ScreenShot
| Created | 2021.07.01 15:19 | Machine | s1_win7_x6401 |
| Filename | Li1J9kmyK3YE.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 44cbf8e4cc5ccdbe05a7d4ddf022bf0f | ||
| sha256 | 7a431d59dbc20a75091290b5ba5f15004ee7e96c547dbe7b9212df856cdc3208 | ||
| ssdeep | 6144:G19CHk8dtyhJsjQpxEWopznmo3O3QVq5vQi45KQUnHg3:E9f4yjTpmWNo3O3QM5gTQW | ||
| imphash | 64f1814b769b7e8d7e61f45d0e9f5051 | ||
| impfuzzy | 96:ixOfcHq8iX+iIxjA8lFlCzz8Ewg8nj0yXW:pcqzWFEzig8j0ym | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x452634 CreateFileW
0x452638 GetModuleFileNameA
0x45263c QueryPerformanceCounter
0x452640 QueryPerformanceFrequency
0x452644 LocalFree
0x452648 FormatMessageA
0x45264c GetLastError
0x452650 CloseHandle
0x452654 GetExitCodeProcess
0x452658 WaitForSingleObject
0x45265c CreateProcessA
0x452660 GetCommandLineA
0x452664 GetProcAddress
0x452668 GetModuleHandleA
0x45266c LoadLibraryA
0x452670 GetExitCodeThread
0x452674 FindFirstFileA
0x452678 FindNextFileA
0x45267c FindClose
0x452680 HeapSetInformation
0x452684 EnterCriticalSection
0x452688 LeaveCriticalSection
0x45268c GetModuleHandleW
0x452690 ExitProcess
0x452694 DecodePointer
0x452698 FileTimeToSystemTime
0x45269c FileTimeToLocalFileTime
0x4526a0 GetDriveTypeA
0x4526a4 FindFirstFileExA
0x4526a8 MultiByteToWideChar
0x4526ac GetFileAttributesA
0x4526b0 ExitThread
0x4526b4 GetCurrentThreadId
0x4526b8 CreateThread
0x4526bc HeapAlloc
0x4526c0 HeapReAlloc
0x4526c4 HeapFree
0x4526c8 Sleep
0x4526cc GetCPInfo
0x4526d0 InterlockedIncrement
0x4526d4 InterlockedDecrement
0x4526d8 GetACP
0x4526dc GetOEMCP
0x4526e0 IsValidCodePage
0x4526e4 SetUnhandledExceptionFilter
0x4526e8 WriteFile
0x4526ec GetStdHandle
0x4526f0 GetModuleFileNameW
0x4526f4 FreeEnvironmentStringsW
0x4526f8 WideCharToMultiByte
0x4526fc GetEnvironmentStringsW
0x452700 SetHandleCount
0x452704 InitializeCriticalSectionAndSpinCount
0x452708 GetFileType
0x45270c GetStartupInfoW
0x452710 DeleteCriticalSection
0x452714 EncodePointer
0x452718 TlsAlloc
0x45271c TlsGetValue
0x452720 TlsSetValue
0x452724 TlsFree
0x452728 SetLastError
0x45272c HeapCreate
0x452730 GetTickCount
0x452734 GetCurrentProcessId
0x452738 GetSystemTimeAsFileTime
0x45273c UnhandledExceptionFilter
0x452740 IsDebuggerPresent
0x452744 TerminateProcess
0x452748 GetCurrentProcess
0x45274c IsProcessorFeaturePresent
0x452750 LoadLibraryW
0x452754 RtlUnwind
0x452758 GetFullPathNameA
0x45275c GetFileInformationByHandle
0x452760 PeekNamedPipe
0x452764 CreateFileA
0x452768 GetCurrentDirectoryW
0x45276c GetConsoleCP
0x452770 GetConsoleMode
0x452774 FlushFileBuffers
0x452778 SetEnvironmentVariableW
0x45277c SetEnvironmentVariableA
0x452780 SetStdHandle
0x452784 LCMapStringW
0x452788 GetStringTypeW
0x45278c SetFilePointer
0x452790 CompareStringW
0x452794 HeapSize
0x452798 ReadFile
0x45279c GetDriveTypeW
0x4527a0 SetEndOfFile
0x4527a4 GetProcessHeap
0x4527a8 GetTimeZoneInformation
0x4527ac WriteConsoleW
0x4527b0 SearchPathA
0x4527b4 SetConsoleOutputCP
0x4527b8 GetTapePosition
0x4527bc GlobalFindAtomW
0x4527c0 WriteConsoleOutputAttribute
0x4527c4 GetTapeStatus
0x4527c8 IsValidLocale
0x4527cc GetDefaultCommConfigA
0x4527d0 GetPrivateProfileSectionA
0x4527d4 ConnectNamedPipe
0x4527d8 Thread32Next
0x4527dc MapViewOfFile
0x4527e0 RaiseException
0x4527e4 SetPriorityClass
0x4527e8 _lopen
0x4527ec BackupWrite
0x4527f0 FormatMessageW
0x4527f4 LocalAlloc
0x4527f8 FreeLibrary
0x4527fc SetConsoleCtrlHandler
0x452800 GetConsoleOutputCP
USER32.dll
0x452808 MessageBoxA
0x45280c CreateIconFromResource
0x452810 LoadMenuW
0x452814 GetClipboardViewer
0x452818 ShowScrollBar
0x45281c SetUserObjectInformationA
0x452820 PostMessageA
0x452824 DdeKeepStringHandle
0x452828 GetScrollInfo
0x45282c AnyPopup
0x452830 DrawTextExW
0x452834 VkKeyScanExW
0x452838 ChangeDisplaySettingsExW
0x45283c SetLastErrorEx
0x452840 EndTask
0x452844 GetProcessWindowStation
0x452848 PostMessageW
0x45284c IMPGetIMEW
0x452850 PackDDElParam
0x452854 OpenInputDesktop
0x452858 GetMenuStringW
0x45285c UpdateWindow
0x452860 wvsprintfW
0x452864 GetMenuItemInfoA
0x452868 DialogBoxParamA
0x45286c MessageBoxIndirectW
0x452870 ValidateRect
0x452874 IntersectRect
0x452878 IsCharAlphaA
0x45287c SetMenuDefaultItem
0x452880 GetKeyNameTextW
0x452884 IsWindowEnabled
0x452888 SetClassLongW
0x45288c LoadMenuIndirectA
0x452890 CharPrevW
0x452894 ShowWindowAsync
0x452898 SetRect
0x45289c OemToCharA
0x4528a0 DeferWindowPos
0x4528a4 SendMessageTimeoutW
0x4528a8 LoadStringW
0x4528ac GetKeyState
0x4528b0 GetClipboardData
GDI32.dll
0x4528b8 GdiSwapBuffers
0x4528bc SetBrushOrgEx
0x4528c0 EqualRgn
0x4528c4 EngDeletePath
0x4528c8 StartDocA
0x4528cc GetTextExtentPoint32A
0x4528d0 GdiStartDocEMF
0x4528d4 ModifyWorldTransform
0x4528d8 GetETM
0x4528dc GdiEntry10
0x4528e0 GdiGetDevmodeForPage
0x4528e4 DeleteMetaFile
0x4528e8 PATHOBJ_vGetBounds
0x4528ec XLATEOBJ_cGetPalette
0x4528f0 GdiConvertMetaFilePict
0x4528f4 BitBlt
0x4528f8 EngGetPrinterDataFileName
0x4528fc FONTOBJ_vGetInfo
0x452900 GetMapMode
0x452904 Rectangle
0x452908 ResetDCA
0x45290c SetWorldTransform
0x452910 ResizePalette
0x452914 GetObjectA
0x452918 PolyTextOutW
0x45291c GdiFixUpHandle
0x452920 EngUnlockSurface
0x452924 GetStockObject
0x452928 GetStretchBltMode
0x45292c GetEnhMetaFileBits
ADVAPI32.dll
0x452934 RegQueryValueExA
0x452938 RegCloseKey
0x45293c RegOpenKeyExA
0x452940 RegEnumKeyA
0x452944 RegOpenKeyA
SHELL32.dll
0x45294c SHFreeNameMappings
0x452950 ShellExecuteExW
0x452954 SHPathPrepareForWriteW
0x452958 SHEmptyRecycleBinW
0x45295c SHGetFolderLocation
SHLWAPI.dll
0x452964 StrRChrW
0x452968 StrRStrIA
0x45296c PathCanonicalizeW
0x452970 PathIsRootW
0x452974 PathIsDirectoryW
COMCTL32.dll
0x45297c InitCommonControlsEx
EAT(Export Address Table) is none
KERNEL32.dll
0x452634 CreateFileW
0x452638 GetModuleFileNameA
0x45263c QueryPerformanceCounter
0x452640 QueryPerformanceFrequency
0x452644 LocalFree
0x452648 FormatMessageA
0x45264c GetLastError
0x452650 CloseHandle
0x452654 GetExitCodeProcess
0x452658 WaitForSingleObject
0x45265c CreateProcessA
0x452660 GetCommandLineA
0x452664 GetProcAddress
0x452668 GetModuleHandleA
0x45266c LoadLibraryA
0x452670 GetExitCodeThread
0x452674 FindFirstFileA
0x452678 FindNextFileA
0x45267c FindClose
0x452680 HeapSetInformation
0x452684 EnterCriticalSection
0x452688 LeaveCriticalSection
0x45268c GetModuleHandleW
0x452690 ExitProcess
0x452694 DecodePointer
0x452698 FileTimeToSystemTime
0x45269c FileTimeToLocalFileTime
0x4526a0 GetDriveTypeA
0x4526a4 FindFirstFileExA
0x4526a8 MultiByteToWideChar
0x4526ac GetFileAttributesA
0x4526b0 ExitThread
0x4526b4 GetCurrentThreadId
0x4526b8 CreateThread
0x4526bc HeapAlloc
0x4526c0 HeapReAlloc
0x4526c4 HeapFree
0x4526c8 Sleep
0x4526cc GetCPInfo
0x4526d0 InterlockedIncrement
0x4526d4 InterlockedDecrement
0x4526d8 GetACP
0x4526dc GetOEMCP
0x4526e0 IsValidCodePage
0x4526e4 SetUnhandledExceptionFilter
0x4526e8 WriteFile
0x4526ec GetStdHandle
0x4526f0 GetModuleFileNameW
0x4526f4 FreeEnvironmentStringsW
0x4526f8 WideCharToMultiByte
0x4526fc GetEnvironmentStringsW
0x452700 SetHandleCount
0x452704 InitializeCriticalSectionAndSpinCount
0x452708 GetFileType
0x45270c GetStartupInfoW
0x452710 DeleteCriticalSection
0x452714 EncodePointer
0x452718 TlsAlloc
0x45271c TlsGetValue
0x452720 TlsSetValue
0x452724 TlsFree
0x452728 SetLastError
0x45272c HeapCreate
0x452730 GetTickCount
0x452734 GetCurrentProcessId
0x452738 GetSystemTimeAsFileTime
0x45273c UnhandledExceptionFilter
0x452740 IsDebuggerPresent
0x452744 TerminateProcess
0x452748 GetCurrentProcess
0x45274c IsProcessorFeaturePresent
0x452750 LoadLibraryW
0x452754 RtlUnwind
0x452758 GetFullPathNameA
0x45275c GetFileInformationByHandle
0x452760 PeekNamedPipe
0x452764 CreateFileA
0x452768 GetCurrentDirectoryW
0x45276c GetConsoleCP
0x452770 GetConsoleMode
0x452774 FlushFileBuffers
0x452778 SetEnvironmentVariableW
0x45277c SetEnvironmentVariableA
0x452780 SetStdHandle
0x452784 LCMapStringW
0x452788 GetStringTypeW
0x45278c SetFilePointer
0x452790 CompareStringW
0x452794 HeapSize
0x452798 ReadFile
0x45279c GetDriveTypeW
0x4527a0 SetEndOfFile
0x4527a4 GetProcessHeap
0x4527a8 GetTimeZoneInformation
0x4527ac WriteConsoleW
0x4527b0 SearchPathA
0x4527b4 SetConsoleOutputCP
0x4527b8 GetTapePosition
0x4527bc GlobalFindAtomW
0x4527c0 WriteConsoleOutputAttribute
0x4527c4 GetTapeStatus
0x4527c8 IsValidLocale
0x4527cc GetDefaultCommConfigA
0x4527d0 GetPrivateProfileSectionA
0x4527d4 ConnectNamedPipe
0x4527d8 Thread32Next
0x4527dc MapViewOfFile
0x4527e0 RaiseException
0x4527e4 SetPriorityClass
0x4527e8 _lopen
0x4527ec BackupWrite
0x4527f0 FormatMessageW
0x4527f4 LocalAlloc
0x4527f8 FreeLibrary
0x4527fc SetConsoleCtrlHandler
0x452800 GetConsoleOutputCP
USER32.dll
0x452808 MessageBoxA
0x45280c CreateIconFromResource
0x452810 LoadMenuW
0x452814 GetClipboardViewer
0x452818 ShowScrollBar
0x45281c SetUserObjectInformationA
0x452820 PostMessageA
0x452824 DdeKeepStringHandle
0x452828 GetScrollInfo
0x45282c AnyPopup
0x452830 DrawTextExW
0x452834 VkKeyScanExW
0x452838 ChangeDisplaySettingsExW
0x45283c SetLastErrorEx
0x452840 EndTask
0x452844 GetProcessWindowStation
0x452848 PostMessageW
0x45284c IMPGetIMEW
0x452850 PackDDElParam
0x452854 OpenInputDesktop
0x452858 GetMenuStringW
0x45285c UpdateWindow
0x452860 wvsprintfW
0x452864 GetMenuItemInfoA
0x452868 DialogBoxParamA
0x45286c MessageBoxIndirectW
0x452870 ValidateRect
0x452874 IntersectRect
0x452878 IsCharAlphaA
0x45287c SetMenuDefaultItem
0x452880 GetKeyNameTextW
0x452884 IsWindowEnabled
0x452888 SetClassLongW
0x45288c LoadMenuIndirectA
0x452890 CharPrevW
0x452894 ShowWindowAsync
0x452898 SetRect
0x45289c OemToCharA
0x4528a0 DeferWindowPos
0x4528a4 SendMessageTimeoutW
0x4528a8 LoadStringW
0x4528ac GetKeyState
0x4528b0 GetClipboardData
GDI32.dll
0x4528b8 GdiSwapBuffers
0x4528bc SetBrushOrgEx
0x4528c0 EqualRgn
0x4528c4 EngDeletePath
0x4528c8 StartDocA
0x4528cc GetTextExtentPoint32A
0x4528d0 GdiStartDocEMF
0x4528d4 ModifyWorldTransform
0x4528d8 GetETM
0x4528dc GdiEntry10
0x4528e0 GdiGetDevmodeForPage
0x4528e4 DeleteMetaFile
0x4528e8 PATHOBJ_vGetBounds
0x4528ec XLATEOBJ_cGetPalette
0x4528f0 GdiConvertMetaFilePict
0x4528f4 BitBlt
0x4528f8 EngGetPrinterDataFileName
0x4528fc FONTOBJ_vGetInfo
0x452900 GetMapMode
0x452904 Rectangle
0x452908 ResetDCA
0x45290c SetWorldTransform
0x452910 ResizePalette
0x452914 GetObjectA
0x452918 PolyTextOutW
0x45291c GdiFixUpHandle
0x452920 EngUnlockSurface
0x452924 GetStockObject
0x452928 GetStretchBltMode
0x45292c GetEnhMetaFileBits
ADVAPI32.dll
0x452934 RegQueryValueExA
0x452938 RegCloseKey
0x45293c RegOpenKeyExA
0x452940 RegEnumKeyA
0x452944 RegOpenKeyA
SHELL32.dll
0x45294c SHFreeNameMappings
0x452950 ShellExecuteExW
0x452954 SHPathPrepareForWriteW
0x452958 SHEmptyRecycleBinW
0x45295c SHGetFolderLocation
SHLWAPI.dll
0x452964 StrRChrW
0x452968 StrRStrIA
0x45296c PathCanonicalizeW
0x452970 PathIsRootW
0x452974 PathIsDirectoryW
COMCTL32.dll
0x45297c InitCommonControlsEx
EAT(Export Address Table) is none