ScreenShot
Created | 2021.08.24 12:37 | Machine | s1_win7_x6402 |
Filename | 7215.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 43 detected (Nimnul, VJadtre, Kudj, Unsafe, malicious, Otwycal, PatchLoad, Wapomi, Banload, cstqaj, Generic@ML, RDML, fv1yB8CFNfNzB, iJwCSA, Wali, KA@558nxg, Darkshell, R + W32, Small, Xtreme, Jadtre, ASVirus, CoinMiner, Mikcer, FileInfector, ai score=81, Static AI, Malicious SFX, susgen) | ||
md5 | aeac57103b3c82c0c09cc0521db58362 | ||
sha256 | ade278b6d405437ee6048371f3175f7e9eeb257c6d1f8e6c8612b0316a516f25 | ||
ssdeep | 196608:D1zSWo0hLdTDRwa3VFy0FQzOkGOU47EpHiO:EadTDRd32GQzOIJ7IH/ | ||
imphash | 9d1f0da408c33eebb70b9bfa17b7fddc | ||
impfuzzy | 48:nOIUhKfTfSXFSx+fcmX1n6L23dCGi2dtzZhm:nWhKfWXFSx+fcmX1nPtCGrdtzZhm |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Creates executable files on the filesystem |
notice | Drops an executable to the user AppData folder |
notice | Foreign language identified in PE resource |
info | This executable has a PDB path |
Rules (15cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
warning | themida_packer | themida packer | binaries (download) |
watch | ASPack_Zero | ASPack packed file | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (download) |
info | IsDLL | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (download) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42b000 GetLastError
0x42b004 SetLastError
0x42b008 CloseHandle
0x42b00c GetCurrentProcess
0x42b010 CreateHardLinkW
0x42b014 DeleteFileW
0x42b018 RemoveDirectoryW
0x42b01c DeviceIoControl
0x42b020 CreateDirectoryW
0x42b024 CreateFileW
0x42b028 SetFileTime
0x42b02c MoveFileW
0x42b030 GetShortPathNameW
0x42b034 GetLongPathNameW
0x42b038 WriteFile
0x42b03c GetStdHandle
0x42b040 SetFilePointer
0x42b044 SetEndOfFile
0x42b048 FlushFileBuffers
0x42b04c GetFileType
0x42b050 ReadFile
0x42b054 GetFileAttributesW
0x42b058 SetFileAttributesW
0x42b05c FindClose
0x42b060 FindNextFileW
0x42b064 FindFirstFileW
0x42b068 GetVersionExW
0x42b06c GetCurrentDirectoryW
0x42b070 FoldStringW
0x42b074 GetFullPathNameW
0x42b078 GetModuleFileNameW
0x42b07c FindResourceW
0x42b080 GetModuleHandleW
0x42b084 FreeLibrary
0x42b088 GetProcAddress
0x42b08c GetCurrentProcessId
0x42b090 GetLocaleInfoW
0x42b094 GetNumberFormatW
0x42b098 SetEnvironmentVariableW
0x42b09c ExpandEnvironmentStringsW
0x42b0a0 WaitForSingleObject
0x42b0a4 GetDateFormatW
0x42b0a8 GetTimeFormatW
0x42b0ac FileTimeToSystemTime
0x42b0b0 FileTimeToLocalFileTime
0x42b0b4 GetExitCodeProcess
0x42b0b8 GetTempPathW
0x42b0bc MoveFileExW
0x42b0c0 UnmapViewOfFile
0x42b0c4 Sleep
0x42b0c8 MapViewOfFile
0x42b0cc GetCommandLineW
0x42b0d0 CreateFileMappingW
0x42b0d4 GetTickCount
0x42b0d8 GetLocalTime
0x42b0dc OpenFileMappingW
0x42b0e0 SetThreadExecutionState
0x42b0e4 LoadLibraryW
0x42b0e8 GetSystemDirectoryW
0x42b0ec ExitProcess
0x42b0f0 FreeConsole
0x42b0f4 WriteConsoleW
0x42b0f8 AttachConsole
0x42b0fc AllocConsole
0x42b100 InitializeCriticalSection
0x42b104 DeleteCriticalSection
0x42b108 EnterCriticalSection
0x42b10c LeaveCriticalSection
0x42b110 CreateThread
0x42b114 GetProcessAffinityMask
0x42b118 CreateEventW
0x42b11c CreateSemaphoreW
0x42b120 ReleaseSemaphore
0x42b124 ResetEvent
0x42b128 SetEvent
0x42b12c SetThreadPriority
0x42b130 SystemTimeToFileTime
0x42b134 GetSystemTime
0x42b138 SystemTimeToTzSpecificLocalTime
0x42b13c TzSpecificLocalTimeToSystemTime
0x42b140 LocalFileTimeToFileTime
0x42b144 WideCharToMultiByte
0x42b148 MultiByteToWideChar
0x42b14c CompareStringW
0x42b150 IsDBCSLeadByte
0x42b154 GetCPInfo
0x42b158 GlobalAlloc
0x42b15c SetCurrentDirectoryW
0x42b160 LocalAlloc
0x42b164 InterlockedExchange
0x42b168 LoadLibraryA
0x42b16c RaiseException
0x42b170 RtlUnwind
0x42b174 HeapFree
0x42b178 HeapReAlloc
0x42b17c HeapAlloc
0x42b180 GetSystemTimeAsFileTime
0x42b184 GetCommandLineA
0x42b188 GetStartupInfoA
0x42b18c TlsGetValue
0x42b190 TlsAlloc
0x42b194 TlsSetValue
0x42b198 TlsFree
0x42b19c InterlockedIncrement
0x42b1a0 GetCurrentThreadId
0x42b1a4 InterlockedDecrement
0x42b1a8 HeapCreate
0x42b1ac VirtualFree
0x42b1b0 VirtualAlloc
0x42b1b4 TerminateProcess
0x42b1b8 UnhandledExceptionFilter
0x42b1bc SetUnhandledExceptionFilter
0x42b1c0 IsDebuggerPresent
0x42b1c4 HeapSize
0x42b1c8 GetModuleFileNameA
0x42b1cc GetACP
0x42b1d0 GetOEMCP
0x42b1d4 IsValidCodePage
0x42b1d8 LCMapStringA
0x42b1dc LCMapStringW
0x42b1e0 GetModuleHandleA
0x42b1e4 FreeEnvironmentStringsA
0x42b1e8 GetEnvironmentStrings
0x42b1ec FreeEnvironmentStringsW
0x42b1f0 GetEnvironmentStringsW
0x42b1f4 SetHandleCount
0x42b1f8 QueryPerformanceCounter
0x42b1fc InitializeCriticalSectionAndSpinCount
0x42b200 GetConsoleCP
0x42b204 GetConsoleMode
0x42b208 GetStringTypeA
0x42b20c GetStringTypeW
0x42b210 GetLocaleInfoA
0x42b214 SetStdHandle
0x42b218 WriteConsoleA
0x42b21c GetConsoleOutputCP
0x42b220 CreateFileA
EAT(Export Address Table) Library
KERNEL32.dll
0x42b000 GetLastError
0x42b004 SetLastError
0x42b008 CloseHandle
0x42b00c GetCurrentProcess
0x42b010 CreateHardLinkW
0x42b014 DeleteFileW
0x42b018 RemoveDirectoryW
0x42b01c DeviceIoControl
0x42b020 CreateDirectoryW
0x42b024 CreateFileW
0x42b028 SetFileTime
0x42b02c MoveFileW
0x42b030 GetShortPathNameW
0x42b034 GetLongPathNameW
0x42b038 WriteFile
0x42b03c GetStdHandle
0x42b040 SetFilePointer
0x42b044 SetEndOfFile
0x42b048 FlushFileBuffers
0x42b04c GetFileType
0x42b050 ReadFile
0x42b054 GetFileAttributesW
0x42b058 SetFileAttributesW
0x42b05c FindClose
0x42b060 FindNextFileW
0x42b064 FindFirstFileW
0x42b068 GetVersionExW
0x42b06c GetCurrentDirectoryW
0x42b070 FoldStringW
0x42b074 GetFullPathNameW
0x42b078 GetModuleFileNameW
0x42b07c FindResourceW
0x42b080 GetModuleHandleW
0x42b084 FreeLibrary
0x42b088 GetProcAddress
0x42b08c GetCurrentProcessId
0x42b090 GetLocaleInfoW
0x42b094 GetNumberFormatW
0x42b098 SetEnvironmentVariableW
0x42b09c ExpandEnvironmentStringsW
0x42b0a0 WaitForSingleObject
0x42b0a4 GetDateFormatW
0x42b0a8 GetTimeFormatW
0x42b0ac FileTimeToSystemTime
0x42b0b0 FileTimeToLocalFileTime
0x42b0b4 GetExitCodeProcess
0x42b0b8 GetTempPathW
0x42b0bc MoveFileExW
0x42b0c0 UnmapViewOfFile
0x42b0c4 Sleep
0x42b0c8 MapViewOfFile
0x42b0cc GetCommandLineW
0x42b0d0 CreateFileMappingW
0x42b0d4 GetTickCount
0x42b0d8 GetLocalTime
0x42b0dc OpenFileMappingW
0x42b0e0 SetThreadExecutionState
0x42b0e4 LoadLibraryW
0x42b0e8 GetSystemDirectoryW
0x42b0ec ExitProcess
0x42b0f0 FreeConsole
0x42b0f4 WriteConsoleW
0x42b0f8 AttachConsole
0x42b0fc AllocConsole
0x42b100 InitializeCriticalSection
0x42b104 DeleteCriticalSection
0x42b108 EnterCriticalSection
0x42b10c LeaveCriticalSection
0x42b110 CreateThread
0x42b114 GetProcessAffinityMask
0x42b118 CreateEventW
0x42b11c CreateSemaphoreW
0x42b120 ReleaseSemaphore
0x42b124 ResetEvent
0x42b128 SetEvent
0x42b12c SetThreadPriority
0x42b130 SystemTimeToFileTime
0x42b134 GetSystemTime
0x42b138 SystemTimeToTzSpecificLocalTime
0x42b13c TzSpecificLocalTimeToSystemTime
0x42b140 LocalFileTimeToFileTime
0x42b144 WideCharToMultiByte
0x42b148 MultiByteToWideChar
0x42b14c CompareStringW
0x42b150 IsDBCSLeadByte
0x42b154 GetCPInfo
0x42b158 GlobalAlloc
0x42b15c SetCurrentDirectoryW
0x42b160 LocalAlloc
0x42b164 InterlockedExchange
0x42b168 LoadLibraryA
0x42b16c RaiseException
0x42b170 RtlUnwind
0x42b174 HeapFree
0x42b178 HeapReAlloc
0x42b17c HeapAlloc
0x42b180 GetSystemTimeAsFileTime
0x42b184 GetCommandLineA
0x42b188 GetStartupInfoA
0x42b18c TlsGetValue
0x42b190 TlsAlloc
0x42b194 TlsSetValue
0x42b198 TlsFree
0x42b19c InterlockedIncrement
0x42b1a0 GetCurrentThreadId
0x42b1a4 InterlockedDecrement
0x42b1a8 HeapCreate
0x42b1ac VirtualFree
0x42b1b0 VirtualAlloc
0x42b1b4 TerminateProcess
0x42b1b8 UnhandledExceptionFilter
0x42b1bc SetUnhandledExceptionFilter
0x42b1c0 IsDebuggerPresent
0x42b1c4 HeapSize
0x42b1c8 GetModuleFileNameA
0x42b1cc GetACP
0x42b1d0 GetOEMCP
0x42b1d4 IsValidCodePage
0x42b1d8 LCMapStringA
0x42b1dc LCMapStringW
0x42b1e0 GetModuleHandleA
0x42b1e4 FreeEnvironmentStringsA
0x42b1e8 GetEnvironmentStrings
0x42b1ec FreeEnvironmentStringsW
0x42b1f0 GetEnvironmentStringsW
0x42b1f4 SetHandleCount
0x42b1f8 QueryPerformanceCounter
0x42b1fc InitializeCriticalSectionAndSpinCount
0x42b200 GetConsoleCP
0x42b204 GetConsoleMode
0x42b208 GetStringTypeA
0x42b20c GetStringTypeW
0x42b210 GetLocaleInfoA
0x42b214 SetStdHandle
0x42b218 WriteConsoleA
0x42b21c GetConsoleOutputCP
0x42b220 CreateFileA
EAT(Export Address Table) Library