ScreenShot
| Created | 2021.07.14 09:05 | Machine | s1_win7_x6401 |
| Filename | moonmars.png | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 818e84e7ff9720097a103e501938df5c | ||
| sha256 | d728561e457b0d918097d956655386ea89f89fa4bfc3741b5cf3af778ac4c34f | ||
| ssdeep | 6144:cIzlI2lTAbw3TTIaThNALS0znh1hTF8PW8yLvBYQ8YiXCn6muSL7Cw5O547fEACA:vT8wIaThNv8nh3LvBYtYuuX/Ci78hH+ | ||
| imphash | 285edb96a4eb2f97aa48802e35f98fc6 | ||
| impfuzzy | 96:G8YIt3htZo14X0rDhH1tniQ2Qdvy8H7PecncJFrQP6Fx:KCtgP57niQ2QdvHH7GcncnQP6Fx | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (13cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x100270a4 RtlUnwind
0x100270a8 HeapFree
0x100270ac VirtualAlloc
0x100270b0 HeapAlloc
0x100270b4 HeapReAlloc
0x100270b8 GetCommandLineA
0x100270bc GetProcessHeap
0x100270c0 RaiseException
0x100270c4 ExitProcess
0x100270c8 HeapSize
0x100270cc TerminateProcess
0x100270d0 UnhandledExceptionFilter
0x100270d4 SetUnhandledExceptionFilter
0x100270d8 IsDebuggerPresent
0x100270dc HeapDestroy
0x100270e0 HeapCreate
0x100270e4 VirtualFree
0x100270e8 GetStdHandle
0x100270ec Sleep
0x100270f0 GetACP
0x100270f4 GetFileType
0x100270f8 GetStartupInfoA
0x100270fc FreeEnvironmentStringsA
0x10027100 GetEnvironmentStrings
0x10027104 FreeEnvironmentStringsW
0x10027108 GetEnvironmentStringsW
0x1002710c QueryPerformanceCounter
0x10027110 GetTickCount
0x10027114 GetSystemTimeAsFileTime
0x10027118 LCMapStringA
0x1002711c LCMapStringW
0x10027120 GetStringTypeA
0x10027124 GetStringTypeW
0x10027128 GetConsoleCP
0x1002712c GetConsoleMode
0x10027130 SetStdHandle
0x10027134 WriteConsoleA
0x10027138 GetConsoleOutputCP
0x1002713c WriteConsoleW
0x10027140 CreateFileA
0x10027144 FlushFileBuffers
0x10027148 SetFilePointer
0x1002714c WriteFile
0x10027150 ReadFile
0x10027154 WritePrivateProfileStringA
0x10027158 GetThreadLocale
0x1002715c GetOEMCP
0x10027160 GetCPInfo
0x10027164 InterlockedIncrement
0x10027168 TlsFree
0x1002716c DeleteCriticalSection
0x10027170 LocalReAlloc
0x10027174 TlsSetValue
0x10027178 TlsAlloc
0x1002717c InitializeCriticalSection
0x10027180 GlobalHandle
0x10027184 GlobalReAlloc
0x10027188 EnterCriticalSection
0x1002718c TlsGetValue
0x10027190 LeaveCriticalSection
0x10027194 LocalAlloc
0x10027198 GlobalFlags
0x1002719c InterlockedDecrement
0x100271a0 GetCurrentProcessId
0x100271a4 CloseHandle
0x100271a8 GetCurrentThread
0x100271ac ConvertDefaultLocale
0x100271b0 GetModuleFileNameA
0x100271b4 EnumResourceLanguagesA
0x100271b8 GetLocaleInfoA
0x100271bc lstrcmpA
0x100271c0 FormatMessageA
0x100271c4 LocalFree
0x100271c8 FreeResource
0x100271cc GetCurrentThreadId
0x100271d0 GlobalGetAtomNameA
0x100271d4 GlobalAddAtomA
0x100271d8 GlobalFindAtomA
0x100271dc GlobalDeleteAtom
0x100271e0 FreeLibrary
0x100271e4 LoadLibraryA
0x100271e8 lstrcmpW
0x100271ec GetVersionExA
0x100271f0 MulDiv
0x100271f4 GetModuleHandleA
0x100271f8 GetProcAddress
0x100271fc SetLastError
0x10027200 LoadLibraryW
0x10027204 GetCurrentProcess
0x10027208 GetLastError
0x1002720c lstrlenA
0x10027210 CompareStringA
0x10027214 MultiByteToWideChar
0x10027218 GetVersion
0x1002721c InterlockedExchange
0x10027220 WideCharToMultiByte
0x10027224 FindResourceA
0x10027228 SizeofResource
0x1002722c LoadResource
0x10027230 LockResource
0x10027234 GlobalAlloc
0x10027238 GlobalLock
0x1002723c GlobalUnlock
0x10027240 SetHandleCount
0x10027244 GlobalFree
USER32.dll
0x10027264 DestroyMenu
0x10027268 GetDesktopWindow
0x1002726c CreateDialogIndirectParamA
0x10027270 GetNextDlgTabItem
0x10027274 EndDialog
0x10027278 GetWindowThreadProcessId
0x1002727c SetCursor
0x10027280 GetMessageA
0x10027284 TranslateMessage
0x10027288 GetActiveWindow
0x1002728c ValidateRect
0x10027290 PostQuitMessage
0x10027294 GetCursorPos
0x10027298 WindowFromPoint
0x1002729c IsWindowEnabled
0x100272a0 ShowWindow
0x100272a4 SetWindowTextA
0x100272a8 IsDialogMessageA
0x100272ac SetMenuItemBitmaps
0x100272b0 GetMenuCheckMarkDimensions
0x100272b4 LoadBitmapA
0x100272b8 ModifyMenuA
0x100272bc GetMenuState
0x100272c0 EnableMenuItem
0x100272c4 CheckMenuItem
0x100272c8 RegisterWindowMessageA
0x100272cc SendDlgItemMessageA
0x100272d0 WinHelpA
0x100272d4 GetCapture
0x100272d8 CallNextHookEx
0x100272dc GetClassLongA
0x100272e0 GetClassNameA
0x100272e4 SetPropA
0x100272e8 GetPropA
0x100272ec RemovePropA
0x100272f0 GetFocus
0x100272f4 SetFocus
0x100272f8 GetWindowTextA
0x100272fc GetForegroundWindow
0x10027300 GetLastActivePopup
0x10027304 SetActiveWindow
0x10027308 DispatchMessageA
0x1002730c GetDlgItem
0x10027310 GetTopWindow
0x10027314 DestroyWindow
0x10027318 UnhookWindowsHookEx
0x1002731c GetMessageTime
0x10027320 GetMessagePos
0x10027324 PeekMessageA
0x10027328 MapWindowPoints
0x1002732c GetKeyState
0x10027330 SetForegroundWindow
0x10027334 IsWindowVisible
0x10027338 UpdateWindow
0x1002733c GetMenu
0x10027340 PostMessageA
0x10027344 GetSubMenu
0x10027348 GetMenuItemID
0x1002734c GetMenuItemCount
0x10027350 MessageBoxA
0x10027354 CreateWindowExA
0x10027358 GetClassInfoExA
0x1002735c GetClassInfoA
0x10027360 RegisterClassA
0x10027364 AdjustWindowRectEx
0x10027368 CopyRect
0x1002736c PtInRect
0x10027370 GetDlgCtrlID
0x10027374 DefWindowProcA
0x10027378 CallWindowProcA
0x1002737c GetWindowLongA
0x10027380 SetWindowLongA
0x10027384 SetWindowPos
0x10027388 SystemParametersInfoA
0x1002738c GetWindowPlacement
0x10027390 UnregisterClassA
0x10027394 GetWindow
0x10027398 GetSysColor
0x1002739c LoadCursorA
0x100273a0 SetWindowsHookExA
0x100273a4 GetSysColorBrush
0x100273a8 EndPaint
0x100273ac BeginPaint
0x100273b0 ReleaseDC
0x100273b4 GetDC
0x100273b8 ClientToScreen
0x100273bc ScreenToClient
0x100273c0 IsIconic
0x100273c4 GetSystemMetrics
0x100273c8 DrawIcon
0x100273cc GetSystemMenu
0x100273d0 AppendMenuA
0x100273d4 LoadImageA
0x100273d8 LoadIconA
0x100273dc EnableWindow
0x100273e0 GrayStringA
0x100273e4 DrawTextExA
0x100273e8 DrawTextA
0x100273ec TabbedTextOutA
0x100273f0 IsWindow
0x100273f4 SendMessageA
0x100273f8 InvalidateRect
0x100273fc EqualRect
0x10027400 GetClientRect
0x10027404 GetParent
0x10027408 GetWindowRect
GDI32.dll
0x10027030 DeleteDC
0x10027034 CreateBitmap
0x10027038 GetObjectA
0x1002703c GetStockObject
0x10027040 GetDeviceCaps
0x10027044 DeleteObject
0x10027048 ScaleWindowExtEx
0x1002704c SetWindowExtEx
0x10027050 SetWindowOrgEx
0x10027054 ScaleViewportExtEx
0x10027058 SetViewportExtEx
0x1002705c OffsetViewportOrgEx
0x10027060 SetViewportOrgEx
0x10027064 BitBlt
0x10027068 GetClipBox
0x1002706c SetMapMode
0x10027070 SetTextColor
0x10027074 SetBkColor
0x10027078 RestoreDC
0x1002707c SaveDC
0x10027080 SelectObject
0x10027084 Escape
0x10027088 ExtTextOutA
0x1002708c TextOutA
0x10027090 RectVisible
0x10027094 PtVisible
0x10027098 CreateCompatibleDC
0x1002709c CreateCompatibleBitmap
WINSPOOL.DRV
0x10027410 ClosePrinter
0x10027414 OpenPrinterA
0x10027418 DocumentPropertiesA
ADVAPI32.dll
0x10027000 RegEnumKeyA
0x10027004 RegSetValueExA
0x10027008 RegCreateKeyExA
0x1002700c RegQueryValueA
0x10027010 RegCloseKey
0x10027014 RegDeleteKeyA
0x10027018 RegOpenKeyExA
0x1002701c RegQueryValueExA
0x10027020 RegOpenKeyA
COMCTL32.dll
0x10027028 _TrackMouseEvent
SHLWAPI.dll
0x1002725c PathFindExtensionA
ole32.dll
0x10027468 CreateStreamOnHGlobal
OLEAUT32.dll
0x1002724c VariantClear
0x10027250 VariantChangeType
0x10027254 VariantInit
gdiplus.dll
0x10027420 GdipCreateBitmapFromStream
0x10027424 GdipFree
0x10027428 GdipCreateFromHDC
0x1002742c GdipDrawImageI
0x10027430 GdipCreateImageAttributes
0x10027434 GdipSetImageAttributesColorMatrix
0x10027438 GdipCreateBitmapFromStreamICM
0x1002743c GdipGetImageHeight
0x10027440 GdipDrawImageRectRect
0x10027444 GdipDisposeImageAttributes
0x10027448 GdipDeleteGraphics
0x1002744c GdipAlloc
0x10027450 GdipDisposeImage
0x10027454 GdipCloneImage
0x10027458 GdiplusStartup
0x1002745c GdiplusShutdown
0x10027460 GdipGetImageWidth
EAT(Export Address Table) Library
0x100057d0 StartW
KERNEL32.dll
0x100270a4 RtlUnwind
0x100270a8 HeapFree
0x100270ac VirtualAlloc
0x100270b0 HeapAlloc
0x100270b4 HeapReAlloc
0x100270b8 GetCommandLineA
0x100270bc GetProcessHeap
0x100270c0 RaiseException
0x100270c4 ExitProcess
0x100270c8 HeapSize
0x100270cc TerminateProcess
0x100270d0 UnhandledExceptionFilter
0x100270d4 SetUnhandledExceptionFilter
0x100270d8 IsDebuggerPresent
0x100270dc HeapDestroy
0x100270e0 HeapCreate
0x100270e4 VirtualFree
0x100270e8 GetStdHandle
0x100270ec Sleep
0x100270f0 GetACP
0x100270f4 GetFileType
0x100270f8 GetStartupInfoA
0x100270fc FreeEnvironmentStringsA
0x10027100 GetEnvironmentStrings
0x10027104 FreeEnvironmentStringsW
0x10027108 GetEnvironmentStringsW
0x1002710c QueryPerformanceCounter
0x10027110 GetTickCount
0x10027114 GetSystemTimeAsFileTime
0x10027118 LCMapStringA
0x1002711c LCMapStringW
0x10027120 GetStringTypeA
0x10027124 GetStringTypeW
0x10027128 GetConsoleCP
0x1002712c GetConsoleMode
0x10027130 SetStdHandle
0x10027134 WriteConsoleA
0x10027138 GetConsoleOutputCP
0x1002713c WriteConsoleW
0x10027140 CreateFileA
0x10027144 FlushFileBuffers
0x10027148 SetFilePointer
0x1002714c WriteFile
0x10027150 ReadFile
0x10027154 WritePrivateProfileStringA
0x10027158 GetThreadLocale
0x1002715c GetOEMCP
0x10027160 GetCPInfo
0x10027164 InterlockedIncrement
0x10027168 TlsFree
0x1002716c DeleteCriticalSection
0x10027170 LocalReAlloc
0x10027174 TlsSetValue
0x10027178 TlsAlloc
0x1002717c InitializeCriticalSection
0x10027180 GlobalHandle
0x10027184 GlobalReAlloc
0x10027188 EnterCriticalSection
0x1002718c TlsGetValue
0x10027190 LeaveCriticalSection
0x10027194 LocalAlloc
0x10027198 GlobalFlags
0x1002719c InterlockedDecrement
0x100271a0 GetCurrentProcessId
0x100271a4 CloseHandle
0x100271a8 GetCurrentThread
0x100271ac ConvertDefaultLocale
0x100271b0 GetModuleFileNameA
0x100271b4 EnumResourceLanguagesA
0x100271b8 GetLocaleInfoA
0x100271bc lstrcmpA
0x100271c0 FormatMessageA
0x100271c4 LocalFree
0x100271c8 FreeResource
0x100271cc GetCurrentThreadId
0x100271d0 GlobalGetAtomNameA
0x100271d4 GlobalAddAtomA
0x100271d8 GlobalFindAtomA
0x100271dc GlobalDeleteAtom
0x100271e0 FreeLibrary
0x100271e4 LoadLibraryA
0x100271e8 lstrcmpW
0x100271ec GetVersionExA
0x100271f0 MulDiv
0x100271f4 GetModuleHandleA
0x100271f8 GetProcAddress
0x100271fc SetLastError
0x10027200 LoadLibraryW
0x10027204 GetCurrentProcess
0x10027208 GetLastError
0x1002720c lstrlenA
0x10027210 CompareStringA
0x10027214 MultiByteToWideChar
0x10027218 GetVersion
0x1002721c InterlockedExchange
0x10027220 WideCharToMultiByte
0x10027224 FindResourceA
0x10027228 SizeofResource
0x1002722c LoadResource
0x10027230 LockResource
0x10027234 GlobalAlloc
0x10027238 GlobalLock
0x1002723c GlobalUnlock
0x10027240 SetHandleCount
0x10027244 GlobalFree
USER32.dll
0x10027264 DestroyMenu
0x10027268 GetDesktopWindow
0x1002726c CreateDialogIndirectParamA
0x10027270 GetNextDlgTabItem
0x10027274 EndDialog
0x10027278 GetWindowThreadProcessId
0x1002727c SetCursor
0x10027280 GetMessageA
0x10027284 TranslateMessage
0x10027288 GetActiveWindow
0x1002728c ValidateRect
0x10027290 PostQuitMessage
0x10027294 GetCursorPos
0x10027298 WindowFromPoint
0x1002729c IsWindowEnabled
0x100272a0 ShowWindow
0x100272a4 SetWindowTextA
0x100272a8 IsDialogMessageA
0x100272ac SetMenuItemBitmaps
0x100272b0 GetMenuCheckMarkDimensions
0x100272b4 LoadBitmapA
0x100272b8 ModifyMenuA
0x100272bc GetMenuState
0x100272c0 EnableMenuItem
0x100272c4 CheckMenuItem
0x100272c8 RegisterWindowMessageA
0x100272cc SendDlgItemMessageA
0x100272d0 WinHelpA
0x100272d4 GetCapture
0x100272d8 CallNextHookEx
0x100272dc GetClassLongA
0x100272e0 GetClassNameA
0x100272e4 SetPropA
0x100272e8 GetPropA
0x100272ec RemovePropA
0x100272f0 GetFocus
0x100272f4 SetFocus
0x100272f8 GetWindowTextA
0x100272fc GetForegroundWindow
0x10027300 GetLastActivePopup
0x10027304 SetActiveWindow
0x10027308 DispatchMessageA
0x1002730c GetDlgItem
0x10027310 GetTopWindow
0x10027314 DestroyWindow
0x10027318 UnhookWindowsHookEx
0x1002731c GetMessageTime
0x10027320 GetMessagePos
0x10027324 PeekMessageA
0x10027328 MapWindowPoints
0x1002732c GetKeyState
0x10027330 SetForegroundWindow
0x10027334 IsWindowVisible
0x10027338 UpdateWindow
0x1002733c GetMenu
0x10027340 PostMessageA
0x10027344 GetSubMenu
0x10027348 GetMenuItemID
0x1002734c GetMenuItemCount
0x10027350 MessageBoxA
0x10027354 CreateWindowExA
0x10027358 GetClassInfoExA
0x1002735c GetClassInfoA
0x10027360 RegisterClassA
0x10027364 AdjustWindowRectEx
0x10027368 CopyRect
0x1002736c PtInRect
0x10027370 GetDlgCtrlID
0x10027374 DefWindowProcA
0x10027378 CallWindowProcA
0x1002737c GetWindowLongA
0x10027380 SetWindowLongA
0x10027384 SetWindowPos
0x10027388 SystemParametersInfoA
0x1002738c GetWindowPlacement
0x10027390 UnregisterClassA
0x10027394 GetWindow
0x10027398 GetSysColor
0x1002739c LoadCursorA
0x100273a0 SetWindowsHookExA
0x100273a4 GetSysColorBrush
0x100273a8 EndPaint
0x100273ac BeginPaint
0x100273b0 ReleaseDC
0x100273b4 GetDC
0x100273b8 ClientToScreen
0x100273bc ScreenToClient
0x100273c0 IsIconic
0x100273c4 GetSystemMetrics
0x100273c8 DrawIcon
0x100273cc GetSystemMenu
0x100273d0 AppendMenuA
0x100273d4 LoadImageA
0x100273d8 LoadIconA
0x100273dc EnableWindow
0x100273e0 GrayStringA
0x100273e4 DrawTextExA
0x100273e8 DrawTextA
0x100273ec TabbedTextOutA
0x100273f0 IsWindow
0x100273f4 SendMessageA
0x100273f8 InvalidateRect
0x100273fc EqualRect
0x10027400 GetClientRect
0x10027404 GetParent
0x10027408 GetWindowRect
GDI32.dll
0x10027030 DeleteDC
0x10027034 CreateBitmap
0x10027038 GetObjectA
0x1002703c GetStockObject
0x10027040 GetDeviceCaps
0x10027044 DeleteObject
0x10027048 ScaleWindowExtEx
0x1002704c SetWindowExtEx
0x10027050 SetWindowOrgEx
0x10027054 ScaleViewportExtEx
0x10027058 SetViewportExtEx
0x1002705c OffsetViewportOrgEx
0x10027060 SetViewportOrgEx
0x10027064 BitBlt
0x10027068 GetClipBox
0x1002706c SetMapMode
0x10027070 SetTextColor
0x10027074 SetBkColor
0x10027078 RestoreDC
0x1002707c SaveDC
0x10027080 SelectObject
0x10027084 Escape
0x10027088 ExtTextOutA
0x1002708c TextOutA
0x10027090 RectVisible
0x10027094 PtVisible
0x10027098 CreateCompatibleDC
0x1002709c CreateCompatibleBitmap
WINSPOOL.DRV
0x10027410 ClosePrinter
0x10027414 OpenPrinterA
0x10027418 DocumentPropertiesA
ADVAPI32.dll
0x10027000 RegEnumKeyA
0x10027004 RegSetValueExA
0x10027008 RegCreateKeyExA
0x1002700c RegQueryValueA
0x10027010 RegCloseKey
0x10027014 RegDeleteKeyA
0x10027018 RegOpenKeyExA
0x1002701c RegQueryValueExA
0x10027020 RegOpenKeyA
COMCTL32.dll
0x10027028 _TrackMouseEvent
SHLWAPI.dll
0x1002725c PathFindExtensionA
ole32.dll
0x10027468 CreateStreamOnHGlobal
OLEAUT32.dll
0x1002724c VariantClear
0x10027250 VariantChangeType
0x10027254 VariantInit
gdiplus.dll
0x10027420 GdipCreateBitmapFromStream
0x10027424 GdipFree
0x10027428 GdipCreateFromHDC
0x1002742c GdipDrawImageI
0x10027430 GdipCreateImageAttributes
0x10027434 GdipSetImageAttributesColorMatrix
0x10027438 GdipCreateBitmapFromStreamICM
0x1002743c GdipGetImageHeight
0x10027440 GdipDrawImageRectRect
0x10027444 GdipDisposeImageAttributes
0x10027448 GdipDeleteGraphics
0x1002744c GdipAlloc
0x10027450 GdipDisposeImage
0x10027454 GdipCloneImage
0x10027458 GdiplusStartup
0x1002745c GdiplusShutdown
0x10027460 GdipGetImageWidth
EAT(Export Address Table) Library
0x100057d0 StartW