ScreenShot
| Created | 2021.06.11 12:09 | Machine | s1_win7_x6402 |
| Filename | soft.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 13 detected (malicious, high confidence, Gozi, Ursnif, FileRepMalware, UrsnifDropper, pxing, Artemis, Wacapew, HYGDPT, score, PossibleThreat) | ||
| md5 | 5ba7ac7fa4f9e831679832b6cc22aee8 | ||
| sha256 | d2c19ac3eace29239bf919c442556abf782da5953325ee6b2626482fbf442f29 | ||
| ssdeep | 24576:Ydk22FB2tfgklpVM5HdBcvLrXmF63WaSc:YdkDT29zaVg3WaSc | ||
| imphash | 1bcf1a17040e578ef3e6fe0888b5a0a4 | ||
| impfuzzy | 48:rhkDOzWEGmcPMYf96CtRNZSuIZ1m4Cju9WH2qLop:rKOqEGmcPXl6CtRH8Z1mLmsq | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10ec07c GetSystemTime
0x10ec080 GetTempPathA
0x10ec084 GetVersionExA
0x10ec088 GetCurrentDirectoryA
0x10ec08c VirtualProtect
0x10ec090 FindFirstChangeNotificationA
0x10ec094 GetModuleHandleA
0x10ec098 LockResource
0x10ec09c GetEnvironmentVariableA
0x10ec0a0 GetVolumeInformationA
0x10ec0a4 OpenProcess
0x10ec0a8 GetDateFormatA
0x10ec0ac QueryPerformanceCounter
0x10ec0b0 FindResourceA
0x10ec0b4 CreateFileA
0x10ec0b8 EncodePointer
0x10ec0bc DecodePointer
0x10ec0c0 GetCommandLineA
0x10ec0c4 GetCurrentThreadId
0x10ec0c8 RaiseException
0x10ec0cc RtlUnwind
0x10ec0d0 IsDebuggerPresent
0x10ec0d4 IsProcessorFeaturePresent
0x10ec0d8 EnterCriticalSection
0x10ec0dc LeaveCriticalSection
0x10ec0e0 IsValidCodePage
0x10ec0e4 GetACP
0x10ec0e8 GetOEMCP
0x10ec0ec GetCPInfo
0x10ec0f0 GetLastError
0x10ec0f4 SetLastError
0x10ec0f8 GetCurrentThread
0x10ec0fc MultiByteToWideChar
0x10ec100 ExitProcess
0x10ec104 GetModuleHandleExW
0x10ec108 GetProcAddress
0x10ec10c AreFileApisANSI
0x10ec110 WideCharToMultiByte
0x10ec114 HeapSize
0x10ec118 HeapFree
0x10ec11c HeapAlloc
0x10ec120 GetProcessHeap
0x10ec124 GetStdHandle
0x10ec128 GetFileType
0x10ec12c DeleteCriticalSection
0x10ec130 GetStartupInfoW
0x10ec134 GetModuleFileNameA
0x10ec138 GetCurrentProcessId
0x10ec13c GetSystemTimeAsFileTime
0x10ec140 GetEnvironmentStringsW
0x10ec144 FreeEnvironmentStringsW
0x10ec148 UnhandledExceptionFilter
0x10ec14c SetUnhandledExceptionFilter
0x10ec150 InitializeCriticalSectionAndSpinCount
0x10ec154 CreateEventW
0x10ec158 Sleep
0x10ec15c GetCurrentProcess
0x10ec160 TerminateProcess
0x10ec164 TlsAlloc
0x10ec168 TlsGetValue
0x10ec16c TlsSetValue
0x10ec170 TlsFree
0x10ec174 GetTickCount
0x10ec178 GetModuleHandleW
0x10ec17c CreateSemaphoreW
0x10ec180 FatalAppExitA
0x10ec184 GetStringTypeW
0x10ec188 GetLocaleInfoW
0x10ec18c IsValidLocale
0x10ec190 GetUserDefaultLCID
0x10ec194 EnumSystemLocalesW
0x10ec198 GetDateFormatW
0x10ec19c GetTimeFormatW
0x10ec1a0 CompareStringW
0x10ec1a4 LCMapStringW
0x10ec1a8 WriteFile
0x10ec1ac GetModuleFileNameW
0x10ec1b0 SetConsoleCtrlHandler
0x10ec1b4 FreeLibrary
0x10ec1b8 LoadLibraryExW
0x10ec1bc HeapReAlloc
0x10ec1c0 FlushFileBuffers
0x10ec1c4 GetConsoleCP
0x10ec1c8 GetConsoleMode
0x10ec1cc SetFilePointerEx
0x10ec1d0 OutputDebugStringW
0x10ec1d4 CloseHandle
0x10ec1d8 SetStdHandle
0x10ec1dc WriteConsoleW
0x10ec1e0 CreateFileW
ADVAPI32.dll
0x10ec000 RegisterServiceCtrlHandlerA
0x10ec004 RegOpenKeyExA
0x10ec008 LookupPrivilegeValueA
0x10ec00c SetSecurityDescriptorDacl
0x10ec010 InitializeSecurityDescriptor
0x10ec014 CreateServiceA
0x10ec018 RegQueryValueExA
0x10ec01c RegSetValueExA
0x10ec020 GetTokenInformation
0x10ec024 RegCloseKey
0x10ec028 AdjustTokenPrivileges
0x10ec02c RegEnumKeyA
0x10ec030 ControlService
0x10ec034 FreeSid
0x10ec038 SetServiceStatus
0x10ec03c CloseServiceHandle
0x10ec040 OpenProcessToken
0x10ec044 StartServiceCtrlDispatcherA
0x10ec048 DeleteService
0x10ec04c SetEntriesInAclA
0x10ec050 AllocateAndInitializeSid
COMCTL32.dll
0x10ec058 None
0x10ec05c DestroyPropertySheetPage
0x10ec060 ImageList_SetOverlayImage
0x10ec064 ImageList_Destroy
0x10ec068 None
0x10ec06c ImageList_Add
0x10ec070 CreateToolbarEx
0x10ec074 PropertySheetA
EAT(Export Address Table) Library
0x107f020 Paragraphbell
0x107e9f0 Sharptwo
KERNEL32.dll
0x10ec07c GetSystemTime
0x10ec080 GetTempPathA
0x10ec084 GetVersionExA
0x10ec088 GetCurrentDirectoryA
0x10ec08c VirtualProtect
0x10ec090 FindFirstChangeNotificationA
0x10ec094 GetModuleHandleA
0x10ec098 LockResource
0x10ec09c GetEnvironmentVariableA
0x10ec0a0 GetVolumeInformationA
0x10ec0a4 OpenProcess
0x10ec0a8 GetDateFormatA
0x10ec0ac QueryPerformanceCounter
0x10ec0b0 FindResourceA
0x10ec0b4 CreateFileA
0x10ec0b8 EncodePointer
0x10ec0bc DecodePointer
0x10ec0c0 GetCommandLineA
0x10ec0c4 GetCurrentThreadId
0x10ec0c8 RaiseException
0x10ec0cc RtlUnwind
0x10ec0d0 IsDebuggerPresent
0x10ec0d4 IsProcessorFeaturePresent
0x10ec0d8 EnterCriticalSection
0x10ec0dc LeaveCriticalSection
0x10ec0e0 IsValidCodePage
0x10ec0e4 GetACP
0x10ec0e8 GetOEMCP
0x10ec0ec GetCPInfo
0x10ec0f0 GetLastError
0x10ec0f4 SetLastError
0x10ec0f8 GetCurrentThread
0x10ec0fc MultiByteToWideChar
0x10ec100 ExitProcess
0x10ec104 GetModuleHandleExW
0x10ec108 GetProcAddress
0x10ec10c AreFileApisANSI
0x10ec110 WideCharToMultiByte
0x10ec114 HeapSize
0x10ec118 HeapFree
0x10ec11c HeapAlloc
0x10ec120 GetProcessHeap
0x10ec124 GetStdHandle
0x10ec128 GetFileType
0x10ec12c DeleteCriticalSection
0x10ec130 GetStartupInfoW
0x10ec134 GetModuleFileNameA
0x10ec138 GetCurrentProcessId
0x10ec13c GetSystemTimeAsFileTime
0x10ec140 GetEnvironmentStringsW
0x10ec144 FreeEnvironmentStringsW
0x10ec148 UnhandledExceptionFilter
0x10ec14c SetUnhandledExceptionFilter
0x10ec150 InitializeCriticalSectionAndSpinCount
0x10ec154 CreateEventW
0x10ec158 Sleep
0x10ec15c GetCurrentProcess
0x10ec160 TerminateProcess
0x10ec164 TlsAlloc
0x10ec168 TlsGetValue
0x10ec16c TlsSetValue
0x10ec170 TlsFree
0x10ec174 GetTickCount
0x10ec178 GetModuleHandleW
0x10ec17c CreateSemaphoreW
0x10ec180 FatalAppExitA
0x10ec184 GetStringTypeW
0x10ec188 GetLocaleInfoW
0x10ec18c IsValidLocale
0x10ec190 GetUserDefaultLCID
0x10ec194 EnumSystemLocalesW
0x10ec198 GetDateFormatW
0x10ec19c GetTimeFormatW
0x10ec1a0 CompareStringW
0x10ec1a4 LCMapStringW
0x10ec1a8 WriteFile
0x10ec1ac GetModuleFileNameW
0x10ec1b0 SetConsoleCtrlHandler
0x10ec1b4 FreeLibrary
0x10ec1b8 LoadLibraryExW
0x10ec1bc HeapReAlloc
0x10ec1c0 FlushFileBuffers
0x10ec1c4 GetConsoleCP
0x10ec1c8 GetConsoleMode
0x10ec1cc SetFilePointerEx
0x10ec1d0 OutputDebugStringW
0x10ec1d4 CloseHandle
0x10ec1d8 SetStdHandle
0x10ec1dc WriteConsoleW
0x10ec1e0 CreateFileW
ADVAPI32.dll
0x10ec000 RegisterServiceCtrlHandlerA
0x10ec004 RegOpenKeyExA
0x10ec008 LookupPrivilegeValueA
0x10ec00c SetSecurityDescriptorDacl
0x10ec010 InitializeSecurityDescriptor
0x10ec014 CreateServiceA
0x10ec018 RegQueryValueExA
0x10ec01c RegSetValueExA
0x10ec020 GetTokenInformation
0x10ec024 RegCloseKey
0x10ec028 AdjustTokenPrivileges
0x10ec02c RegEnumKeyA
0x10ec030 ControlService
0x10ec034 FreeSid
0x10ec038 SetServiceStatus
0x10ec03c CloseServiceHandle
0x10ec040 OpenProcessToken
0x10ec044 StartServiceCtrlDispatcherA
0x10ec048 DeleteService
0x10ec04c SetEntriesInAclA
0x10ec050 AllocateAndInitializeSid
COMCTL32.dll
0x10ec058 None
0x10ec05c DestroyPropertySheetPage
0x10ec060 ImageList_SetOverlayImage
0x10ec064 ImageList_Destroy
0x10ec068 None
0x10ec06c ImageList_Add
0x10ec070 CreateToolbarEx
0x10ec074 PropertySheetA
EAT(Export Address Table) Library
0x107f020 Paragraphbell
0x107e9f0 Sharptwo