Windows Analysis Report
Installer.exe

Overview

General Information

Sample name: Installer.exe
Analysis ID: 1542680
MD5: 100c1978b1a6ed1e40d5c9fded0abffd
SHA1: 90e359d598e934330a203869523862277ed55d23
SHA256: 1f1c85afdcd76e891c5fb050a981f3dfe5e81e44d30d00a9f69d3f4e54d44af6
Tags: exeuser-KnownStormChaser

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to dynamically determine API calls
Program does not show much activity (idle)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Installer.exe Virustotal: Detection: 9% Perma Link
Source: classification engine Classification label: mal48.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\Installer.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Installer.exe Virustotal: Detection: 9%
Source: C:\Users\user\Desktop\Installer.exe Section loaded: avrt.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: credui.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: d3dcompiler_47.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: mprapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: msdrm.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: tdh.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: crl86x.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\Desktop\Installer.exe Section loaded: cryptsp.dll Jump to behavior
Source: Installer.exe Static file information: File size 41963008 > 1048576
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Installer.exe Code function: 0_2_008E14E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_008E14E0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Installer.exe Code function: 0_2_008E14E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_008E14E0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Installer.exe Code function: 0_2_008E11A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 0_2_008E11A3
Source: C:\Users\user\Desktop\Installer.exe Code function: 0_2_008E13C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 0_2_008E13C9
Source: C:\Users\user\Desktop\Installer.exe Code function: 0_2_008E116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 0_2_008E116C
Source: C:\Users\user\Desktop\Installer.exe Code function: 0_2_008E1160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 0_2_008E1160
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1542680 Sample: Installer.exe Startdate: 26/10/2024 Architecture: WINDOWS Score: 48 7 Multi AV Scanner detection for submitted file 2->7 5 Installer.exe 2->5         started        process3
No contacted IP infos