ScreenShot
| Created | 2021.04.24 18:04 | Machine | s1_win7_x6402 |
| Filename | ze6p62.zip | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 40 detected (malicious, high confidence, GenericKD, Unsafe, Kryptik, Phonzy, confidence, 100%, Dridex, Eldorado, HKMI, Cridex, MalwareX, CLOUD, Malware@#3izhvcjyk0hpf, FTJT, bdmvv, kcloud, ai score=81, TIAOABDQ, GdSda) | ||
| md5 | bcdb8892ade3fbcef1e017b8c8acca6a | ||
| sha256 | 0b1d65243616e6e7dd9804775739f945cc67e80018a9584139efc45698a20185 | ||
| ssdeep | 24576:5r+fVBkzxJ7RY/uuTkA+94dP2Qm4VltHR6bPYEH/e0HdD:t+fVBUxJ7S/3Tn+94dP2Qm4VXxePYeHZ | ||
| imphash | 109992b9532b7167f00464da73141e6b | ||
| impfuzzy | 48:8A4L9Uc+W4xt81xG80i4bPZAl3E/k5x/1O:8PLKc+WQt81xG8VqKI | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x51e000 VirtualProtectEx
0x51e004 HeapAlloc
0x51e008 GetProcessHeap
0x51e00c OpenProcess
0x51e010 Sleep
0x51e014 GetSystemTime
0x51e018 CreateSemaphoreA
0x51e01c GetModuleFileNameA
0x51e020 GetModuleHandleA
0x51e024 GetEnvironmentVariableA
0x51e028 GetWindowsDirectoryA
0x51e02c CreateFileA
0x51e030 QueryPerformanceCounter
0x51e034 GetVersionExA
0x51e038 GetDateFormatA
0x51e03c WriteConsoleW
0x51e040 CreateFileW
0x51e044 HeapSize
0x51e048 ReadConsoleW
0x51e04c SetStdHandle
0x51e050 SetEnvironmentVariableW
0x51e054 FreeEnvironmentStringsW
0x51e058 WideCharToMultiByte
0x51e05c MultiByteToWideChar
0x51e060 GetStringTypeW
0x51e064 FormatMessageW
0x51e068 EnterCriticalSection
0x51e06c LeaveCriticalSection
0x51e070 DeleteCriticalSection
0x51e074 GetCPInfo
0x51e078 EncodePointer
0x51e07c DecodePointer
0x51e080 SetLastError
0x51e084 InitializeCriticalSectionAndSpinCount
0x51e088 CreateEventW
0x51e08c TlsAlloc
0x51e090 TlsGetValue
0x51e094 TlsSetValue
0x51e098 TlsFree
0x51e09c GetSystemTimeAsFileTime
0x51e0a0 GetTickCount
0x51e0a4 GetModuleHandleW
0x51e0a8 GetProcAddress
0x51e0ac CompareStringW
0x51e0b0 LCMapStringW
0x51e0b4 GetLocaleInfoW
0x51e0b8 CloseHandle
0x51e0bc SetEvent
0x51e0c0 ResetEvent
0x51e0c4 WaitForSingleObjectEx
0x51e0c8 IsProcessorFeaturePresent
0x51e0cc IsDebuggerPresent
0x51e0d0 UnhandledExceptionFilter
0x51e0d4 SetUnhandledExceptionFilter
0x51e0d8 GetStartupInfoW
0x51e0dc GetCurrentProcess
0x51e0e0 TerminateProcess
0x51e0e4 GetCurrentProcessId
0x51e0e8 GetCurrentThreadId
0x51e0ec InitializeSListHead
0x51e0f0 RaiseException
0x51e0f4 RtlUnwind
0x51e0f8 GetLastError
0x51e0fc FreeLibrary
0x51e100 LoadLibraryExW
0x51e104 InterlockedPushEntrySList
0x51e108 InterlockedFlushSList
0x51e10c HeapFree
0x51e110 HeapReAlloc
0x51e114 ExitProcess
0x51e118 GetModuleHandleExW
0x51e11c GetModuleFileNameW
0x51e120 GetCurrentThread
0x51e124 GetStdHandle
0x51e128 GetFileType
0x51e12c GetDateFormatW
0x51e130 GetTimeFormatW
0x51e134 IsValidLocale
0x51e138 GetUserDefaultLCID
0x51e13c EnumSystemLocalesW
0x51e140 GetFileSizeEx
0x51e144 SetFilePointerEx
0x51e148 FlushFileBuffers
0x51e14c WriteFile
0x51e150 GetConsoleCP
0x51e154 GetConsoleMode
0x51e158 ReadFile
0x51e15c SetConsoleCtrlHandler
0x51e160 GetTimeZoneInformation
0x51e164 FindClose
0x51e168 FindFirstFileExW
0x51e16c FindNextFileW
0x51e170 IsValidCodePage
0x51e174 GetACP
0x51e178 GetOEMCP
0x51e17c GetCommandLineA
0x51e180 GetCommandLineW
0x51e184 GetEnvironmentStringsW
0x51e188 OutputDebugStringW
USER32.dll
0x51e190 EnumWindows
0x51e194 GetWindowLongW
0x51e198 ReleaseDC
0x51e19c GetClassInfoExA
0x51e1a0 DefWindowProcA
0x51e1a4 CallNextHookEx
EAT(Export Address Table) Library
0x484be0 Bearmass
0x484b80 Caselist
0x484900 CommonWash
0x484f70 Heregather
0x484c30 Melodycross
0x484550 Woodgirl
KERNEL32.dll
0x51e000 VirtualProtectEx
0x51e004 HeapAlloc
0x51e008 GetProcessHeap
0x51e00c OpenProcess
0x51e010 Sleep
0x51e014 GetSystemTime
0x51e018 CreateSemaphoreA
0x51e01c GetModuleFileNameA
0x51e020 GetModuleHandleA
0x51e024 GetEnvironmentVariableA
0x51e028 GetWindowsDirectoryA
0x51e02c CreateFileA
0x51e030 QueryPerformanceCounter
0x51e034 GetVersionExA
0x51e038 GetDateFormatA
0x51e03c WriteConsoleW
0x51e040 CreateFileW
0x51e044 HeapSize
0x51e048 ReadConsoleW
0x51e04c SetStdHandle
0x51e050 SetEnvironmentVariableW
0x51e054 FreeEnvironmentStringsW
0x51e058 WideCharToMultiByte
0x51e05c MultiByteToWideChar
0x51e060 GetStringTypeW
0x51e064 FormatMessageW
0x51e068 EnterCriticalSection
0x51e06c LeaveCriticalSection
0x51e070 DeleteCriticalSection
0x51e074 GetCPInfo
0x51e078 EncodePointer
0x51e07c DecodePointer
0x51e080 SetLastError
0x51e084 InitializeCriticalSectionAndSpinCount
0x51e088 CreateEventW
0x51e08c TlsAlloc
0x51e090 TlsGetValue
0x51e094 TlsSetValue
0x51e098 TlsFree
0x51e09c GetSystemTimeAsFileTime
0x51e0a0 GetTickCount
0x51e0a4 GetModuleHandleW
0x51e0a8 GetProcAddress
0x51e0ac CompareStringW
0x51e0b0 LCMapStringW
0x51e0b4 GetLocaleInfoW
0x51e0b8 CloseHandle
0x51e0bc SetEvent
0x51e0c0 ResetEvent
0x51e0c4 WaitForSingleObjectEx
0x51e0c8 IsProcessorFeaturePresent
0x51e0cc IsDebuggerPresent
0x51e0d0 UnhandledExceptionFilter
0x51e0d4 SetUnhandledExceptionFilter
0x51e0d8 GetStartupInfoW
0x51e0dc GetCurrentProcess
0x51e0e0 TerminateProcess
0x51e0e4 GetCurrentProcessId
0x51e0e8 GetCurrentThreadId
0x51e0ec InitializeSListHead
0x51e0f0 RaiseException
0x51e0f4 RtlUnwind
0x51e0f8 GetLastError
0x51e0fc FreeLibrary
0x51e100 LoadLibraryExW
0x51e104 InterlockedPushEntrySList
0x51e108 InterlockedFlushSList
0x51e10c HeapFree
0x51e110 HeapReAlloc
0x51e114 ExitProcess
0x51e118 GetModuleHandleExW
0x51e11c GetModuleFileNameW
0x51e120 GetCurrentThread
0x51e124 GetStdHandle
0x51e128 GetFileType
0x51e12c GetDateFormatW
0x51e130 GetTimeFormatW
0x51e134 IsValidLocale
0x51e138 GetUserDefaultLCID
0x51e13c EnumSystemLocalesW
0x51e140 GetFileSizeEx
0x51e144 SetFilePointerEx
0x51e148 FlushFileBuffers
0x51e14c WriteFile
0x51e150 GetConsoleCP
0x51e154 GetConsoleMode
0x51e158 ReadFile
0x51e15c SetConsoleCtrlHandler
0x51e160 GetTimeZoneInformation
0x51e164 FindClose
0x51e168 FindFirstFileExW
0x51e16c FindNextFileW
0x51e170 IsValidCodePage
0x51e174 GetACP
0x51e178 GetOEMCP
0x51e17c GetCommandLineA
0x51e180 GetCommandLineW
0x51e184 GetEnvironmentStringsW
0x51e188 OutputDebugStringW
USER32.dll
0x51e190 EnumWindows
0x51e194 GetWindowLongW
0x51e198 ReleaseDC
0x51e19c GetClassInfoExA
0x51e1a0 DefWindowProcA
0x51e1a4 CallNextHookEx
EAT(Export Address Table) Library
0x484be0 Bearmass
0x484b80 Caselist
0x484900 CommonWash
0x484f70 Heregather
0x484c30 Melodycross
0x484550 Woodgirl