ScreenShot
| Created | 2021.08.18 09:42 | Machine | s1_win7_x6403 |
| Filename | PROG8300_projectExecutable.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 51 detected (AIDetectVM, malware1, Razy, Unsafe, CVE-2017-0213, malicious, Attribute, HighConfidence, score, CVE-2020-1702, CVE20170213, gksdex, Wugw, Malware@#1xcsxigm2fk7k, gyfuu, DownLoader30, Suspicious PE, high confidence, Tiggre, Artemis, ai score=85, BScope, MulDrop, CLOUD, susgen, GdSda, confidence) | ||
| md5 | dba25831a9434a39e84717c9f8f6ba57 | ||
| sha256 | dffd43766e043c068486b3cf9c5abd2a63bf664a41b63befc65b5acd2b59711e | ||
| ssdeep | 24576:wDwDf2/NPJIDdInnCztQEKZm+jWodEESMcR8n:t72Fhe1zR8n | ||
| imphash | d5ae4988730831acfbbd66007518e0f4 | ||
| impfuzzy | 48:tAm2LPt75ObOzPs9H1c+8iWteXtGoZb3tZGr:yVZ75uwPsfc+8LteXtGoZTG | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | Creates executable files on the filesystem |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| info | Command line console output was observed |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x42c1a0 PathRemoveFileSpecW
ADVAPI32.dll
0x42c000 SetTokenInformation
0x42c004 CreateProcessAsUserW
0x42c008 OpenProcessToken
0x42c00c DuplicateTokenEx
ole32.dll
0x42c1a8 CoInitializeSecurity
0x42c1ac CoGetStdMarshalEx
0x42c1b0 CoMarshalInterface
0x42c1b4 CoUninitialize
0x42c1b8 CoCreateInstance
0x42c1bc CoInitialize
OLEAUT32.dll
0x42c17c SysAllocString
0x42c180 VariantClear
0x42c184 CreateTypeLib2
0x42c188 LoadTypeLib
0x42c18c SysAllocStringByteLen
0x42c190 SysStringByteLen
0x42c194 SysStringLen
0x42c198 SysFreeString
KERNEL32.dll
0x42c014 WriteConsoleW
0x42c018 TlsFree
0x42c01c HeapSize
0x42c020 CreateFileW
0x42c024 GetProcessHeap
0x42c028 SetStdHandle
0x42c02c SetEnvironmentVariableW
0x42c030 FreeEnvironmentStringsW
0x42c034 GetEnvironmentStringsW
0x42c038 GetOEMCP
0x42c03c GetACP
0x42c040 IsValidCodePage
0x42c044 FindNextFileW
0x42c048 FindFirstFileExW
0x42c04c FindClose
0x42c050 HeapReAlloc
0x42c054 RemoveDirectoryW
0x42c058 DeleteFileW
0x42c05c ReadConsoleW
0x42c060 SetFilePointerEx
0x42c064 CreateDirectoryA
0x42c068 CreateFileA
0x42c06c DeleteFileA
0x42c070 GetFileSize
0x42c074 QueryDosDeviceW
0x42c078 ReadFile
0x42c07c WriteFile
0x42c080 CloseHandle
0x42c084 Sleep
0x42c088 GetCurrentProcess
0x42c08c GetCurrentProcessId
0x42c090 ProcessIdToSessionId
0x42c094 GetWindowsDirectoryW
0x42c098 GetModuleFileNameW
0x42c09c GetModuleHandleW
0x42c0a0 GetProcAddress
0x42c0a4 LocalAlloc
0x42c0a8 LocalFree
0x42c0ac FormatMessageA
0x42c0b0 OpenMutexA
0x42c0b4 GetLastError
0x42c0b8 WideCharToMultiByte
0x42c0bc EnterCriticalSection
0x42c0c0 LeaveCriticalSection
0x42c0c4 DeleteCriticalSection
0x42c0c8 MultiByteToWideChar
0x42c0cc EncodePointer
0x42c0d0 DecodePointer
0x42c0d4 SetLastError
0x42c0d8 InitializeCriticalSectionAndSpinCount
0x42c0dc SwitchToThread
0x42c0e0 TlsAlloc
0x42c0e4 TlsGetValue
0x42c0e8 TlsSetValue
0x42c0ec SetEndOfFile
0x42c0f0 GetSystemTimeAsFileTime
0x42c0f4 CompareStringW
0x42c0f8 LCMapStringW
0x42c0fc GetLocaleInfoW
0x42c100 GetStringTypeW
0x42c104 GetCPInfo
0x42c108 UnhandledExceptionFilter
0x42c10c SetUnhandledExceptionFilter
0x42c110 TerminateProcess
0x42c114 IsProcessorFeaturePresent
0x42c118 QueryPerformanceCounter
0x42c11c GetCurrentThreadId
0x42c120 InitializeSListHead
0x42c124 IsDebuggerPresent
0x42c128 GetStartupInfoW
0x42c12c GetFileSizeEx
0x42c130 RaiseException
0x42c134 RtlUnwind
0x42c138 FreeLibrary
0x42c13c LoadLibraryExW
0x42c140 ExitProcess
0x42c144 GetModuleHandleExW
0x42c148 GetStdHandle
0x42c14c GetCommandLineA
0x42c150 GetCommandLineW
0x42c154 HeapFree
0x42c158 HeapAlloc
0x42c15c IsValidLocale
0x42c160 GetUserDefaultLCID
0x42c164 EnumSystemLocalesW
0x42c168 GetFileType
0x42c16c FlushFileBuffers
0x42c170 GetConsoleCP
0x42c174 GetConsoleMode
EAT(Export Address Table) is none
SHLWAPI.dll
0x42c1a0 PathRemoveFileSpecW
ADVAPI32.dll
0x42c000 SetTokenInformation
0x42c004 CreateProcessAsUserW
0x42c008 OpenProcessToken
0x42c00c DuplicateTokenEx
ole32.dll
0x42c1a8 CoInitializeSecurity
0x42c1ac CoGetStdMarshalEx
0x42c1b0 CoMarshalInterface
0x42c1b4 CoUninitialize
0x42c1b8 CoCreateInstance
0x42c1bc CoInitialize
OLEAUT32.dll
0x42c17c SysAllocString
0x42c180 VariantClear
0x42c184 CreateTypeLib2
0x42c188 LoadTypeLib
0x42c18c SysAllocStringByteLen
0x42c190 SysStringByteLen
0x42c194 SysStringLen
0x42c198 SysFreeString
KERNEL32.dll
0x42c014 WriteConsoleW
0x42c018 TlsFree
0x42c01c HeapSize
0x42c020 CreateFileW
0x42c024 GetProcessHeap
0x42c028 SetStdHandle
0x42c02c SetEnvironmentVariableW
0x42c030 FreeEnvironmentStringsW
0x42c034 GetEnvironmentStringsW
0x42c038 GetOEMCP
0x42c03c GetACP
0x42c040 IsValidCodePage
0x42c044 FindNextFileW
0x42c048 FindFirstFileExW
0x42c04c FindClose
0x42c050 HeapReAlloc
0x42c054 RemoveDirectoryW
0x42c058 DeleteFileW
0x42c05c ReadConsoleW
0x42c060 SetFilePointerEx
0x42c064 CreateDirectoryA
0x42c068 CreateFileA
0x42c06c DeleteFileA
0x42c070 GetFileSize
0x42c074 QueryDosDeviceW
0x42c078 ReadFile
0x42c07c WriteFile
0x42c080 CloseHandle
0x42c084 Sleep
0x42c088 GetCurrentProcess
0x42c08c GetCurrentProcessId
0x42c090 ProcessIdToSessionId
0x42c094 GetWindowsDirectoryW
0x42c098 GetModuleFileNameW
0x42c09c GetModuleHandleW
0x42c0a0 GetProcAddress
0x42c0a4 LocalAlloc
0x42c0a8 LocalFree
0x42c0ac FormatMessageA
0x42c0b0 OpenMutexA
0x42c0b4 GetLastError
0x42c0b8 WideCharToMultiByte
0x42c0bc EnterCriticalSection
0x42c0c0 LeaveCriticalSection
0x42c0c4 DeleteCriticalSection
0x42c0c8 MultiByteToWideChar
0x42c0cc EncodePointer
0x42c0d0 DecodePointer
0x42c0d4 SetLastError
0x42c0d8 InitializeCriticalSectionAndSpinCount
0x42c0dc SwitchToThread
0x42c0e0 TlsAlloc
0x42c0e4 TlsGetValue
0x42c0e8 TlsSetValue
0x42c0ec SetEndOfFile
0x42c0f0 GetSystemTimeAsFileTime
0x42c0f4 CompareStringW
0x42c0f8 LCMapStringW
0x42c0fc GetLocaleInfoW
0x42c100 GetStringTypeW
0x42c104 GetCPInfo
0x42c108 UnhandledExceptionFilter
0x42c10c SetUnhandledExceptionFilter
0x42c110 TerminateProcess
0x42c114 IsProcessorFeaturePresent
0x42c118 QueryPerformanceCounter
0x42c11c GetCurrentThreadId
0x42c120 InitializeSListHead
0x42c124 IsDebuggerPresent
0x42c128 GetStartupInfoW
0x42c12c GetFileSizeEx
0x42c130 RaiseException
0x42c134 RtlUnwind
0x42c138 FreeLibrary
0x42c13c LoadLibraryExW
0x42c140 ExitProcess
0x42c144 GetModuleHandleExW
0x42c148 GetStdHandle
0x42c14c GetCommandLineA
0x42c150 GetCommandLineW
0x42c154 HeapFree
0x42c158 HeapAlloc
0x42c15c IsValidLocale
0x42c160 GetUserDefaultLCID
0x42c164 EnumSystemLocalesW
0x42c168 GetFileType
0x42c16c FlushFileBuffers
0x42c170 GetConsoleCP
0x42c174 GetConsoleMode
EAT(Export Address Table) is none