popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

rev3.dll

Emotet Trickbot
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 March 18, 2021, 6:17 p.m. March 18, 2021, 6:17 p.m.
Size 740.0KB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 5bab87140fed67a1a1d4480753e68e46
SHA256 b617b7dca180cf678066da3eff7c09d9f8d79a10b71a81cc8b8935cc978ec7c6
CRC32 E92CDF77
ssdeep 12288:wGkcUcJTpz8UmB12ZVDaiI1rgCb0w4ev93ZrzfyTX9XLyt:EcjpoXf2ZBavAwltZrzMX9Xu
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
  • Win_Trojan_Trickbot_Zero - Used Trickbot
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_registry - Affect system registries
  • win_private_profile - Affect private profile
  • win_files_operation - Affect private profile
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • IsWindowsGUI - (no description)
  • HasRichSignature - Rich Signature Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

resource name None
section {u'size_of_data': u'0x0005d000', u'virtual_address': u'0x00055000', u'entropy': 6.960762234826694, u'name': u'.rsrc', u'virtual_size': u'0x0005cbd8'} entropy 6.96076223483 description A section with a high entropy has been found
entropy 0.505434782609 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware2
FireEye Generic.mg.5bab87140fed67a1
CrowdStrike win/malicious_confidence_60% (W)
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Trickpak.gen
Ad-Aware Gen:Variant.Bulz.398811
McAfee-GW-Edition Artemis!Trojan
Ikarus Trojan-Banker.Emotet
Webroot W32.Trojan.Gen
ZoneAlarm HEUR:Trojan.Win32.Trickpak.gen
McAfee Artemis!5BAB87140FED
MAX malware (ai score=86)
ESET-NOD32 Win32/TrickBot.CR
Rising Trojan.Trickpak!8.122C7 (TFE:dGZlOgZ9RHOveNaXyg)