ScreenShot
| Created | 2025.01.07 15:45 | Machine | s1_win7_x6401 |
| Filename | setup.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (AIDetectMalware, FleetDeck, Ghanarava, GenericKD, Unsafe, Attribute, HighConfidence, a variant of WinGo, RemoteAdmin, A potentially unsafe, cgmlf, Tool, malicious, high, score, Wacatac, Sdum, Cayunamer, Artemis, susgen) | ||
| md5 | 307b6a325777d94923f662b3ec2cab6c | ||
| sha256 | 95838246a5303886567ad9ceed1a83b741de848a3a1b110be0ae98c9f51e3121 | ||
| ssdeep | 98304:/dPsh/HLvyQInTgNbXZnkwcK50k7Ltj6zOn6:/9sBW0ZXtkzK5tZm | ||
| imphash | c7269d59926fa4252270f407e4dab043 | ||
| impfuzzy | 24:UbVjhN5O+VuT2oLtXOr6kwmDruMztxdEr6tP:K5O+VAXOmGx0oP | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Detects the presence of Wine emulator |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | CAB_file_format | CAB archive file | binaries (download) |
| info | CAB_file_format | CAB archive file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x58a020 WriteFile
0x58a024 WriteConsoleW
0x58a028 WaitForMultipleObjects
0x58a02c WaitForSingleObject
0x58a030 VirtualQuery
0x58a034 VirtualFree
0x58a038 VirtualAlloc
0x58a03c SwitchToThread
0x58a040 SuspendThread
0x58a044 Sleep
0x58a048 SetWaitableTimer
0x58a04c SetUnhandledExceptionFilter
0x58a050 SetProcessPriorityBoost
0x58a054 SetEvent
0x58a058 SetErrorMode
0x58a05c SetConsoleCtrlHandler
0x58a060 ResumeThread
0x58a064 PostQueuedCompletionStatus
0x58a068 LoadLibraryA
0x58a06c LoadLibraryW
0x58a070 SetThreadContext
0x58a074 GetThreadContext
0x58a078 GetSystemInfo
0x58a07c GetSystemDirectoryA
0x58a080 GetStdHandle
0x58a084 GetQueuedCompletionStatusEx
0x58a088 GetProcessAffinityMask
0x58a08c GetProcAddress
0x58a090 GetEnvironmentStringsW
0x58a094 GetConsoleMode
0x58a098 FreeEnvironmentStringsW
0x58a09c ExitProcess
0x58a0a0 DuplicateHandle
0x58a0a4 CreateWaitableTimerExW
0x58a0a8 CreateThread
0x58a0ac CreateIoCompletionPort
0x58a0b0 CreateFileA
0x58a0b4 CreateEventA
0x58a0b8 CloseHandle
0x58a0bc AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x58a020 WriteFile
0x58a024 WriteConsoleW
0x58a028 WaitForMultipleObjects
0x58a02c WaitForSingleObject
0x58a030 VirtualQuery
0x58a034 VirtualFree
0x58a038 VirtualAlloc
0x58a03c SwitchToThread
0x58a040 SuspendThread
0x58a044 Sleep
0x58a048 SetWaitableTimer
0x58a04c SetUnhandledExceptionFilter
0x58a050 SetProcessPriorityBoost
0x58a054 SetEvent
0x58a058 SetErrorMode
0x58a05c SetConsoleCtrlHandler
0x58a060 ResumeThread
0x58a064 PostQueuedCompletionStatus
0x58a068 LoadLibraryA
0x58a06c LoadLibraryW
0x58a070 SetThreadContext
0x58a074 GetThreadContext
0x58a078 GetSystemInfo
0x58a07c GetSystemDirectoryA
0x58a080 GetStdHandle
0x58a084 GetQueuedCompletionStatusEx
0x58a088 GetProcessAffinityMask
0x58a08c GetProcAddress
0x58a090 GetEnvironmentStringsW
0x58a094 GetConsoleMode
0x58a098 FreeEnvironmentStringsW
0x58a09c ExitProcess
0x58a0a0 DuplicateHandle
0x58a0a4 CreateWaitableTimerExW
0x58a0a8 CreateThread
0x58a0ac CreateIoCompletionPort
0x58a0b0 CreateFileA
0x58a0b4 CreateEventA
0x58a0b8 CloseHandle
0x58a0bc AddVectoredExceptionHandler
EAT(Export Address Table) is none