ScreenShot
| Created | 2021.05.20 09:31 | Machine | s1_win7_x6401 |
| Filename | sdkdiff.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 2 detected (Sabsik) | ||
| md5 | 47cd8b6aae996f5510e5963b8fba3438 | ||
| sha256 | a1b301f82519d48e72ef62c539e044212182f4e632fb51beec467536b4b52158 | ||
| ssdeep | 6144:bU5HVXzvadnTSEwIeSlF4q6PU+LHn1I+7QRE66UdhnkyqdG4n9Ma1uUCUw6fu3mZ:bUzzERMUk9sRE0qdhX1uVUw6fUS1T | ||
| imphash | e65ca897a7f81055b9ccb6509eeeaf13 | ||
| impfuzzy | 96:H5MT3R3kx0kcXTCtFDn1Lzp7RjODzHJKW1:H5MT3R3kx0kG2Lh383 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x140048b50 AttachThreadInput
0x140048b58 BeginPaint
0x140048b60 CharLowerBuffA
0x140048b68 CharNextA
0x140048b70 CharPrevA
0x140048b78 CheckDlgButton
0x140048b80 CheckMenuItem
0x140048b88 CheckRadioButton
0x140048b90 ClientToScreen
0x140048b98 CloseClipboard
0x140048ba0 CreateDialogParamA
0x140048ba8 CreateWindowExA
0x140048bb0 DefWindowProcA
0x140048bb8 DestroyMenu
0x140048bc0 DestroyWindow
0x140048bc8 DialogBoxParamA
0x140048bd0 DispatchMessageA
0x140048bd8 DrawFocusRect
0x140048be0 DrawTextA
0x140048be8 EmptyClipboard
0x140048bf0 EnableMenuItem
0x140048bf8 EnableWindow
0x140048c00 EndDialog
0x140048c08 EndPaint
0x140048c10 FillRect
0x140048c18 GetClientRect
0x140048c20 GetCursorPos
0x140048c28 GetDC
0x140048c30 GetDesktopWindow
0x140048c38 GetDlgItem
0x140048c40 GetDlgItemTextA
0x140048c48 GetFocus
0x140048c50 GetKeyState
0x140048c58 GetMenu
0x140048c60 GetMessageA
0x140048c68 GetParent
0x140048c70 GetSubMenu
0x140048c78 GetSysColor
0x140048c80 GetWindowLongPtrA
0x140048c88 GetWindowPlacement
0x140048c90 InvalidateRect
0x140048c98 InvertRect
0x140048ca0 IsDialogMessageA
0x140048ca8 IsDlgButtonChecked
0x140048cb0 LoadAcceleratorsA
0x140048cb8 LoadCursorA
0x140048cc0 LoadIconA
0x140048cc8 LoadMenuA
0x140048cd0 LoadStringA
0x140048cd8 MessageBoxA
0x140048ce0 MoveWindow
0x140048ce8 OpenClipboard
0x140048cf0 PeekMessageA
0x140048cf8 PostMessageA
0x140048d00 PostQuitMessage
0x140048d08 PtInRect
0x140048d10 RedrawWindow
0x140048d18 RegisterClassA
0x140048d20 RegisterWindowMessageA
0x140048d28 ReleaseCapture
0x140048d30 ReleaseDC
0x140048d38 ScreenToClient
0x140048d40 ScrollWindow
0x140048d48 SendDlgItemMessageA
0x140048d50 SendMessageA
0x140048d58 SetCapture
0x140048d60 SetClipboardData
0x140048d68 SetCursor
0x140048d70 SetDlgItemTextA
0x140048d78 SetFocus
0x140048d80 SetScrollInfo
0x140048d88 SetScrollPos
0x140048d90 SetScrollRange
0x140048d98 SetWindowLongPtrA
0x140048da0 SetWindowPlacement
0x140048da8 SetWindowTextA
0x140048db0 ShowWindow
0x140048db8 SystemParametersInfoA
0x140048dc0 TrackPopupMenu
0x140048dc8 TranslateAcceleratorA
0x140048dd0 TranslateMessage
0x140048dd8 UpdateWindow
0x140048de0 ValidateRect
GDI32.dll
0x140048df0 AbortDoc
0x140048df8 CreateFontA
0x140048e00 CreatePen
0x140048e08 CreateSolidBrush
0x140048e10 DeleteDC
0x140048e18 DeleteObject
0x140048e20 EndDoc
0x140048e28 EndPage
0x140048e30 ExtTextOutA
0x140048e38 ExtTextOutW
0x140048e40 GetDeviceCaps
0x140048e48 GetStockObject
0x140048e50 GetTextExtentPoint32A
0x140048e58 GetTextExtentPoint32W
0x140048e60 GetTextExtentPointA
0x140048e68 GetTextMetricsA
0x140048e70 LineTo
0x140048e78 MoveToEx
0x140048e80 Rectangle
0x140048e88 SelectObject
0x140048e90 SetAbortProc
0x140048e98 SetBkColor
0x140048ea0 SetROP2
0x140048ea8 SetTextColor
0x140048eb0 StartDocA
0x140048eb8 StartPage
KERNEL32.dll
0x140048ec8 CloseHandle
0x140048ed0 CompareFileTime
0x140048ed8 CopyFileA
0x140048ee0 CreateDirectoryW
0x140048ee8 CreateFileA
0x140048ef0 CreateFileW
0x140048ef8 CreateProcessA
0x140048f00 CreateThread
0x140048f08 DeleteCriticalSection
0x140048f10 DeleteFileA
0x140048f18 EnterCriticalSection
0x140048f20 ExitProcess
0x140048f28 ExpandEnvironmentStringsA
0x140048f30 FindClose
0x140048f38 FindFirstFileA
0x140048f40 FindFirstFileExW
0x140048f48 FindNextFileA
0x140048f50 FindNextFileW
0x140048f58 FlushFileBuffers
0x140048f60 FreeEnvironmentStringsW
0x140048f68 FreeLibrary
0x140048f70 GetACP
0x140048f78 GetCPInfo
0x140048f80 GetCommandLineA
0x140048f88 GetCommandLineW
0x140048f90 GetConsoleMode
0x140048f98 GetConsoleOutputCP
0x140048fa0 GetCurrentDirectoryW
0x140048fa8 GetCurrentProcess
0x140048fb0 GetCurrentProcessId
0x140048fb8 GetCurrentThreadId
0x140048fc0 GetDriveTypeW
0x140048fc8 GetEnvironmentStringsW
0x140048fd0 GetFileAttributesA
0x140048fd8 GetFileSize
0x140048fe0 GetFileSizeEx
0x140048fe8 GetFileTime
0x140048ff0 GetFileType
0x140048ff8 GetFullPathNameA
0x140049000 GetFullPathNameW
0x140049008 GetLastError
0x140049010 GetModuleFileNameA
0x140049018 GetModuleFileNameW
0x140049020 GetModuleHandleA
0x140049028 GetModuleHandleExW
0x140049030 GetModuleHandleW
0x140049038 GetOEMCP
0x140049040 GetProcAddress
0x140049048 GetProcessHeap
0x140049050 GetStartupInfoW
0x140049058 GetStdHandle
0x140049060 GetStringTypeW
0x140049068 GetSystemDirectoryA
0x140049070 GetSystemTimeAsFileTime
0x140049078 GetTempFileNameA
0x140049080 GetTempPathA
0x140049088 GetThreadLocale
0x140049090 GetTickCount
0x140049098 GlobalFree
0x1400490a0 HeapAlloc
0x1400490a8 HeapFree
0x1400490b0 HeapReAlloc
0x1400490b8 HeapSize
0x1400490c0 InitializeCriticalSection
0x1400490c8 InitializeCriticalSectionAndSpinCount
0x1400490d0 InitializeSListHead
0x1400490d8 IsDBCSLeadByte
0x1400490e0 IsDebuggerPresent
0x1400490e8 IsProcessorFeaturePresent
0x1400490f0 IsValidCodePage
0x1400490f8 LCMapStringW
0x140049100 LeaveCriticalSection
0x140049108 LoadLibraryA
0x140049110 LoadLibraryExA
0x140049118 LoadLibraryExW
0x140049120 MulDiv
0x140049128 MultiByteToWideChar
0x140049130 OutputDebugStringA
0x140049138 QueryPerformanceCounter
0x140049140 RaiseException
0x140049148 ReadFile
0x140049150 RtlCaptureContext
0x140049158 RtlLookupFunctionEntry
0x140049160 RtlUnwindEx
0x140049168 RtlVirtualUnwind
0x140049170 SetFileAttributesA
0x140049178 SetFilePointer
0x140049180 SetFilePointerEx
0x140049188 SetFileTime
0x140049190 SetLastError
0x140049198 SetStdHandle
0x1400491a0 SetUnhandledExceptionFilter
0x1400491a8 Sleep
0x1400491b0 TerminateProcess
0x1400491b8 TlsAlloc
0x1400491c0 TlsFree
0x1400491c8 TlsGetValue
0x1400491d0 TlsSetValue
0x1400491d8 UnhandledExceptionFilter
0x1400491e0 WaitForSingleObject
0x1400491e8 WideCharToMultiByte
0x1400491f0 WriteConsoleW
0x1400491f8 WriteFile
0x140049200 lstrcmpA
0x140049208 lstrcmpiA
0x140049210 lstrlenA
COMDLG32.dll
0x140049220 ChooseFontA
0x140049228 GetOpenFileNameA
0x140049230 PrintDlgA
ADVAPI32.dll
0x140049240 RegCloseKey
0x140049248 RegCreateKeyA
0x140049250 RegDeleteValueA
0x140049258 RegOpenKeyA
0x140049260 RegOpenKeyExA
0x140049268 RegQueryValueExA
0x140049270 RegSetValueExA
OLEAUT32.dll
0x140049280 SysAllocStringLen
SHELL32.dll
0x140049290 ShellAboutA
EAT(Export Address Table) is none
USER32.dll
0x140048b50 AttachThreadInput
0x140048b58 BeginPaint
0x140048b60 CharLowerBuffA
0x140048b68 CharNextA
0x140048b70 CharPrevA
0x140048b78 CheckDlgButton
0x140048b80 CheckMenuItem
0x140048b88 CheckRadioButton
0x140048b90 ClientToScreen
0x140048b98 CloseClipboard
0x140048ba0 CreateDialogParamA
0x140048ba8 CreateWindowExA
0x140048bb0 DefWindowProcA
0x140048bb8 DestroyMenu
0x140048bc0 DestroyWindow
0x140048bc8 DialogBoxParamA
0x140048bd0 DispatchMessageA
0x140048bd8 DrawFocusRect
0x140048be0 DrawTextA
0x140048be8 EmptyClipboard
0x140048bf0 EnableMenuItem
0x140048bf8 EnableWindow
0x140048c00 EndDialog
0x140048c08 EndPaint
0x140048c10 FillRect
0x140048c18 GetClientRect
0x140048c20 GetCursorPos
0x140048c28 GetDC
0x140048c30 GetDesktopWindow
0x140048c38 GetDlgItem
0x140048c40 GetDlgItemTextA
0x140048c48 GetFocus
0x140048c50 GetKeyState
0x140048c58 GetMenu
0x140048c60 GetMessageA
0x140048c68 GetParent
0x140048c70 GetSubMenu
0x140048c78 GetSysColor
0x140048c80 GetWindowLongPtrA
0x140048c88 GetWindowPlacement
0x140048c90 InvalidateRect
0x140048c98 InvertRect
0x140048ca0 IsDialogMessageA
0x140048ca8 IsDlgButtonChecked
0x140048cb0 LoadAcceleratorsA
0x140048cb8 LoadCursorA
0x140048cc0 LoadIconA
0x140048cc8 LoadMenuA
0x140048cd0 LoadStringA
0x140048cd8 MessageBoxA
0x140048ce0 MoveWindow
0x140048ce8 OpenClipboard
0x140048cf0 PeekMessageA
0x140048cf8 PostMessageA
0x140048d00 PostQuitMessage
0x140048d08 PtInRect
0x140048d10 RedrawWindow
0x140048d18 RegisterClassA
0x140048d20 RegisterWindowMessageA
0x140048d28 ReleaseCapture
0x140048d30 ReleaseDC
0x140048d38 ScreenToClient
0x140048d40 ScrollWindow
0x140048d48 SendDlgItemMessageA
0x140048d50 SendMessageA
0x140048d58 SetCapture
0x140048d60 SetClipboardData
0x140048d68 SetCursor
0x140048d70 SetDlgItemTextA
0x140048d78 SetFocus
0x140048d80 SetScrollInfo
0x140048d88 SetScrollPos
0x140048d90 SetScrollRange
0x140048d98 SetWindowLongPtrA
0x140048da0 SetWindowPlacement
0x140048da8 SetWindowTextA
0x140048db0 ShowWindow
0x140048db8 SystemParametersInfoA
0x140048dc0 TrackPopupMenu
0x140048dc8 TranslateAcceleratorA
0x140048dd0 TranslateMessage
0x140048dd8 UpdateWindow
0x140048de0 ValidateRect
GDI32.dll
0x140048df0 AbortDoc
0x140048df8 CreateFontA
0x140048e00 CreatePen
0x140048e08 CreateSolidBrush
0x140048e10 DeleteDC
0x140048e18 DeleteObject
0x140048e20 EndDoc
0x140048e28 EndPage
0x140048e30 ExtTextOutA
0x140048e38 ExtTextOutW
0x140048e40 GetDeviceCaps
0x140048e48 GetStockObject
0x140048e50 GetTextExtentPoint32A
0x140048e58 GetTextExtentPoint32W
0x140048e60 GetTextExtentPointA
0x140048e68 GetTextMetricsA
0x140048e70 LineTo
0x140048e78 MoveToEx
0x140048e80 Rectangle
0x140048e88 SelectObject
0x140048e90 SetAbortProc
0x140048e98 SetBkColor
0x140048ea0 SetROP2
0x140048ea8 SetTextColor
0x140048eb0 StartDocA
0x140048eb8 StartPage
KERNEL32.dll
0x140048ec8 CloseHandle
0x140048ed0 CompareFileTime
0x140048ed8 CopyFileA
0x140048ee0 CreateDirectoryW
0x140048ee8 CreateFileA
0x140048ef0 CreateFileW
0x140048ef8 CreateProcessA
0x140048f00 CreateThread
0x140048f08 DeleteCriticalSection
0x140048f10 DeleteFileA
0x140048f18 EnterCriticalSection
0x140048f20 ExitProcess
0x140048f28 ExpandEnvironmentStringsA
0x140048f30 FindClose
0x140048f38 FindFirstFileA
0x140048f40 FindFirstFileExW
0x140048f48 FindNextFileA
0x140048f50 FindNextFileW
0x140048f58 FlushFileBuffers
0x140048f60 FreeEnvironmentStringsW
0x140048f68 FreeLibrary
0x140048f70 GetACP
0x140048f78 GetCPInfo
0x140048f80 GetCommandLineA
0x140048f88 GetCommandLineW
0x140048f90 GetConsoleMode
0x140048f98 GetConsoleOutputCP
0x140048fa0 GetCurrentDirectoryW
0x140048fa8 GetCurrentProcess
0x140048fb0 GetCurrentProcessId
0x140048fb8 GetCurrentThreadId
0x140048fc0 GetDriveTypeW
0x140048fc8 GetEnvironmentStringsW
0x140048fd0 GetFileAttributesA
0x140048fd8 GetFileSize
0x140048fe0 GetFileSizeEx
0x140048fe8 GetFileTime
0x140048ff0 GetFileType
0x140048ff8 GetFullPathNameA
0x140049000 GetFullPathNameW
0x140049008 GetLastError
0x140049010 GetModuleFileNameA
0x140049018 GetModuleFileNameW
0x140049020 GetModuleHandleA
0x140049028 GetModuleHandleExW
0x140049030 GetModuleHandleW
0x140049038 GetOEMCP
0x140049040 GetProcAddress
0x140049048 GetProcessHeap
0x140049050 GetStartupInfoW
0x140049058 GetStdHandle
0x140049060 GetStringTypeW
0x140049068 GetSystemDirectoryA
0x140049070 GetSystemTimeAsFileTime
0x140049078 GetTempFileNameA
0x140049080 GetTempPathA
0x140049088 GetThreadLocale
0x140049090 GetTickCount
0x140049098 GlobalFree
0x1400490a0 HeapAlloc
0x1400490a8 HeapFree
0x1400490b0 HeapReAlloc
0x1400490b8 HeapSize
0x1400490c0 InitializeCriticalSection
0x1400490c8 InitializeCriticalSectionAndSpinCount
0x1400490d0 InitializeSListHead
0x1400490d8 IsDBCSLeadByte
0x1400490e0 IsDebuggerPresent
0x1400490e8 IsProcessorFeaturePresent
0x1400490f0 IsValidCodePage
0x1400490f8 LCMapStringW
0x140049100 LeaveCriticalSection
0x140049108 LoadLibraryA
0x140049110 LoadLibraryExA
0x140049118 LoadLibraryExW
0x140049120 MulDiv
0x140049128 MultiByteToWideChar
0x140049130 OutputDebugStringA
0x140049138 QueryPerformanceCounter
0x140049140 RaiseException
0x140049148 ReadFile
0x140049150 RtlCaptureContext
0x140049158 RtlLookupFunctionEntry
0x140049160 RtlUnwindEx
0x140049168 RtlVirtualUnwind
0x140049170 SetFileAttributesA
0x140049178 SetFilePointer
0x140049180 SetFilePointerEx
0x140049188 SetFileTime
0x140049190 SetLastError
0x140049198 SetStdHandle
0x1400491a0 SetUnhandledExceptionFilter
0x1400491a8 Sleep
0x1400491b0 TerminateProcess
0x1400491b8 TlsAlloc
0x1400491c0 TlsFree
0x1400491c8 TlsGetValue
0x1400491d0 TlsSetValue
0x1400491d8 UnhandledExceptionFilter
0x1400491e0 WaitForSingleObject
0x1400491e8 WideCharToMultiByte
0x1400491f0 WriteConsoleW
0x1400491f8 WriteFile
0x140049200 lstrcmpA
0x140049208 lstrcmpiA
0x140049210 lstrlenA
COMDLG32.dll
0x140049220 ChooseFontA
0x140049228 GetOpenFileNameA
0x140049230 PrintDlgA
ADVAPI32.dll
0x140049240 RegCloseKey
0x140049248 RegCreateKeyA
0x140049250 RegDeleteValueA
0x140049258 RegOpenKeyA
0x140049260 RegOpenKeyExA
0x140049268 RegQueryValueExA
0x140049270 RegSetValueExA
OLEAUT32.dll
0x140049280 SysAllocStringLen
SHELL32.dll
0x140049290 ShellAboutA
EAT(Export Address Table) is none