ScreenShot
| Created | 2025.04.21 10:37 | Machine | s1_win7_x6403 |
| Filename | Gigantic_Setup.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (Common, Gatak, Malicious, score, Ghanarava, Emotet, GenericKD, Unsafe, Kryptik, Vqlk, confidence, high confidence, PWSX, swgtIFjZzO, Rhadamanthys, sewvt, Detected, Convagent, Malware@#1b9fygmcmuvt8, Wacatac, ABTrojan, ZRUC, Artemis, PE04C9V, Gencirc, susgen, GenKryptik, HGGK, B9nj) | ||
| md5 | dc34da6f3d1a32c6347bb1b78e4bf66e | ||
| sha256 | 77812c4ccb785a839fad3b3fe3445e8eec3601ae175a82e3f841cc106921f616 | ||
| ssdeep | 49152:G4Dc9gae7g/0rzjw1MqkO/GEKeBKxThMZ+czB:4M7g/0LtqTwekTyb | ||
| imphash | 184e98d1d9ae7bd5be8a15e7dcad9e4c | ||
| impfuzzy | 48:8fpcmG+JGfwAkoqtTbfItMlmf9/4nenb1XHK:8fpcmG+JGnRqtnQtimfqnSb1XHK | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14019e4f8 DeleteCriticalSection
0x14019e500 EnterCriticalSection
0x14019e508 InitializeCriticalSection
0x14019e510 LeaveCriticalSection
0x14019e518 RaiseException
0x14019e520 RtlUnwindEx
0x14019e528 VirtualQuery
0x14019e530 __C_specific_handler
msvcrt.dll
0x14019e540 __getmainargs
0x14019e548 __initenv
0x14019e550 __iob_func
0x14019e558 __set_app_type
0x14019e560 __setusermatherr
0x14019e568 _amsg_exit
0x14019e570 _cexit
0x14019e578 _commode
0x14019e580 _fmode
0x14019e588 _fpreset
0x14019e590 _initterm
0x14019e598 abort
0x14019e5a0 atexit
0x14019e5a8 calloc
0x14019e5b0 exit
0x14019e5b8 fprintf
0x14019e5c0 free
0x14019e5c8 fwrite
0x14019e5d0 malloc
0x14019e5d8 memcmp
0x14019e5e0 memcpy
0x14019e5e8 memmove
0x14019e5f0 memset
0x14019e5f8 signal
0x14019e600 strlen
0x14019e608 strncmp
0x14019e610 vfprintf
ntdll.dll
0x14019e620 NtReadFile
0x14019e628 NtWriteFile
0x14019e630 RtlCaptureContext
0x14019e638 RtlLookupFunctionEntry
0x14019e640 RtlNtStatusToDosError
0x14019e648 RtlVirtualUnwind
advapi32.dll
0x14019e658 GetTokenInformation
0x14019e660 OpenProcessToken
0x14019e668 SystemFunction036
crypt.dll
0x14019e678 BCryptGenRandom
kernel32.dll
0x14019e688 AddVectoredExceptionHandler
0x14019e690 CancelIo
0x14019e698 CloseHandle
0x14019e6a0 CompareStringOrdinal
0x14019e6a8 CreateEventW
0x14019e6b0 CreateFileMappingA
0x14019e6b8 CreateFileW
0x14019e6c0 CreateMutexA
0x14019e6c8 CreateNamedPipeW
0x14019e6d0 CreateProcessW
0x14019e6d8 CreateThread
0x14019e6e0 CreateTimerQueue
0x14019e6e8 CreateToolhelp32Snapshot
0x14019e6f0 DeleteProcThreadAttributeList
0x14019e6f8 DeleteTimerQueue
0x14019e700 DuplicateHandle
0x14019e708 ExitProcess
0x14019e710 FindClose
0x14019e718 FindFirstFileExW
0x14019e720 FormatMessageW
0x14019e728 FreeEnvironmentStringsW
0x14019e730 GetCommandLineW
0x14019e738 GetConsoleMode
0x14019e740 GetCurrentDirectoryW
0x14019e748 GetCurrentProcess
0x14019e750 GetCurrentProcessId
0x14019e758 GetCurrentThread
0x14019e760 GetEnvironmentStringsW
0x14019e768 GetEnvironmentVariableW
0x14019e770 GetExitCodeProcess
0x14019e778 GetFileAttributesW
0x14019e780 GetFileInformationByHandle
0x14019e788 GetFileInformationByHandleEx
0x14019e790 GetFullPathNameW
0x14019e798 GetLastError
0x14019e7a0 GetModuleFileNameW
0x14019e7a8 GetModuleHandleA
0x14019e7b0 GetModuleHandleExW
0x14019e7b8 GetModuleHandleW
0x14019e7c0 GetOverlappedResult
0x14019e7c8 GetProcAddress
0x14019e7d0 GetProcessHeap
0x14019e7d8 GetStdHandle
0x14019e7e0 GetSystemDirectoryW
0x14019e7e8 GetWindowsDirectoryW
0x14019e7f0 HeapAlloc
0x14019e7f8 HeapCreate
0x14019e800 HeapFree
0x14019e808 HeapReAlloc
0x14019e810 InitOnceBeginInitialize
0x14019e818 InitOnceComplete
0x14019e820 InitializeProcThreadAttributeList
0x14019e828 LoadLibraryA
0x14019e830 MapViewOfFile
0x14019e838 Module32FirstW
0x14019e840 Module32NextW
0x14019e848 MultiByteToWideChar
0x14019e850 Process32FirstW
0x14019e858 Process32NextW
0x14019e860 ReadFile
0x14019e868 ReadFileEx
0x14019e870 SetEvent
0x14019e878 SetFileInformationByHandle
0x14019e880 SetLastError
0x14019e888 SetThreadStackGuarantee
0x14019e890 SetUnhandledExceptionFilter
0x14019e898 Sleep
0x14019e8a0 SleepEx
0x14019e8a8 TlsAlloc
0x14019e8b0 TlsFree
0x14019e8b8 TlsGetValue
0x14019e8c0 TlsSetValue
0x14019e8c8 UnmapViewOfFile
0x14019e8d0 UpdateProcThreadAttribute
0x14019e8d8 VirtualProtect
0x14019e8e0 WaitForMultipleObjects
0x14019e8e8 WaitForSingleObject
0x14019e8f0 WriteConsoleW
0x14019e8f8 WriteFileEx
api-ms-win-core-synch-l1-2-0.dll
0x14019e908 WaitOnAddress
0x14019e910 WakeByAddressAll
0x14019e918 WakeByAddressSingle
cryptprimitives.dll
0x14019e928 ProcessPrng
EAT(Export Address Table) is none
KERNEL32.dll
0x14019e4f8 DeleteCriticalSection
0x14019e500 EnterCriticalSection
0x14019e508 InitializeCriticalSection
0x14019e510 LeaveCriticalSection
0x14019e518 RaiseException
0x14019e520 RtlUnwindEx
0x14019e528 VirtualQuery
0x14019e530 __C_specific_handler
msvcrt.dll
0x14019e540 __getmainargs
0x14019e548 __initenv
0x14019e550 __iob_func
0x14019e558 __set_app_type
0x14019e560 __setusermatherr
0x14019e568 _amsg_exit
0x14019e570 _cexit
0x14019e578 _commode
0x14019e580 _fmode
0x14019e588 _fpreset
0x14019e590 _initterm
0x14019e598 abort
0x14019e5a0 atexit
0x14019e5a8 calloc
0x14019e5b0 exit
0x14019e5b8 fprintf
0x14019e5c0 free
0x14019e5c8 fwrite
0x14019e5d0 malloc
0x14019e5d8 memcmp
0x14019e5e0 memcpy
0x14019e5e8 memmove
0x14019e5f0 memset
0x14019e5f8 signal
0x14019e600 strlen
0x14019e608 strncmp
0x14019e610 vfprintf
ntdll.dll
0x14019e620 NtReadFile
0x14019e628 NtWriteFile
0x14019e630 RtlCaptureContext
0x14019e638 RtlLookupFunctionEntry
0x14019e640 RtlNtStatusToDosError
0x14019e648 RtlVirtualUnwind
advapi32.dll
0x14019e658 GetTokenInformation
0x14019e660 OpenProcessToken
0x14019e668 SystemFunction036
crypt.dll
0x14019e678 BCryptGenRandom
kernel32.dll
0x14019e688 AddVectoredExceptionHandler
0x14019e690 CancelIo
0x14019e698 CloseHandle
0x14019e6a0 CompareStringOrdinal
0x14019e6a8 CreateEventW
0x14019e6b0 CreateFileMappingA
0x14019e6b8 CreateFileW
0x14019e6c0 CreateMutexA
0x14019e6c8 CreateNamedPipeW
0x14019e6d0 CreateProcessW
0x14019e6d8 CreateThread
0x14019e6e0 CreateTimerQueue
0x14019e6e8 CreateToolhelp32Snapshot
0x14019e6f0 DeleteProcThreadAttributeList
0x14019e6f8 DeleteTimerQueue
0x14019e700 DuplicateHandle
0x14019e708 ExitProcess
0x14019e710 FindClose
0x14019e718 FindFirstFileExW
0x14019e720 FormatMessageW
0x14019e728 FreeEnvironmentStringsW
0x14019e730 GetCommandLineW
0x14019e738 GetConsoleMode
0x14019e740 GetCurrentDirectoryW
0x14019e748 GetCurrentProcess
0x14019e750 GetCurrentProcessId
0x14019e758 GetCurrentThread
0x14019e760 GetEnvironmentStringsW
0x14019e768 GetEnvironmentVariableW
0x14019e770 GetExitCodeProcess
0x14019e778 GetFileAttributesW
0x14019e780 GetFileInformationByHandle
0x14019e788 GetFileInformationByHandleEx
0x14019e790 GetFullPathNameW
0x14019e798 GetLastError
0x14019e7a0 GetModuleFileNameW
0x14019e7a8 GetModuleHandleA
0x14019e7b0 GetModuleHandleExW
0x14019e7b8 GetModuleHandleW
0x14019e7c0 GetOverlappedResult
0x14019e7c8 GetProcAddress
0x14019e7d0 GetProcessHeap
0x14019e7d8 GetStdHandle
0x14019e7e0 GetSystemDirectoryW
0x14019e7e8 GetWindowsDirectoryW
0x14019e7f0 HeapAlloc
0x14019e7f8 HeapCreate
0x14019e800 HeapFree
0x14019e808 HeapReAlloc
0x14019e810 InitOnceBeginInitialize
0x14019e818 InitOnceComplete
0x14019e820 InitializeProcThreadAttributeList
0x14019e828 LoadLibraryA
0x14019e830 MapViewOfFile
0x14019e838 Module32FirstW
0x14019e840 Module32NextW
0x14019e848 MultiByteToWideChar
0x14019e850 Process32FirstW
0x14019e858 Process32NextW
0x14019e860 ReadFile
0x14019e868 ReadFileEx
0x14019e870 SetEvent
0x14019e878 SetFileInformationByHandle
0x14019e880 SetLastError
0x14019e888 SetThreadStackGuarantee
0x14019e890 SetUnhandledExceptionFilter
0x14019e898 Sleep
0x14019e8a0 SleepEx
0x14019e8a8 TlsAlloc
0x14019e8b0 TlsFree
0x14019e8b8 TlsGetValue
0x14019e8c0 TlsSetValue
0x14019e8c8 UnmapViewOfFile
0x14019e8d0 UpdateProcThreadAttribute
0x14019e8d8 VirtualProtect
0x14019e8e0 WaitForMultipleObjects
0x14019e8e8 WaitForSingleObject
0x14019e8f0 WriteConsoleW
0x14019e8f8 WriteFileEx
api-ms-win-core-synch-l1-2-0.dll
0x14019e908 WaitOnAddress
0x14019e910 WakeByAddressAll
0x14019e918 WakeByAddressSingle
cryptprimitives.dll
0x14019e928 ProcessPrng
EAT(Export Address Table) is none