ScreenShot
| Created | 2021.10.14 09:39 | Machine | s1_win7_x6401 |
| Filename | twh2xzxtd.jpg | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 6 detected (malicious, high confidence, Unsafe, Static AI, Suspicious PE, Gozi) | ||
| md5 | ac8eb6360389ab8c55a60981aab9b3a6 | ||
| sha256 | eeec0d9f9c56d990ad2f537b919d23117cf9610b2babcc88c2ace6e4387a206c | ||
| ssdeep | 12288:5ZGQdqOGoCJqydLqQSeCqsVK8kPRGO35N9mVSzXc6:5Z0jWjeCVVK8kP9N9oW | ||
| imphash | 5d534ecf7d5a7c2dbdd06071c18f8d1f | ||
| impfuzzy | 48:FC/epupWdSyLnlILZTmccvIt1/j1YwiGtER0gNTQN7mV:FhcaSyLnl2T9cvIt1pYmHRmV | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42d000 CreateEventW
0x42d004 GetVersion
0x42d008 FindClose
0x42d00c FindNextFileW
0x42d010 FindFirstFileW
0x42d014 TlsAlloc
0x42d018 TlsSetValue
0x42d01c GetTempPathW
0x42d020 VirtualProtectEx
0x42d024 GetCurrentDirectoryW
0x42d028 GetWindowsDirectoryW
0x42d02c OpenMutexW
0x42d030 CompareStringW
0x42d034 CompareStringA
0x42d038 GetLocaleInfoW
0x42d03c HeapSize
0x42d040 GetTimeZoneInformation
0x42d044 LCMapStringW
0x42d048 LCMapStringA
0x42d04c LoadLibraryA
0x42d050 InterlockedExchange
0x42d054 FreeLibrary
0x42d058 SetConsoleCtrlHandler
0x42d05c RtlUnwind
0x42d060 InitializeCriticalSection
0x42d064 GetSystemTimeAsFileTime
0x42d068 GetCurrentProcessId
0x42d06c GetTickCount
0x42d070 QueryPerformanceCounter
0x42d074 GetEnvironmentStringsW
0x42d078 WideCharToMultiByte
0x42d07c FreeEnvironmentStringsW
0x42d080 GetEnvironmentStrings
0x42d084 FreeEnvironmentStringsA
0x42d088 GetStartupInfoA
0x42d08c GetFileType
0x42d090 SetHandleCount
0x42d094 GetStringTypeW
0x42d098 MultiByteToWideChar
0x42d09c GetStringTypeA
0x42d0a0 IsValidCodePage
0x42d0a4 IsValidLocale
0x42d0a8 EnumSystemLocalesA
0x42d0ac GetLocaleInfoA
0x42d0b0 GetUserDefaultLCID
0x42d0b4 Sleep
0x42d0b8 GetLastError
0x42d0bc HeapReAlloc
0x42d0c0 HeapAlloc
0x42d0c4 HeapFree
0x42d0c8 InterlockedIncrement
0x42d0cc InterlockedDecrement
0x42d0d0 GetCurrentThreadId
0x42d0d4 GetCommandLineA
0x42d0d8 GetVersionExA
0x42d0dc GetProcessHeap
0x42d0e0 DeleteCriticalSection
0x42d0e4 LeaveCriticalSection
0x42d0e8 FatalAppExitA
0x42d0ec EnterCriticalSection
0x42d0f0 HeapDestroy
0x42d0f4 HeapCreate
0x42d0f8 VirtualFree
0x42d0fc VirtualAlloc
0x42d100 TerminateProcess
0x42d104 GetCurrentProcess
0x42d108 UnhandledExceptionFilter
0x42d10c SetUnhandledExceptionFilter
0x42d110 IsDebuggerPresent
0x42d114 GetProcAddress
0x42d118 GetModuleHandleA
0x42d11c ExitProcess
0x42d120 WriteFile
0x42d124 GetStdHandle
0x42d128 GetModuleFileNameA
0x42d12c GetCPInfo
0x42d130 GetTimeFormatA
0x42d134 GetDateFormatA
0x42d138 TlsGetValue
0x42d13c TlsFree
0x42d140 SetLastError
0x42d144 GetCurrentThread
0x42d148 GetACP
0x42d14c GetOEMCP
0x42d150 SetEnvironmentVariableA
USER32.dll
0x42d158 UnregisterHotKey
0x42d15c BeginDeferWindowPos
0x42d160 TranslateMessage
0x42d164 DeferWindowPos
0x42d168 CreateMenu
0x42d16c GetPropW
0x42d170 RegisterWindowMessageW
WinSCard.dll
0x42d178 SCardIsValidContext
0x42d17c SCardListReaderGroupsW
0x42d180 SCardListReadersW
0x42d184 SCardLocateCardsA
0x42d188 SCardLocateCardsByATRW
0x42d18c SCardControl
0x42d190 SCardDisconnect
0x42d194 SCardEndTransaction
0x42d198 SCardIntroduceReaderGroupW
0x42d19c SCardForgetReaderW
0x42d1a0 SCardForgetReaderGroupW
0x42d1a4 SCardGetAttrib
0x42d1a8 SCardLocateCardsW
0x42d1ac SCardReconnect
0x42d1b0 SCardReleaseContext
0x42d1b4 SCardReleaseStartedEvent
0x42d1b8 SCardRemoveReaderFromGroupW
0x42d1bc SCardIntroduceReaderW
0x42d1c0 SCardGetStatusChangeW
0x42d1c4 SCardConnectW
0x42d1c8 SCardCancel
0x42d1cc SCardBeginTransaction
0x42d1d0 SCardAddReaderToGroupW
0x42d1d4 SCardAccessStartedEvent
0x42d1d8 SCardEstablishContext
EAT(Export Address Table) Library
0x41b980 DictionaryProcess
0x41ba10 Horsefraction
0x41bb20 Pitch
KERNEL32.dll
0x42d000 CreateEventW
0x42d004 GetVersion
0x42d008 FindClose
0x42d00c FindNextFileW
0x42d010 FindFirstFileW
0x42d014 TlsAlloc
0x42d018 TlsSetValue
0x42d01c GetTempPathW
0x42d020 VirtualProtectEx
0x42d024 GetCurrentDirectoryW
0x42d028 GetWindowsDirectoryW
0x42d02c OpenMutexW
0x42d030 CompareStringW
0x42d034 CompareStringA
0x42d038 GetLocaleInfoW
0x42d03c HeapSize
0x42d040 GetTimeZoneInformation
0x42d044 LCMapStringW
0x42d048 LCMapStringA
0x42d04c LoadLibraryA
0x42d050 InterlockedExchange
0x42d054 FreeLibrary
0x42d058 SetConsoleCtrlHandler
0x42d05c RtlUnwind
0x42d060 InitializeCriticalSection
0x42d064 GetSystemTimeAsFileTime
0x42d068 GetCurrentProcessId
0x42d06c GetTickCount
0x42d070 QueryPerformanceCounter
0x42d074 GetEnvironmentStringsW
0x42d078 WideCharToMultiByte
0x42d07c FreeEnvironmentStringsW
0x42d080 GetEnvironmentStrings
0x42d084 FreeEnvironmentStringsA
0x42d088 GetStartupInfoA
0x42d08c GetFileType
0x42d090 SetHandleCount
0x42d094 GetStringTypeW
0x42d098 MultiByteToWideChar
0x42d09c GetStringTypeA
0x42d0a0 IsValidCodePage
0x42d0a4 IsValidLocale
0x42d0a8 EnumSystemLocalesA
0x42d0ac GetLocaleInfoA
0x42d0b0 GetUserDefaultLCID
0x42d0b4 Sleep
0x42d0b8 GetLastError
0x42d0bc HeapReAlloc
0x42d0c0 HeapAlloc
0x42d0c4 HeapFree
0x42d0c8 InterlockedIncrement
0x42d0cc InterlockedDecrement
0x42d0d0 GetCurrentThreadId
0x42d0d4 GetCommandLineA
0x42d0d8 GetVersionExA
0x42d0dc GetProcessHeap
0x42d0e0 DeleteCriticalSection
0x42d0e4 LeaveCriticalSection
0x42d0e8 FatalAppExitA
0x42d0ec EnterCriticalSection
0x42d0f0 HeapDestroy
0x42d0f4 HeapCreate
0x42d0f8 VirtualFree
0x42d0fc VirtualAlloc
0x42d100 TerminateProcess
0x42d104 GetCurrentProcess
0x42d108 UnhandledExceptionFilter
0x42d10c SetUnhandledExceptionFilter
0x42d110 IsDebuggerPresent
0x42d114 GetProcAddress
0x42d118 GetModuleHandleA
0x42d11c ExitProcess
0x42d120 WriteFile
0x42d124 GetStdHandle
0x42d128 GetModuleFileNameA
0x42d12c GetCPInfo
0x42d130 GetTimeFormatA
0x42d134 GetDateFormatA
0x42d138 TlsGetValue
0x42d13c TlsFree
0x42d140 SetLastError
0x42d144 GetCurrentThread
0x42d148 GetACP
0x42d14c GetOEMCP
0x42d150 SetEnvironmentVariableA
USER32.dll
0x42d158 UnregisterHotKey
0x42d15c BeginDeferWindowPos
0x42d160 TranslateMessage
0x42d164 DeferWindowPos
0x42d168 CreateMenu
0x42d16c GetPropW
0x42d170 RegisterWindowMessageW
WinSCard.dll
0x42d178 SCardIsValidContext
0x42d17c SCardListReaderGroupsW
0x42d180 SCardListReadersW
0x42d184 SCardLocateCardsA
0x42d188 SCardLocateCardsByATRW
0x42d18c SCardControl
0x42d190 SCardDisconnect
0x42d194 SCardEndTransaction
0x42d198 SCardIntroduceReaderGroupW
0x42d19c SCardForgetReaderW
0x42d1a0 SCardForgetReaderGroupW
0x42d1a4 SCardGetAttrib
0x42d1a8 SCardLocateCardsW
0x42d1ac SCardReconnect
0x42d1b0 SCardReleaseContext
0x42d1b4 SCardReleaseStartedEvent
0x42d1b8 SCardRemoveReaderFromGroupW
0x42d1bc SCardIntroduceReaderW
0x42d1c0 SCardGetStatusChangeW
0x42d1c4 SCardConnectW
0x42d1c8 SCardCancel
0x42d1cc SCardBeginTransaction
0x42d1d0 SCardAddReaderToGroupW
0x42d1d4 SCardAccessStartedEvent
0x42d1d8 SCardEstablishContext
EAT(Export Address Table) Library
0x41b980 DictionaryProcess
0x41ba10 Horsefraction
0x41bb20 Pitch