ScreenShot
| Created | 2024.11.26 14:11 | Machine | s1_win7_x6403 |
| Filename | InstaIIer.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 41 detected (AIDetectMalware, Malicious, score, Artemis, GenericKD, Unsafe, confidence, Attribute, HighConfidence, Kryptik, HYHK, MalwareX, CLOUD, qynvz, Siggen30, Malware@#1rtreqy9asmtq, Wacatac, ABTrojan, YRJB, Chgt, Gencirc, susgen, Sabsik) | ||
| md5 | 136d8eeb91c5fa33ff2049b441929788 | ||
| sha256 | 5667a73898a9134a736c6b56f25577ed3f9901dd17439de0dca545ac3cd1af16 | ||
| ssdeep | 24576:5z0wSWUTxMWv3LPO9dOV8kS8FTVuFK76/KvHM:5z0wSWUTxM2PO9wV8kS8FTV5n | ||
| imphash | 539b0578fabb1d00f1f27cef52dd4f76 | ||
| impfuzzy | 96:8fisc5cJGKRqBlfPqyBS23EiSOCU1MKhg:l9KcBlfPqyBcOoK+ | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4f82f0 DeleteCriticalSection
0x4f82f4 EnterCriticalSection
0x4f82f8 FreeLibrary
0x4f82fc GetLastError
0x4f8300 GetModuleHandleA
0x4f8304 GetProcAddress
0x4f8308 GetStartupInfoA
0x4f830c GlobalAlloc
0x4f8310 GlobalFlags
0x4f8314 InitializeCriticalSection
0x4f8318 LeaveCriticalSection
0x4f831c LoadLibraryA
0x4f8320 SetUnhandledExceptionFilter
0x4f8324 Sleep
0x4f8328 TlsGetValue
0x4f832c VirtualProtect
0x4f8330 VirtualQuery
msvcrt.dll
0x4f8338 __getmainargs
0x4f833c __initenv
0x4f8340 __p__acmdln
0x4f8344 __p__commode
0x4f8348 __p__fmode
0x4f834c __set_app_type
0x4f8350 __setusermatherr
0x4f8354 _amsg_exit
0x4f8358 _cexit
0x4f835c _initterm
0x4f8360 _iob
0x4f8364 _onexit
0x4f8368 abort
0x4f836c calloc
0x4f8370 exit
0x4f8374 fprintf
0x4f8378 free
0x4f837c fwrite
0x4f8380 malloc
0x4f8384 memcpy
0x4f8388 signal
0x4f838c strlen
0x4f8390 strncmp
0x4f8394 vfprintf
d3dcompiler_47.dll
0x4f839c D3DCompileFromFile
0x4f83a0 D3DCompressShaders
0x4f83a4 D3DCreateLinker
0x4f83a8 D3DDisassembleRegion
0x4f83ac D3DGetDebugInfo
0x4f83b0 D3DLoadModule
0x4f83b4 D3DWriteBlobToFile
eappcfg.dll
0x4f83bc EapHostPeerCredentialsXml2Blob
0x4f83c0 EapHostPeerFreeMemory
0x4f83c4 EapHostPeerGetMethods
0x4f83c8 EapHostPeerInvokeInteractiveUI
0x4f83cc EapHostPeerQueryCredentialInputFields
0x4f83d0 EapHostPeerQueryInteractiveUIInputFields
0x4f83d4 EapHostPeerQueryUserBlobFromCredentialInputFields
KERNEL32.dll
0x4f83dc EnumTimeFormatsA
0x4f83e0 FreeLibrary
0x4f83e4 GetEnvironmentVariableA
0x4f83e8 GetLocaleInfoA
0x4f83ec GetThreadLocale
0x4f83f0 RegDisablePredefinedCacheEx
0x4f83f4 lstrcmpW
ktmw32.dll
0x4f83fc CommitTransaction
0x4f8400 OpenTransaction
0x4f8404 PrepareComplete
0x4f8408 RecoverEnlistment
0x4f840c RecoverResourceManager
0x4f8410 RollbackComplete
0x4f8414 RollbackEnlistment
0x4f8418 RollbackTransactionAsync
0x4f841c SinglePhaseReject
mprapi.dll
0x4f8424 MprAdminInterfaceSetInfo
0x4f8428 MprAdminMIBEntryCreate
0x4f842c MprAdminMIBEntryGetNext
0x4f8430 MprConfigServerInstall
0x4f8434 MprConfigTransportDelete
0x4f8438 MprConfigTransportGetInfo
0x4f843c MprInfoRemoveAll
netapi32.dll
0x4f8444 NetDfsSetSecurity
0x4f8448 NetGetDisplayInformationIndex
0x4f844c NetGetJoinInformation
0x4f8450 NetGroupDel
0x4f8454 NetGroupGetUsers
0x4f8458 NetLocalGroupAddMembers
0x4f845c NetLocalGroupDel
0x4f8460 NetLocalGroupDelMembers
0x4f8464 NetLocalGroupGetMembers
0x4f8468 NetLocalGroupSetMembers
0x4f846c NetServerSetInfo
0x4f8470 NetServerTransportAdd
0x4f8474 NetSetPrimaryComputerName
0x4f8478 NetStatisticsGet
0x4f847c NetUserAdd
0x4f8480 NetUserEnum
0x4f8484 NetUserModalsGet
0x4f8488 NetUserModalsSet
0x4f848c NetUserSetInfo
0x4f8490 NetValidateName
0x4f8494 NetValidatePasswordPolicyFree
0x4f8498 NetWkstaSetInfo
0x4f849c NetWkstaTransportAdd
0x4f84a0 NetWkstaTransportEnum
rpcrt4.dll
0x4f84a8 RpcBindingInqAuthInfoExW
0x4f84ac RpcBindingInqAuthInfoW
0x4f84b0 RpcBindingSetAuthInfoExW
0x4f84b4 RpcEpRegisterNoReplaceA
0x4f84b8 RpcErrorStartEnumeration
0x4f84bc RpcServerInqBindingHandle
0x4f84c0 RpcSmEnableAllocate
0x4f84c4 RpcTestCancel
setupapi.dll
0x4f84cc CM_Add_Res_Des_Ex
0x4f84d0 CM_Modify_Res_Des
0x4f84d4 InstallHinfSectionW
0x4f84d8 SetupAddToSourceListW
0x4f84dc SetupDiSelectBestCompatDrv
0x4f84e0 SetupDiSetDeviceRegistryPropertyA
re86x.dll
0x4f84e8 xRHbDXyFqiuIizrK
EAT(Export Address Table) is none
KERNEL32.dll
0x4f82f0 DeleteCriticalSection
0x4f82f4 EnterCriticalSection
0x4f82f8 FreeLibrary
0x4f82fc GetLastError
0x4f8300 GetModuleHandleA
0x4f8304 GetProcAddress
0x4f8308 GetStartupInfoA
0x4f830c GlobalAlloc
0x4f8310 GlobalFlags
0x4f8314 InitializeCriticalSection
0x4f8318 LeaveCriticalSection
0x4f831c LoadLibraryA
0x4f8320 SetUnhandledExceptionFilter
0x4f8324 Sleep
0x4f8328 TlsGetValue
0x4f832c VirtualProtect
0x4f8330 VirtualQuery
msvcrt.dll
0x4f8338 __getmainargs
0x4f833c __initenv
0x4f8340 __p__acmdln
0x4f8344 __p__commode
0x4f8348 __p__fmode
0x4f834c __set_app_type
0x4f8350 __setusermatherr
0x4f8354 _amsg_exit
0x4f8358 _cexit
0x4f835c _initterm
0x4f8360 _iob
0x4f8364 _onexit
0x4f8368 abort
0x4f836c calloc
0x4f8370 exit
0x4f8374 fprintf
0x4f8378 free
0x4f837c fwrite
0x4f8380 malloc
0x4f8384 memcpy
0x4f8388 signal
0x4f838c strlen
0x4f8390 strncmp
0x4f8394 vfprintf
d3dcompiler_47.dll
0x4f839c D3DCompileFromFile
0x4f83a0 D3DCompressShaders
0x4f83a4 D3DCreateLinker
0x4f83a8 D3DDisassembleRegion
0x4f83ac D3DGetDebugInfo
0x4f83b0 D3DLoadModule
0x4f83b4 D3DWriteBlobToFile
eappcfg.dll
0x4f83bc EapHostPeerCredentialsXml2Blob
0x4f83c0 EapHostPeerFreeMemory
0x4f83c4 EapHostPeerGetMethods
0x4f83c8 EapHostPeerInvokeInteractiveUI
0x4f83cc EapHostPeerQueryCredentialInputFields
0x4f83d0 EapHostPeerQueryInteractiveUIInputFields
0x4f83d4 EapHostPeerQueryUserBlobFromCredentialInputFields
KERNEL32.dll
0x4f83dc EnumTimeFormatsA
0x4f83e0 FreeLibrary
0x4f83e4 GetEnvironmentVariableA
0x4f83e8 GetLocaleInfoA
0x4f83ec GetThreadLocale
0x4f83f0 RegDisablePredefinedCacheEx
0x4f83f4 lstrcmpW
ktmw32.dll
0x4f83fc CommitTransaction
0x4f8400 OpenTransaction
0x4f8404 PrepareComplete
0x4f8408 RecoverEnlistment
0x4f840c RecoverResourceManager
0x4f8410 RollbackComplete
0x4f8414 RollbackEnlistment
0x4f8418 RollbackTransactionAsync
0x4f841c SinglePhaseReject
mprapi.dll
0x4f8424 MprAdminInterfaceSetInfo
0x4f8428 MprAdminMIBEntryCreate
0x4f842c MprAdminMIBEntryGetNext
0x4f8430 MprConfigServerInstall
0x4f8434 MprConfigTransportDelete
0x4f8438 MprConfigTransportGetInfo
0x4f843c MprInfoRemoveAll
netapi32.dll
0x4f8444 NetDfsSetSecurity
0x4f8448 NetGetDisplayInformationIndex
0x4f844c NetGetJoinInformation
0x4f8450 NetGroupDel
0x4f8454 NetGroupGetUsers
0x4f8458 NetLocalGroupAddMembers
0x4f845c NetLocalGroupDel
0x4f8460 NetLocalGroupDelMembers
0x4f8464 NetLocalGroupGetMembers
0x4f8468 NetLocalGroupSetMembers
0x4f846c NetServerSetInfo
0x4f8470 NetServerTransportAdd
0x4f8474 NetSetPrimaryComputerName
0x4f8478 NetStatisticsGet
0x4f847c NetUserAdd
0x4f8480 NetUserEnum
0x4f8484 NetUserModalsGet
0x4f8488 NetUserModalsSet
0x4f848c NetUserSetInfo
0x4f8490 NetValidateName
0x4f8494 NetValidatePasswordPolicyFree
0x4f8498 NetWkstaSetInfo
0x4f849c NetWkstaTransportAdd
0x4f84a0 NetWkstaTransportEnum
rpcrt4.dll
0x4f84a8 RpcBindingInqAuthInfoExW
0x4f84ac RpcBindingInqAuthInfoW
0x4f84b0 RpcBindingSetAuthInfoExW
0x4f84b4 RpcEpRegisterNoReplaceA
0x4f84b8 RpcErrorStartEnumeration
0x4f84bc RpcServerInqBindingHandle
0x4f84c0 RpcSmEnableAllocate
0x4f84c4 RpcTestCancel
setupapi.dll
0x4f84cc CM_Add_Res_Des_Ex
0x4f84d0 CM_Modify_Res_Des
0x4f84d4 InstallHinfSectionW
0x4f84d8 SetupAddToSourceListW
0x4f84dc SetupDiSelectBestCompatDrv
0x4f84e0 SetupDiSetDeviceRegistryPropertyA
re86x.dll
0x4f84e8 xRHbDXyFqiuIizrK
EAT(Export Address Table) is none