Report - trick.exe

Emotet Gen1 UPX Malicious Library PE File OS Processor Check PE32
ScreenShot
Created 2021.10.01 09:42 Machine s1_win7_x6402
Filename trick.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
4
Behavior Score
6.8
ZERO API file : malware
VT API (file) 43 detected (Trickpak, malicious, high confidence, KillProc2, Unsafe, Save, Trickbot, Eldorado, Attribute, HighConfidence, Crypterx, Gencirc, Trickb, FTJC, frzgf, kcloud, TrickBotCrypt, score, R442752, ai score=88, PptIaCGl6uA, Static AI, Suspicious PE, confidence, 100%)
md5 4668a8be8db5bc23fcd4e0b2a237658b
sha256 be73990affb5a559127094b6869889e821b872eeb774940af74b44ee3b503054
ssdeep 12288:671bBfnoWMPARH6GwdGnmrAz9zC0mtwYHDkrchSJkZu06R:obBfnoWoFrAzEwrMuj
imphash 675872e23dfc0f62ffbc2f69c316f4bc
impfuzzy 192:NegooJiFXZ/4zLM6kq5gUSVsmkcRcPc7NM:6tXZ/OLJkmEEf
  Network IP location

Signature (15cnts)

Level Description
danger File has been identified by 43 AntiVirus engines on VirusTotal as malicious
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
watch Communicates with host for which no DNS query was performed
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a suspicious process
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Terminates another process
info Collects information to fingerprint the system (MachineGuid
info One or more processes crashed
info Queries for the computername
info The executable uses a known packer

Rules (7cnts)

Level Name Description Collection
danger Win32_Trojan_Emotet_1_Zero Win32 Trojan Emotet binaries (upload)
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (12cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://186.4.193.75/lib153/TEST22-PC_W617601.7BB1C71156833FBAB1DE0E33B1C9331D/5/kps/ EC Telconet S.A 186.4.193.75 clean
https://186.4.193.75/lib153/TEST22-PC_W617601.7BB1C71156833FBAB1DE0E33B1C9331D/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/ EC Telconet S.A 186.4.193.75 clean
https://186.4.193.75/lib153/TEST22-PC_W617601.7BB1C71156833FBAB1DE0E33B1C9331D/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/RJPBpVX7jvvD7VvtdNZdpR3lrFpX/ EC Telconet S.A 186.4.193.75 clean
https://api.ip.sb/ip US CLOUDFLARENET 104.26.13.31 clean
https://186.4.193.75/lib153/TEST22-PC_W617601.7BB1C71156833FBAB1DE0E33B1C9331D/14/NAT%20status/client%20is%20behind%20NAT/0/ EC Telconet S.A 186.4.193.75 clean
https://186.4.193.75/lib153/TEST22-PC_W617601.7BB1C71156833FBAB1DE0E33B1C9331D/14/user/test22/0/ EC Telconet S.A 186.4.193.75 clean
api.ip.sb US CLOUDFLARENET 172.67.75.172 clean
186.4.193.75 EC Telconet S.A 186.4.193.75 mailcious
103.56.207.230 ID Argon Data Communication 103.56.207.230 clean
104.26.13.31 US CLOUDFLARENET 104.26.13.31 clean
171.103.189.118 TH TRUE INTERNET Co.,Ltd. 171.103.189.118 clean
171.103.187.218 TH TRUE INTERNET Co.,Ltd. 171.103.187.218 clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x42715c GetFileTime
 0x427160 LocalFileTimeToFileTime
 0x427164 SystemTimeToFileTime
 0x427168 SetFileTime
 0x42716c SetFileAttributesA
 0x427170 RtlUnwind
 0x427174 HeapAlloc
 0x427178 GetStartupInfoA
 0x42717c GetCommandLineA
 0x427180 RaiseException
 0x427184 HeapFree
 0x427188 TerminateProcess
 0x42718c CreateThread
 0x427190 ExitThread
 0x427194 GetTimeZoneInformation
 0x427198 GetSystemTime
 0x42719c GetLocalTime
 0x4271a0 GetACP
 0x4271a4 HeapSize
 0x4271a8 HeapReAlloc
 0x4271ac FatalAppExitA
 0x4271b0 Sleep
 0x4271b4 HeapDestroy
 0x4271b8 HeapCreate
 0x4271bc VirtualFree
 0x4271c0 VirtualAlloc
 0x4271c4 IsBadWritePtr
 0x4271c8 GetFileSize
 0x4271cc FreeEnvironmentStringsA
 0x4271d0 FreeEnvironmentStringsW
 0x4271d4 GetEnvironmentStrings
 0x4271d8 GetEnvironmentStringsW
 0x4271dc SetHandleCount
 0x4271e0 GetStdHandle
 0x4271e4 GetFileType
 0x4271e8 SetUnhandledExceptionFilter
 0x4271ec LCMapStringA
 0x4271f0 LCMapStringW
 0x4271f4 GetStringTypeA
 0x4271f8 GetStringTypeW
 0x4271fc IsBadReadPtr
 0x427200 IsBadCodePtr
 0x427204 IsValidLocale
 0x427208 IsValidCodePage
 0x42720c GetLocaleInfoA
 0x427210 EnumSystemLocalesA
 0x427214 GetUserDefaultLCID
 0x427218 GetVersionExA
 0x42721c SetConsoleCtrlHandler
 0x427220 GetLocaleInfoW
 0x427224 CompareStringA
 0x427228 CompareStringW
 0x42722c SetEnvironmentVariableA
 0x427230 GetFileAttributesA
 0x427234 GetShortPathNameA
 0x427238 GetProfileStringA
 0x42723c GetThreadLocale
 0x427240 GetStringTypeExA
 0x427244 GetFullPathNameA
 0x427248 GetVolumeInformationA
 0x42724c FindFirstFileA
 0x427250 FindClose
 0x427254 DeleteFileA
 0x427258 MoveFileA
 0x42725c SetEndOfFile
 0x427260 UnlockFile
 0x427264 LockFile
 0x427268 FlushFileBuffers
 0x42726c SetFilePointer
 0x427270 WriteFile
 0x427274 ReadFile
 0x427278 CreateFileA
 0x42727c GetCurrentProcess
 0x427280 DuplicateHandle
 0x427284 SetErrorMode
 0x427288 SizeofResource
 0x42728c GetCurrentDirectoryA
 0x427290 WritePrivateProfileStringA
 0x427294 GetPrivateProfileStringA
 0x427298 GetPrivateProfileIntA
 0x42729c GetOEMCP
 0x4272a0 GetCPInfo
 0x4272a4 GetProcessVersion
 0x4272a8 GlobalFlags
 0x4272ac TlsGetValue
 0x4272b0 LocalReAlloc
 0x4272b4 TlsSetValue
 0x4272b8 EnterCriticalSection
 0x4272bc GlobalReAlloc
 0x4272c0 LeaveCriticalSection
 0x4272c4 TlsFree
 0x4272c8 GlobalHandle
 0x4272cc DeleteCriticalSection
 0x4272d0 TlsAlloc
 0x4272d4 InitializeCriticalSection
 0x4272d8 LocalFree
 0x4272dc LocalAlloc
 0x4272e0 lstrcpynA
 0x4272e4 GetLastError
 0x4272e8 FileTimeToLocalFileTime
 0x4272ec FileTimeToSystemTime
 0x4272f0 GlobalFree
 0x4272f4 CreateEventA
 0x4272f8 SuspendThread
 0x4272fc SetThreadPriority
 0x427300 ResumeThread
 0x427304 SetEvent
 0x427308 WaitForSingleObject
 0x42730c CloseHandle
 0x427310 GetModuleFileNameA
 0x427314 GlobalAlloc
 0x427318 lstrcmpA
 0x42731c GetCurrentThread
 0x427320 ExitProcess
 0x427324 MultiByteToWideChar
 0x427328 WideCharToMultiByte
 0x42732c lstrlenA
 0x427330 InterlockedDecrement
 0x427334 InterlockedIncrement
 0x427338 GlobalLock
 0x42733c GlobalUnlock
 0x427340 MulDiv
 0x427344 SetLastError
 0x427348 LoadLibraryA
 0x42734c FreeLibrary
 0x427350 FindResourceA
 0x427354 LoadResource
 0x427358 LockResource
 0x42735c GetVersion
 0x427360 lstrcatA
 0x427364 GetCurrentThreadId
 0x427368 GlobalGetAtomNameA
 0x42736c lstrcmpiA
 0x427370 GlobalAddAtomA
 0x427374 GlobalFindAtomA
 0x427378 GlobalDeleteAtom
 0x42737c lstrcpyA
 0x427380 GetModuleHandleA
 0x427384 GetProcAddress
 0x427388 LoadLibraryW
 0x42738c UnhandledExceptionFilter
USER32.dll
 0x4273a8 ScrollWindowEx
 0x4273ac IsDialogMessageA
 0x4273b0 SetWindowTextA
 0x4273b4 MoveWindow
 0x4273b8 ShowWindow
 0x4273bc IsWindowEnabled
 0x4273c0 GetNextDlgTabItem
 0x4273c4 EnableMenuItem
 0x4273c8 CheckMenuItem
 0x4273cc SetMenuItemBitmaps
 0x4273d0 ModifyMenuA
 0x4273d4 GetMenuState
 0x4273d8 LoadBitmapA
 0x4273dc GetMenuCheckMarkDimensions
 0x4273e0 ClientToScreen
 0x4273e4 GetDC
 0x4273e8 ReleaseDC
 0x4273ec GetWindowDC
 0x4273f0 BeginPaint
 0x4273f4 EndPaint
 0x4273f8 TabbedTextOutA
 0x4273fc DrawTextA
 0x427400 GrayStringA
 0x427404 CharToOemA
 0x427408 OemToCharA
 0x42740c PostQuitMessage
 0x427410 ShowOwnedPopups
 0x427414 SetCursor
 0x427418 GetCursorPos
 0x42741c ValidateRect
 0x427420 GetActiveWindow
 0x427424 TranslateMessage
 0x427428 GetMessageA
 0x42742c CreateDialogIndirectParamA
 0x427430 EndDialog
 0x427434 LoadStringA
 0x427438 DestroyMenu
 0x42743c GetClassNameA
 0x427440 PtInRect
 0x427444 GetDesktopWindow
 0x427448 LoadCursorA
 0x42744c GetSysColorBrush
 0x427450 SetCapture
 0x427454 ReleaseCapture
 0x427458 WaitMessage
 0x42745c GetWindowThreadProcessId
 0x427460 WindowFromPoint
 0x427464 InsertMenuA
 0x427468 DeleteMenu
 0x42746c GetMenuStringA
 0x427470 GetDialogBaseUnits
 0x427474 SetRectEmpty
 0x427478 LoadAcceleratorsA
 0x42747c TranslateAcceleratorA
 0x427480 LoadMenuA
 0x427484 SetMenu
 0x427488 ReuseDDElParam
 0x42748c UnpackDDElParam
 0x427490 BringWindowToTop
 0x427494 CharUpperA
 0x427498 CheckRadioButton
 0x42749c CheckDlgButton
 0x4274a0 PostMessageA
 0x4274a4 UpdateWindow
 0x4274a8 SendDlgItemMessageA
 0x4274ac MapWindowPoints
 0x4274b0 GetSysColor
 0x4274b4 PeekMessageA
 0x4274b8 DispatchMessageA
 0x4274bc GetFocus
 0x4274c0 SetActiveWindow
 0x4274c4 IsWindow
 0x4274c8 SetFocus
 0x4274cc IsDlgButtonChecked
 0x4274d0 ScreenToClient
 0x4274d4 EqualRect
 0x4274d8 DeferWindowPos
 0x4274dc BeginDeferWindowPos
 0x4274e0 CopyRect
 0x4274e4 EndDeferWindowPos
 0x4274e8 IsWindowVisible
 0x4274ec ScrollWindow
 0x4274f0 GetScrollInfo
 0x4274f4 SetScrollInfo
 0x4274f8 ShowScrollBar
 0x4274fc GetScrollRange
 0x427500 SetScrollRange
 0x427504 SetScrollPos
 0x427508 GetTopWindow
 0x42750c MessageBoxA
 0x427510 IsChild
 0x427514 GetParent
 0x427518 GetCapture
 0x42751c WinHelpA
 0x427520 wsprintfA
 0x427524 GetClassInfoA
 0x427528 RegisterClassA
 0x42752c GetMenu
 0x427530 GetMenuItemCount
 0x427534 GetSubMenu
 0x427538 GetMenuItemID
 0x42753c TrackPopupMenu
 0x427540 SetWindowPlacement
 0x427544 GetDlgItem
 0x427548 GetWindowTextLengthA
 0x42754c GetWindowTextA
 0x427550 GetDlgCtrlID
 0x427554 GetKeyState
 0x427558 DefWindowProcA
 0x42755c DestroyWindow
 0x427560 CreateWindowExA
 0x427564 SetWindowsHookExA
 0x427568 CallNextHookEx
 0x42756c GetClassLongA
 0x427570 SetPropA
 0x427574 UnhookWindowsHookEx
 0x427578 GetPropA
 0x42757c CallWindowProcA
 0x427580 RemovePropA
 0x427584 GetMessageTime
 0x427588 GetMessagePos
 0x42758c GetLastActivePopup
 0x427590 GetForegroundWindow
 0x427594 SetForegroundWindow
 0x427598 GetWindow
 0x42759c GetWindowLongA
 0x4275a0 SetWindowLongA
 0x4275a4 SetWindowPos
 0x4275a8 RegisterWindowMessageA
 0x4275ac OffsetRect
 0x4275b0 IntersectRect
 0x4275b4 SystemParametersInfoA
 0x4275b8 GetWindowPlacement
 0x4275bc EnableWindow
 0x4275c0 FillRect
 0x4275c4 UnregisterClassA
 0x4275c8 HideCaret
 0x4275cc ShowCaret
 0x4275d0 ExcludeUpdateRgn
 0x4275d4 KillTimer
 0x4275d8 SetTimer
 0x4275dc IsIconic
 0x4275e0 DrawIcon
 0x4275e4 GetSystemMetrics
 0x4275e8 SendMessageA
 0x4275ec GetWindowRect
 0x4275f0 GetSystemMenu
 0x4275f4 AppendMenuA
 0x4275f8 SetDlgItemTextA
 0x4275fc SetDlgItemInt
 0x427600 GetDlgItemTextA
 0x427604 AdjustWindowRectEx
 0x427608 GetDlgItemInt
 0x42760c LoadIconA
 0x427610 InvalidateRect
 0x427614 GetClientRect
 0x427618 IsWindowUnicode
 0x42761c CharNextA
 0x427620 InflateRect
 0x427624 DefDlgProcA
 0x427628 DrawFocusRect
 0x42762c GetScrollPos
GDI32.dll
 0x42702c StartDocA
 0x427030 SaveDC
 0x427034 RestoreDC
 0x427038 GetStockObject
 0x42703c SelectPalette
 0x427040 SetBkMode
 0x427044 SetPolyFillMode
 0x427048 SetROP2
 0x42704c SetStretchBltMode
 0x427050 SetMapMode
 0x427054 SetViewportOrgEx
 0x427058 OffsetViewportOrgEx
 0x42705c SetViewportExtEx
 0x427060 ScaleViewportExtEx
 0x427064 SetWindowOrgEx
 0x427068 OffsetWindowOrgEx
 0x42706c SetWindowExtEx
 0x427070 ScaleWindowExtEx
 0x427074 SelectClipRgn
 0x427078 ExcludeClipRect
 0x42707c IntersectClipRect
 0x427080 OffsetClipRgn
 0x427084 MoveToEx
 0x427088 LineTo
 0x42708c SetTextAlign
 0x427090 SetTextJustification
 0x427094 SetTextCharacterExtra
 0x427098 SetMapperFlags
 0x42709c GetCurrentPositionEx
 0x4270a0 ArcTo
 0x4270a4 DeleteDC
 0x4270a8 PolyDraw
 0x4270ac PolylineTo
 0x4270b0 SetColorAdjustment
 0x4270b4 PolyBezierTo
 0x4270b8 DeleteObject
 0x4270bc GetClipRgn
 0x4270c0 CreateRectRgn
 0x4270c4 SelectClipPath
 0x4270c8 ExtSelectClipRgn
 0x4270cc PlayMetaFileRecord
 0x4270d0 GetObjectType
 0x4270d4 EnumMetaFile
 0x4270d8 PlayMetaFile
 0x4270dc GetDeviceCaps
 0x4270e0 GetViewportExtEx
 0x4270e4 GetWindowExtEx
 0x4270e8 CreatePen
 0x4270ec ExtCreatePen
 0x4270f0 CreateSolidBrush
 0x4270f4 CreateHatchBrush
 0x4270f8 CreatePatternBrush
 0x4270fc CreateDIBPatternBrushPt
 0x427100 PtVisible
 0x427104 RectVisible
 0x427108 TextOutA
 0x42710c ExtTextOutA
 0x427110 Escape
 0x427114 GetTextExtentPoint32A
 0x427118 GetTextMetricsA
 0x42711c CreateFontIndirectA
 0x427120 CreateBitmap
 0x427124 GetObjectA
 0x427128 SetBkColor
 0x42712c SetTextColor
 0x427130 GetClipBox
 0x427134 GetDCOrgEx
 0x427138 BitBlt
 0x42713c SelectObject
 0x427140 CreateCompatibleDC
 0x427144 SetArcDirection
 0x427148 CreateDIBitmap
 0x42714c PatBlt
 0x427150 GetTextExtentPointA
 0x427154 CreateCompatibleBitmap
comdlg32.dll
 0x427644 GetFileTitleA
WINSPOOL.DRV
 0x427634 DocumentPropertiesA
 0x427638 ClosePrinter
 0x42763c OpenPrinterA
ADVAPI32.dll
 0x427000 RegSetValueExA
 0x427004 RegOpenKeyA
 0x427008 RegDeleteKeyA
 0x42700c RegDeleteValueA
 0x427010 RegCloseKey
 0x427014 RegQueryValueExA
 0x427018 RegOpenKeyExA
 0x42701c RegCreateKeyExA
SHELL32.dll
 0x427394 DragQueryFileA
 0x427398 DragFinish
 0x42739c DragAcceptFiles
 0x4273a0 SHGetFileInfoA
COMCTL32.dll
 0x427024 None

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure