ScreenShot
| Created | 2025.02.24 15:17 | Machine | s1_win7_x6401 |
| Filename | Install.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 60 detected (AIDetectMalware, malicious, high confidence, score, Ghanarava, Zusy, Unsafe, Save, Attribute, HighConfidence, MalwareX, CrypterX, kvosye, Ma4kQLHBcuO, BankBot, Real Protect, moderate, Static AI, Malicious PE, Detected, ai score=80, Wacatac, Eldorado, R630595, Artemis, Genetic, R002H09AD25, Gencirc, WjNcS2kCzFs, HackTool, HideProc, susgen, rkit, confidence, 100%) | ||
| md5 | f3b37711b4fdccff04ac73db511e6c97 | ||
| sha256 | bbf19ab2cea14f070e7462babcc0f86ee9499ac0e971f70471386e43cf11cdd0 | ||
| ssdeep | 3072:pQpspNSEHxdY14ByBbjLZV6nqZfBYios3dtM2RRmubBZEZT/WB83gNMxjeh:pQpspIKw19Hp0WJFBCjwqpe | ||
| imphash | 4a38b8722fee325fc3f6a86590c2be8a | ||
| impfuzzy | 12:JXRnl8pjygDNZhBZG3XHuK9TdyCO7Kwxrji2wd3E02:JXRnlOygDNH6HuK9Td4KwxC1E1 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| watch | Creates or sets a registry key to a long series of bytes |
| watch | Stores an executable in the registry |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Vidar_IN | Vidar | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x402060 StrNCatW
0x402064 StrStrIW
0x402068 StrCatW
0x40206c StrCpyW
KERNEL32.dll
0x402018 SizeofResource
0x40201c FindResourceA
0x402020 GetModuleHandleA
0x402024 LockResource
0x402028 LoadResource
0x40202c GetProcAddress
0x402030 IsWow64Process
0x402034 ExitProcess
0x402038 GetCurrentProcess
0x40203c GetProcessHeap
0x402040 HeapAlloc
0x402044 lstrlenW
0x402048 HeapFree
ADVAPI32.dll
0x402000 RegSetValueExW
0x402004 CryptAcquireContextW
0x402008 CryptGenRandom
0x40200c RegOpenKeyExW
0x402010 CryptReleaseContext
ole32.dll
0x402074 CoInitializeSecurity
0x402078 CoCreateInstance
0x40207c CoUninitialize
0x402080 CoInitializeEx
OLEAUT32.dll
0x402050 SysFreeString
0x402054 VariantInit
0x402058 SysAllocString
EAT(Export Address Table) is none
SHLWAPI.dll
0x402060 StrNCatW
0x402064 StrStrIW
0x402068 StrCatW
0x40206c StrCpyW
KERNEL32.dll
0x402018 SizeofResource
0x40201c FindResourceA
0x402020 GetModuleHandleA
0x402024 LockResource
0x402028 LoadResource
0x40202c GetProcAddress
0x402030 IsWow64Process
0x402034 ExitProcess
0x402038 GetCurrentProcess
0x40203c GetProcessHeap
0x402040 HeapAlloc
0x402044 lstrlenW
0x402048 HeapFree
ADVAPI32.dll
0x402000 RegSetValueExW
0x402004 CryptAcquireContextW
0x402008 CryptGenRandom
0x40200c RegOpenKeyExW
0x402010 CryptReleaseContext
ole32.dll
0x402074 CoInitializeSecurity
0x402078 CoCreateInstance
0x40207c CoUninitialize
0x402080 CoInitializeEx
OLEAUT32.dll
0x402050 SysFreeString
0x402054 VariantInit
0x402058 SysAllocString
EAT(Export Address Table) is none