ScreenShot
| Created | 2021.06.24 20:19 | Machine | s1_win7_x6401 |
| Filename | cc7.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 20 detected (Bulz, Unsafe, Attribute, HighConfidence, Malicious, Convagent, ai score=83, ASMalwS, Wacapew, Artemis, R002H09FM21) | ||
| md5 | 07bb44fb4c5ac3056106e66919b2de96 | ||
| sha256 | a0afc450ee8f9ef38ad1dba38481cf44e98d4d70d16bee212a65622ccf512784 | ||
| ssdeep | 196608:Y1xU+H62OHyjWSdEWqeByylW3gj5A0R3O95LVxi4ZMmmIm59i:YE+MSjPdEWVky8L0JOzJMj759 | ||
| imphash | e6dbd61884d740500a84058b14610a2c | ||
| impfuzzy | 48:CkB94teS1hlc+ppYCRcgT+ONRi58mbU1M:lBKteS1hlc+ppY8t+CIJyM | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x422014 GetCommandLineW
0x422018 GetEnvironmentVariableW
0x42201c SetEnvironmentVariableW
0x422020 ExpandEnvironmentStringsW
0x422024 CreateDirectoryW
0x422028 GetTempPathW
0x42202c WaitForSingleObject
0x422030 Sleep
0x422034 GetExitCodeProcess
0x422038 GetStartupInfoW
0x42203c LoadLibraryExW
0x422040 CloseHandle
0x422044 GetCurrentProcess
0x422048 LoadLibraryA
0x42204c LocalFree
0x422050 FormatMessageW
0x422054 MultiByteToWideChar
0x422058 WideCharToMultiByte
0x42205c SetEndOfFile
0x422060 GetProcAddress
0x422064 GetModuleFileNameW
0x422068 SetDllDirectoryW
0x42206c CreateProcessW
0x422070 GetLastError
0x422074 UnhandledExceptionFilter
0x422078 SetUnhandledExceptionFilter
0x42207c TerminateProcess
0x422080 IsProcessorFeaturePresent
0x422084 QueryPerformanceCounter
0x422088 GetCurrentProcessId
0x42208c GetCurrentThreadId
0x422090 GetSystemTimeAsFileTime
0x422094 InitializeSListHead
0x422098 IsDebuggerPresent
0x42209c GetModuleHandleW
0x4220a0 RtlUnwind
0x4220a4 SetLastError
0x4220a8 EnterCriticalSection
0x4220ac LeaveCriticalSection
0x4220b0 DeleteCriticalSection
0x4220b4 InitializeCriticalSectionAndSpinCount
0x4220b8 TlsAlloc
0x4220bc TlsGetValue
0x4220c0 TlsSetValue
0x4220c4 TlsFree
0x4220c8 FreeLibrary
0x4220cc RaiseException
0x4220d0 GetCommandLineA
0x4220d4 ReadFile
0x4220d8 CreateFileW
0x4220dc GetDriveTypeW
0x4220e0 GetFileInformationByHandle
0x4220e4 GetFileType
0x4220e8 PeekNamedPipe
0x4220ec SystemTimeToTzSpecificLocalTime
0x4220f0 FileTimeToSystemTime
0x4220f4 GetFullPathNameW
0x4220f8 RemoveDirectoryW
0x4220fc FindClose
0x422100 FindFirstFileExW
0x422104 FindNextFileW
0x422108 SetStdHandle
0x42210c SetConsoleCtrlHandler
0x422110 DeleteFileW
0x422114 GetStdHandle
0x422118 WriteFile
0x42211c ExitProcess
0x422120 GetModuleHandleExW
0x422124 HeapAlloc
0x422128 HeapFree
0x42212c GetConsoleMode
0x422130 ReadConsoleW
0x422134 SetFilePointerEx
0x422138 GetConsoleCP
0x42213c GetFileSizeEx
0x422140 CompareStringW
0x422144 LCMapStringW
0x422148 GetCurrentDirectoryW
0x42214c FlushFileBuffers
0x422150 GetFileAttributesExW
0x422154 IsValidCodePage
0x422158 GetACP
0x42215c GetOEMCP
0x422160 GetCPInfo
0x422164 GetEnvironmentStringsW
0x422168 FreeEnvironmentStringsW
0x42216c GetStringTypeW
0x422170 GetProcessHeap
0x422174 GetTimeZoneInformation
0x422178 HeapSize
0x42217c HeapReAlloc
0x422180 WriteConsoleW
0x422184 DecodePointer
ADVAPI32.dll
0x422000 ConvertSidToStringSidW
0x422004 GetTokenInformation
0x422008 OpenProcessToken
0x42200c ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none
KERNEL32.dll
0x422014 GetCommandLineW
0x422018 GetEnvironmentVariableW
0x42201c SetEnvironmentVariableW
0x422020 ExpandEnvironmentStringsW
0x422024 CreateDirectoryW
0x422028 GetTempPathW
0x42202c WaitForSingleObject
0x422030 Sleep
0x422034 GetExitCodeProcess
0x422038 GetStartupInfoW
0x42203c LoadLibraryExW
0x422040 CloseHandle
0x422044 GetCurrentProcess
0x422048 LoadLibraryA
0x42204c LocalFree
0x422050 FormatMessageW
0x422054 MultiByteToWideChar
0x422058 WideCharToMultiByte
0x42205c SetEndOfFile
0x422060 GetProcAddress
0x422064 GetModuleFileNameW
0x422068 SetDllDirectoryW
0x42206c CreateProcessW
0x422070 GetLastError
0x422074 UnhandledExceptionFilter
0x422078 SetUnhandledExceptionFilter
0x42207c TerminateProcess
0x422080 IsProcessorFeaturePresent
0x422084 QueryPerformanceCounter
0x422088 GetCurrentProcessId
0x42208c GetCurrentThreadId
0x422090 GetSystemTimeAsFileTime
0x422094 InitializeSListHead
0x422098 IsDebuggerPresent
0x42209c GetModuleHandleW
0x4220a0 RtlUnwind
0x4220a4 SetLastError
0x4220a8 EnterCriticalSection
0x4220ac LeaveCriticalSection
0x4220b0 DeleteCriticalSection
0x4220b4 InitializeCriticalSectionAndSpinCount
0x4220b8 TlsAlloc
0x4220bc TlsGetValue
0x4220c0 TlsSetValue
0x4220c4 TlsFree
0x4220c8 FreeLibrary
0x4220cc RaiseException
0x4220d0 GetCommandLineA
0x4220d4 ReadFile
0x4220d8 CreateFileW
0x4220dc GetDriveTypeW
0x4220e0 GetFileInformationByHandle
0x4220e4 GetFileType
0x4220e8 PeekNamedPipe
0x4220ec SystemTimeToTzSpecificLocalTime
0x4220f0 FileTimeToSystemTime
0x4220f4 GetFullPathNameW
0x4220f8 RemoveDirectoryW
0x4220fc FindClose
0x422100 FindFirstFileExW
0x422104 FindNextFileW
0x422108 SetStdHandle
0x42210c SetConsoleCtrlHandler
0x422110 DeleteFileW
0x422114 GetStdHandle
0x422118 WriteFile
0x42211c ExitProcess
0x422120 GetModuleHandleExW
0x422124 HeapAlloc
0x422128 HeapFree
0x42212c GetConsoleMode
0x422130 ReadConsoleW
0x422134 SetFilePointerEx
0x422138 GetConsoleCP
0x42213c GetFileSizeEx
0x422140 CompareStringW
0x422144 LCMapStringW
0x422148 GetCurrentDirectoryW
0x42214c FlushFileBuffers
0x422150 GetFileAttributesExW
0x422154 IsValidCodePage
0x422158 GetACP
0x42215c GetOEMCP
0x422160 GetCPInfo
0x422164 GetEnvironmentStringsW
0x422168 FreeEnvironmentStringsW
0x42216c GetStringTypeW
0x422170 GetProcessHeap
0x422174 GetTimeZoneInformation
0x422178 HeapSize
0x42217c HeapReAlloc
0x422180 WriteConsoleW
0x422184 DecodePointer
ADVAPI32.dll
0x422000 ConvertSidToStringSidW
0x422004 GetTokenInformation
0x422008 OpenProcessToken
0x42200c ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none