ScreenShot
| Created | 2021.06.25 10:32 | Machine | s1_win7_x6401 |
| Filename | Apollo.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 29 detected (GenericKD, Artemis, Wacatac, malicious, KBJH, vehpz@0, XPACK, LcZii, ai score=89, Pgwp, Unsafe, Score, PossibleThreat) | ||
| md5 | b7ab9be4936d5128e13a976d4b629dd8 | ||
| sha256 | 9105599faee6b8cbbfb8f7c8a61ef6fc3a59dcd7230877149a89ce2dc7696e3d | ||
| ssdeep | 49152:FgZDw/uEIGjeo2Rf4+XaFpPvRtOTHUybAhHZ6O:iZDmaGmha/eT0ybAXV | ||
| imphash | 48aa5c8931746a9655524f67b25a47ef | ||
| impfuzzy | 48:o4/c+4QjuC5Q4FNO0MeAXGo4E/gjF5J/RscZr91budS19WOG/iB:oc94A5TNO0MHYZrHeS1oXiB | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Queries for potentially installed applications |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (11cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x4172fc SysFreeString
0x417300 SysReAllocStringLen
0x417304 SysAllocStringLen
advapi32.dll
0x41730c RegQueryValueExW
0x417310 RegOpenKeyExW
0x417314 RegCloseKey
user32.dll
0x41731c GetKeyboardType
0x417320 LoadStringW
0x417324 MessageBoxA
0x417328 CharNextW
kernel32.dll
0x417330 GetACP
0x417334 Sleep
0x417338 VirtualFree
0x41733c VirtualAlloc
0x417340 GetSystemInfo
0x417344 GetTickCount
0x417348 QueryPerformanceCounter
0x41734c GetVersion
0x417350 GetCurrentThreadId
0x417354 VirtualQuery
0x417358 WideCharToMultiByte
0x41735c MultiByteToWideChar
0x417360 lstrlenW
0x417364 lstrcpynW
0x417368 LoadLibraryExW
0x41736c GetThreadLocale
0x417370 GetStartupInfoA
0x417374 GetProcAddress
0x417378 GetModuleHandleW
0x41737c GetModuleFileNameW
0x417380 GetLocaleInfoW
0x417384 GetCommandLineW
0x417388 FreeLibrary
0x41738c FindFirstFileW
0x417390 FindClose
0x417394 ExitProcess
0x417398 WriteFile
0x41739c UnhandledExceptionFilter
0x4173a0 RtlUnwind
0x4173a4 RaiseException
0x4173a8 GetStdHandle
0x4173ac CloseHandle
kernel32.dll
0x4173b4 TlsSetValue
0x4173b8 TlsGetValue
0x4173bc LocalAlloc
0x4173c0 GetModuleHandleW
user32.dll
0x4173c8 CreateWindowExW
0x4173cc TranslateMessage
0x4173d0 SetWindowLongW
0x4173d4 PeekMessageW
0x4173d8 MsgWaitForMultipleObjects
0x4173dc MessageBoxW
0x4173e0 LoadStringW
0x4173e4 GetSystemMetrics
0x4173e8 ExitWindowsEx
0x4173ec DispatchMessageW
0x4173f0 DestroyWindow
0x4173f4 CharUpperBuffW
0x4173f8 CallWindowProcW
kernel32.dll
0x417400 WriteFile
0x417404 WideCharToMultiByte
0x417408 WaitForSingleObject
0x41740c VirtualQuery
0x417410 VirtualProtect
0x417414 VirtualFree
0x417418 VirtualAlloc
0x41741c SizeofResource
0x417420 SignalObjectAndWait
0x417424 SetLastError
0x417428 SetFilePointer
0x41742c SetEvent
0x417430 SetErrorMode
0x417434 SetEndOfFile
0x417438 ResetEvent
0x41743c RemoveDirectoryW
0x417440 ReadFile
0x417444 MultiByteToWideChar
0x417448 LockResource
0x41744c LoadResource
0x417450 LoadLibraryW
0x417454 GetWindowsDirectoryW
0x417458 GetVersionExW
0x41745c GetUserDefaultLangID
0x417460 GetThreadLocale
0x417464 GetSystemInfo
0x417468 GetStdHandle
0x41746c GetProcAddress
0x417470 GetModuleHandleW
0x417474 GetModuleFileNameW
0x417478 GetLocaleInfoW
0x41747c GetLastError
0x417480 GetFullPathNameW
0x417484 GetFileSize
0x417488 GetFileAttributesW
0x41748c GetExitCodeProcess
0x417490 GetEnvironmentVariableW
0x417494 GetDiskFreeSpaceW
0x417498 GetCurrentProcess
0x41749c GetCommandLineW
0x4174a0 GetCPInfo
0x4174a4 InterlockedExchange
0x4174a8 InterlockedCompareExchange
0x4174ac FreeLibrary
0x4174b0 FormatMessageW
0x4174b4 FindResourceW
0x4174b8 EnumCalendarInfoW
0x4174bc DeleteFileW
0x4174c0 CreateProcessW
0x4174c4 CreateFileW
0x4174c8 CreateEventW
0x4174cc CreateDirectoryW
0x4174d0 CloseHandle
advapi32.dll
0x4174d8 RegQueryValueExW
0x4174dc RegOpenKeyExW
0x4174e0 RegCloseKey
0x4174e4 OpenProcessToken
0x4174e8 LookupPrivilegeValueW
comctl32.dll
0x4174f0 InitCommonControls
kernel32.dll
0x4174f8 Sleep
advapi32.dll
0x417500 AdjustTokenPrivileges
EAT(Export Address Table) is none
oleaut32.dll
0x4172fc SysFreeString
0x417300 SysReAllocStringLen
0x417304 SysAllocStringLen
advapi32.dll
0x41730c RegQueryValueExW
0x417310 RegOpenKeyExW
0x417314 RegCloseKey
user32.dll
0x41731c GetKeyboardType
0x417320 LoadStringW
0x417324 MessageBoxA
0x417328 CharNextW
kernel32.dll
0x417330 GetACP
0x417334 Sleep
0x417338 VirtualFree
0x41733c VirtualAlloc
0x417340 GetSystemInfo
0x417344 GetTickCount
0x417348 QueryPerformanceCounter
0x41734c GetVersion
0x417350 GetCurrentThreadId
0x417354 VirtualQuery
0x417358 WideCharToMultiByte
0x41735c MultiByteToWideChar
0x417360 lstrlenW
0x417364 lstrcpynW
0x417368 LoadLibraryExW
0x41736c GetThreadLocale
0x417370 GetStartupInfoA
0x417374 GetProcAddress
0x417378 GetModuleHandleW
0x41737c GetModuleFileNameW
0x417380 GetLocaleInfoW
0x417384 GetCommandLineW
0x417388 FreeLibrary
0x41738c FindFirstFileW
0x417390 FindClose
0x417394 ExitProcess
0x417398 WriteFile
0x41739c UnhandledExceptionFilter
0x4173a0 RtlUnwind
0x4173a4 RaiseException
0x4173a8 GetStdHandle
0x4173ac CloseHandle
kernel32.dll
0x4173b4 TlsSetValue
0x4173b8 TlsGetValue
0x4173bc LocalAlloc
0x4173c0 GetModuleHandleW
user32.dll
0x4173c8 CreateWindowExW
0x4173cc TranslateMessage
0x4173d0 SetWindowLongW
0x4173d4 PeekMessageW
0x4173d8 MsgWaitForMultipleObjects
0x4173dc MessageBoxW
0x4173e0 LoadStringW
0x4173e4 GetSystemMetrics
0x4173e8 ExitWindowsEx
0x4173ec DispatchMessageW
0x4173f0 DestroyWindow
0x4173f4 CharUpperBuffW
0x4173f8 CallWindowProcW
kernel32.dll
0x417400 WriteFile
0x417404 WideCharToMultiByte
0x417408 WaitForSingleObject
0x41740c VirtualQuery
0x417410 VirtualProtect
0x417414 VirtualFree
0x417418 VirtualAlloc
0x41741c SizeofResource
0x417420 SignalObjectAndWait
0x417424 SetLastError
0x417428 SetFilePointer
0x41742c SetEvent
0x417430 SetErrorMode
0x417434 SetEndOfFile
0x417438 ResetEvent
0x41743c RemoveDirectoryW
0x417440 ReadFile
0x417444 MultiByteToWideChar
0x417448 LockResource
0x41744c LoadResource
0x417450 LoadLibraryW
0x417454 GetWindowsDirectoryW
0x417458 GetVersionExW
0x41745c GetUserDefaultLangID
0x417460 GetThreadLocale
0x417464 GetSystemInfo
0x417468 GetStdHandle
0x41746c GetProcAddress
0x417470 GetModuleHandleW
0x417474 GetModuleFileNameW
0x417478 GetLocaleInfoW
0x41747c GetLastError
0x417480 GetFullPathNameW
0x417484 GetFileSize
0x417488 GetFileAttributesW
0x41748c GetExitCodeProcess
0x417490 GetEnvironmentVariableW
0x417494 GetDiskFreeSpaceW
0x417498 GetCurrentProcess
0x41749c GetCommandLineW
0x4174a0 GetCPInfo
0x4174a4 InterlockedExchange
0x4174a8 InterlockedCompareExchange
0x4174ac FreeLibrary
0x4174b0 FormatMessageW
0x4174b4 FindResourceW
0x4174b8 EnumCalendarInfoW
0x4174bc DeleteFileW
0x4174c0 CreateProcessW
0x4174c4 CreateFileW
0x4174c8 CreateEventW
0x4174cc CreateDirectoryW
0x4174d0 CloseHandle
advapi32.dll
0x4174d8 RegQueryValueExW
0x4174dc RegOpenKeyExW
0x4174e0 RegCloseKey
0x4174e4 OpenProcessToken
0x4174e8 LookupPrivilegeValueW
comctl32.dll
0x4174f0 InitCommonControls
kernel32.dll
0x4174f8 Sleep
advapi32.dll
0x417500 AdjustTokenPrivileges
EAT(Export Address Table) is none