ScreenShot
| Created | 2021.05.20 08:00 | Machine | s1_win7_x6401 |
| Filename | 0k9L0.mp4 | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 19 detected (Wofith, CookieStealera, Eldorado, Malicious, ATRAPS, ai score=95, Sabsik, score, SpyAgent, Artemis, Behavior) | ||
| md5 | f3cfde24b4dcdb6a8f281929c9e000d5 | ||
| sha256 | 8430fd19a75b52c3abddc30a52ffc7c5956b0a590ffb1f00bc29c1f0b7d2d5e0 | ||
| ssdeep | 393216:4Mesjorlh2pBzBUjt+hHOY0QO07Na5J5:DesjopQpF20hHOYpOyNaP5 | ||
| imphash | b0d2bcfaf69e32f6189b93d5e3f439ad | ||
| impfuzzy | 48:VgdkP9d0kteS1hEc+ppYeNgT+ONfilmbU1b:VZPrteS1hEc+ppYea+C6qyb | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Performs some HTTP requests |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
USER32.dll
0x140022320 MessageBoxW
0x140022328 MessageBoxA
KERNEL32.dll
0x140022028 GetModuleFileNameW
0x140022030 GetProcAddress
0x140022038 GetCommandLineW
0x140022040 GetEnvironmentVariableW
0x140022048 SetEnvironmentVariableW
0x140022050 ExpandEnvironmentStringsW
0x140022058 CreateDirectoryW
0x140022060 GetTempPathW
0x140022068 WaitForSingleObject
0x140022070 Sleep
0x140022078 SetDllDirectoryW
0x140022080 CreateProcessW
0x140022088 GetStartupInfoW
0x140022090 LoadLibraryExW
0x140022098 CloseHandle
0x1400220a0 GetCurrentProcess
0x1400220a8 LocalFree
0x1400220b0 FormatMessageW
0x1400220b8 LoadLibraryA
0x1400220c0 MultiByteToWideChar
0x1400220c8 WideCharToMultiByte
0x1400220d0 GetLastError
0x1400220d8 HeapReAlloc
0x1400220e0 SetEndOfFile
0x1400220e8 GetExitCodeProcess
0x1400220f0 GetCommandLineA
0x1400220f8 HeapSize
0x140022100 GetTimeZoneInformation
0x140022108 RtlCaptureContext
0x140022110 RtlLookupFunctionEntry
0x140022118 RtlVirtualUnwind
0x140022120 UnhandledExceptionFilter
0x140022128 SetUnhandledExceptionFilter
0x140022130 TerminateProcess
0x140022138 IsProcessorFeaturePresent
0x140022140 QueryPerformanceCounter
0x140022148 GetCurrentProcessId
0x140022150 GetCurrentThreadId
0x140022158 GetSystemTimeAsFileTime
0x140022160 InitializeSListHead
0x140022168 IsDebuggerPresent
0x140022170 GetModuleHandleW
0x140022178 RtlUnwindEx
0x140022180 SetLastError
0x140022188 EnterCriticalSection
0x140022190 LeaveCriticalSection
0x140022198 DeleteCriticalSection
0x1400221a0 InitializeCriticalSectionAndSpinCount
0x1400221a8 TlsAlloc
0x1400221b0 TlsGetValue
0x1400221b8 TlsSetValue
0x1400221c0 TlsFree
0x1400221c8 FreeLibrary
0x1400221d0 RaiseException
0x1400221d8 ReadFile
0x1400221e0 CreateFileW
0x1400221e8 GetDriveTypeW
0x1400221f0 GetFileType
0x1400221f8 PeekNamedPipe
0x140022200 SystemTimeToTzSpecificLocalTime
0x140022208 FileTimeToSystemTime
0x140022210 GetFullPathNameW
0x140022218 RemoveDirectoryW
0x140022220 FindClose
0x140022228 FindFirstFileExW
0x140022230 FindNextFileW
0x140022238 SetStdHandle
0x140022240 SetConsoleCtrlHandler
0x140022248 DeleteFileW
0x140022250 GetStdHandle
0x140022258 WriteFile
0x140022260 ExitProcess
0x140022268 GetModuleHandleExW
0x140022270 GetACP
0x140022278 HeapFree
0x140022280 HeapAlloc
0x140022288 GetConsoleMode
0x140022290 ReadConsoleW
0x140022298 SetFilePointerEx
0x1400222a0 GetConsoleCP
0x1400222a8 CompareStringW
0x1400222b0 LCMapStringW
0x1400222b8 GetCurrentDirectoryW
0x1400222c0 FlushFileBuffers
0x1400222c8 SetEnvironmentVariableA
0x1400222d0 GetFileAttributesExW
0x1400222d8 IsValidCodePage
0x1400222e0 GetOEMCP
0x1400222e8 GetCPInfo
0x1400222f0 GetEnvironmentStringsW
0x1400222f8 FreeEnvironmentStringsW
0x140022300 GetStringTypeW
0x140022308 GetProcessHeap
0x140022310 WriteConsoleW
ADVAPI32.dll
0x140022000 ConvertSidToStringSidW
0x140022008 GetTokenInformation
0x140022010 OpenProcessToken
0x140022018 ConvertStringSecurityDescriptorToSecurityDescriptorW
WS2_32.dll
0x140022338 ntohl
EAT(Export Address Table) is none
USER32.dll
0x140022320 MessageBoxW
0x140022328 MessageBoxA
KERNEL32.dll
0x140022028 GetModuleFileNameW
0x140022030 GetProcAddress
0x140022038 GetCommandLineW
0x140022040 GetEnvironmentVariableW
0x140022048 SetEnvironmentVariableW
0x140022050 ExpandEnvironmentStringsW
0x140022058 CreateDirectoryW
0x140022060 GetTempPathW
0x140022068 WaitForSingleObject
0x140022070 Sleep
0x140022078 SetDllDirectoryW
0x140022080 CreateProcessW
0x140022088 GetStartupInfoW
0x140022090 LoadLibraryExW
0x140022098 CloseHandle
0x1400220a0 GetCurrentProcess
0x1400220a8 LocalFree
0x1400220b0 FormatMessageW
0x1400220b8 LoadLibraryA
0x1400220c0 MultiByteToWideChar
0x1400220c8 WideCharToMultiByte
0x1400220d0 GetLastError
0x1400220d8 HeapReAlloc
0x1400220e0 SetEndOfFile
0x1400220e8 GetExitCodeProcess
0x1400220f0 GetCommandLineA
0x1400220f8 HeapSize
0x140022100 GetTimeZoneInformation
0x140022108 RtlCaptureContext
0x140022110 RtlLookupFunctionEntry
0x140022118 RtlVirtualUnwind
0x140022120 UnhandledExceptionFilter
0x140022128 SetUnhandledExceptionFilter
0x140022130 TerminateProcess
0x140022138 IsProcessorFeaturePresent
0x140022140 QueryPerformanceCounter
0x140022148 GetCurrentProcessId
0x140022150 GetCurrentThreadId
0x140022158 GetSystemTimeAsFileTime
0x140022160 InitializeSListHead
0x140022168 IsDebuggerPresent
0x140022170 GetModuleHandleW
0x140022178 RtlUnwindEx
0x140022180 SetLastError
0x140022188 EnterCriticalSection
0x140022190 LeaveCriticalSection
0x140022198 DeleteCriticalSection
0x1400221a0 InitializeCriticalSectionAndSpinCount
0x1400221a8 TlsAlloc
0x1400221b0 TlsGetValue
0x1400221b8 TlsSetValue
0x1400221c0 TlsFree
0x1400221c8 FreeLibrary
0x1400221d0 RaiseException
0x1400221d8 ReadFile
0x1400221e0 CreateFileW
0x1400221e8 GetDriveTypeW
0x1400221f0 GetFileType
0x1400221f8 PeekNamedPipe
0x140022200 SystemTimeToTzSpecificLocalTime
0x140022208 FileTimeToSystemTime
0x140022210 GetFullPathNameW
0x140022218 RemoveDirectoryW
0x140022220 FindClose
0x140022228 FindFirstFileExW
0x140022230 FindNextFileW
0x140022238 SetStdHandle
0x140022240 SetConsoleCtrlHandler
0x140022248 DeleteFileW
0x140022250 GetStdHandle
0x140022258 WriteFile
0x140022260 ExitProcess
0x140022268 GetModuleHandleExW
0x140022270 GetACP
0x140022278 HeapFree
0x140022280 HeapAlloc
0x140022288 GetConsoleMode
0x140022290 ReadConsoleW
0x140022298 SetFilePointerEx
0x1400222a0 GetConsoleCP
0x1400222a8 CompareStringW
0x1400222b0 LCMapStringW
0x1400222b8 GetCurrentDirectoryW
0x1400222c0 FlushFileBuffers
0x1400222c8 SetEnvironmentVariableA
0x1400222d0 GetFileAttributesExW
0x1400222d8 IsValidCodePage
0x1400222e0 GetOEMCP
0x1400222e8 GetCPInfo
0x1400222f0 GetEnvironmentStringsW
0x1400222f8 FreeEnvironmentStringsW
0x140022300 GetStringTypeW
0x140022308 GetProcessHeap
0x140022310 WriteConsoleW
ADVAPI32.dll
0x140022000 ConvertSidToStringSidW
0x140022008 GetTokenInformation
0x140022010 OpenProcessToken
0x140022018 ConvertStringSecurityDescriptorToSecurityDescriptorW
WS2_32.dll
0x140022338 ntohl
EAT(Export Address Table) is none