ScreenShot
| Created | 2025.03.31 12:18 | Machine | s1_win7_x6403 |
| Filename | setup.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 32 detected (Ghanarava, GenericKD, Unsafe, Attribute, HighConfidence, FileRepMalware, Misc, Lyrics, Detected, Wacapew, ABTrojan, RQWI, Artemis, MALICIOUS, Chgt, R002H09CM25, susgen, PossibleThreat, Software) | ||
| md5 | 668a2b6bc52f43d1367d97899a7e74c1 | ||
| sha256 | 82f4d2a4ac8b5782a6ad408564c8739dc742ae73368f07eb532d9364dc213394 | ||
| ssdeep | 98304:L0Fxb8yuO+WFwLId3DUVxaZumRdhfCqcqmP/tV:L0Fxb8yuO+JLA3DUue | ||
| imphash | 262f7b623746b414d0e9c48c1d61145e | ||
| impfuzzy | 96:+0fctvEdh3wF47mqFwrkrnWHqxs458er3F4Z:+m3w6OgTWH4KZ | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| watch | Disables proxy possibly for traffic interception |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Performs some HTTP requests |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | CAB_file_format | CAB archive file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (5cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x6cb000 WriteFile
0x6cb004 DeleteFileW
0x6cb008 HeapDestroy
0x6cb00c HeapSize
0x6cb010 HeapReAlloc
0x6cb014 HeapFree
0x6cb018 HeapAlloc
0x6cb01c GetProcessHeap
0x6cb020 SizeofResource
0x6cb024 LockResource
0x6cb028 LoadResource
0x6cb02c FindResourceW
0x6cb030 FindResourceExW
0x6cb034 CreateEventExW
0x6cb038 WaitForSingleObject
0x6cb03c CreateProcessW
0x6cb040 GetLastError
0x6cb044 GetExitCodeProcess
0x6cb048 SetEvent
0x6cb04c DeleteCriticalSection
0x6cb050 EnterCriticalSection
0x6cb054 LeaveCriticalSection
0x6cb058 GetModuleFileNameW
0x6cb05c InitializeCriticalSectionAndSpinCount
0x6cb060 GetCurrentThreadId
0x6cb064 RaiseException
0x6cb068 SetLastError
0x6cb06c GlobalUnlock
0x6cb070 GlobalLock
0x6cb074 GlobalAlloc
0x6cb078 MulDiv
0x6cb07c lstrcmpW
0x6cb080 CreateEventW
0x6cb084 FindClose
0x6cb088 FindFirstFileW
0x6cb08c GetFullPathNameW
0x6cb090 InitializeCriticalSection
0x6cb094 lstrcpynW
0x6cb098 CreateThread
0x6cb09c GetLogicalDriveStringsW
0x6cb0a0 GetDriveTypeW
0x6cb0a4 GetDiskFreeSpaceExW
0x6cb0a8 Sleep
0x6cb0ac GetProcAddress
0x6cb0b0 LoadLibraryExW
0x6cb0b4 FreeLibrary
0x6cb0b8 CreateToolhelp32Snapshot
0x6cb0bc Process32FirstW
0x6cb0c0 Process32NextW
0x6cb0c4 GetCurrentProcess
0x6cb0c8 WideCharToMultiByte
0x6cb0cc GetSystemDirectoryW
0x6cb0d0 GetCurrentProcessId
0x6cb0d4 DecodePointer
0x6cb0d8 CreateNamedPipeW
0x6cb0dc GetExitCodeThread
0x6cb0e0 CreateDirectoryW
0x6cb0e4 lstrlenW
0x6cb0e8 VerifyVersionInfoW
0x6cb0ec VerSetConditionMask
0x6cb0f0 lstrcmpiW
0x6cb0f4 GetModuleHandleW
0x6cb0f8 LoadLibraryW
0x6cb0fc CompareStringW
0x6cb100 RemoveDirectoryW
0x6cb104 FindNextFileW
0x6cb108 GetFileSize
0x6cb10c GetFileAttributesW
0x6cb110 GetShortPathNameW
0x6cb114 GetFinalPathNameByHandleW
0x6cb118 SetFileAttributesW
0x6cb11c GetFileTime
0x6cb120 CopyFileW
0x6cb124 ReadFile
0x6cb128 SetFilePointer
0x6cb12c SetFileTime
0x6cb130 SystemTimeToFileTime
0x6cb134 MultiByteToWideChar
0x6cb138 GetSystemInfo
0x6cb13c WaitForMultipleObjects
0x6cb140 GetVersion
0x6cb144 CreateSemaphoreW
0x6cb148 ReleaseSemaphore
0x6cb14c GlobalMemoryStatus
0x6cb150 GetModuleHandleA
0x6cb154 VirtualProtect
0x6cb158 VirtualQuery
0x6cb15c LoadLibraryExA
0x6cb160 GetStringTypeW
0x6cb164 OutputDebugStringW
0x6cb168 GetLocalTime
0x6cb16c FlushFileBuffers
0x6cb170 GetTempPathW
0x6cb174 GetTempFileNameW
0x6cb178 MoveFileW
0x6cb17c GetWindowsDirectoryW
0x6cb180 SetUnhandledExceptionFilter
0x6cb184 FileTimeToSystemTime
0x6cb188 GetEnvironmentVariableW
0x6cb18c GetSystemTime
0x6cb190 GetDateFormatW
0x6cb194 GetTimeFormatW
0x6cb198 GetLocaleInfoW
0x6cb19c FormatMessageW
0x6cb1a0 ConnectNamedPipe
0x6cb1a4 GetEnvironmentStringsW
0x6cb1a8 LocalFree
0x6cb1ac InitializeCriticalSectionEx
0x6cb1b0 LoadLibraryA
0x6cb1b4 GetModuleFileNameA
0x6cb1b8 LocalAlloc
0x6cb1bc GetCurrentThread
0x6cb1c0 GetConsoleOutputCP
0x6cb1c4 Wow64DisableWow64FsRedirection
0x6cb1c8 Wow64RevertWow64FsRedirection
0x6cb1cc IsWow64Process
0x6cb1d0 CloseHandle
0x6cb1d4 GetProcessId
0x6cb1d8 TerminateProcess
0x6cb1dc ReadProcessMemory
0x6cb1e0 SetConsoleTextAttribute
0x6cb1e4 GetStdHandle
0x6cb1e8 GetConsoleScreenBufferInfo
0x6cb1ec GetTickCount
0x6cb1f0 GetCommandLineW
0x6cb1f4 SetCurrentDirectoryW
0x6cb1f8 SetEndOfFile
0x6cb1fc EnumResourceLanguagesW
0x6cb200 GetSystemDefaultLangID
0x6cb204 GetUserDefaultLangID
0x6cb208 lstrcpyW
0x6cb20c ResetEvent
0x6cb210 GlobalFree
0x6cb214 GetPrivateProfileStringW
0x6cb218 GetPrivateProfileSectionNamesW
0x6cb21c WritePrivateProfileStringW
0x6cb220 TerminateThread
0x6cb224 CompareFileTime
0x6cb228 CopyFileExW
0x6cb22c OpenEventW
0x6cb230 PeekNamedPipe
0x6cb234 WaitForSingleObjectEx
0x6cb238 ReleaseSRWLockExclusive
0x6cb23c AcquireSRWLockExclusive
0x6cb240 TryAcquireSRWLockExclusive
0x6cb244 FormatMessageA
0x6cb248 QueryPerformanceCounter
0x6cb24c QueryPerformanceFrequency
0x6cb250 SleepConditionVariableSRW
0x6cb254 GetLocaleInfoEx
0x6cb258 GetCurrentDirectoryW
0x6cb25c FindFirstFileExW
0x6cb260 MoveFileExW
0x6cb264 WakeAllConditionVariable
0x6cb268 EncodePointer
0x6cb26c LCMapStringEx
0x6cb270 GetSystemTimeAsFileTime
0x6cb274 CompareStringEx
0x6cb278 GetCPInfo
0x6cb27c IsDebuggerPresent
0x6cb280 InitializeSListHead
0x6cb284 InterlockedPopEntrySList
0x6cb288 InterlockedPushEntrySList
0x6cb28c FlushInstructionCache
0x6cb290 IsProcessorFeaturePresent
0x6cb294 VirtualAlloc
0x6cb298 VirtualFree
0x6cb29c UnhandledExceptionFilter
0x6cb2a0 GetStartupInfoW
0x6cb2a4 RtlUnwind
0x6cb2a8 TlsAlloc
0x6cb2ac TlsGetValue
0x6cb2b0 TlsSetValue
0x6cb2b4 TlsFree
0x6cb2b8 ExitThread
0x6cb2bc FreeLibraryAndExitThread
0x6cb2c0 GetModuleHandleExW
0x6cb2c4 ExitProcess
0x6cb2c8 GetFileType
0x6cb2cc FlsAlloc
0x6cb2d0 FlsGetValue
0x6cb2d4 FlsSetValue
0x6cb2d8 FlsFree
0x6cb2dc LCMapStringW
0x6cb2e0 IsValidLocale
0x6cb2e4 GetUserDefaultLCID
0x6cb2e8 EnumSystemLocalesW
0x6cb2ec GetConsoleMode
0x6cb2f0 SetFilePointerEx
0x6cb2f4 GetFileSizeEx
0x6cb2f8 ReadConsoleW
0x6cb2fc GetTimeZoneInformation
0x6cb300 IsValidCodePage
0x6cb304 GetACP
0x6cb308 GetOEMCP
0x6cb30c GetCommandLineA
0x6cb310 FreeEnvironmentStringsW
0x6cb314 SetEnvironmentVariableW
0x6cb318 SetStdHandle
0x6cb31c WriteConsoleW
0x6cb320 GetProcessAffinityMask
0x6cb324 OpenProcess
0x6cb328 CreateFileW
0x6cb32c HeapQueryInformation
imagehlp.dll
0x6cb334 SymGetModuleBase
0x6cb338 SymFunctionTableAccess
0x6cb33c SymGetLineFromAddr
0x6cb340 SymSetSearchPath
0x6cb344 SymCleanup
0x6cb348 SymInitialize
0x6cb34c SymSetOptions
0x6cb350 StackWalk
EAT(Export Address Table) is none
KERNEL32.dll
0x6cb000 WriteFile
0x6cb004 DeleteFileW
0x6cb008 HeapDestroy
0x6cb00c HeapSize
0x6cb010 HeapReAlloc
0x6cb014 HeapFree
0x6cb018 HeapAlloc
0x6cb01c GetProcessHeap
0x6cb020 SizeofResource
0x6cb024 LockResource
0x6cb028 LoadResource
0x6cb02c FindResourceW
0x6cb030 FindResourceExW
0x6cb034 CreateEventExW
0x6cb038 WaitForSingleObject
0x6cb03c CreateProcessW
0x6cb040 GetLastError
0x6cb044 GetExitCodeProcess
0x6cb048 SetEvent
0x6cb04c DeleteCriticalSection
0x6cb050 EnterCriticalSection
0x6cb054 LeaveCriticalSection
0x6cb058 GetModuleFileNameW
0x6cb05c InitializeCriticalSectionAndSpinCount
0x6cb060 GetCurrentThreadId
0x6cb064 RaiseException
0x6cb068 SetLastError
0x6cb06c GlobalUnlock
0x6cb070 GlobalLock
0x6cb074 GlobalAlloc
0x6cb078 MulDiv
0x6cb07c lstrcmpW
0x6cb080 CreateEventW
0x6cb084 FindClose
0x6cb088 FindFirstFileW
0x6cb08c GetFullPathNameW
0x6cb090 InitializeCriticalSection
0x6cb094 lstrcpynW
0x6cb098 CreateThread
0x6cb09c GetLogicalDriveStringsW
0x6cb0a0 GetDriveTypeW
0x6cb0a4 GetDiskFreeSpaceExW
0x6cb0a8 Sleep
0x6cb0ac GetProcAddress
0x6cb0b0 LoadLibraryExW
0x6cb0b4 FreeLibrary
0x6cb0b8 CreateToolhelp32Snapshot
0x6cb0bc Process32FirstW
0x6cb0c0 Process32NextW
0x6cb0c4 GetCurrentProcess
0x6cb0c8 WideCharToMultiByte
0x6cb0cc GetSystemDirectoryW
0x6cb0d0 GetCurrentProcessId
0x6cb0d4 DecodePointer
0x6cb0d8 CreateNamedPipeW
0x6cb0dc GetExitCodeThread
0x6cb0e0 CreateDirectoryW
0x6cb0e4 lstrlenW
0x6cb0e8 VerifyVersionInfoW
0x6cb0ec VerSetConditionMask
0x6cb0f0 lstrcmpiW
0x6cb0f4 GetModuleHandleW
0x6cb0f8 LoadLibraryW
0x6cb0fc CompareStringW
0x6cb100 RemoveDirectoryW
0x6cb104 FindNextFileW
0x6cb108 GetFileSize
0x6cb10c GetFileAttributesW
0x6cb110 GetShortPathNameW
0x6cb114 GetFinalPathNameByHandleW
0x6cb118 SetFileAttributesW
0x6cb11c GetFileTime
0x6cb120 CopyFileW
0x6cb124 ReadFile
0x6cb128 SetFilePointer
0x6cb12c SetFileTime
0x6cb130 SystemTimeToFileTime
0x6cb134 MultiByteToWideChar
0x6cb138 GetSystemInfo
0x6cb13c WaitForMultipleObjects
0x6cb140 GetVersion
0x6cb144 CreateSemaphoreW
0x6cb148 ReleaseSemaphore
0x6cb14c GlobalMemoryStatus
0x6cb150 GetModuleHandleA
0x6cb154 VirtualProtect
0x6cb158 VirtualQuery
0x6cb15c LoadLibraryExA
0x6cb160 GetStringTypeW
0x6cb164 OutputDebugStringW
0x6cb168 GetLocalTime
0x6cb16c FlushFileBuffers
0x6cb170 GetTempPathW
0x6cb174 GetTempFileNameW
0x6cb178 MoveFileW
0x6cb17c GetWindowsDirectoryW
0x6cb180 SetUnhandledExceptionFilter
0x6cb184 FileTimeToSystemTime
0x6cb188 GetEnvironmentVariableW
0x6cb18c GetSystemTime
0x6cb190 GetDateFormatW
0x6cb194 GetTimeFormatW
0x6cb198 GetLocaleInfoW
0x6cb19c FormatMessageW
0x6cb1a0 ConnectNamedPipe
0x6cb1a4 GetEnvironmentStringsW
0x6cb1a8 LocalFree
0x6cb1ac InitializeCriticalSectionEx
0x6cb1b0 LoadLibraryA
0x6cb1b4 GetModuleFileNameA
0x6cb1b8 LocalAlloc
0x6cb1bc GetCurrentThread
0x6cb1c0 GetConsoleOutputCP
0x6cb1c4 Wow64DisableWow64FsRedirection
0x6cb1c8 Wow64RevertWow64FsRedirection
0x6cb1cc IsWow64Process
0x6cb1d0 CloseHandle
0x6cb1d4 GetProcessId
0x6cb1d8 TerminateProcess
0x6cb1dc ReadProcessMemory
0x6cb1e0 SetConsoleTextAttribute
0x6cb1e4 GetStdHandle
0x6cb1e8 GetConsoleScreenBufferInfo
0x6cb1ec GetTickCount
0x6cb1f0 GetCommandLineW
0x6cb1f4 SetCurrentDirectoryW
0x6cb1f8 SetEndOfFile
0x6cb1fc EnumResourceLanguagesW
0x6cb200 GetSystemDefaultLangID
0x6cb204 GetUserDefaultLangID
0x6cb208 lstrcpyW
0x6cb20c ResetEvent
0x6cb210 GlobalFree
0x6cb214 GetPrivateProfileStringW
0x6cb218 GetPrivateProfileSectionNamesW
0x6cb21c WritePrivateProfileStringW
0x6cb220 TerminateThread
0x6cb224 CompareFileTime
0x6cb228 CopyFileExW
0x6cb22c OpenEventW
0x6cb230 PeekNamedPipe
0x6cb234 WaitForSingleObjectEx
0x6cb238 ReleaseSRWLockExclusive
0x6cb23c AcquireSRWLockExclusive
0x6cb240 TryAcquireSRWLockExclusive
0x6cb244 FormatMessageA
0x6cb248 QueryPerformanceCounter
0x6cb24c QueryPerformanceFrequency
0x6cb250 SleepConditionVariableSRW
0x6cb254 GetLocaleInfoEx
0x6cb258 GetCurrentDirectoryW
0x6cb25c FindFirstFileExW
0x6cb260 MoveFileExW
0x6cb264 WakeAllConditionVariable
0x6cb268 EncodePointer
0x6cb26c LCMapStringEx
0x6cb270 GetSystemTimeAsFileTime
0x6cb274 CompareStringEx
0x6cb278 GetCPInfo
0x6cb27c IsDebuggerPresent
0x6cb280 InitializeSListHead
0x6cb284 InterlockedPopEntrySList
0x6cb288 InterlockedPushEntrySList
0x6cb28c FlushInstructionCache
0x6cb290 IsProcessorFeaturePresent
0x6cb294 VirtualAlloc
0x6cb298 VirtualFree
0x6cb29c UnhandledExceptionFilter
0x6cb2a0 GetStartupInfoW
0x6cb2a4 RtlUnwind
0x6cb2a8 TlsAlloc
0x6cb2ac TlsGetValue
0x6cb2b0 TlsSetValue
0x6cb2b4 TlsFree
0x6cb2b8 ExitThread
0x6cb2bc FreeLibraryAndExitThread
0x6cb2c0 GetModuleHandleExW
0x6cb2c4 ExitProcess
0x6cb2c8 GetFileType
0x6cb2cc FlsAlloc
0x6cb2d0 FlsGetValue
0x6cb2d4 FlsSetValue
0x6cb2d8 FlsFree
0x6cb2dc LCMapStringW
0x6cb2e0 IsValidLocale
0x6cb2e4 GetUserDefaultLCID
0x6cb2e8 EnumSystemLocalesW
0x6cb2ec GetConsoleMode
0x6cb2f0 SetFilePointerEx
0x6cb2f4 GetFileSizeEx
0x6cb2f8 ReadConsoleW
0x6cb2fc GetTimeZoneInformation
0x6cb300 IsValidCodePage
0x6cb304 GetACP
0x6cb308 GetOEMCP
0x6cb30c GetCommandLineA
0x6cb310 FreeEnvironmentStringsW
0x6cb314 SetEnvironmentVariableW
0x6cb318 SetStdHandle
0x6cb31c WriteConsoleW
0x6cb320 GetProcessAffinityMask
0x6cb324 OpenProcess
0x6cb328 CreateFileW
0x6cb32c HeapQueryInformation
imagehlp.dll
0x6cb334 SymGetModuleBase
0x6cb338 SymFunctionTableAccess
0x6cb33c SymGetLineFromAddr
0x6cb340 SymSetSearchPath
0x6cb344 SymCleanup
0x6cb348 SymInitialize
0x6cb34c SymSetOptions
0x6cb350 StackWalk
EAT(Export Address Table) is none