ScreenShot
| Created | 2021.06.16 18:05 | Machine | s1_win7_x6401 |
| Filename | app.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 2 detected (FileRepMetagen) | ||
| md5 | 3283203daaa2e26233f7fa099fb823b0 | ||
| sha256 | 8282218eddaf268ea97b6ecea9ae51a52ce6fa063c198c5e5ef02ec95f23c7bf | ||
| ssdeep | 12288:HjyaZO+bee+T5uQ63I55CTqZN+a+6tVhbYTzGC3evhTrP0MGsz0:Dy8O+qeU5unPTqHbYuOevhP8M3Q | ||
| imphash | 5631b8b671d77777e9f81d7224f501a1 | ||
| impfuzzy | 48:B9kdZ+fcPmUtHaEG2kG6c9jCZQj7ngpC5:rUZ+fcPPt6EG2kpc9+QjTCs | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1001000 GetSystemDirectoryA
0x1001004 FindFirstChangeNotificationA
0x1001008 VirtualProtect
0x100100c GetCurrentDirectoryA
0x1001010 InterlockedIncrement
0x1001014 InterlockedDecrement
0x1001018 Sleep
0x100101c InterlockedExchange
0x1001020 InitializeCriticalSection
0x1001024 DeleteCriticalSection
0x1001028 EnterCriticalSection
0x100102c LeaveCriticalSection
0x1001030 GetCurrentThreadId
0x1001034 GetCommandLineA
0x1001038 UnhandledExceptionFilter
0x100103c SetUnhandledExceptionFilter
0x1001040 GetModuleFileNameW
0x1001044 HeapValidate
0x1001048 IsBadReadPtr
0x100104c RaiseException
0x1001050 RtlUnwind
0x1001054 TerminateProcess
0x1001058 GetCurrentProcess
0x100105c IsDebuggerPresent
0x1001060 GetACP
0x1001064 GetOEMCP
0x1001068 GetCPInfo
0x100106c IsValidCodePage
0x1001070 GetProcAddress
0x1001074 TlsGetValue
0x1001078 GetModuleHandleW
0x100107c TlsAlloc
0x1001080 TlsSetValue
0x1001084 TlsFree
0x1001088 SetLastError
0x100108c GetLastError
0x1001090 GetCurrentThread
0x1001094 ExitProcess
0x1001098 WideCharToMultiByte
0x100109c MultiByteToWideChar
0x10010a0 LCMapStringA
0x10010a4 LCMapStringW
0x10010a8 GetModuleFileNameA
0x10010ac WriteFile
0x10010b0 GetStdHandle
0x10010b4 FatalAppExitA
0x10010b8 SetHandleCount
0x10010bc GetFileType
0x10010c0 GetStartupInfoA
0x10010c4 FreeEnvironmentStringsA
0x10010c8 GetEnvironmentStrings
0x10010cc FreeEnvironmentStringsW
0x10010d0 GetEnvironmentStringsW
0x10010d4 HeapDestroy
0x10010d8 HeapCreate
0x10010dc HeapFree
0x10010e0 VirtualFree
0x10010e4 QueryPerformanceCounter
0x10010e8 GetTickCount
0x10010ec GetCurrentProcessId
0x10010f0 GetSystemTimeAsFileTime
0x10010f4 SetConsoleCtrlHandler
0x10010f8 FlushFileBuffers
0x10010fc GetConsoleCP
0x1001100 GetConsoleMode
0x1001104 DebugBreak
0x1001108 OutputDebugStringA
0x100110c WriteConsoleW
0x1001110 OutputDebugStringW
0x1001114 LoadLibraryW
0x1001118 HeapAlloc
0x100111c HeapSize
0x1001120 HeapReAlloc
0x1001124 VirtualAlloc
0x1001128 GetStringTypeA
0x100112c GetStringTypeW
0x1001130 GetTimeFormatA
0x1001134 GetDateFormatA
0x1001138 GetLocaleInfoA
0x100113c IsValidLocale
0x1001140 EnumSystemLocalesA
0x1001144 GetUserDefaultLCID
0x1001148 FreeLibrary
0x100114c LoadLibraryA
0x1001150 InitializeCriticalSectionAndSpinCount
0x1001154 GetLocaleInfoW
0x1001158 SetStdHandle
0x100115c WriteConsoleA
0x1001160 GetConsoleOutputCP
0x1001164 SetFilePointer
0x1001168 GetTimeZoneInformation
0x100116c lstrlenA
0x1001170 CloseHandle
0x1001174 CreateFileA
0x1001178 GetProcessHeap
0x100117c VirtualQuery
0x1001180 CompareStringA
0x1001184 CompareStringW
0x1001188 SetEnvironmentVariableA
EAT(Export Address Table) Library
0x10f14e0 Dollar
0x10f15e0 Movechild
0x10f1f20 Oceansister
0x10f11e0 Oppositeslave
0x10f1340 Usmount
KERNEL32.dll
0x1001000 GetSystemDirectoryA
0x1001004 FindFirstChangeNotificationA
0x1001008 VirtualProtect
0x100100c GetCurrentDirectoryA
0x1001010 InterlockedIncrement
0x1001014 InterlockedDecrement
0x1001018 Sleep
0x100101c InterlockedExchange
0x1001020 InitializeCriticalSection
0x1001024 DeleteCriticalSection
0x1001028 EnterCriticalSection
0x100102c LeaveCriticalSection
0x1001030 GetCurrentThreadId
0x1001034 GetCommandLineA
0x1001038 UnhandledExceptionFilter
0x100103c SetUnhandledExceptionFilter
0x1001040 GetModuleFileNameW
0x1001044 HeapValidate
0x1001048 IsBadReadPtr
0x100104c RaiseException
0x1001050 RtlUnwind
0x1001054 TerminateProcess
0x1001058 GetCurrentProcess
0x100105c IsDebuggerPresent
0x1001060 GetACP
0x1001064 GetOEMCP
0x1001068 GetCPInfo
0x100106c IsValidCodePage
0x1001070 GetProcAddress
0x1001074 TlsGetValue
0x1001078 GetModuleHandleW
0x100107c TlsAlloc
0x1001080 TlsSetValue
0x1001084 TlsFree
0x1001088 SetLastError
0x100108c GetLastError
0x1001090 GetCurrentThread
0x1001094 ExitProcess
0x1001098 WideCharToMultiByte
0x100109c MultiByteToWideChar
0x10010a0 LCMapStringA
0x10010a4 LCMapStringW
0x10010a8 GetModuleFileNameA
0x10010ac WriteFile
0x10010b0 GetStdHandle
0x10010b4 FatalAppExitA
0x10010b8 SetHandleCount
0x10010bc GetFileType
0x10010c0 GetStartupInfoA
0x10010c4 FreeEnvironmentStringsA
0x10010c8 GetEnvironmentStrings
0x10010cc FreeEnvironmentStringsW
0x10010d0 GetEnvironmentStringsW
0x10010d4 HeapDestroy
0x10010d8 HeapCreate
0x10010dc HeapFree
0x10010e0 VirtualFree
0x10010e4 QueryPerformanceCounter
0x10010e8 GetTickCount
0x10010ec GetCurrentProcessId
0x10010f0 GetSystemTimeAsFileTime
0x10010f4 SetConsoleCtrlHandler
0x10010f8 FlushFileBuffers
0x10010fc GetConsoleCP
0x1001100 GetConsoleMode
0x1001104 DebugBreak
0x1001108 OutputDebugStringA
0x100110c WriteConsoleW
0x1001110 OutputDebugStringW
0x1001114 LoadLibraryW
0x1001118 HeapAlloc
0x100111c HeapSize
0x1001120 HeapReAlloc
0x1001124 VirtualAlloc
0x1001128 GetStringTypeA
0x100112c GetStringTypeW
0x1001130 GetTimeFormatA
0x1001134 GetDateFormatA
0x1001138 GetLocaleInfoA
0x100113c IsValidLocale
0x1001140 EnumSystemLocalesA
0x1001144 GetUserDefaultLCID
0x1001148 FreeLibrary
0x100114c LoadLibraryA
0x1001150 InitializeCriticalSectionAndSpinCount
0x1001154 GetLocaleInfoW
0x1001158 SetStdHandle
0x100115c WriteConsoleA
0x1001160 GetConsoleOutputCP
0x1001164 SetFilePointer
0x1001168 GetTimeZoneInformation
0x100116c lstrlenA
0x1001170 CloseHandle
0x1001174 CreateFileA
0x1001178 GetProcessHeap
0x100117c VirtualQuery
0x1001180 CompareStringA
0x1001184 CompareStringW
0x1001188 SetEnvironmentVariableA
EAT(Export Address Table) Library
0x10f14e0 Dollar
0x10f15e0 Movechild
0x10f1f20 Oceansister
0x10f11e0 Oppositeslave
0x10f1340 Usmount