ScreenShot
| Created | 2021.08.01 09:30 | Machine | s1_win7_x6402 |
| Filename | downloaddocument.do | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 14 detected (Malicious, score, Trickpak, FileRepMetagen, Artemis, Emotet, kphti, kcloud, Wacatac, Behavior) | ||
| md5 | c0e07efbb0dd361490426661fe992f6f | ||
| sha256 | 7c9f494ed4397ccedb3d5c8a10235669a31ae7eb79423b6fa785d141cb6d183d | ||
| ssdeep | 6144:53v6kfEPxw1S5sEMeJJFoZbNFcI+rvezdKH5FYMkxsZSdTs8Xc5n4:5/BEP+Qy7eJJa2qKZFhkxsZSdw8Xc5n | ||
| imphash | a31d58fa029c31330a5f25a3035bb8bd | ||
| impfuzzy | 96:jiPKAg7JV4nqFaHwXDjgtISVsVULcRcL3Q6:uy3iaDjg6SVsVULcRcJ | ||
Network IP location
Signature (15cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The executable uses a known packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (7cnts) ?
Suricata ids
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x100110a4 HeapAlloc
0x100110a8 GetCommandLineA
0x100110ac RaiseException
0x100110b0 HeapFree
0x100110b4 ExitProcess
0x100110b8 TerminateProcess
0x100110bc HeapSize
0x100110c0 HeapReAlloc
0x100110c4 GetACP
0x100110c8 HeapDestroy
0x100110cc HeapCreate
0x100110d0 VirtualFree
0x100110d4 VirtualAlloc
0x100110d8 IsBadWritePtr
0x100110dc SetHandleCount
0x100110e0 GetStdHandle
0x100110e4 GetFileType
0x100110e8 RtlUnwind
0x100110ec FreeEnvironmentStringsA
0x100110f0 FreeEnvironmentStringsW
0x100110f4 GetEnvironmentStrings
0x100110f8 GetEnvironmentStringsW
0x100110fc SetUnhandledExceptionFilter
0x10011100 LCMapStringA
0x10011104 LCMapStringW
0x10011108 GetStringTypeA
0x1001110c GetStringTypeW
0x10011110 IsBadReadPtr
0x10011114 IsBadCodePtr
0x10011118 WriteFile
0x1001111c WritePrivateProfileStringA
0x10011120 GetOEMCP
0x10011124 GetCPInfo
0x10011128 GetProcessVersion
0x1001112c GlobalFlags
0x10011130 TlsGetValue
0x10011134 LocalReAlloc
0x10011138 TlsSetValue
0x1001113c EnterCriticalSection
0x10011140 GlobalReAlloc
0x10011144 LeaveCriticalSection
0x10011148 TlsFree
0x1001114c GlobalHandle
0x10011150 DeleteCriticalSection
0x10011154 TlsAlloc
0x10011158 InitializeCriticalSection
0x1001115c LocalFree
0x10011160 LocalAlloc
0x10011164 GetLastError
0x10011168 GlobalFree
0x1001116c CloseHandle
0x10011170 GetModuleFileNameA
0x10011174 GetCurrentProcess
0x10011178 GlobalAlloc
0x1001117c lstrcmpA
0x10011180 GetCurrentThread
0x10011184 lstrcpynA
0x10011188 MultiByteToWideChar
0x1001118c WideCharToMultiByte
0x10011190 lstrlenA
0x10011194 InterlockedDecrement
0x10011198 InterlockedIncrement
0x1001119c GlobalLock
0x100111a0 GlobalUnlock
0x100111a4 MulDiv
0x100111a8 SetLastError
0x100111ac FreeLibrary
0x100111b0 FindResourceA
0x100111b4 LoadResource
0x100111b8 LockResource
0x100111bc GetVersion
0x100111c0 lstrcatA
0x100111c4 GetCurrentThreadId
0x100111c8 GlobalGetAtomNameA
0x100111cc lstrcmpiA
0x100111d0 GlobalAddAtomA
0x100111d4 GlobalFindAtomA
0x100111d8 GlobalDeleteAtom
0x100111dc lstrcpyA
0x100111e0 GetModuleHandleA
0x100111e4 GetProcAddress
0x100111e8 LoadLibraryA
0x100111ec GetStartupInfoA
USER32.dll
0x100111f4 GetDC
0x100111f8 BeginPaint
0x100111fc EndPaint
0x10011200 TabbedTextOutA
0x10011204 GrayStringA
0x10011208 IsDialogMessageA
0x1001120c SetWindowTextA
0x10011210 MoveWindow
0x10011214 ShowWindow
0x10011218 IsWindowEnabled
0x1001121c GetNextDlgTabItem
0x10011220 EnableMenuItem
0x10011224 CheckMenuItem
0x10011228 SetMenuItemBitmaps
0x1001122c ModifyMenuA
0x10011230 GetMenuState
0x10011234 GetMenuCheckMarkDimensions
0x10011238 PostQuitMessage
0x1001123c GetCursorPos
0x10011240 ValidateRect
0x10011244 GetActiveWindow
0x10011248 TranslateMessage
0x1001124c GetMessageA
0x10011250 CreateDialogIndirectParamA
0x10011254 EndDialog
0x10011258 LoadStringA
0x1001125c DestroyMenu
0x10011260 GetClassNameA
0x10011264 PtInRect
0x10011268 PeekMessageA
0x1001126c DispatchMessageA
0x10011270 GetFocus
0x10011274 SetActiveWindow
0x10011278 IsWindow
0x1001127c SetFocus
0x10011280 AdjustWindowRectEx
0x10011284 ClientToScreen
0x10011288 IsWindowVisible
0x1001128c GetTopWindow
0x10011290 MessageBoxA
0x10011294 GetParent
0x10011298 GetCapture
0x1001129c WinHelpA
0x100112a0 wsprintfA
0x100112a4 GetClassInfoA
0x100112a8 RegisterClassA
0x100112ac GetMenuItemCount
0x100112b0 GetSubMenu
0x100112b4 GetMenuItemID
0x100112b8 GetDlgItem
0x100112bc GetWindowTextLengthA
0x100112c0 GetWindowTextA
0x100112c4 GetDlgCtrlID
0x100112c8 GetKeyState
0x100112cc DefWindowProcA
0x100112d0 DestroyWindow
0x100112d4 CreateWindowExA
0x100112d8 SetWindowsHookExA
0x100112dc CallNextHookEx
0x100112e0 GetClassLongA
0x100112e4 SetPropA
0x100112e8 UnhookWindowsHookEx
0x100112ec GetPropA
0x100112f0 CallWindowProcA
0x100112f4 RemovePropA
0x100112f8 GetMessageTime
0x100112fc GetMessagePos
0x10011300 GetLastActivePopup
0x10011304 GetForegroundWindow
0x10011308 SetForegroundWindow
0x1001130c GetWindow
0x10011310 GetWindowLongA
0x10011314 SetWindowLongA
0x10011318 SetWindowPos
0x1001131c RegisterWindowMessageA
0x10011320 GetWindowPlacement
0x10011324 GetWindowRect
0x10011328 IsIconic
0x1001132c GetClientRect
0x10011330 DrawIcon
0x10011334 GetSystemMenu
0x10011338 AppendMenuA
0x1001133c SendMessageA
0x10011340 LoadIconA
0x10011344 SetCursor
0x10011348 DrawTextA
0x1001134c PostMessageA
0x10011350 GetWindowDC
0x10011354 ReleaseDC
0x10011358 SystemParametersInfoA
0x1001135c GetSystemMetrics
0x10011360 SetRect
0x10011364 EnableWindow
0x10011368 UpdateWindow
0x1001136c SendDlgItemMessageA
0x10011370 MapWindowPoints
0x10011374 SetTimer
0x10011378 KillTimer
0x1001137c LoadBitmapA
0x10011380 SetWindowRgn
0x10011384 CopyRect
0x10011388 RedrawWindow
0x1001138c LoadCursorA
0x10011390 GetSysColorBrush
0x10011394 GetSysColor
0x10011398 GetMenu
GDI32.dll
0x10011020 DeleteDC
0x10011024 SaveDC
0x10011028 RestoreDC
0x1001102c SelectObject
0x10011030 GetStockObject
0x10011034 SetBkMode
0x10011038 SetMapMode
0x1001103c SetViewportOrgEx
0x10011040 OffsetViewportOrgEx
0x10011044 SetViewportExtEx
0x10011048 ScaleViewportExtEx
0x1001104c SetWindowExtEx
0x10011050 ScaleWindowExtEx
0x10011054 SetBkColor
0x10011058 GetDeviceCaps
0x1001105c PtVisible
0x10011060 RectVisible
0x10011064 TextOutA
0x10011068 ExtTextOutA
0x1001106c Escape
0x10011070 CreateBitmap
0x10011074 DPtoLP
0x10011078 SetTextColor
0x1001107c GetClipBox
0x10011080 CreateCompatibleDC
0x10011084 BitBlt
0x10011088 GetDIBits
0x1001108c CreateRectRgn
0x10011090 CombineRgn
0x10011094 DeleteObject
0x10011098 GetObjectA
0x1001109c CreateFontIndirectA
WINSPOOL.DRV
0x100113a0 DocumentPropertiesA
0x100113a4 ClosePrinter
0x100113a8 OpenPrinterA
ADVAPI32.dll
0x10011000 RegCreateKeyExA
0x10011004 RegCloseKey
0x10011008 RegSetValueExA
0x1001100c RegOpenKeyExA
COMCTL32.dll
0x10011014 _TrackMouseEvent
0x10011018 None
EAT(Export Address Table) Library
0x10002ba0 StartW
KERNEL32.dll
0x100110a4 HeapAlloc
0x100110a8 GetCommandLineA
0x100110ac RaiseException
0x100110b0 HeapFree
0x100110b4 ExitProcess
0x100110b8 TerminateProcess
0x100110bc HeapSize
0x100110c0 HeapReAlloc
0x100110c4 GetACP
0x100110c8 HeapDestroy
0x100110cc HeapCreate
0x100110d0 VirtualFree
0x100110d4 VirtualAlloc
0x100110d8 IsBadWritePtr
0x100110dc SetHandleCount
0x100110e0 GetStdHandle
0x100110e4 GetFileType
0x100110e8 RtlUnwind
0x100110ec FreeEnvironmentStringsA
0x100110f0 FreeEnvironmentStringsW
0x100110f4 GetEnvironmentStrings
0x100110f8 GetEnvironmentStringsW
0x100110fc SetUnhandledExceptionFilter
0x10011100 LCMapStringA
0x10011104 LCMapStringW
0x10011108 GetStringTypeA
0x1001110c GetStringTypeW
0x10011110 IsBadReadPtr
0x10011114 IsBadCodePtr
0x10011118 WriteFile
0x1001111c WritePrivateProfileStringA
0x10011120 GetOEMCP
0x10011124 GetCPInfo
0x10011128 GetProcessVersion
0x1001112c GlobalFlags
0x10011130 TlsGetValue
0x10011134 LocalReAlloc
0x10011138 TlsSetValue
0x1001113c EnterCriticalSection
0x10011140 GlobalReAlloc
0x10011144 LeaveCriticalSection
0x10011148 TlsFree
0x1001114c GlobalHandle
0x10011150 DeleteCriticalSection
0x10011154 TlsAlloc
0x10011158 InitializeCriticalSection
0x1001115c LocalFree
0x10011160 LocalAlloc
0x10011164 GetLastError
0x10011168 GlobalFree
0x1001116c CloseHandle
0x10011170 GetModuleFileNameA
0x10011174 GetCurrentProcess
0x10011178 GlobalAlloc
0x1001117c lstrcmpA
0x10011180 GetCurrentThread
0x10011184 lstrcpynA
0x10011188 MultiByteToWideChar
0x1001118c WideCharToMultiByte
0x10011190 lstrlenA
0x10011194 InterlockedDecrement
0x10011198 InterlockedIncrement
0x1001119c GlobalLock
0x100111a0 GlobalUnlock
0x100111a4 MulDiv
0x100111a8 SetLastError
0x100111ac FreeLibrary
0x100111b0 FindResourceA
0x100111b4 LoadResource
0x100111b8 LockResource
0x100111bc GetVersion
0x100111c0 lstrcatA
0x100111c4 GetCurrentThreadId
0x100111c8 GlobalGetAtomNameA
0x100111cc lstrcmpiA
0x100111d0 GlobalAddAtomA
0x100111d4 GlobalFindAtomA
0x100111d8 GlobalDeleteAtom
0x100111dc lstrcpyA
0x100111e0 GetModuleHandleA
0x100111e4 GetProcAddress
0x100111e8 LoadLibraryA
0x100111ec GetStartupInfoA
USER32.dll
0x100111f4 GetDC
0x100111f8 BeginPaint
0x100111fc EndPaint
0x10011200 TabbedTextOutA
0x10011204 GrayStringA
0x10011208 IsDialogMessageA
0x1001120c SetWindowTextA
0x10011210 MoveWindow
0x10011214 ShowWindow
0x10011218 IsWindowEnabled
0x1001121c GetNextDlgTabItem
0x10011220 EnableMenuItem
0x10011224 CheckMenuItem
0x10011228 SetMenuItemBitmaps
0x1001122c ModifyMenuA
0x10011230 GetMenuState
0x10011234 GetMenuCheckMarkDimensions
0x10011238 PostQuitMessage
0x1001123c GetCursorPos
0x10011240 ValidateRect
0x10011244 GetActiveWindow
0x10011248 TranslateMessage
0x1001124c GetMessageA
0x10011250 CreateDialogIndirectParamA
0x10011254 EndDialog
0x10011258 LoadStringA
0x1001125c DestroyMenu
0x10011260 GetClassNameA
0x10011264 PtInRect
0x10011268 PeekMessageA
0x1001126c DispatchMessageA
0x10011270 GetFocus
0x10011274 SetActiveWindow
0x10011278 IsWindow
0x1001127c SetFocus
0x10011280 AdjustWindowRectEx
0x10011284 ClientToScreen
0x10011288 IsWindowVisible
0x1001128c GetTopWindow
0x10011290 MessageBoxA
0x10011294 GetParent
0x10011298 GetCapture
0x1001129c WinHelpA
0x100112a0 wsprintfA
0x100112a4 GetClassInfoA
0x100112a8 RegisterClassA
0x100112ac GetMenuItemCount
0x100112b0 GetSubMenu
0x100112b4 GetMenuItemID
0x100112b8 GetDlgItem
0x100112bc GetWindowTextLengthA
0x100112c0 GetWindowTextA
0x100112c4 GetDlgCtrlID
0x100112c8 GetKeyState
0x100112cc DefWindowProcA
0x100112d0 DestroyWindow
0x100112d4 CreateWindowExA
0x100112d8 SetWindowsHookExA
0x100112dc CallNextHookEx
0x100112e0 GetClassLongA
0x100112e4 SetPropA
0x100112e8 UnhookWindowsHookEx
0x100112ec GetPropA
0x100112f0 CallWindowProcA
0x100112f4 RemovePropA
0x100112f8 GetMessageTime
0x100112fc GetMessagePos
0x10011300 GetLastActivePopup
0x10011304 GetForegroundWindow
0x10011308 SetForegroundWindow
0x1001130c GetWindow
0x10011310 GetWindowLongA
0x10011314 SetWindowLongA
0x10011318 SetWindowPos
0x1001131c RegisterWindowMessageA
0x10011320 GetWindowPlacement
0x10011324 GetWindowRect
0x10011328 IsIconic
0x1001132c GetClientRect
0x10011330 DrawIcon
0x10011334 GetSystemMenu
0x10011338 AppendMenuA
0x1001133c SendMessageA
0x10011340 LoadIconA
0x10011344 SetCursor
0x10011348 DrawTextA
0x1001134c PostMessageA
0x10011350 GetWindowDC
0x10011354 ReleaseDC
0x10011358 SystemParametersInfoA
0x1001135c GetSystemMetrics
0x10011360 SetRect
0x10011364 EnableWindow
0x10011368 UpdateWindow
0x1001136c SendDlgItemMessageA
0x10011370 MapWindowPoints
0x10011374 SetTimer
0x10011378 KillTimer
0x1001137c LoadBitmapA
0x10011380 SetWindowRgn
0x10011384 CopyRect
0x10011388 RedrawWindow
0x1001138c LoadCursorA
0x10011390 GetSysColorBrush
0x10011394 GetSysColor
0x10011398 GetMenu
GDI32.dll
0x10011020 DeleteDC
0x10011024 SaveDC
0x10011028 RestoreDC
0x1001102c SelectObject
0x10011030 GetStockObject
0x10011034 SetBkMode
0x10011038 SetMapMode
0x1001103c SetViewportOrgEx
0x10011040 OffsetViewportOrgEx
0x10011044 SetViewportExtEx
0x10011048 ScaleViewportExtEx
0x1001104c SetWindowExtEx
0x10011050 ScaleWindowExtEx
0x10011054 SetBkColor
0x10011058 GetDeviceCaps
0x1001105c PtVisible
0x10011060 RectVisible
0x10011064 TextOutA
0x10011068 ExtTextOutA
0x1001106c Escape
0x10011070 CreateBitmap
0x10011074 DPtoLP
0x10011078 SetTextColor
0x1001107c GetClipBox
0x10011080 CreateCompatibleDC
0x10011084 BitBlt
0x10011088 GetDIBits
0x1001108c CreateRectRgn
0x10011090 CombineRgn
0x10011094 DeleteObject
0x10011098 GetObjectA
0x1001109c CreateFontIndirectA
WINSPOOL.DRV
0x100113a0 DocumentPropertiesA
0x100113a4 ClosePrinter
0x100113a8 OpenPrinterA
ADVAPI32.dll
0x10011000 RegCreateKeyExA
0x10011004 RegCloseKey
0x10011008 RegSetValueExA
0x1001100c RegOpenKeyExA
COMCTL32.dll
0x10011014 _TrackMouseEvent
0x10011018 None
EAT(Export Address Table) Library
0x10002ba0 StartW