ScreenShot
Created | 2021.10.14 15:58 | Machine | s1_win7_x6401 |
Filename | j99zauz.jpg | ||
Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 6 detected (malicious, high confidence, Unsafe, Static AI, Suspicious PE, BScope, TrojanBanker, IcedID) | ||
md5 | fddd5965364792568919cdf03a75f6e0 | ||
sha256 | ccc3dbe6e59089f3f31ceca66125cf024ae13c583275474e50af07788eafd89d | ||
ssdeep | 12288:kuIBuwwMtjp4CqwqyaXPLAfx38TW9DiWUT2tq017JGoLbVW/:72b4wqyaDA5sTWiXT2tq07G2s/ | ||
imphash | 0bdeed4a70b8b1fd5924130bfe75d8bf | ||
impfuzzy | 48:wXepupWdSyLnlILZlmccv6t1/b1YwiGtER0hE9c7ftc:wIcaSyLnl2l9cv6t1hYmwelc |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
info | One or more processes crashed |
info | This executable has a PDB path |
Rules (6cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
info | IsDLL | (no description) | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42c000 FileTimeToLocalFileTime
0x42c004 CreateEventW
0x42c008 GetVersion
0x42c00c FindClose
0x42c010 FindNextFileW
0x42c014 FindFirstFileW
0x42c018 TlsAlloc
0x42c01c GetCurrentDirectoryW
0x42c020 VirtualProtectEx
0x42c024 GetSystemDirectoryW
0x42c028 FindFirstChangeNotificationW
0x42c02c GetWindowsDirectoryW
0x42c030 CompareStringW
0x42c034 CompareStringA
0x42c038 GetLocaleInfoW
0x42c03c HeapSize
0x42c040 GetTimeZoneInformation
0x42c044 LCMapStringW
0x42c048 LCMapStringA
0x42c04c LoadLibraryA
0x42c050 InterlockedExchange
0x42c054 FreeLibrary
0x42c058 SetConsoleCtrlHandler
0x42c05c RtlUnwind
0x42c060 InitializeCriticalSection
0x42c064 GetSystemTimeAsFileTime
0x42c068 GetCurrentProcessId
0x42c06c GetTickCount
0x42c070 QueryPerformanceCounter
0x42c074 GetEnvironmentStringsW
0x42c078 WideCharToMultiByte
0x42c07c FreeEnvironmentStringsW
0x42c080 GetEnvironmentStrings
0x42c084 FreeEnvironmentStringsA
0x42c088 GetStartupInfoA
0x42c08c GetFileType
0x42c090 SetHandleCount
0x42c094 GetStringTypeW
0x42c098 MultiByteToWideChar
0x42c09c GetStringTypeA
0x42c0a0 IsValidCodePage
0x42c0a4 IsValidLocale
0x42c0a8 EnumSystemLocalesA
0x42c0ac GetLocaleInfoA
0x42c0b0 GetUserDefaultLCID
0x42c0b4 Sleep
0x42c0b8 HeapAlloc
0x42c0bc GetLastError
0x42c0c0 HeapFree
0x42c0c4 InterlockedIncrement
0x42c0c8 InterlockedDecrement
0x42c0cc GetCurrentThreadId
0x42c0d0 GetCommandLineA
0x42c0d4 GetVersionExA
0x42c0d8 GetProcessHeap
0x42c0dc DeleteCriticalSection
0x42c0e0 LeaveCriticalSection
0x42c0e4 FatalAppExitA
0x42c0e8 EnterCriticalSection
0x42c0ec HeapDestroy
0x42c0f0 HeapCreate
0x42c0f4 VirtualFree
0x42c0f8 VirtualAlloc
0x42c0fc HeapReAlloc
0x42c100 TerminateProcess
0x42c104 GetCurrentProcess
0x42c108 UnhandledExceptionFilter
0x42c10c SetUnhandledExceptionFilter
0x42c110 IsDebuggerPresent
0x42c114 GetProcAddress
0x42c118 GetModuleHandleA
0x42c11c ExitProcess
0x42c120 WriteFile
0x42c124 GetStdHandle
0x42c128 GetModuleFileNameA
0x42c12c GetCPInfo
0x42c130 GetTimeFormatA
0x42c134 GetDateFormatA
0x42c138 TlsGetValue
0x42c13c TlsSetValue
0x42c140 TlsFree
0x42c144 SetLastError
0x42c148 GetCurrentThread
0x42c14c GetACP
0x42c150 GetOEMCP
0x42c154 SetEnvironmentVariableA
USER32.dll
0x42c15c UnregisterHotKey
0x42c160 BeginDeferWindowPos
0x42c164 TranslateMessage
0x42c168 DeferWindowPos
0x42c16c CreateMenu
0x42c170 GetPropW
0x42c174 RegisterWindowMessageW
WinSCard.dll
0x42c17c SCardLocateCardsByATRW
0x42c180 SCardIsValidContext
0x42c184 SCardLocateCardsA
0x42c188 SCardListReaderGroupsW
0x42c18c SCardReconnect
0x42c190 SCardEndTransaction
0x42c194 SCardReleaseContext
0x42c198 SCardGetAttrib
0x42c19c SCardLocateCardsW
0x42c1a0 SCardIntroduceReaderGroupW
0x42c1a4 SCardRemoveReaderFromGroupW
0x42c1a8 SCardAccessStartedEvent
0x42c1ac SCardForgetReaderW
0x42c1b0 SCardGetStatusChangeW
0x42c1b4 SCardEstablishContext
0x42c1b8 SCardIntroduceReaderW
0x42c1bc SCardControl
0x42c1c0 SCardAddReaderToGroupW
0x42c1c4 SCardForgetReaderGroupW
0x42c1c8 SCardCancel
0x42c1cc SCardReleaseStartedEvent
0x42c1d0 SCardConnectW
0x42c1d4 SCardBeginTransaction
0x42c1d8 SCardListReadersW
0x42c1dc SCardDisconnect
EAT(Export Address Table) Library
0x41a4e0 Growother
0x41a560 Minute
0x41a470 WordForce
KERNEL32.dll
0x42c000 FileTimeToLocalFileTime
0x42c004 CreateEventW
0x42c008 GetVersion
0x42c00c FindClose
0x42c010 FindNextFileW
0x42c014 FindFirstFileW
0x42c018 TlsAlloc
0x42c01c GetCurrentDirectoryW
0x42c020 VirtualProtectEx
0x42c024 GetSystemDirectoryW
0x42c028 FindFirstChangeNotificationW
0x42c02c GetWindowsDirectoryW
0x42c030 CompareStringW
0x42c034 CompareStringA
0x42c038 GetLocaleInfoW
0x42c03c HeapSize
0x42c040 GetTimeZoneInformation
0x42c044 LCMapStringW
0x42c048 LCMapStringA
0x42c04c LoadLibraryA
0x42c050 InterlockedExchange
0x42c054 FreeLibrary
0x42c058 SetConsoleCtrlHandler
0x42c05c RtlUnwind
0x42c060 InitializeCriticalSection
0x42c064 GetSystemTimeAsFileTime
0x42c068 GetCurrentProcessId
0x42c06c GetTickCount
0x42c070 QueryPerformanceCounter
0x42c074 GetEnvironmentStringsW
0x42c078 WideCharToMultiByte
0x42c07c FreeEnvironmentStringsW
0x42c080 GetEnvironmentStrings
0x42c084 FreeEnvironmentStringsA
0x42c088 GetStartupInfoA
0x42c08c GetFileType
0x42c090 SetHandleCount
0x42c094 GetStringTypeW
0x42c098 MultiByteToWideChar
0x42c09c GetStringTypeA
0x42c0a0 IsValidCodePage
0x42c0a4 IsValidLocale
0x42c0a8 EnumSystemLocalesA
0x42c0ac GetLocaleInfoA
0x42c0b0 GetUserDefaultLCID
0x42c0b4 Sleep
0x42c0b8 HeapAlloc
0x42c0bc GetLastError
0x42c0c0 HeapFree
0x42c0c4 InterlockedIncrement
0x42c0c8 InterlockedDecrement
0x42c0cc GetCurrentThreadId
0x42c0d0 GetCommandLineA
0x42c0d4 GetVersionExA
0x42c0d8 GetProcessHeap
0x42c0dc DeleteCriticalSection
0x42c0e0 LeaveCriticalSection
0x42c0e4 FatalAppExitA
0x42c0e8 EnterCriticalSection
0x42c0ec HeapDestroy
0x42c0f0 HeapCreate
0x42c0f4 VirtualFree
0x42c0f8 VirtualAlloc
0x42c0fc HeapReAlloc
0x42c100 TerminateProcess
0x42c104 GetCurrentProcess
0x42c108 UnhandledExceptionFilter
0x42c10c SetUnhandledExceptionFilter
0x42c110 IsDebuggerPresent
0x42c114 GetProcAddress
0x42c118 GetModuleHandleA
0x42c11c ExitProcess
0x42c120 WriteFile
0x42c124 GetStdHandle
0x42c128 GetModuleFileNameA
0x42c12c GetCPInfo
0x42c130 GetTimeFormatA
0x42c134 GetDateFormatA
0x42c138 TlsGetValue
0x42c13c TlsSetValue
0x42c140 TlsFree
0x42c144 SetLastError
0x42c148 GetCurrentThread
0x42c14c GetACP
0x42c150 GetOEMCP
0x42c154 SetEnvironmentVariableA
USER32.dll
0x42c15c UnregisterHotKey
0x42c160 BeginDeferWindowPos
0x42c164 TranslateMessage
0x42c168 DeferWindowPos
0x42c16c CreateMenu
0x42c170 GetPropW
0x42c174 RegisterWindowMessageW
WinSCard.dll
0x42c17c SCardLocateCardsByATRW
0x42c180 SCardIsValidContext
0x42c184 SCardLocateCardsA
0x42c188 SCardListReaderGroupsW
0x42c18c SCardReconnect
0x42c190 SCardEndTransaction
0x42c194 SCardReleaseContext
0x42c198 SCardGetAttrib
0x42c19c SCardLocateCardsW
0x42c1a0 SCardIntroduceReaderGroupW
0x42c1a4 SCardRemoveReaderFromGroupW
0x42c1a8 SCardAccessStartedEvent
0x42c1ac SCardForgetReaderW
0x42c1b0 SCardGetStatusChangeW
0x42c1b4 SCardEstablishContext
0x42c1b8 SCardIntroduceReaderW
0x42c1bc SCardControl
0x42c1c0 SCardAddReaderToGroupW
0x42c1c4 SCardForgetReaderGroupW
0x42c1c8 SCardCancel
0x42c1cc SCardReleaseStartedEvent
0x42c1d0 SCardConnectW
0x42c1d4 SCardBeginTransaction
0x42c1d8 SCardListReadersW
0x42c1dc SCardDisconnect
EAT(Export Address Table) Library
0x41a4e0 Growother
0x41a560 Minute
0x41a470 WordForce