popup

Report - betta_version.msi

Generic Malware Malicious Library MSOffice File CAB OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2025.02.21 09:42 Machine s1_win7_x6401
Filename betta_version.msi
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: DriverBooster10 10.2.0.110, Subject: DriverBooster10, Author: Ventis Media Inc., Keywords: Installer, Template: Intel;1033, Revision Numb
AI Score Not founds Behavior Score
3.2
ZERO API file : clean
VT API (file) 16 detected (BypassUAC, multiple detections, Mqil, PossibleThreat)
md5 c505a2e4af5fd83df5b355cbf275a002
sha256 747a870d3194f8d42eba470965c0b95d836a91455abc4756e76cfbea743b9191
ssdeep 393216:TC2dtU7P45XWr7uSK9KElHxm9+3/aHbWe8vK9ks:c7P45X6S8d+v7e8gk
imphash
impfuzzy
  Network IP location

Signature (9cnts)

Level Description
watch File has been identified by 16 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Looks up the external IP address
notice Performs some HTTP requests
notice Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Queries for the computername

Rules (5cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info CAB_file_format CAB archive file binaries (upload)
info Microsoft_Office_File_Zero Microsoft Office File binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)

Network (7cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://IPiNfo.io/country
whois
US GOOGLE 34.117.59.81 clean
http://ipINFO.io/Ip
whois
US GOOGLE 34.117.59.81 clean
http://IPINfo.Io/city
whois
US GOOGLE 34.117.59.81 clean
ipINFO.io
whois
US GOOGLE 34.117.59.81 clean
api.telegram.org
whois
GB Telegram Messenger Inc 149.154.167.220 clean
34.117.59.81
whois
US GOOGLE 34.117.59.81 clean
149.154.167.220
whois
GB Telegram Messenger Inc 149.154.167.220 clean

Suricata ids

ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
ET POLICY External IP Lookup ipinfo.io
ET HUNTING Telegram API Domain in DNS Lookup

Similarity measure (PE file only) - Checking for service failure