popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ti.exe

Emotet Gen1 Generic Malware Anti_VM PE64 PE File OS Processor Check DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 24, 2021, 7:48 p.m. June 24, 2021, 8:11 p.m.
Size 13.4MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 f330bbd9ca047fddd9c946898ae087c8
SHA256 61d6938d0dc7b9d9a7b5c3a63f70e422fb122ba8709ab1dabdc4ab69cebb38ba
CRC32 A71D0B1C
ssdeep 393216:lSaqO93N2xhDDBGlh2pWNhhovef51htB7pRnS:lSaqO93NSPGQpcW81N7pg
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
console_handle: 0x0000000000000007
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .gfids
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\python38.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\pywintypes38.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-console-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\libffi-7.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\VCRUNTIME140.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\libcrypto-1_1-x64.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\libssl-1_1-x64.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-file-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\pythoncom38.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\mfc140u.dll
section {u'size_of_data': u'0x0000f200', u'virtual_address': u'0x00041000', u'entropy': 7.356435744039655, u'name': u'.rsrc', u'virtual_size': u'0x0000f064'} entropy 7.35643574404 description A section with a high entropy has been found
entropy 0.225746268657 description Overall entropy of this PE file is high
host 172.217.25.14
McAfee Artemis!F330BBD9CA04
Cylance Unsafe
Alibaba TrojanPSW:Application/LaZagne.189be09c
CrowdStrike win/malicious_confidence_60% (W)
Symantec PUA.Gen.2
ESET-NOD32 Python/PSW.Agent.GC
APEX Malicious
Kaspersky not-a-virus:HEUR:PSWTool.Python.LaZagne.gen
AegisLab Trojan.Win32.Bitmin.trK7
Sophos Generic PUA FG (PUA)
McAfee-GW-Edition BehavesLike.Win64.Dropper.tc
Microsoft PUA:Win32/Presenoker
ZoneAlarm not-a-virus:HEUR:PSWTool.Python.BroPass.gen
TrendMicro-HouseCall TROJ_GEN.R002H0DCO21
Fortinet Riskware/LaZagne
Panda PUP/Hacktool
Qihoo-360 Win64/Trojan.Generic.HgEASRcA
file C:\Users\test22\AppData\Local\Temp\jlyl8mx5
file C:\Users\test22\AppData\Local\Temp\Loginvault.db
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\pywintypes38.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Cipher\_raw_aes.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\select.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Cipher\_raw_ecb.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\_lzma.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\libcrypto-1_1-x64.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Hash\_SHA512.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\win32crypt.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Include\pyconfig.h
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Hash\_ghash_clmul.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Hash\_poly1305.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Cipher\_raw_arc2.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\win32api.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Cipher\_ARC4.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Cipher\_raw_ocb.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\_queue.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\win32trace.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Hash\_MD2.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Cipher\_chacha20.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Hash\_MD5.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\_ctypes.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Hash\_BLAKE2b.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\_socket.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\win32ui.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Cipher\_raw_des3.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Hash\_BLAKE2s.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\base_library.zip
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\Cryptodome\Cipher\_raw_aesni.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\pyexpat.pyd
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\_MEI71802\unicodedata.pyd