ScreenShot
| Created | 2021.04.28 09:44 | Machine | s1_win7_x6402 |
| Filename | presentation.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 13 detected (malicious, high confidence, Gozi, Ifsb, a variant of Generik, IJEUDFL, Artemis, Ursnif, S9HA13, kcloud, Tnega, Unsafe, Undefined, CLOUD) | ||
| md5 | 3bbac698f5c61fdd41a04d6b47d46b5c | ||
| sha256 | 3c0bc20be866d4a0156f5b1ebb5418e9e58b65f292f4defbde0052644ca2c0e9 | ||
| ssdeep | 24576:4myuKoNJLA68C26QDG0B2sMXfrHEAo1gu54pdBBBBBj:QeJLA68C26X0VMXfbEAoV4pdBBBBBj | ||
| imphash | e58f19c4cbf557ea39184685dbfecb44 | ||
| impfuzzy | 24:0VW8sOJ0Lu9QHuOGOovqv9wc+WzZJBliKDitoS1xGzw9roUTiOPZXvcjijMAE+5H:1rOaBn9wc+e9ctoS1xGzwZrPZ/qU/v | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | Performs some HTTP requests |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (3cnts) ?
Suricata ids
SURICATA HTTP unable to match response to request
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1099000 GetModuleFileNameA
0x1099004 VirtualProtect
0x1099008 VirtualFree
0x109900c VirtualAlloc
0x1099010 GetModuleHandleA
0x1099014 Sleep
0x1099018 CopyFileA
0x109901c GetLastError
0x1099020 OpenMutexA
0x1099024 GetSystemDirectoryA
0x1099028 DeleteFileA
0x109902c CloseHandle
0x1099030 ResetEvent
0x1099034 VirtualProtectEx
0x1099038 GetStartupInfoA
0x109903c CreateProcessA
0x1099040 CreateDirectoryA
0x1099044 GetTickCount
0x1099048 WriteConsoleW
0x109904c CreateFileW
0x1099050 HeapSize
0x1099054 SetStdHandle
0x1099058 GetProcessHeap
0x109905c SetEnvironmentVariableW
0x1099060 FreeEnvironmentStringsW
0x1099064 GetEnvironmentStringsW
0x1099068 GetCommandLineW
0x109906c GetCommandLineA
0x1099070 GetOEMCP
0x1099074 GetACP
0x1099078 IsValidCodePage
0x109907c FindNextFileW
0x1099080 FindFirstFileExW
0x1099084 FindClose
0x1099088 FormatMessageA
0x109908c MultiByteToWideChar
0x1099090 WideCharToMultiByte
0x1099094 EnterCriticalSection
0x1099098 LeaveCriticalSection
0x109909c DeleteCriticalSection
0x10990a0 EncodePointer
0x10990a4 DecodePointer
0x10990a8 LocalFree
0x10990ac GetCPInfo
0x10990b0 CompareStringW
0x10990b4 LCMapStringW
0x10990b8 GetLocaleInfoW
0x10990bc SetLastError
0x10990c0 InitializeCriticalSectionAndSpinCount
0x10990c4 CreateEventW
0x10990c8 SwitchToThread
0x10990cc TlsAlloc
0x10990d0 TlsGetValue
0x10990d4 TlsSetValue
0x10990d8 TlsFree
0x10990dc GetSystemTimeAsFileTime
0x10990e0 GetModuleHandleW
0x10990e4 GetProcAddress
0x10990e8 GetStringTypeW
0x10990ec UnhandledExceptionFilter
0x10990f0 SetUnhandledExceptionFilter
0x10990f4 GetCurrentProcess
0x10990f8 TerminateProcess
0x10990fc IsProcessorFeaturePresent
0x1099100 IsDebuggerPresent
0x1099104 GetStartupInfoW
0x1099108 QueryPerformanceCounter
0x109910c GetCurrentProcessId
0x1099110 GetCurrentThreadId
0x1099114 InitializeSListHead
0x1099118 RaiseException
0x109911c RtlUnwind
0x1099120 InterlockedPushEntrySList
0x1099124 InterlockedFlushSList
0x1099128 FreeLibrary
0x109912c LoadLibraryExW
0x1099130 ExitProcess
0x1099134 GetModuleHandleExW
0x1099138 GetModuleFileNameW
0x109913c SetConsoleCtrlHandler
0x1099140 HeapAlloc
0x1099144 HeapFree
0x1099148 GetDateFormatW
0x109914c GetTimeFormatW
0x1099150 IsValidLocale
0x1099154 GetUserDefaultLCID
0x1099158 EnumSystemLocalesW
0x109915c GetStdHandle
0x1099160 GetFileType
0x1099164 HeapReAlloc
0x1099168 GetCurrentThread
0x109916c WaitForSingleObject
0x1099170 GetExitCodeProcess
0x1099174 CreateProcessW
0x1099178 GetFileAttributesExW
0x109917c FlushFileBuffers
0x1099180 WriteFile
0x1099184 GetConsoleCP
0x1099188 GetConsoleMode
0x109918c ReadFile
0x1099190 GetFileSizeEx
0x1099194 SetFilePointerEx
0x1099198 ReadConsoleW
0x109919c GetTimeZoneInformation
0x10991a0 OutputDebugStringW
ole32.dll
0x10991c4 CoCreateInstance
0x10991c8 CoUninitialize
0x10991cc OleSetContainedObject
0x10991d0 CoInitialize
0x10991d4 OleUninitialize
0x10991d8 CLSIDFromString
0x10991dc OleInitialize
OLEAUT32.dll
0x10991a8 SysAllocString
0x10991ac SysReAllocStringLen
0x10991b0 SysStringLen
0x10991b4 SysAllocStringLen
0x10991b8 SysFreeString
0x10991bc SysReAllocString
EAT(Export Address Table) Library
0x1070830 Artspoke
0x1070a20 Endinstant
0x1070aa0 Evensolve
0x1070400 Footwinte2
0x10715a0 Languagework
KERNEL32.dll
0x1099000 GetModuleFileNameA
0x1099004 VirtualProtect
0x1099008 VirtualFree
0x109900c VirtualAlloc
0x1099010 GetModuleHandleA
0x1099014 Sleep
0x1099018 CopyFileA
0x109901c GetLastError
0x1099020 OpenMutexA
0x1099024 GetSystemDirectoryA
0x1099028 DeleteFileA
0x109902c CloseHandle
0x1099030 ResetEvent
0x1099034 VirtualProtectEx
0x1099038 GetStartupInfoA
0x109903c CreateProcessA
0x1099040 CreateDirectoryA
0x1099044 GetTickCount
0x1099048 WriteConsoleW
0x109904c CreateFileW
0x1099050 HeapSize
0x1099054 SetStdHandle
0x1099058 GetProcessHeap
0x109905c SetEnvironmentVariableW
0x1099060 FreeEnvironmentStringsW
0x1099064 GetEnvironmentStringsW
0x1099068 GetCommandLineW
0x109906c GetCommandLineA
0x1099070 GetOEMCP
0x1099074 GetACP
0x1099078 IsValidCodePage
0x109907c FindNextFileW
0x1099080 FindFirstFileExW
0x1099084 FindClose
0x1099088 FormatMessageA
0x109908c MultiByteToWideChar
0x1099090 WideCharToMultiByte
0x1099094 EnterCriticalSection
0x1099098 LeaveCriticalSection
0x109909c DeleteCriticalSection
0x10990a0 EncodePointer
0x10990a4 DecodePointer
0x10990a8 LocalFree
0x10990ac GetCPInfo
0x10990b0 CompareStringW
0x10990b4 LCMapStringW
0x10990b8 GetLocaleInfoW
0x10990bc SetLastError
0x10990c0 InitializeCriticalSectionAndSpinCount
0x10990c4 CreateEventW
0x10990c8 SwitchToThread
0x10990cc TlsAlloc
0x10990d0 TlsGetValue
0x10990d4 TlsSetValue
0x10990d8 TlsFree
0x10990dc GetSystemTimeAsFileTime
0x10990e0 GetModuleHandleW
0x10990e4 GetProcAddress
0x10990e8 GetStringTypeW
0x10990ec UnhandledExceptionFilter
0x10990f0 SetUnhandledExceptionFilter
0x10990f4 GetCurrentProcess
0x10990f8 TerminateProcess
0x10990fc IsProcessorFeaturePresent
0x1099100 IsDebuggerPresent
0x1099104 GetStartupInfoW
0x1099108 QueryPerformanceCounter
0x109910c GetCurrentProcessId
0x1099110 GetCurrentThreadId
0x1099114 InitializeSListHead
0x1099118 RaiseException
0x109911c RtlUnwind
0x1099120 InterlockedPushEntrySList
0x1099124 InterlockedFlushSList
0x1099128 FreeLibrary
0x109912c LoadLibraryExW
0x1099130 ExitProcess
0x1099134 GetModuleHandleExW
0x1099138 GetModuleFileNameW
0x109913c SetConsoleCtrlHandler
0x1099140 HeapAlloc
0x1099144 HeapFree
0x1099148 GetDateFormatW
0x109914c GetTimeFormatW
0x1099150 IsValidLocale
0x1099154 GetUserDefaultLCID
0x1099158 EnumSystemLocalesW
0x109915c GetStdHandle
0x1099160 GetFileType
0x1099164 HeapReAlloc
0x1099168 GetCurrentThread
0x109916c WaitForSingleObject
0x1099170 GetExitCodeProcess
0x1099174 CreateProcessW
0x1099178 GetFileAttributesExW
0x109917c FlushFileBuffers
0x1099180 WriteFile
0x1099184 GetConsoleCP
0x1099188 GetConsoleMode
0x109918c ReadFile
0x1099190 GetFileSizeEx
0x1099194 SetFilePointerEx
0x1099198 ReadConsoleW
0x109919c GetTimeZoneInformation
0x10991a0 OutputDebugStringW
ole32.dll
0x10991c4 CoCreateInstance
0x10991c8 CoUninitialize
0x10991cc OleSetContainedObject
0x10991d0 CoInitialize
0x10991d4 OleUninitialize
0x10991d8 CLSIDFromString
0x10991dc OleInitialize
OLEAUT32.dll
0x10991a8 SysAllocString
0x10991ac SysReAllocStringLen
0x10991b0 SysStringLen
0x10991b4 SysAllocStringLen
0x10991b8 SysFreeString
0x10991bc SysReAllocString
EAT(Export Address Table) Library
0x1070830 Artspoke
0x1070a20 Endinstant
0x1070aa0 Evensolve
0x1070400 Footwinte2
0x10715a0 Languagework