1bc8 TlsGetValue
0x1402b1bd0 TlsSetValue
0x1402b1bd8 UnmapViewOfFile
0x1402b1be0 UpdateProcThreadAttribute
0x1402b1be8 WaitForMultipleObjects
0x1402b1bf0 WaitForSingleObject
0x1402b1bf8 WideCharToMultiByte
0x1402b1c00 WriteConsoleW
0x1402b1c08 WriteFileEx
0x1402b1c10 lstrlenW
ole32.dll
0x1402b1c20 CoTaskMemFree
SHELL32.dll
0x1402b1c30 SHGetKnownFolderPath
api-ms-win-core-synch-l1-2-0.dll
0x1402b1c40 WaitOnAddress
0x1402b1c48 WakeByAddressAll
0x1402b1c50 WakeByAddressSingle
cryptprimitives.dll
0x1402b1c60 ProcessPrng
EAT(Export Address Table) is none