ScreenShot
| Created | 2021.06.01 17:21 | Machine | s1_win7_x6402 |
| Filename | app.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 15 detected (malicious, high confidence, Ursnif, Wacatac, Attribute, HighConfidence, Kryptik, AAEO, FileRepMalware, Artemis, Woreflint, 2TRPFS, GenKryptik, FGBW) | ||
| md5 | 3d38578600e828c447707199822dacd4 | ||
| sha256 | 8f8268c13ddc484a180cff0dd8e764e328897e7a978d0f45e9c26de57f233106 | ||
| ssdeep | 12288:djCT8mUIP/MfzluXxWok8sRX0yad9ePV7wU9eOjSA4lhHDenPe19hgU/yutzozMo:djCThrolQxWok8sRJFSAk6e19hgIDc | ||
| imphash | f19b9a7ea08f6e7335d27d1febeab85f | ||
| impfuzzy | 48:ijuepTbisZIdo+fcgentqdmzaCz+BdmcyQa1Kv09G0ESxG3DzX2tk:iFTbiMgo+fcdntqdJC8dmcyp/c/ | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1001000 GetProcessHeap
0x1001004 SetSystemPowerState
0x1001008 GetSystemTimeAsFileTime
0x100100c GetCurrentProcess
0x1001010 LoadLibraryA
0x1001014 CreateProcessA
0x1001018 VirtualProtectEx
0x100101c CreateSemaphoreA
0x1001020 GetEnvironmentVariableA
0x1001024 SetEnvironmentVariableA
0x1001028 CompareStringW
0x100102c CompareStringA
0x1001030 SetEndOfFile
0x1001034 lstrlenA
0x1001038 FreeLibrary
0x100103c GetLocaleInfoW
0x1001040 CreateFileA
0x1001044 GetConsoleOutputCP
0x1001048 WriteConsoleA
0x100104c SetStdHandle
0x1001050 InitializeCriticalSectionAndSpinCount
0x1001054 SetFilePointer
0x1001058 ReadFile
0x100105c VirtualAlloc
0x1001060 HeapReAlloc
0x1001064 HeapSize
0x1001068 HeapAlloc
0x100106c GetUserDefaultLCID
0x1001070 InterlockedIncrement
0x1001074 InterlockedDecrement
0x1001078 WideCharToMultiByte
0x100107c MultiByteToWideChar
0x1001080 InterlockedCompareExchange
0x1001084 InterlockedExchange
0x1001088 Sleep
0x100108c InitializeCriticalSection
0x1001090 DeleteCriticalSection
0x1001094 EnterCriticalSection
0x1001098 LeaveCriticalSection
0x100109c GetTimeFormatA
0x10010a0 GetDateFormatA
0x10010a4 RaiseException
0x10010a8 TerminateProcess
0x10010ac UnhandledExceptionFilter
0x10010b0 SetUnhandledExceptionFilter
0x10010b4 IsDebuggerPresent
0x10010b8 GetModuleFileNameW
0x10010bc RtlUnwind
0x10010c0 GetCurrentThreadId
0x10010c4 GetCommandLineA
0x10010c8 GetCPInfo
0x10010cc HeapValidate
0x10010d0 IsBadReadPtr
0x10010d4 LCMapStringA
0x10010d8 GetLastError
0x10010dc LCMapStringW
0x10010e0 GetStringTypeW
0x10010e4 FatalAppExitA
0x10010e8 GetTimeZoneInformation
0x10010ec SetHandleCount
0x10010f0 GetStdHandle
0x10010f4 GetFileType
0x10010f8 GetStartupInfoA
0x10010fc FlushFileBuffers
0x1001100 WriteFile
0x1001104 GetConsoleCP
0x1001108 GetConsoleMode
0x100110c CloseHandle
0x1001110 GetACP
0x1001114 GetOEMCP
0x1001118 IsValidCodePage
0x100111c GetProcAddress
0x1001120 TlsGetValue
0x1001124 GetModuleHandleW
0x1001128 TlsAlloc
0x100112c TlsSetValue
0x1001130 TlsFree
0x1001134 SetLastError
0x1001138 GetCurrentThread
0x100113c GetModuleFileNameA
0x1001140 DebugBreak
0x1001144 OutputDebugStringA
0x1001148 WriteConsoleW
0x100114c OutputDebugStringW
0x1001150 ExitProcess
0x1001154 SetConsoleCtrlHandler
0x1001158 LoadLibraryW
0x100115c GetModuleHandleA
0x1001160 FreeEnvironmentStringsA
0x1001164 GetEnvironmentStrings
0x1001168 FreeEnvironmentStringsW
0x100116c GetEnvironmentStringsW
0x1001170 HeapDestroy
0x1001174 HeapCreate
0x1001178 HeapFree
0x100117c VirtualFree
0x1001180 QueryPerformanceCounter
0x1001184 GetTickCount
0x1001188 GetCurrentProcessId
0x100118c GetStringTypeA
0x1001190 GetLocaleInfoA
0x1001194 IsValidLocale
0x1001198 EnumSystemLocalesA
0x100119c VirtualQuery
USER32.dll
0x10011a4 GetDlgItemInt
0x10011a8 ShowScrollBar
0x10011ac SetFocus
0x10011b0 RegisterClassExW
0x10011b4 GetKeyNameTextA
0x10011b8 GetWindowTextLengthA
0x10011bc GetClassInfoExA
0x10011c0 CallWindowProcA
0x10011c4 GetMessageA
0x10011c8 GetCursorPos
0x10011cc GetFocus
0x10011d0 AppendMenuA
0x10011d4 SetDlgItemInt
0x10011d8 InsertMenuItemA
0x10011dc SetCursor
WININET.dll
0x10011e4 InternetOpenA
0x10011e8 InternetCloseHandle
EAT(Export Address Table) Library
0x103d23c Morningseparate
0x1043006 Strongday
KERNEL32.dll
0x1001000 GetProcessHeap
0x1001004 SetSystemPowerState
0x1001008 GetSystemTimeAsFileTime
0x100100c GetCurrentProcess
0x1001010 LoadLibraryA
0x1001014 CreateProcessA
0x1001018 VirtualProtectEx
0x100101c CreateSemaphoreA
0x1001020 GetEnvironmentVariableA
0x1001024 SetEnvironmentVariableA
0x1001028 CompareStringW
0x100102c CompareStringA
0x1001030 SetEndOfFile
0x1001034 lstrlenA
0x1001038 FreeLibrary
0x100103c GetLocaleInfoW
0x1001040 CreateFileA
0x1001044 GetConsoleOutputCP
0x1001048 WriteConsoleA
0x100104c SetStdHandle
0x1001050 InitializeCriticalSectionAndSpinCount
0x1001054 SetFilePointer
0x1001058 ReadFile
0x100105c VirtualAlloc
0x1001060 HeapReAlloc
0x1001064 HeapSize
0x1001068 HeapAlloc
0x100106c GetUserDefaultLCID
0x1001070 InterlockedIncrement
0x1001074 InterlockedDecrement
0x1001078 WideCharToMultiByte
0x100107c MultiByteToWideChar
0x1001080 InterlockedCompareExchange
0x1001084 InterlockedExchange
0x1001088 Sleep
0x100108c InitializeCriticalSection
0x1001090 DeleteCriticalSection
0x1001094 EnterCriticalSection
0x1001098 LeaveCriticalSection
0x100109c GetTimeFormatA
0x10010a0 GetDateFormatA
0x10010a4 RaiseException
0x10010a8 TerminateProcess
0x10010ac UnhandledExceptionFilter
0x10010b0 SetUnhandledExceptionFilter
0x10010b4 IsDebuggerPresent
0x10010b8 GetModuleFileNameW
0x10010bc RtlUnwind
0x10010c0 GetCurrentThreadId
0x10010c4 GetCommandLineA
0x10010c8 GetCPInfo
0x10010cc HeapValidate
0x10010d0 IsBadReadPtr
0x10010d4 LCMapStringA
0x10010d8 GetLastError
0x10010dc LCMapStringW
0x10010e0 GetStringTypeW
0x10010e4 FatalAppExitA
0x10010e8 GetTimeZoneInformation
0x10010ec SetHandleCount
0x10010f0 GetStdHandle
0x10010f4 GetFileType
0x10010f8 GetStartupInfoA
0x10010fc FlushFileBuffers
0x1001100 WriteFile
0x1001104 GetConsoleCP
0x1001108 GetConsoleMode
0x100110c CloseHandle
0x1001110 GetACP
0x1001114 GetOEMCP
0x1001118 IsValidCodePage
0x100111c GetProcAddress
0x1001120 TlsGetValue
0x1001124 GetModuleHandleW
0x1001128 TlsAlloc
0x100112c TlsSetValue
0x1001130 TlsFree
0x1001134 SetLastError
0x1001138 GetCurrentThread
0x100113c GetModuleFileNameA
0x1001140 DebugBreak
0x1001144 OutputDebugStringA
0x1001148 WriteConsoleW
0x100114c OutputDebugStringW
0x1001150 ExitProcess
0x1001154 SetConsoleCtrlHandler
0x1001158 LoadLibraryW
0x100115c GetModuleHandleA
0x1001160 FreeEnvironmentStringsA
0x1001164 GetEnvironmentStrings
0x1001168 FreeEnvironmentStringsW
0x100116c GetEnvironmentStringsW
0x1001170 HeapDestroy
0x1001174 HeapCreate
0x1001178 HeapFree
0x100117c VirtualFree
0x1001180 QueryPerformanceCounter
0x1001184 GetTickCount
0x1001188 GetCurrentProcessId
0x100118c GetStringTypeA
0x1001190 GetLocaleInfoA
0x1001194 IsValidLocale
0x1001198 EnumSystemLocalesA
0x100119c VirtualQuery
USER32.dll
0x10011a4 GetDlgItemInt
0x10011a8 ShowScrollBar
0x10011ac SetFocus
0x10011b0 RegisterClassExW
0x10011b4 GetKeyNameTextA
0x10011b8 GetWindowTextLengthA
0x10011bc GetClassInfoExA
0x10011c0 CallWindowProcA
0x10011c4 GetMessageA
0x10011c8 GetCursorPos
0x10011cc GetFocus
0x10011d0 AppendMenuA
0x10011d4 SetDlgItemInt
0x10011d8 InsertMenuItemA
0x10011dc SetCursor
WININET.dll
0x10011e4 InternetOpenA
0x10011e8 InternetCloseHandle
EAT(Export Address Table) Library
0x103d23c Morningseparate
0x1043006 Strongday