ScreenShot
| Created | 2021.04.21 23:28 | Machine | s1_win7_x6401 |
| Filename | 046cb520.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 6 detected (Static AI, Suspicious PE, Unsafe, Score, 100%, malicious, confidence) | ||
| md5 | 3e814f38a7158bfc8fe36004e2b9f1fd | ||
| sha256 | 023b9912da1614f16e741a7f815ed77c470fb4c6b4e9333ddbfed8b709bfabf3 | ||
| ssdeep | 768:imhUF2G6QzkiT5vYTbKgkXDbmekehR8bSEln5IyYpamDjobj8Sj:igvw4ZKm0hREln5IUmDjoX | ||
| imphash | bb17b2fbbff4bbf5ebdca7d0bb9e4a5b | ||
| impfuzzy | 96:5ns3iGKMq1SCjdK5j8MTy0Ep3CUpmdFBL9exsCLpzF0cbq:5s3bO1k5j8MTy0O3C+MFBL9ZyV2 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x1c91f4 _XcptFilter
0x1c91f8 _onexit
0x1c91fc __CxxFrameHandler3
0x1c9200 __dllonexit
0x1c9204 _wcmdln
0x1c9208 __set_app_type
0x1c920c _lock
0x1c9210 _cexit
0x1c9214 ?terminate@@YAXXZ
0x1c9218 _vsnwprintf
0x1c921c _initterm
0x1c9220 __p__fmode
0x1c9224 __setusermatherr
0x1c9228 __wgetmainargs
0x1c922c __p__commode
0x1c9230 _amsg_exit
0x1c9234 _except_handler4_common
0x1c9238 exit
0x1c923c _unlock
0x1c9240 free
0x1c9244 _purecall
0x1c9248 _controlfp
0x1c924c _wtoi
0x1c9250 memcpy_s
0x1c9254 _exit
0x1c9258 _callnewh
0x1c925c malloc
0x1c9260 memset
api-ms-win-core-com-l1-1-0.dll
0x1c9008 CoWaitForMultipleHandles
0x1c900c CoReleaseServerProcess
0x1c9010 CLSIDFromString
0x1c9014 CoUninitialize
0x1c9018 CoCreateInstance
0x1c901c CoRegisterClassObject
0x1c9020 CoResumeClassObjects
0x1c9024 CoInitializeSecurity
0x1c9028 CoRevokeClassObject
0x1c902c CoAddRefServerProcess
0x1c9030 CoInitializeEx
api-ms-win-core-file-l1-1-0.dll
0x1c9084 CreateFileW
0x1c9088 GetFileAttributesW
0x1c908c ReadFile
0x1c9090 SetFilePointer
api-ms-win-core-libraryloader-l1-2-0.dll
0x1c90c8 GetModuleHandleExW
0x1c90cc GetModuleFileNameA
0x1c90d0 GetProcAddress
0x1c90d4 LoadStringW
0x1c90d8 FreeLibrary
0x1c90dc GetModuleHandleW
0x1c90e0 LoadLibraryExW
api-ms-win-core-wow64-l1-1-1.dll
0x1c91d0 GetSystemWow64Directory2W
0x1c91d4 IsWow64Process2
api-ms-win-core-synch-l1-1-0.dll
0x1c9160 WaitForSingleObject
0x1c9164 OpenSemaphoreW
0x1c9168 AcquireSRWLockShared
0x1c916c WaitForSingleObjectEx
0x1c9170 AcquireSRWLockExclusive
0x1c9174 SetEvent
0x1c9178 ReleaseSRWLockShared
0x1c917c CreateSemaphoreExW
0x1c9180 ReleaseSemaphore
0x1c9184 CreateMutexExW
0x1c9188 CreateEventW
0x1c918c ReleaseSRWLockExclusive
0x1c9190 ReleaseMutex
api-ms-win-core-heap-l1-1-0.dll
0x1c90a0 HeapFree
0x1c90a4 HeapSetInformation
0x1c90a8 HeapAlloc
0x1c90ac GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0.dll
0x1c906c UnhandledExceptionFilter
0x1c9070 SetErrorMode
0x1c9074 SetLastError
0x1c9078 SetUnhandledExceptionFilter
0x1c907c GetLastError
api-ms-win-core-processenvironment-l1-1-0.dll
0x1c90f8 SearchPathW
0x1c90fc GetCommandLineW
api-ms-win-core-processthreads-l1-1-0.dll
0x1c9104 GetCurrentProcessId
0x1c9108 ExitProcess
0x1c910c CreateProcessW
0x1c9110 GetCurrentProcess
0x1c9114 GetStartupInfoW
0x1c9118 GetCurrentThreadId
0x1c911c TerminateProcess
api-ms-win-core-util-l1-1-0.dll
0x1c91b8 EncodePointer
0x1c91bc DecodePointer
api-ms-win-core-heap-l2-1-0.dll
0x1c90b4 LocalFree
0x1c90b8 LocalAlloc
api-ms-win-core-sysinfo-l1-1-0.dll
0x1c91a8 GetSystemTimeAsFileTime
0x1c91ac GetSystemDirectoryW
0x1c91b0 GetTickCount
api-ms-win-core-winrt-error-l1-1-0.dll
0x1c91c4 RoOriginateError
0x1c91c8 RoOriginateErrorW
api-ms-win-core-processthreads-l1-1-1.dll
0x1c9124 SetProcessMitigationPolicy
api-ms-win-core-localization-l1-2-0.dll
0x1c90e8 FormatMessageW
api-ms-win-core-console-l1-2-0.dll
0x1c9040 AttachConsole
0x1c9044 FreeConsole
api-ms-win-core-debug-l1-1-0.dll
0x1c904c OutputDebugStringW
0x1c9050 DebugBreak
0x1c9054 IsDebuggerPresent
api-ms-win-core-handle-l1-1-0.dll
0x1c9098 CloseHandle
api-ms-win-core-path-l1-1-0.dll
0x1c90f0 PathCchAppend
api-ms-win-core-console-l1-1-0.dll
0x1c9038 WriteConsoleW
api-ms-win-core-string-l1-1-0.dll
0x1c914c CompareStringW
0x1c9150 WideCharToMultiByte
api-ms-win-core-synch-l1-2-0.dll
0x1c9198 Sleep
0x1c919c WakeAllConditionVariable
0x1c91a0 SleepConditionVariableSRW
api-ms-win-core-profile-l1-1-0.dll
0x1c912c QueryPerformanceCounter
api-ms-win-core-string-l2-1-0.dll
0x1c9158 CharNextW
api-ms-win-core-kernel32-private-l1-1-0.dll
0x1c90c0 Wow64EnableWow64FsRedirection
api-ms-win-core-sidebyside-l1-1-0.dll
0x1c9134 ReleaseActCtx
0x1c9138 DeactivateActCtx
0x1c913c CreateActCtxW
0x1c9140 QueryActCtxW
0x1c9144 ActivateActCtx
api-ms-win-downlevel-shlwapi-l1-1-1.dll
0x1c91dc PathIsRelativeW
api-ms-win-downlevel-shlwapi-l2-1-1.dll
0x1c91e4 SHSetThreadRef
imagehlp.dll
0x1c91ec ImageDirectoryEntryToData
ntdll.dll
0x1c9268 NtSetInformationToken
0x1c926c NtOpenProcessToken
0x1c9270 RtlNtStatusToDosError
0x1c9274 NtQueryInformationToken
0x1c9278 RtlSetSearchPathMode
0x1c927c NtSetInformationProcess
0x1c9280 RtlWow64IsWowGuestMachineSupported
0x1c9284 RtlImageNtHeader
0x1c9288 NtQuerySystemInformation
0x1c928c NtClose
api-ms-win-core-delayload-l1-1-1.dll
0x1c9064 ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll
0x1c905c DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0.dll
0x1c9000 ApiSetQueryApiSetPresence
EAT(Export Address Table) is none
msvcrt.dll
0x1c91f4 _XcptFilter
0x1c91f8 _onexit
0x1c91fc __CxxFrameHandler3
0x1c9200 __dllonexit
0x1c9204 _wcmdln
0x1c9208 __set_app_type
0x1c920c _lock
0x1c9210 _cexit
0x1c9214 ?terminate@@YAXXZ
0x1c9218 _vsnwprintf
0x1c921c _initterm
0x1c9220 __p__fmode
0x1c9224 __setusermatherr
0x1c9228 __wgetmainargs
0x1c922c __p__commode
0x1c9230 _amsg_exit
0x1c9234 _except_handler4_common
0x1c9238 exit
0x1c923c _unlock
0x1c9240 free
0x1c9244 _purecall
0x1c9248 _controlfp
0x1c924c _wtoi
0x1c9250 memcpy_s
0x1c9254 _exit
0x1c9258 _callnewh
0x1c925c malloc
0x1c9260 memset
api-ms-win-core-com-l1-1-0.dll
0x1c9008 CoWaitForMultipleHandles
0x1c900c CoReleaseServerProcess
0x1c9010 CLSIDFromString
0x1c9014 CoUninitialize
0x1c9018 CoCreateInstance
0x1c901c CoRegisterClassObject
0x1c9020 CoResumeClassObjects
0x1c9024 CoInitializeSecurity
0x1c9028 CoRevokeClassObject
0x1c902c CoAddRefServerProcess
0x1c9030 CoInitializeEx
api-ms-win-core-file-l1-1-0.dll
0x1c9084 CreateFileW
0x1c9088 GetFileAttributesW
0x1c908c ReadFile
0x1c9090 SetFilePointer
api-ms-win-core-libraryloader-l1-2-0.dll
0x1c90c8 GetModuleHandleExW
0x1c90cc GetModuleFileNameA
0x1c90d0 GetProcAddress
0x1c90d4 LoadStringW
0x1c90d8 FreeLibrary
0x1c90dc GetModuleHandleW
0x1c90e0 LoadLibraryExW
api-ms-win-core-wow64-l1-1-1.dll
0x1c91d0 GetSystemWow64Directory2W
0x1c91d4 IsWow64Process2
api-ms-win-core-synch-l1-1-0.dll
0x1c9160 WaitForSingleObject
0x1c9164 OpenSemaphoreW
0x1c9168 AcquireSRWLockShared
0x1c916c WaitForSingleObjectEx
0x1c9170 AcquireSRWLockExclusive
0x1c9174 SetEvent
0x1c9178 ReleaseSRWLockShared
0x1c917c CreateSemaphoreExW
0x1c9180 ReleaseSemaphore
0x1c9184 CreateMutexExW
0x1c9188 CreateEventW
0x1c918c ReleaseSRWLockExclusive
0x1c9190 ReleaseMutex
api-ms-win-core-heap-l1-1-0.dll
0x1c90a0 HeapFree
0x1c90a4 HeapSetInformation
0x1c90a8 HeapAlloc
0x1c90ac GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0.dll
0x1c906c UnhandledExceptionFilter
0x1c9070 SetErrorMode
0x1c9074 SetLastError
0x1c9078 SetUnhandledExceptionFilter
0x1c907c GetLastError
api-ms-win-core-processenvironment-l1-1-0.dll
0x1c90f8 SearchPathW
0x1c90fc GetCommandLineW
api-ms-win-core-processthreads-l1-1-0.dll
0x1c9104 GetCurrentProcessId
0x1c9108 ExitProcess
0x1c910c CreateProcessW
0x1c9110 GetCurrentProcess
0x1c9114 GetStartupInfoW
0x1c9118 GetCurrentThreadId
0x1c911c TerminateProcess
api-ms-win-core-util-l1-1-0.dll
0x1c91b8 EncodePointer
0x1c91bc DecodePointer
api-ms-win-core-heap-l2-1-0.dll
0x1c90b4 LocalFree
0x1c90b8 LocalAlloc
api-ms-win-core-sysinfo-l1-1-0.dll
0x1c91a8 GetSystemTimeAsFileTime
0x1c91ac GetSystemDirectoryW
0x1c91b0 GetTickCount
api-ms-win-core-winrt-error-l1-1-0.dll
0x1c91c4 RoOriginateError
0x1c91c8 RoOriginateErrorW
api-ms-win-core-processthreads-l1-1-1.dll
0x1c9124 SetProcessMitigationPolicy
api-ms-win-core-localization-l1-2-0.dll
0x1c90e8 FormatMessageW
api-ms-win-core-console-l1-2-0.dll
0x1c9040 AttachConsole
0x1c9044 FreeConsole
api-ms-win-core-debug-l1-1-0.dll
0x1c904c OutputDebugStringW
0x1c9050 DebugBreak
0x1c9054 IsDebuggerPresent
api-ms-win-core-handle-l1-1-0.dll
0x1c9098 CloseHandle
api-ms-win-core-path-l1-1-0.dll
0x1c90f0 PathCchAppend
api-ms-win-core-console-l1-1-0.dll
0x1c9038 WriteConsoleW
api-ms-win-core-string-l1-1-0.dll
0x1c914c CompareStringW
0x1c9150 WideCharToMultiByte
api-ms-win-core-synch-l1-2-0.dll
0x1c9198 Sleep
0x1c919c WakeAllConditionVariable
0x1c91a0 SleepConditionVariableSRW
api-ms-win-core-profile-l1-1-0.dll
0x1c912c QueryPerformanceCounter
api-ms-win-core-string-l2-1-0.dll
0x1c9158 CharNextW
api-ms-win-core-kernel32-private-l1-1-0.dll
0x1c90c0 Wow64EnableWow64FsRedirection
api-ms-win-core-sidebyside-l1-1-0.dll
0x1c9134 ReleaseActCtx
0x1c9138 DeactivateActCtx
0x1c913c CreateActCtxW
0x1c9140 QueryActCtxW
0x1c9144 ActivateActCtx
api-ms-win-downlevel-shlwapi-l1-1-1.dll
0x1c91dc PathIsRelativeW
api-ms-win-downlevel-shlwapi-l2-1-1.dll
0x1c91e4 SHSetThreadRef
imagehlp.dll
0x1c91ec ImageDirectoryEntryToData
ntdll.dll
0x1c9268 NtSetInformationToken
0x1c926c NtOpenProcessToken
0x1c9270 RtlNtStatusToDosError
0x1c9274 NtQueryInformationToken
0x1c9278 RtlSetSearchPathMode
0x1c927c NtSetInformationProcess
0x1c9280 RtlWow64IsWowGuestMachineSupported
0x1c9284 RtlImageNtHeader
0x1c9288 NtQuerySystemInformation
0x1c928c NtClose
api-ms-win-core-delayload-l1-1-1.dll
0x1c9064 ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll
0x1c905c DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0.dll
0x1c9000 ApiSetQueryApiSetPresence
EAT(Export Address Table) is none