ScreenShot
| Created | 2021.06.02 14:21 | Machine | s1_win7_x6401 |
| Filename | racial.drc.exe | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 7 detected (malicious, high confidence, score, ET#84%, RDMK, cmRtazq0dSaUHzkslXb6yhhXHIb8, Unsafe) | ||
| md5 | 9fb8d26ff13e2ab05719119ac06ecc07 | ||
| sha256 | a75c290ca3dd70d57c3f2805fb7c5668d95402c0cea95f62054a47084200ef24 | ||
| ssdeep | 12288:Y43cTGrLptoCKEV76KDpMGPaISTcN9saAvgqW6mZuzuJPjX7R75:vz75tzST8AYq8 | ||
| imphash | 3bfdfe7fdedde57f8d113c7e630bd750 | ||
| impfuzzy | 48:CEW4tQS1xGPc+ppnSnAOX/1xl/lhOgj/v98tEC54oC3iulpM52B2:PtQS1xGPc+ppn4NK | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1059014 CreateFileA
0x1059018 SetConsoleCP
0x105901c SetEndOfFile
0x1059020 DecodePointer
0x1059024 HeapReAlloc
0x1059028 HeapSize
0x105902c GetStringTypeW
0x1059030 CreateFileW
0x1059034 GetConsoleCP
0x1059038 WriteFile
0x105903c FlushFileBuffers
0x1059040 SetStdHandle
0x1059044 GetProcessHeap
0x1059048 GetCommandLineA
0x105904c LCMapStringW
0x1059050 FreeEnvironmentStringsW
0x1059054 GetEnvironmentStringsW
0x1059058 WideCharToMultiByte
0x105905c MultiByteToWideChar
0x1059060 GetCommandLineW
0x1059064 GetCPInfo
0x1059068 GetOEMCP
0x105906c GetACP
0x1059070 IsValidCodePage
0x1059074 FindNextFileW
0x1059078 FindFirstFileExW
0x105907c CreateSemaphoreA
0x1059080 GetLocalTime
0x1059084 GetSystemTimeAsFileTime
0x1059088 VirtualProtectEx
0x105908c IsProcessorFeaturePresent
0x1059090 IsDebuggerPresent
0x1059094 UnhandledExceptionFilter
0x1059098 SetUnhandledExceptionFilter
0x105909c GetStartupInfoW
0x10590a0 GetModuleHandleW
0x10590a4 GetCurrentProcess
0x10590a8 TerminateProcess
0x10590ac QueryPerformanceCounter
0x10590b0 GetCurrentProcessId
0x10590b4 GetCurrentThreadId
0x10590b8 InitializeSListHead
0x10590bc RaiseException
0x10590c0 RtlUnwind
0x10590c4 InterlockedFlushSList
0x10590c8 GetLastError
0x10590cc SetLastError
0x10590d0 EncodePointer
0x10590d4 EnterCriticalSection
0x10590d8 LeaveCriticalSection
0x10590dc DeleteCriticalSection
0x10590e0 InitializeCriticalSectionAndSpinCount
0x10590e4 TlsAlloc
0x10590e8 TlsGetValue
0x10590ec TlsSetValue
0x10590f0 TlsFree
0x10590f4 FreeLibrary
0x10590f8 GetProcAddress
0x10590fc LoadLibraryExW
0x1059100 ReadFile
0x1059104 ExitProcess
0x1059108 GetModuleHandleExW
0x105910c GetModuleFileNameW
0x1059110 HeapFree
0x1059114 HeapAlloc
0x1059118 CloseHandle
0x105911c GetStdHandle
0x1059120 GetFileType
0x1059124 GetConsoleMode
0x1059128 ReadConsoleW
0x105912c SetFilePointerEx
0x1059130 FindClose
0x1059134 WriteConsoleW
USER32.dll
0x105913c GetMessagePos
0x1059140 SendMessageA
0x1059144 DefWindowProcA
0x1059148 GetClassInfoExA
0x105914c CreateWindowExA
0x1059150 DestroyWindow
0x1059154 SetWindowPos
0x1059158 CheckRadioButton
0x105915c CallNextHookEx
0x1059160 GetClassNameA
0x1059164 EnumWindows
0x1059168 FindWindowA
0x105916c EnumChildWindows
0x1059170 GetWindowLongA
0x1059174 GetWindowTextA
0x1059178 ReleaseDC
0x105917c GetDC
0x1059180 SetForegroundWindow
0x1059184 UpdateWindow
0x1059188 GetAsyncKeyState
0x105918c IsClipboardFormatAvailable
0x1059190 SetClipboardData
0x1059194 SendDlgItemMessageA
WS2_32.dll
0x105919c accept
0x10591a0 ind
0x10591a4 closesocket
0x10591a8 connect
0x10591ac socket
0x10591b0 gethostbyaddr
0x10591b4 WSAStartup
0x10591b8 WSACleanup
COMCTL32.dll
0x1059000 ImageList_DragMove
0x1059004 ImageList_DragEnter
0x1059008 ImageList_ReplaceIcon
0x105900c ImageList_DragShowNolock
EAT(Export Address Table) Library
0x10441b0 DllRegisterServer
KERNEL32.dll
0x1059014 CreateFileA
0x1059018 SetConsoleCP
0x105901c SetEndOfFile
0x1059020 DecodePointer
0x1059024 HeapReAlloc
0x1059028 HeapSize
0x105902c GetStringTypeW
0x1059030 CreateFileW
0x1059034 GetConsoleCP
0x1059038 WriteFile
0x105903c FlushFileBuffers
0x1059040 SetStdHandle
0x1059044 GetProcessHeap
0x1059048 GetCommandLineA
0x105904c LCMapStringW
0x1059050 FreeEnvironmentStringsW
0x1059054 GetEnvironmentStringsW
0x1059058 WideCharToMultiByte
0x105905c MultiByteToWideChar
0x1059060 GetCommandLineW
0x1059064 GetCPInfo
0x1059068 GetOEMCP
0x105906c GetACP
0x1059070 IsValidCodePage
0x1059074 FindNextFileW
0x1059078 FindFirstFileExW
0x105907c CreateSemaphoreA
0x1059080 GetLocalTime
0x1059084 GetSystemTimeAsFileTime
0x1059088 VirtualProtectEx
0x105908c IsProcessorFeaturePresent
0x1059090 IsDebuggerPresent
0x1059094 UnhandledExceptionFilter
0x1059098 SetUnhandledExceptionFilter
0x105909c GetStartupInfoW
0x10590a0 GetModuleHandleW
0x10590a4 GetCurrentProcess
0x10590a8 TerminateProcess
0x10590ac QueryPerformanceCounter
0x10590b0 GetCurrentProcessId
0x10590b4 GetCurrentThreadId
0x10590b8 InitializeSListHead
0x10590bc RaiseException
0x10590c0 RtlUnwind
0x10590c4 InterlockedFlushSList
0x10590c8 GetLastError
0x10590cc SetLastError
0x10590d0 EncodePointer
0x10590d4 EnterCriticalSection
0x10590d8 LeaveCriticalSection
0x10590dc DeleteCriticalSection
0x10590e0 InitializeCriticalSectionAndSpinCount
0x10590e4 TlsAlloc
0x10590e8 TlsGetValue
0x10590ec TlsSetValue
0x10590f0 TlsFree
0x10590f4 FreeLibrary
0x10590f8 GetProcAddress
0x10590fc LoadLibraryExW
0x1059100 ReadFile
0x1059104 ExitProcess
0x1059108 GetModuleHandleExW
0x105910c GetModuleFileNameW
0x1059110 HeapFree
0x1059114 HeapAlloc
0x1059118 CloseHandle
0x105911c GetStdHandle
0x1059120 GetFileType
0x1059124 GetConsoleMode
0x1059128 ReadConsoleW
0x105912c SetFilePointerEx
0x1059130 FindClose
0x1059134 WriteConsoleW
USER32.dll
0x105913c GetMessagePos
0x1059140 SendMessageA
0x1059144 DefWindowProcA
0x1059148 GetClassInfoExA
0x105914c CreateWindowExA
0x1059150 DestroyWindow
0x1059154 SetWindowPos
0x1059158 CheckRadioButton
0x105915c CallNextHookEx
0x1059160 GetClassNameA
0x1059164 EnumWindows
0x1059168 FindWindowA
0x105916c EnumChildWindows
0x1059170 GetWindowLongA
0x1059174 GetWindowTextA
0x1059178 ReleaseDC
0x105917c GetDC
0x1059180 SetForegroundWindow
0x1059184 UpdateWindow
0x1059188 GetAsyncKeyState
0x105918c IsClipboardFormatAvailable
0x1059190 SetClipboardData
0x1059194 SendDlgItemMessageA
WS2_32.dll
0x105919c accept
0x10591a0 ind
0x10591a4 closesocket
0x10591a8 connect
0x10591ac socket
0x10591b0 gethostbyaddr
0x10591b4 WSAStartup
0x10591b8 WSACleanup
COMCTL32.dll
0x1059000 ImageList_DragMove
0x1059004 ImageList_DragEnter
0x1059008 ImageList_ReplaceIcon
0x105900c ImageList_DragShowNolock
EAT(Export Address Table) Library
0x10441b0 DllRegisterServer