ScreenShot
| Created | 2021.06.24 20:04 | Machine | s1_win7_x6401 |
| Filename | requem.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 29 detected (Razy, Wacapew, malicious, Static AI, Malicious PE, ai score=86, Wacatac, score, Artemis, R002H09FO21, susgen, PossibleThreat, confidence) | ||
| md5 | 6200da5ba37f01a1f9a8a89aae3f5b5f | ||
| sha256 | bdd3ab146069e308afecc687e2d7b63d423e9e8df79e3639200187a903bebdfd | ||
| ssdeep | 24576:oLmraYuWTCKpCZ95yO93l0fZh9C0fZs/htXmv7BRAASPI0nl9b0fZot0PEqF:D1CmCUO93+xh9Xxs/baluQ0l9gxNPEy | ||
| imphash | 990b970efd6a8577e0b7cf8a0f23b03b | ||
| impfuzzy | 48:64Ova3wrCZSy9ucpV564tSXygGsM323K5oDo9l/10Q01Qj/Y7IyFS9:bfArqzMcpV564tSXygGssC7j7IGc | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140041038 SetConsoleTitleA
0x140041040 WriteFile
0x140041048 GetShortPathNameW
0x140041050 TerminateProcess
0x140041058 GetModuleFileNameW
0x140041060 GetVolumeInformationA
0x140041068 Sleep
0x140041070 lstrcatW
0x140041078 DeleteFileW
0x140041080 CreateThread
0x140041088 GetWindowsDirectoryW
0x140041090 Beep
0x140041098 ExitProcess
0x1400410a0 GetModuleHandleW
0x1400410a8 GetConsoleWindow
0x1400410b0 lstrcpyW
0x1400410b8 QueryFullProcessImageNameW
0x1400410c0 GetTickCount
0x1400410c8 GetComputerNameA
0x1400410d0 HeapSize
0x1400410d8 SetStdHandle
0x1400410e0 GetProcessHeap
0x1400410e8 SetEnvironmentVariableW
0x1400410f0 FreeEnvironmentStringsW
0x1400410f8 GetEnvironmentStringsW
0x140041100 GetOEMCP
0x140041108 GetACP
0x140041110 IsValidCodePage
0x140041118 FindNextFileW
0x140041120 FindFirstFileExW
0x140041128 FindClose
0x140041130 HeapReAlloc
0x140041138 ReadConsoleW
0x140041140 GetCurrentProcessId
0x140041148 GetProcAddress
0x140041150 LoadLibraryW
0x140041158 CloseHandle
0x140041160 Process32FirstW
0x140041168 GetCurrentThread
0x140041170 Process32NextW
0x140041178 GetLastError
0x140041180 CreateToolhelp32Snapshot
0x140041188 OpenProcess
0x140041190 SetFilePointerEx
0x140041198 GetFileSizeEx
0x1400411a0 ReadFile
0x1400411a8 GetConsoleMode
0x1400411b0 GetConsoleOutputCP
0x1400411b8 FlushFileBuffers
0x1400411c0 EnumSystemLocalesW
0x1400411c8 GetUserDefaultLCID
0x1400411d0 IsValidLocale
0x1400411d8 GetLocaleInfoW
0x1400411e0 CreateFileW
0x1400411e8 DeviceIoControl
0x1400411f0 LCMapStringW
0x1400411f8 CompareStringW
0x140041200 RtlUnwind
0x140041208 WriteConsoleW
0x140041210 GetCurrentProcess
0x140041218 GetFileType
0x140041220 HeapAlloc
0x140041228 WideCharToMultiByte
0x140041230 EnterCriticalSection
0x140041238 LeaveCriticalSection
0x140041240 InitializeCriticalSectionEx
0x140041248 DeleteCriticalSection
0x140041250 EncodePointer
0x140041258 DecodePointer
0x140041260 MultiByteToWideChar
0x140041268 LCMapStringEx
0x140041270 GetStringTypeW
0x140041278 GetCPInfo
0x140041280 InitializeCriticalSectionAndSpinCount
0x140041288 SetEvent
0x140041290 ResetEvent
0x140041298 WaitForSingleObjectEx
0x1400412a0 CreateEventW
0x1400412a8 RtlCaptureContext
0x1400412b0 RtlLookupFunctionEntry
0x1400412b8 RtlVirtualUnwind
0x1400412c0 IsDebuggerPresent
0x1400412c8 UnhandledExceptionFilter
0x1400412d0 SetUnhandledExceptionFilter
0x1400412d8 GetStartupInfoW
0x1400412e0 IsProcessorFeaturePresent
0x1400412e8 QueryPerformanceCounter
0x1400412f0 GetCurrentThreadId
0x1400412f8 GetSystemTimeAsFileTime
0x140041300 InitializeSListHead
0x140041308 RtlPcToFileHeader
0x140041310 RaiseException
0x140041318 RtlUnwindEx
0x140041320 SetLastError
0x140041328 TlsAlloc
0x140041330 TlsGetValue
0x140041338 TlsSetValue
0x140041340 TlsFree
0x140041348 FreeLibrary
0x140041350 LoadLibraryExW
0x140041358 GetModuleHandleExW
0x140041360 GetStdHandle
0x140041368 GetCommandLineA
0x140041370 GetCommandLineW
0x140041378 HeapFree
USER32.dll
0x140041398 GetAsyncKeyState
0x1400413a0 ShowWindow
0x1400413a8 ScreenToClient
0x1400413b0 SetForegroundWindow
0x1400413b8 GetCursorPos
0x1400413c0 GetClientRect
0x1400413c8 FindWindowW
0x1400413d0 CreateWindowExA
0x1400413d8 DefWindowProcA
0x1400413e0 RegisterClassA
0x1400413e8 GetForegroundWindow
0x1400413f0 UnregisterClassA
0x1400413f8 GetWindowThreadProcessId
0x140041400 DestroyWindow
0x140041408 GetKeyState
ADVAPI32.dll
0x140041000 OpenThreadToken
0x140041008 OpenProcessToken
0x140041010 LookupPrivilegeValueW
0x140041018 AdjustTokenPrivileges
SHELL32.dll
0x140041388 ShellExecuteW
dxgi.dll
0x140041470 CreateDXGIFactory2
d2d1.dll
0x140041440 None
d3d11.dll
0x140041450 D3D11CreateDevice
dcomp.dll
0x140041460 DCompositionCreateDevice
DWrite.dll
0x140041028 DWriteCreateFactory
WININET.dll
0x140041418 InternetOpenA
0x140041420 InternetCloseHandle
0x140041428 InternetOpenUrlA
0x140041430 InternetReadFile
urlmon.dll
0x140041480 URLDownloadToFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x140041038 SetConsoleTitleA
0x140041040 WriteFile
0x140041048 GetShortPathNameW
0x140041050 TerminateProcess
0x140041058 GetModuleFileNameW
0x140041060 GetVolumeInformationA
0x140041068 Sleep
0x140041070 lstrcatW
0x140041078 DeleteFileW
0x140041080 CreateThread
0x140041088 GetWindowsDirectoryW
0x140041090 Beep
0x140041098 ExitProcess
0x1400410a0 GetModuleHandleW
0x1400410a8 GetConsoleWindow
0x1400410b0 lstrcpyW
0x1400410b8 QueryFullProcessImageNameW
0x1400410c0 GetTickCount
0x1400410c8 GetComputerNameA
0x1400410d0 HeapSize
0x1400410d8 SetStdHandle
0x1400410e0 GetProcessHeap
0x1400410e8 SetEnvironmentVariableW
0x1400410f0 FreeEnvironmentStringsW
0x1400410f8 GetEnvironmentStringsW
0x140041100 GetOEMCP
0x140041108 GetACP
0x140041110 IsValidCodePage
0x140041118 FindNextFileW
0x140041120 FindFirstFileExW
0x140041128 FindClose
0x140041130 HeapReAlloc
0x140041138 ReadConsoleW
0x140041140 GetCurrentProcessId
0x140041148 GetProcAddress
0x140041150 LoadLibraryW
0x140041158 CloseHandle
0x140041160 Process32FirstW
0x140041168 GetCurrentThread
0x140041170 Process32NextW
0x140041178 GetLastError
0x140041180 CreateToolhelp32Snapshot
0x140041188 OpenProcess
0x140041190 SetFilePointerEx
0x140041198 GetFileSizeEx
0x1400411a0 ReadFile
0x1400411a8 GetConsoleMode
0x1400411b0 GetConsoleOutputCP
0x1400411b8 FlushFileBuffers
0x1400411c0 EnumSystemLocalesW
0x1400411c8 GetUserDefaultLCID
0x1400411d0 IsValidLocale
0x1400411d8 GetLocaleInfoW
0x1400411e0 CreateFileW
0x1400411e8 DeviceIoControl
0x1400411f0 LCMapStringW
0x1400411f8 CompareStringW
0x140041200 RtlUnwind
0x140041208 WriteConsoleW
0x140041210 GetCurrentProcess
0x140041218 GetFileType
0x140041220 HeapAlloc
0x140041228 WideCharToMultiByte
0x140041230 EnterCriticalSection
0x140041238 LeaveCriticalSection
0x140041240 InitializeCriticalSectionEx
0x140041248 DeleteCriticalSection
0x140041250 EncodePointer
0x140041258 DecodePointer
0x140041260 MultiByteToWideChar
0x140041268 LCMapStringEx
0x140041270 GetStringTypeW
0x140041278 GetCPInfo
0x140041280 InitializeCriticalSectionAndSpinCount
0x140041288 SetEvent
0x140041290 ResetEvent
0x140041298 WaitForSingleObjectEx
0x1400412a0 CreateEventW
0x1400412a8 RtlCaptureContext
0x1400412b0 RtlLookupFunctionEntry
0x1400412b8 RtlVirtualUnwind
0x1400412c0 IsDebuggerPresent
0x1400412c8 UnhandledExceptionFilter
0x1400412d0 SetUnhandledExceptionFilter
0x1400412d8 GetStartupInfoW
0x1400412e0 IsProcessorFeaturePresent
0x1400412e8 QueryPerformanceCounter
0x1400412f0 GetCurrentThreadId
0x1400412f8 GetSystemTimeAsFileTime
0x140041300 InitializeSListHead
0x140041308 RtlPcToFileHeader
0x140041310 RaiseException
0x140041318 RtlUnwindEx
0x140041320 SetLastError
0x140041328 TlsAlloc
0x140041330 TlsGetValue
0x140041338 TlsSetValue
0x140041340 TlsFree
0x140041348 FreeLibrary
0x140041350 LoadLibraryExW
0x140041358 GetModuleHandleExW
0x140041360 GetStdHandle
0x140041368 GetCommandLineA
0x140041370 GetCommandLineW
0x140041378 HeapFree
USER32.dll
0x140041398 GetAsyncKeyState
0x1400413a0 ShowWindow
0x1400413a8 ScreenToClient
0x1400413b0 SetForegroundWindow
0x1400413b8 GetCursorPos
0x1400413c0 GetClientRect
0x1400413c8 FindWindowW
0x1400413d0 CreateWindowExA
0x1400413d8 DefWindowProcA
0x1400413e0 RegisterClassA
0x1400413e8 GetForegroundWindow
0x1400413f0 UnregisterClassA
0x1400413f8 GetWindowThreadProcessId
0x140041400 DestroyWindow
0x140041408 GetKeyState
ADVAPI32.dll
0x140041000 OpenThreadToken
0x140041008 OpenProcessToken
0x140041010 LookupPrivilegeValueW
0x140041018 AdjustTokenPrivileges
SHELL32.dll
0x140041388 ShellExecuteW
dxgi.dll
0x140041470 CreateDXGIFactory2
d2d1.dll
0x140041440 None
d3d11.dll
0x140041450 D3D11CreateDevice
dcomp.dll
0x140041460 DCompositionCreateDevice
DWrite.dll
0x140041028 DWriteCreateFactory
WININET.dll
0x140041418 InternetOpenA
0x140041420 InternetCloseHandle
0x140041428 InternetOpenUrlA
0x140041430 InternetReadFile
urlmon.dll
0x140041480 URLDownloadToFileW
EAT(Export Address Table) is none