ScreenShot
| Created | 2021.07.03 09:34 | Machine | s1_win7_x6402 |
| Filename | YPlX4My0iUBh3V.php | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 41 detected (AIDetect, malware1, malicious, high confidence, Graftor, Ulise, Unsafe, Save, Kryptik, confidence, Fugrafa, ZexaF, uC1@aWQrinii, Eldorado, HLON, R002C0WG221, DangerousSig, Artemis, Static AI, Suspicious PE, ASCommon, kcloud, Wacatac, score, R429033, ai score=80, CVE-1999-0016, BScope, Outbreak, HxMBUxsA) | ||
| md5 | 1fa2d8db24799c93d9b6aa37e05f5525 | ||
| sha256 | 073143c5d5589117612c308b01f84c5e5b024878e98b15021ca820458219a568 | ||
| ssdeep | 6144:v13nwMjsBt/xLRMf93cDv6x28TYfzCHkmGj8aOZL4AnLLO:d3wMsB7RMfFgsT4Ak8l43 | ||
| imphash | 64f1814b769b7e8d7e61f45d0e9f5051 | ||
| impfuzzy | 96:ixOfcHq8iX+iIxjA8lFlCzz8Ewg8nj0yXW:pcqzWFEzig8j0ym | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44f9a4 CreateFileW
0x44f9a8 GetModuleFileNameA
0x44f9ac QueryPerformanceCounter
0x44f9b0 QueryPerformanceFrequency
0x44f9b4 LocalFree
0x44f9b8 FormatMessageA
0x44f9bc GetLastError
0x44f9c0 CloseHandle
0x44f9c4 GetExitCodeProcess
0x44f9c8 WaitForSingleObject
0x44f9cc CreateProcessA
0x44f9d0 GetCommandLineA
0x44f9d4 GetProcAddress
0x44f9d8 GetModuleHandleA
0x44f9dc LoadLibraryA
0x44f9e0 GetExitCodeThread
0x44f9e4 FindFirstFileA
0x44f9e8 FindNextFileA
0x44f9ec FindClose
0x44f9f0 HeapSetInformation
0x44f9f4 EnterCriticalSection
0x44f9f8 LeaveCriticalSection
0x44f9fc GetModuleHandleW
0x44fa00 ExitProcess
0x44fa04 DecodePointer
0x44fa08 FileTimeToSystemTime
0x44fa0c FileTimeToLocalFileTime
0x44fa10 GetDriveTypeA
0x44fa14 FindFirstFileExA
0x44fa18 MultiByteToWideChar
0x44fa1c GetFileAttributesA
0x44fa20 ExitThread
0x44fa24 GetCurrentThreadId
0x44fa28 CreateThread
0x44fa2c HeapAlloc
0x44fa30 HeapReAlloc
0x44fa34 HeapFree
0x44fa38 Sleep
0x44fa3c GetCPInfo
0x44fa40 InterlockedIncrement
0x44fa44 InterlockedDecrement
0x44fa48 GetACP
0x44fa4c GetOEMCP
0x44fa50 IsValidCodePage
0x44fa54 SetUnhandledExceptionFilter
0x44fa58 WriteFile
0x44fa5c GetStdHandle
0x44fa60 GetModuleFileNameW
0x44fa64 FreeEnvironmentStringsW
0x44fa68 WideCharToMultiByte
0x44fa6c GetEnvironmentStringsW
0x44fa70 SetHandleCount
0x44fa74 InitializeCriticalSectionAndSpinCount
0x44fa78 GetFileType
0x44fa7c GetStartupInfoW
0x44fa80 DeleteCriticalSection
0x44fa84 EncodePointer
0x44fa88 TlsAlloc
0x44fa8c TlsGetValue
0x44fa90 TlsSetValue
0x44fa94 TlsFree
0x44fa98 SetLastError
0x44fa9c HeapCreate
0x44faa0 GetTickCount
0x44faa4 GetCurrentProcessId
0x44faa8 GetSystemTimeAsFileTime
0x44faac UnhandledExceptionFilter
0x44fab0 IsDebuggerPresent
0x44fab4 TerminateProcess
0x44fab8 GetCurrentProcess
0x44fabc IsProcessorFeaturePresent
0x44fac0 LoadLibraryW
0x44fac4 RtlUnwind
0x44fac8 GetFullPathNameA
0x44facc GetFileInformationByHandle
0x44fad0 PeekNamedPipe
0x44fad4 CreateFileA
0x44fad8 GetCurrentDirectoryW
0x44fadc GetConsoleCP
0x44fae0 GetConsoleMode
0x44fae4 FlushFileBuffers
0x44fae8 SetEnvironmentVariableW
0x44faec SetEnvironmentVariableA
0x44faf0 SetStdHandle
0x44faf4 LCMapStringW
0x44faf8 GetStringTypeW
0x44fafc SetFilePointer
0x44fb00 CompareStringW
0x44fb04 HeapSize
0x44fb08 ReadFile
0x44fb0c GetDriveTypeW
0x44fb10 SetEndOfFile
0x44fb14 GetProcessHeap
0x44fb18 GetTimeZoneInformation
0x44fb1c WriteConsoleW
0x44fb20 SearchPathA
0x44fb24 SetConsoleOutputCP
0x44fb28 GetTapePosition
0x44fb2c GlobalFindAtomW
0x44fb30 WriteConsoleOutputAttribute
0x44fb34 GetTapeStatus
0x44fb38 IsValidLocale
0x44fb3c GetDefaultCommConfigA
0x44fb40 GetPrivateProfileSectionA
0x44fb44 ConnectNamedPipe
0x44fb48 Thread32Next
0x44fb4c MapViewOfFile
0x44fb50 RaiseException
0x44fb54 SetPriorityClass
0x44fb58 _lopen
0x44fb5c BackupWrite
0x44fb60 FormatMessageW
0x44fb64 LocalAlloc
0x44fb68 FreeLibrary
0x44fb6c SetConsoleCtrlHandler
0x44fb70 GetConsoleOutputCP
USER32.dll
0x44fb78 MessageBoxA
0x44fb7c CreateIconFromResource
0x44fb80 LoadMenuW
0x44fb84 GetClipboardViewer
0x44fb88 ShowScrollBar
0x44fb8c SetUserObjectInformationA
0x44fb90 PostMessageA
0x44fb94 DdeKeepStringHandle
0x44fb98 GetScrollInfo
0x44fb9c AnyPopup
0x44fba0 DrawTextExW
0x44fba4 VkKeyScanExW
0x44fba8 ChangeDisplaySettingsExW
0x44fbac SetLastErrorEx
0x44fbb0 EndTask
0x44fbb4 GetProcessWindowStation
0x44fbb8 PostMessageW
0x44fbbc IMPGetIMEW
0x44fbc0 PackDDElParam
0x44fbc4 OpenInputDesktop
0x44fbc8 GetMenuStringW
0x44fbcc UpdateWindow
0x44fbd0 wvsprintfW
0x44fbd4 GetMenuItemInfoA
0x44fbd8 DialogBoxParamA
0x44fbdc MessageBoxIndirectW
0x44fbe0 ValidateRect
0x44fbe4 IntersectRect
0x44fbe8 IsCharAlphaA
0x44fbec SetMenuDefaultItem
0x44fbf0 GetKeyNameTextW
0x44fbf4 IsWindowEnabled
0x44fbf8 SetClassLongW
0x44fbfc LoadMenuIndirectA
0x44fc00 CharPrevW
0x44fc04 ShowWindowAsync
0x44fc08 SetRect
0x44fc0c OemToCharA
0x44fc10 DeferWindowPos
0x44fc14 SendMessageTimeoutW
0x44fc18 LoadStringW
0x44fc1c GetKeyState
0x44fc20 GetClipboardData
GDI32.dll
0x44fc28 GdiSwapBuffers
0x44fc2c SetBrushOrgEx
0x44fc30 EqualRgn
0x44fc34 EngDeletePath
0x44fc38 StartDocA
0x44fc3c GetTextExtentPoint32A
0x44fc40 GdiStartDocEMF
0x44fc44 ModifyWorldTransform
0x44fc48 GetETM
0x44fc4c GdiEntry10
0x44fc50 GdiGetDevmodeForPage
0x44fc54 DeleteMetaFile
0x44fc58 PATHOBJ_vGetBounds
0x44fc5c XLATEOBJ_cGetPalette
0x44fc60 GdiConvertMetaFilePict
0x44fc64 BitBlt
0x44fc68 EngGetPrinterDataFileName
0x44fc6c FONTOBJ_vGetInfo
0x44fc70 GetMapMode
0x44fc74 Rectangle
0x44fc78 ResetDCA
0x44fc7c SetWorldTransform
0x44fc80 ResizePalette
0x44fc84 GetObjectA
0x44fc88 PolyTextOutW
0x44fc8c GdiFixUpHandle
0x44fc90 EngUnlockSurface
0x44fc94 GetStockObject
0x44fc98 GetStretchBltMode
0x44fc9c GetEnhMetaFileBits
ADVAPI32.dll
0x44fca4 RegQueryValueExA
0x44fca8 RegCloseKey
0x44fcac RegOpenKeyExA
0x44fcb0 RegEnumKeyA
0x44fcb4 RegOpenKeyA
SHELL32.dll
0x44fcbc SHFreeNameMappings
0x44fcc0 ShellExecuteExW
0x44fcc4 SHPathPrepareForWriteW
0x44fcc8 SHEmptyRecycleBinW
0x44fccc SHGetFolderLocation
SHLWAPI.dll
0x44fcd4 StrRChrW
0x44fcd8 StrRStrIA
0x44fcdc PathCanonicalizeW
0x44fce0 PathIsRootW
0x44fce4 PathIsDirectoryW
COMCTL32.dll
0x44fcec InitCommonControlsEx
EAT(Export Address Table) is none
KERNEL32.dll
0x44f9a4 CreateFileW
0x44f9a8 GetModuleFileNameA
0x44f9ac QueryPerformanceCounter
0x44f9b0 QueryPerformanceFrequency
0x44f9b4 LocalFree
0x44f9b8 FormatMessageA
0x44f9bc GetLastError
0x44f9c0 CloseHandle
0x44f9c4 GetExitCodeProcess
0x44f9c8 WaitForSingleObject
0x44f9cc CreateProcessA
0x44f9d0 GetCommandLineA
0x44f9d4 GetProcAddress
0x44f9d8 GetModuleHandleA
0x44f9dc LoadLibraryA
0x44f9e0 GetExitCodeThread
0x44f9e4 FindFirstFileA
0x44f9e8 FindNextFileA
0x44f9ec FindClose
0x44f9f0 HeapSetInformation
0x44f9f4 EnterCriticalSection
0x44f9f8 LeaveCriticalSection
0x44f9fc GetModuleHandleW
0x44fa00 ExitProcess
0x44fa04 DecodePointer
0x44fa08 FileTimeToSystemTime
0x44fa0c FileTimeToLocalFileTime
0x44fa10 GetDriveTypeA
0x44fa14 FindFirstFileExA
0x44fa18 MultiByteToWideChar
0x44fa1c GetFileAttributesA
0x44fa20 ExitThread
0x44fa24 GetCurrentThreadId
0x44fa28 CreateThread
0x44fa2c HeapAlloc
0x44fa30 HeapReAlloc
0x44fa34 HeapFree
0x44fa38 Sleep
0x44fa3c GetCPInfo
0x44fa40 InterlockedIncrement
0x44fa44 InterlockedDecrement
0x44fa48 GetACP
0x44fa4c GetOEMCP
0x44fa50 IsValidCodePage
0x44fa54 SetUnhandledExceptionFilter
0x44fa58 WriteFile
0x44fa5c GetStdHandle
0x44fa60 GetModuleFileNameW
0x44fa64 FreeEnvironmentStringsW
0x44fa68 WideCharToMultiByte
0x44fa6c GetEnvironmentStringsW
0x44fa70 SetHandleCount
0x44fa74 InitializeCriticalSectionAndSpinCount
0x44fa78 GetFileType
0x44fa7c GetStartupInfoW
0x44fa80 DeleteCriticalSection
0x44fa84 EncodePointer
0x44fa88 TlsAlloc
0x44fa8c TlsGetValue
0x44fa90 TlsSetValue
0x44fa94 TlsFree
0x44fa98 SetLastError
0x44fa9c HeapCreate
0x44faa0 GetTickCount
0x44faa4 GetCurrentProcessId
0x44faa8 GetSystemTimeAsFileTime
0x44faac UnhandledExceptionFilter
0x44fab0 IsDebuggerPresent
0x44fab4 TerminateProcess
0x44fab8 GetCurrentProcess
0x44fabc IsProcessorFeaturePresent
0x44fac0 LoadLibraryW
0x44fac4 RtlUnwind
0x44fac8 GetFullPathNameA
0x44facc GetFileInformationByHandle
0x44fad0 PeekNamedPipe
0x44fad4 CreateFileA
0x44fad8 GetCurrentDirectoryW
0x44fadc GetConsoleCP
0x44fae0 GetConsoleMode
0x44fae4 FlushFileBuffers
0x44fae8 SetEnvironmentVariableW
0x44faec SetEnvironmentVariableA
0x44faf0 SetStdHandle
0x44faf4 LCMapStringW
0x44faf8 GetStringTypeW
0x44fafc SetFilePointer
0x44fb00 CompareStringW
0x44fb04 HeapSize
0x44fb08 ReadFile
0x44fb0c GetDriveTypeW
0x44fb10 SetEndOfFile
0x44fb14 GetProcessHeap
0x44fb18 GetTimeZoneInformation
0x44fb1c WriteConsoleW
0x44fb20 SearchPathA
0x44fb24 SetConsoleOutputCP
0x44fb28 GetTapePosition
0x44fb2c GlobalFindAtomW
0x44fb30 WriteConsoleOutputAttribute
0x44fb34 GetTapeStatus
0x44fb38 IsValidLocale
0x44fb3c GetDefaultCommConfigA
0x44fb40 GetPrivateProfileSectionA
0x44fb44 ConnectNamedPipe
0x44fb48 Thread32Next
0x44fb4c MapViewOfFile
0x44fb50 RaiseException
0x44fb54 SetPriorityClass
0x44fb58 _lopen
0x44fb5c BackupWrite
0x44fb60 FormatMessageW
0x44fb64 LocalAlloc
0x44fb68 FreeLibrary
0x44fb6c SetConsoleCtrlHandler
0x44fb70 GetConsoleOutputCP
USER32.dll
0x44fb78 MessageBoxA
0x44fb7c CreateIconFromResource
0x44fb80 LoadMenuW
0x44fb84 GetClipboardViewer
0x44fb88 ShowScrollBar
0x44fb8c SetUserObjectInformationA
0x44fb90 PostMessageA
0x44fb94 DdeKeepStringHandle
0x44fb98 GetScrollInfo
0x44fb9c AnyPopup
0x44fba0 DrawTextExW
0x44fba4 VkKeyScanExW
0x44fba8 ChangeDisplaySettingsExW
0x44fbac SetLastErrorEx
0x44fbb0 EndTask
0x44fbb4 GetProcessWindowStation
0x44fbb8 PostMessageW
0x44fbbc IMPGetIMEW
0x44fbc0 PackDDElParam
0x44fbc4 OpenInputDesktop
0x44fbc8 GetMenuStringW
0x44fbcc UpdateWindow
0x44fbd0 wvsprintfW
0x44fbd4 GetMenuItemInfoA
0x44fbd8 DialogBoxParamA
0x44fbdc MessageBoxIndirectW
0x44fbe0 ValidateRect
0x44fbe4 IntersectRect
0x44fbe8 IsCharAlphaA
0x44fbec SetMenuDefaultItem
0x44fbf0 GetKeyNameTextW
0x44fbf4 IsWindowEnabled
0x44fbf8 SetClassLongW
0x44fbfc LoadMenuIndirectA
0x44fc00 CharPrevW
0x44fc04 ShowWindowAsync
0x44fc08 SetRect
0x44fc0c OemToCharA
0x44fc10 DeferWindowPos
0x44fc14 SendMessageTimeoutW
0x44fc18 LoadStringW
0x44fc1c GetKeyState
0x44fc20 GetClipboardData
GDI32.dll
0x44fc28 GdiSwapBuffers
0x44fc2c SetBrushOrgEx
0x44fc30 EqualRgn
0x44fc34 EngDeletePath
0x44fc38 StartDocA
0x44fc3c GetTextExtentPoint32A
0x44fc40 GdiStartDocEMF
0x44fc44 ModifyWorldTransform
0x44fc48 GetETM
0x44fc4c GdiEntry10
0x44fc50 GdiGetDevmodeForPage
0x44fc54 DeleteMetaFile
0x44fc58 PATHOBJ_vGetBounds
0x44fc5c XLATEOBJ_cGetPalette
0x44fc60 GdiConvertMetaFilePict
0x44fc64 BitBlt
0x44fc68 EngGetPrinterDataFileName
0x44fc6c FONTOBJ_vGetInfo
0x44fc70 GetMapMode
0x44fc74 Rectangle
0x44fc78 ResetDCA
0x44fc7c SetWorldTransform
0x44fc80 ResizePalette
0x44fc84 GetObjectA
0x44fc88 PolyTextOutW
0x44fc8c GdiFixUpHandle
0x44fc90 EngUnlockSurface
0x44fc94 GetStockObject
0x44fc98 GetStretchBltMode
0x44fc9c GetEnhMetaFileBits
ADVAPI32.dll
0x44fca4 RegQueryValueExA
0x44fca8 RegCloseKey
0x44fcac RegOpenKeyExA
0x44fcb0 RegEnumKeyA
0x44fcb4 RegOpenKeyA
SHELL32.dll
0x44fcbc SHFreeNameMappings
0x44fcc0 ShellExecuteExW
0x44fcc4 SHPathPrepareForWriteW
0x44fcc8 SHEmptyRecycleBinW
0x44fccc SHGetFolderLocation
SHLWAPI.dll
0x44fcd4 StrRChrW
0x44fcd8 StrRStrIA
0x44fcdc PathCanonicalizeW
0x44fce0 PathIsRootW
0x44fce4 PathIsDirectoryW
COMCTL32.dll
0x44fcec InitCommonControlsEx
EAT(Export Address Table) is none