ScreenShot
| Created | 2025.02.06 10:11 | Machine | s1_win7_x6401 |
| Filename | install.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 54 detected (Common, Rhadamanthys, Dump, Dacic, Ghanarava, Unsafe, malicious, confidence, Genus, Attribute, HighConfidence, high confidence, score, TrojanPSW, Lazy, EE65rmTGwTO, sjutw, DownLoader47, YXFBCZ, moderate, Rhadaman, Static AI, Suspicious PE, Azorult, Detected, ABTrojan, HPLH, R683211, Play, Gencirc) | ||
| md5 | e1d10be0d41ba9e8dbad2a53876b3a00 | ||
| sha256 | 5bc044ef951c5095e4b7c094df6e54b19dfaafcd148583bb694625b7a0900f1c | ||
| ssdeep | 12288:1O7k28xC7HMDVBjfbL5S6IZ7OGQN/RutyU3ivG/Jt9:+OS6IZ7QN/R8yoaG/L | ||
| imphash | dbd248d6a07e5b5d3562c903534448e7 | ||
| impfuzzy | 24:0xjyGS1jtuhlJnc+pl3eDo/CyopSOovbO9ZivxGMC:4S1jtu5c+ppmyU3Ay | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (15cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x449000 CloseHandle
0x449004 HeapAlloc
0x449008 HeapFree
0x44900c GetProcessHeap
0x449010 WaitForSingleObject
0x449014 CreateEventW
0x449018 WriteConsoleW
0x44901c QueryPerformanceCounter
0x449020 GetCurrentProcessId
0x449024 GetCurrentThreadId
0x449028 GetSystemTimeAsFileTime
0x44902c InitializeSListHead
0x449030 IsDebuggerPresent
0x449034 UnhandledExceptionFilter
0x449038 SetUnhandledExceptionFilter
0x44903c GetStartupInfoW
0x449040 IsProcessorFeaturePresent
0x449044 GetModuleHandleW
0x449048 GetCurrentProcess
0x44904c TerminateProcess
0x449050 RtlUnwind
0x449054 GetLastError
0x449058 SetLastError
0x44905c EnterCriticalSection
0x449060 LeaveCriticalSection
0x449064 DeleteCriticalSection
0x449068 InitializeCriticalSectionAndSpinCount
0x44906c TlsAlloc
0x449070 TlsGetValue
0x449074 TlsSetValue
0x449078 TlsFree
0x44907c FreeLibrary
0x449080 GetProcAddress
0x449084 LoadLibraryExW
0x449088 EncodePointer
0x44908c RaiseException
0x449090 GetStdHandle
0x449094 WriteFile
0x449098 GetModuleFileNameW
0x44909c ExitProcess
0x4490a0 GetModuleHandleExW
0x4490a4 FindClose
0x4490a8 FindFirstFileExW
0x4490ac FindNextFileW
0x4490b0 IsValidCodePage
0x4490b4 GetACP
0x4490b8 GetOEMCP
0x4490bc GetCPInfo
0x4490c0 GetCommandLineA
0x4490c4 GetCommandLineW
0x4490c8 MultiByteToWideChar
0x4490cc WideCharToMultiByte
0x4490d0 GetEnvironmentStringsW
0x4490d4 FreeEnvironmentStringsW
0x4490d8 SetStdHandle
0x4490dc GetFileType
0x4490e0 GetStringTypeW
0x4490e4 LCMapStringW
0x4490e8 HeapSize
0x4490ec HeapReAlloc
0x4490f0 FlushFileBuffers
0x4490f4 GetConsoleOutputCP
0x4490f8 GetConsoleMode
0x4490fc SetFilePointerEx
0x449100 CreateFileW
0x449104 DecodePointer
EAT(Export Address Table) is none
KERNEL32.dll
0x449000 CloseHandle
0x449004 HeapAlloc
0x449008 HeapFree
0x44900c GetProcessHeap
0x449010 WaitForSingleObject
0x449014 CreateEventW
0x449018 WriteConsoleW
0x44901c QueryPerformanceCounter
0x449020 GetCurrentProcessId
0x449024 GetCurrentThreadId
0x449028 GetSystemTimeAsFileTime
0x44902c InitializeSListHead
0x449030 IsDebuggerPresent
0x449034 UnhandledExceptionFilter
0x449038 SetUnhandledExceptionFilter
0x44903c GetStartupInfoW
0x449040 IsProcessorFeaturePresent
0x449044 GetModuleHandleW
0x449048 GetCurrentProcess
0x44904c TerminateProcess
0x449050 RtlUnwind
0x449054 GetLastError
0x449058 SetLastError
0x44905c EnterCriticalSection
0x449060 LeaveCriticalSection
0x449064 DeleteCriticalSection
0x449068 InitializeCriticalSectionAndSpinCount
0x44906c TlsAlloc
0x449070 TlsGetValue
0x449074 TlsSetValue
0x449078 TlsFree
0x44907c FreeLibrary
0x449080 GetProcAddress
0x449084 LoadLibraryExW
0x449088 EncodePointer
0x44908c RaiseException
0x449090 GetStdHandle
0x449094 WriteFile
0x449098 GetModuleFileNameW
0x44909c ExitProcess
0x4490a0 GetModuleHandleExW
0x4490a4 FindClose
0x4490a8 FindFirstFileExW
0x4490ac FindNextFileW
0x4490b0 IsValidCodePage
0x4490b4 GetACP
0x4490b8 GetOEMCP
0x4490bc GetCPInfo
0x4490c0 GetCommandLineA
0x4490c4 GetCommandLineW
0x4490c8 MultiByteToWideChar
0x4490cc WideCharToMultiByte
0x4490d0 GetEnvironmentStringsW
0x4490d4 FreeEnvironmentStringsW
0x4490d8 SetStdHandle
0x4490dc GetFileType
0x4490e0 GetStringTypeW
0x4490e4 LCMapStringW
0x4490e8 HeapSize
0x4490ec HeapReAlloc
0x4490f0 FlushFileBuffers
0x4490f4 GetConsoleOutputCP
0x4490f8 GetConsoleMode
0x4490fc SetFilePointerEx
0x449100 CreateFileW
0x449104 DecodePointer
EAT(Export Address Table) is none