ScreenShot
| Created | 2023.08.21 10:22 | Machine | s1_win7_x6401 |
| Filename | Setup3.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 36 detected (Common, Malicious, score, GenericKD, confidence, 100%, MalwareX, Attribute, HighConfidence, high confidence, 43LKmx2sMyE, yikaz, Artemis, Wacatac, Detected, ai score=80, unsafe) | ||
| md5 | f0e7def68cf0ad13fa1465a84081e7fa | ||
| sha256 | 8dc60ed97c72e928555748075175d01c1568d89536d5b0040d6edd977e9613e3 | ||
| ssdeep | 3072:/wxoSJkOZc+Yu8zNbCjPoXk8RB4QZvQHp4iFw5C84:/wxzvc+Yu8zNbc4kUB8HOUwC | ||
| imphash | bc8d2a62cabbf7fbe1ecc06695be542c | ||
| impfuzzy | 24:d6jJ02tMS17mlJnc+pl3eDo/CuyouhvMSOovbOwZn+GMfT:YtMS17kc+ppmuyDc3b | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140017000 FindFirstFileA
0x140017008 FindNextFileA
0x140017010 FindClose
0x140017018 WaitForSingleObject
0x140017020 GetModuleHandleA
0x140017028 Sleep
0x140017030 GetFileAttributesA
0x140017038 GlobalAlloc
0x140017040 CloseHandle
0x140017048 WideCharToMultiByte
0x140017050 WriteConsoleW
0x140017058 CreateFileW
0x140017060 RtlCaptureContext
0x140017068 RtlLookupFunctionEntry
0x140017070 RtlVirtualUnwind
0x140017078 UnhandledExceptionFilter
0x140017080 SetUnhandledExceptionFilter
0x140017088 GetCurrentProcess
0x140017090 TerminateProcess
0x140017098 IsProcessorFeaturePresent
0x1400170a0 QueryPerformanceCounter
0x1400170a8 GetCurrentProcessId
0x1400170b0 GetCurrentThreadId
0x1400170b8 GetSystemTimeAsFileTime
0x1400170c0 InitializeSListHead
0x1400170c8 IsDebuggerPresent
0x1400170d0 GetStartupInfoW
0x1400170d8 GetModuleHandleW
0x1400170e0 RtlUnwindEx
0x1400170e8 GetLastError
0x1400170f0 SetLastError
0x1400170f8 EnterCriticalSection
0x140017100 LeaveCriticalSection
0x140017108 DeleteCriticalSection
0x140017110 InitializeCriticalSectionAndSpinCount
0x140017118 TlsAlloc
0x140017120 TlsGetValue
0x140017128 TlsSetValue
0x140017130 TlsFree
0x140017138 FreeLibrary
0x140017140 GetProcAddress
0x140017148 LoadLibraryExW
0x140017150 EncodePointer
0x140017158 RaiseException
0x140017160 RtlPcToFileHeader
0x140017168 GetStdHandle
0x140017170 WriteFile
0x140017178 GetModuleFileNameW
0x140017180 ExitProcess
0x140017188 GetModuleHandleExW
0x140017190 HeapFree
0x140017198 HeapAlloc
0x1400171a0 GetFileType
0x1400171a8 FindFirstFileExW
0x1400171b0 FindNextFileW
0x1400171b8 IsValidCodePage
0x1400171c0 GetACP
0x1400171c8 GetOEMCP
0x1400171d0 GetCPInfo
0x1400171d8 GetCommandLineA
0x1400171e0 GetCommandLineW
0x1400171e8 MultiByteToWideChar
0x1400171f0 GetEnvironmentStringsW
0x1400171f8 FreeEnvironmentStringsW
0x140017200 SetStdHandle
0x140017208 GetStringTypeW
0x140017210 FlsAlloc
0x140017218 FlsGetValue
0x140017220 FlsSetValue
0x140017228 FlsFree
0x140017230 LCMapStringW
0x140017238 GetProcessHeap
0x140017240 SetFilePointerEx
0x140017248 HeapSize
0x140017250 HeapReAlloc
0x140017258 FlushFileBuffers
0x140017260 GetConsoleOutputCP
0x140017268 GetConsoleMode
SHELL32.dll
0x140017278 SHGetSpecialFolderPathA
0x140017280 SHGetKnownFolderPath
EAT(Export Address Table) is none
KERNEL32.dll
0x140017000 FindFirstFileA
0x140017008 FindNextFileA
0x140017010 FindClose
0x140017018 WaitForSingleObject
0x140017020 GetModuleHandleA
0x140017028 Sleep
0x140017030 GetFileAttributesA
0x140017038 GlobalAlloc
0x140017040 CloseHandle
0x140017048 WideCharToMultiByte
0x140017050 WriteConsoleW
0x140017058 CreateFileW
0x140017060 RtlCaptureContext
0x140017068 RtlLookupFunctionEntry
0x140017070 RtlVirtualUnwind
0x140017078 UnhandledExceptionFilter
0x140017080 SetUnhandledExceptionFilter
0x140017088 GetCurrentProcess
0x140017090 TerminateProcess
0x140017098 IsProcessorFeaturePresent
0x1400170a0 QueryPerformanceCounter
0x1400170a8 GetCurrentProcessId
0x1400170b0 GetCurrentThreadId
0x1400170b8 GetSystemTimeAsFileTime
0x1400170c0 InitializeSListHead
0x1400170c8 IsDebuggerPresent
0x1400170d0 GetStartupInfoW
0x1400170d8 GetModuleHandleW
0x1400170e0 RtlUnwindEx
0x1400170e8 GetLastError
0x1400170f0 SetLastError
0x1400170f8 EnterCriticalSection
0x140017100 LeaveCriticalSection
0x140017108 DeleteCriticalSection
0x140017110 InitializeCriticalSectionAndSpinCount
0x140017118 TlsAlloc
0x140017120 TlsGetValue
0x140017128 TlsSetValue
0x140017130 TlsFree
0x140017138 FreeLibrary
0x140017140 GetProcAddress
0x140017148 LoadLibraryExW
0x140017150 EncodePointer
0x140017158 RaiseException
0x140017160 RtlPcToFileHeader
0x140017168 GetStdHandle
0x140017170 WriteFile
0x140017178 GetModuleFileNameW
0x140017180 ExitProcess
0x140017188 GetModuleHandleExW
0x140017190 HeapFree
0x140017198 HeapAlloc
0x1400171a0 GetFileType
0x1400171a8 FindFirstFileExW
0x1400171b0 FindNextFileW
0x1400171b8 IsValidCodePage
0x1400171c0 GetACP
0x1400171c8 GetOEMCP
0x1400171d0 GetCPInfo
0x1400171d8 GetCommandLineA
0x1400171e0 GetCommandLineW
0x1400171e8 MultiByteToWideChar
0x1400171f0 GetEnvironmentStringsW
0x1400171f8 FreeEnvironmentStringsW
0x140017200 SetStdHandle
0x140017208 GetStringTypeW
0x140017210 FlsAlloc
0x140017218 FlsGetValue
0x140017220 FlsSetValue
0x140017228 FlsFree
0x140017230 LCMapStringW
0x140017238 GetProcessHeap
0x140017240 SetFilePointerEx
0x140017248 HeapSize
0x140017250 HeapReAlloc
0x140017258 FlushFileBuffers
0x140017260 GetConsoleOutputCP
0x140017268 GetConsoleMode
SHELL32.dll
0x140017278 SHGetSpecialFolderPathA
0x140017280 SHGetKnownFolderPath
EAT(Export Address Table) is none