popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis
Gen1 Malicious Library Malicious Packer PE64 dll PE File DLL DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
ARCHIVE s1_win7_x6402 Oct. 14, 2024, 10:55 a.m. Oct. 14, 2024, 10:55 a.m.

Archive SSidadm/imapi.dll @ v.1.7.2_x64__install__.zip

Summary

Size 138.5KB
Type PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5 b587e5d6eb9b2157e4d2a5cf263a7932
SHA1 aad4c0ecbbfe0e1ca58399898369908059053519
SHA256 7f3b2f095e2b883e5ccdd30a1d9dae58bc5eca05a3572878c30001ed7f55d93c
SHA512
daa4a39d041575e2af00f2f42d9027c4667cbe4650d61da3c28bd263d1e255559c55025f5d93d2bb8b160e3d66f655b427667fb4a8fc968d5e1c4be132db6763
CRC32 4B05C459
ssdeep 3072:db0g9e5RBTgB6ODUvoX61C7RucGOS/xz1s0tWfi/SNV23:B0HRBAowX/7wcGOCxz1s0t8V2
PDB Path imapi.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path imapi.pdb
resource name MUI
resource name REGISTRY