ScreenShot
| Created | 2025.04.21 10:31 | Machine | s1_win7_x6403 |
| Filename | Round_Setup.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (Malicious, score, GenericKD, Unsafe, confidence, Attribute, HighConfidence, high confidence, Kryptik, Gatak, swgtIFjZzO, Rhadamanthys, akxre, YXFBNZ, Detected, RBXVMF, Artemis, Eajl, Wacapew, C9nj) | ||
| md5 | 35db0370aca16c73122c49fd33e03383 | ||
| sha256 | 80de269730b6f243a049247d50871957b669ecd637b9b50d5270aaf1a3c79709 | ||
| ssdeep | 49152:XgCDnuF82Ly2K2kf2SFtnSU6ii1SIQ1bcna1dBLAqvVXmInfezAQZEYijwTlHAYo:bjuFRhkf2uVYy1Y2jvVXnW+TV | ||
| imphash | 184e98d1d9ae7bd5be8a15e7dcad9e4c | ||
| impfuzzy | 48:8fpcmG+JGfwAkoqtTbfItMlmf9/4nenb1XHK:8fpcmG+JGnRqtnQtimfqnSb1XHK | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1401b44f8 DeleteCriticalSection
0x1401b4500 EnterCriticalSection
0x1401b4508 InitializeCriticalSection
0x1401b4510 LeaveCriticalSection
0x1401b4518 RaiseException
0x1401b4520 RtlUnwindEx
0x1401b4528 VirtualQuery
0x1401b4530 __C_specific_handler
msvcrt.dll
0x1401b4540 __getmainargs
0x1401b4548 __initenv
0x1401b4550 __iob_func
0x1401b4558 __set_app_type
0x1401b4560 __setusermatherr
0x1401b4568 _amsg_exit
0x1401b4570 _cexit
0x1401b4578 _commode
0x1401b4580 _fmode
0x1401b4588 _fpreset
0x1401b4590 _initterm
0x1401b4598 abort
0x1401b45a0 atexit
0x1401b45a8 calloc
0x1401b45b0 exit
0x1401b45b8 fprintf
0x1401b45c0 free
0x1401b45c8 fwrite
0x1401b45d0 malloc
0x1401b45d8 memcmp
0x1401b45e0 memcpy
0x1401b45e8 memmove
0x1401b45f0 memset
0x1401b45f8 signal
0x1401b4600 strlen
0x1401b4608 strncmp
0x1401b4610 vfprintf
ntdll.dll
0x1401b4620 NtReadFile
0x1401b4628 NtWriteFile
0x1401b4630 RtlCaptureContext
0x1401b4638 RtlLookupFunctionEntry
0x1401b4640 RtlNtStatusToDosError
0x1401b4648 RtlVirtualUnwind
advapi32.dll
0x1401b4658 GetTokenInformation
0x1401b4660 OpenProcessToken
0x1401b4668 SystemFunction036
crypt.dll
0x1401b4678 BCryptGenRandom
kernel32.dll
0x1401b4688 AddVectoredExceptionHandler
0x1401b4690 CancelIo
0x1401b4698 CloseHandle
0x1401b46a0 CompareStringOrdinal
0x1401b46a8 CreateEventW
0x1401b46b0 CreateFileMappingA
0x1401b46b8 CreateFileW
0x1401b46c0 CreateMutexA
0x1401b46c8 CreateNamedPipeW
0x1401b46d0 CreateProcessW
0x1401b46d8 CreateThread
0x1401b46e0 CreateTimerQueue
0x1401b46e8 CreateToolhelp32Snapshot
0x1401b46f0 DeleteProcThreadAttributeList
0x1401b46f8 DeleteTimerQueue
0x1401b4700 DuplicateHandle
0x1401b4708 ExitProcess
0x1401b4710 FindClose
0x1401b4718 FindFirstFileExW
0x1401b4720 FormatMessageW
0x1401b4728 FreeEnvironmentStringsW
0x1401b4730 GetCommandLineW
0x1401b4738 GetConsoleMode
0x1401b4740 GetCurrentDirectoryW
0x1401b4748 GetCurrentProcess
0x1401b4750 GetCurrentProcessId
0x1401b4758 GetCurrentThread
0x1401b4760 GetEnvironmentStringsW
0x1401b4768 GetEnvironmentVariableW
0x1401b4770 GetExitCodeProcess
0x1401b4778 GetFileAttributesW
0x1401b4780 GetFileInformationByHandle
0x1401b4788 GetFileInformationByHandleEx
0x1401b4790 GetFullPathNameW
0x1401b4798 GetLastError
0x1401b47a0 GetModuleFileNameW
0x1401b47a8 GetModuleHandleA
0x1401b47b0 GetModuleHandleExW
0x1401b47b8 GetModuleHandleW
0x1401b47c0 GetOverlappedResult
0x1401b47c8 GetProcAddress
0x1401b47d0 GetProcessHeap
0x1401b47d8 GetStdHandle
0x1401b47e0 GetSystemDirectoryW
0x1401b47e8 GetWindowsDirectoryW
0x1401b47f0 HeapAlloc
0x1401b47f8 HeapCreate
0x1401b4800 HeapFree
0x1401b4808 HeapReAlloc
0x1401b4810 InitOnceBeginInitialize
0x1401b4818 InitOnceComplete
0x1401b4820 InitializeProcThreadAttributeList
0x1401b4828 LoadLibraryA
0x1401b4830 MapViewOfFile
0x1401b4838 Module32FirstW
0x1401b4840 Module32NextW
0x1401b4848 MultiByteToWideChar
0x1401b4850 Process32FirstW
0x1401b4858 Process32NextW
0x1401b4860 ReadFile
0x1401b4868 ReadFileEx
0x1401b4870 SetEvent
0x1401b4878 SetFileInformationByHandle
0x1401b4880 SetLastError
0x1401b4888 SetThreadStackGuarantee
0x1401b4890 SetUnhandledExceptionFilter
0x1401b4898 Sleep
0x1401b48a0 SleepEx
0x1401b48a8 TlsAlloc
0x1401b48b0 TlsFree
0x1401b48b8 TlsGetValue
0x1401b48c0 TlsSetValue
0x1401b48c8 UnmapViewOfFile
0x1401b48d0 UpdateProcThreadAttribute
0x1401b48d8 VirtualProtect
0x1401b48e0 WaitForMultipleObjects
0x1401b48e8 WaitForSingleObject
0x1401b48f0 WriteConsoleW
0x1401b48f8 WriteFileEx
api-ms-win-core-synch-l1-2-0.dll
0x1401b4908 WaitOnAddress
0x1401b4910 WakeByAddressAll
0x1401b4918 WakeByAddressSingle
cryptprimitives.dll
0x1401b4928 ProcessPrng
EAT(Export Address Table) is none
KERNEL32.dll
0x1401b44f8 DeleteCriticalSection
0x1401b4500 EnterCriticalSection
0x1401b4508 InitializeCriticalSection
0x1401b4510 LeaveCriticalSection
0x1401b4518 RaiseException
0x1401b4520 RtlUnwindEx
0x1401b4528 VirtualQuery
0x1401b4530 __C_specific_handler
msvcrt.dll
0x1401b4540 __getmainargs
0x1401b4548 __initenv
0x1401b4550 __iob_func
0x1401b4558 __set_app_type
0x1401b4560 __setusermatherr
0x1401b4568 _amsg_exit
0x1401b4570 _cexit
0x1401b4578 _commode
0x1401b4580 _fmode
0x1401b4588 _fpreset
0x1401b4590 _initterm
0x1401b4598 abort
0x1401b45a0 atexit
0x1401b45a8 calloc
0x1401b45b0 exit
0x1401b45b8 fprintf
0x1401b45c0 free
0x1401b45c8 fwrite
0x1401b45d0 malloc
0x1401b45d8 memcmp
0x1401b45e0 memcpy
0x1401b45e8 memmove
0x1401b45f0 memset
0x1401b45f8 signal
0x1401b4600 strlen
0x1401b4608 strncmp
0x1401b4610 vfprintf
ntdll.dll
0x1401b4620 NtReadFile
0x1401b4628 NtWriteFile
0x1401b4630 RtlCaptureContext
0x1401b4638 RtlLookupFunctionEntry
0x1401b4640 RtlNtStatusToDosError
0x1401b4648 RtlVirtualUnwind
advapi32.dll
0x1401b4658 GetTokenInformation
0x1401b4660 OpenProcessToken
0x1401b4668 SystemFunction036
crypt.dll
0x1401b4678 BCryptGenRandom
kernel32.dll
0x1401b4688 AddVectoredExceptionHandler
0x1401b4690 CancelIo
0x1401b4698 CloseHandle
0x1401b46a0 CompareStringOrdinal
0x1401b46a8 CreateEventW
0x1401b46b0 CreateFileMappingA
0x1401b46b8 CreateFileW
0x1401b46c0 CreateMutexA
0x1401b46c8 CreateNamedPipeW
0x1401b46d0 CreateProcessW
0x1401b46d8 CreateThread
0x1401b46e0 CreateTimerQueue
0x1401b46e8 CreateToolhelp32Snapshot
0x1401b46f0 DeleteProcThreadAttributeList
0x1401b46f8 DeleteTimerQueue
0x1401b4700 DuplicateHandle
0x1401b4708 ExitProcess
0x1401b4710 FindClose
0x1401b4718 FindFirstFileExW
0x1401b4720 FormatMessageW
0x1401b4728 FreeEnvironmentStringsW
0x1401b4730 GetCommandLineW
0x1401b4738 GetConsoleMode
0x1401b4740 GetCurrentDirectoryW
0x1401b4748 GetCurrentProcess
0x1401b4750 GetCurrentProcessId
0x1401b4758 GetCurrentThread
0x1401b4760 GetEnvironmentStringsW
0x1401b4768 GetEnvironmentVariableW
0x1401b4770 GetExitCodeProcess
0x1401b4778 GetFileAttributesW
0x1401b4780 GetFileInformationByHandle
0x1401b4788 GetFileInformationByHandleEx
0x1401b4790 GetFullPathNameW
0x1401b4798 GetLastError
0x1401b47a0 GetModuleFileNameW
0x1401b47a8 GetModuleHandleA
0x1401b47b0 GetModuleHandleExW
0x1401b47b8 GetModuleHandleW
0x1401b47c0 GetOverlappedResult
0x1401b47c8 GetProcAddress
0x1401b47d0 GetProcessHeap
0x1401b47d8 GetStdHandle
0x1401b47e0 GetSystemDirectoryW
0x1401b47e8 GetWindowsDirectoryW
0x1401b47f0 HeapAlloc
0x1401b47f8 HeapCreate
0x1401b4800 HeapFree
0x1401b4808 HeapReAlloc
0x1401b4810 InitOnceBeginInitialize
0x1401b4818 InitOnceComplete
0x1401b4820 InitializeProcThreadAttributeList
0x1401b4828 LoadLibraryA
0x1401b4830 MapViewOfFile
0x1401b4838 Module32FirstW
0x1401b4840 Module32NextW
0x1401b4848 MultiByteToWideChar
0x1401b4850 Process32FirstW
0x1401b4858 Process32NextW
0x1401b4860 ReadFile
0x1401b4868 ReadFileEx
0x1401b4870 SetEvent
0x1401b4878 SetFileInformationByHandle
0x1401b4880 SetLastError
0x1401b4888 SetThreadStackGuarantee
0x1401b4890 SetUnhandledExceptionFilter
0x1401b4898 Sleep
0x1401b48a0 SleepEx
0x1401b48a8 TlsAlloc
0x1401b48b0 TlsFree
0x1401b48b8 TlsGetValue
0x1401b48c0 TlsSetValue
0x1401b48c8 UnmapViewOfFile
0x1401b48d0 UpdateProcThreadAttribute
0x1401b48d8 VirtualProtect
0x1401b48e0 WaitForMultipleObjects
0x1401b48e8 WaitForSingleObject
0x1401b48f0 WriteConsoleW
0x1401b48f8 WriteFileEx
api-ms-win-core-synch-l1-2-0.dll
0x1401b4908 WaitOnAddress
0x1401b4910 WakeByAddressAll
0x1401b4918 WakeByAddressSingle
cryptprimitives.dll
0x1401b4928 ProcessPrng
EAT(Export Address Table) is none