ScreenShot
| Created | 2021.10.28 17:55 | Machine | s1_win7_x6403 |
| Filename | antiplane.png | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | a27e5c0561e2699272e85de4480265e7 | ||
| sha256 | 5b4958ffe28cc0b283a10cd7e86a6867edf348e3f550a6a3a7c56182b1e8bf3c | ||
| ssdeep | 3072:FgfHqFZ8uslzzc8gHcJoTuHNjcEFiO8bKfg+SjvXJXmYxoLmMJhKI:FgfHcZ8C8aiN4EsOhghXJXnxoyo | ||
| imphash | c3d6826844acb3f243b37ea8c3954775 | ||
| impfuzzy | 96:CJEgIJKx/Y+nqFhMbwjGM/jg+ISVFnL2cRcLxKC:QRWFm2GM/jgvSVFnCcRcp | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable uses a known packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4140b4 HeapDestroy
0x4140b8 HeapCreate
0x4140bc VirtualFree
0x4140c0 VirtualAlloc
0x4140c4 IsBadWritePtr
0x4140c8 UnhandledExceptionFilter
0x4140cc FreeEnvironmentStringsA
0x4140d0 FreeEnvironmentStringsW
0x4140d4 GetEnvironmentStrings
0x4140d8 GetEnvironmentStringsW
0x4140dc SetHandleCount
0x4140e0 GetStdHandle
0x4140e4 GetFileType
0x4140e8 SetUnhandledExceptionFilter
0x4140ec LCMapStringA
0x4140f0 GetStringTypeA
0x4140f4 GetStringTypeW
0x4140f8 IsBadReadPtr
0x4140fc IsBadCodePtr
0x414100 GetACP
0x414104 GetProfileStringA
0x414108 HeapReAlloc
0x41410c HeapSize
0x414110 TerminateProcess
0x414114 HeapFree
0x414118 RaiseException
0x41411c GetCommandLineA
0x414120 GetStartupInfoA
0x414124 HeapAlloc
0x414128 RtlUnwind
0x41412c WriteFile
0x414130 GetCurrentProcess
0x414134 SetErrorMode
0x414138 SizeofResource
0x41413c WritePrivateProfileStringA
0x414140 MultiByteToWideChar
0x414144 WideCharToMultiByte
0x414148 GetOEMCP
0x41414c GetCPInfo
0x414150 GetProcessVersion
0x414154 GlobalFlags
0x414158 TlsGetValue
0x41415c LocalReAlloc
0x414160 TlsSetValue
0x414164 EnterCriticalSection
0x414168 GlobalReAlloc
0x41416c LeaveCriticalSection
0x414170 TlsFree
0x414174 GlobalHandle
0x414178 DeleteCriticalSection
0x41417c TlsAlloc
0x414180 InitializeCriticalSection
0x414184 LocalFree
0x414188 LocalAlloc
0x41418c GetLastError
0x414190 ExitProcess
0x414194 InterlockedDecrement
0x414198 GlobalFree
0x41419c CloseHandle
0x4141a0 GetModuleFileNameA
0x4141a4 GlobalAlloc
0x4141a8 lstrcmpA
0x4141ac GetCurrentThread
0x4141b0 lstrcpynA
0x4141b4 GlobalLock
0x4141b8 GlobalUnlock
0x4141bc MulDiv
0x4141c0 SetLastError
0x4141c4 lstrlenA
0x4141c8 FreeLibrary
0x4141cc FindResourceA
0x4141d0 LoadResource
0x4141d4 LockResource
0x4141d8 GetVersion
0x4141dc lstrcatA
0x4141e0 GetCurrentThreadId
0x4141e4 GlobalGetAtomNameA
0x4141e8 lstrcmpiA
0x4141ec GlobalAddAtomA
0x4141f0 GlobalFindAtomA
0x4141f4 GlobalDeleteAtom
0x4141f8 lstrcpyA
0x4141fc GetModuleHandleA
0x414200 GetProcAddress
0x414204 LoadLibraryA
0x414208 LCMapStringW
USER32.dll
0x414210 TabbedTextOutA
0x414214 DrawTextA
0x414218 GrayStringA
0x41421c InflateRect
0x414220 PostQuitMessage
0x414224 SetCursor
0x414228 GetCursorPos
0x41422c ValidateRect
0x414230 GetActiveWindow
0x414234 TranslateMessage
0x414238 GetMessageA
0x41423c CreateDialogIndirectParamA
0x414240 EndDialog
0x414244 GetClassNameA
0x414248 PtInRect
0x41424c LoadCursorA
0x414250 GetSysColorBrush
0x414254 DestroyMenu
0x414258 LoadStringA
0x41425c ReleaseDC
0x414260 GetMenuCheckMarkDimensions
0x414264 LoadBitmapA
0x414268 GetMenuState
0x41426c ModifyMenuA
0x414270 SetMenuItemBitmaps
0x414274 CheckMenuItem
0x414278 EnableMenuItem
0x41427c GetNextDlgTabItem
0x414280 IsWindowEnabled
0x414284 ShowWindow
0x414288 SetWindowTextA
0x41428c IsDialogMessageA
0x414290 PostMessageA
0x414294 UpdateWindow
0x414298 SendDlgItemMessageA
0x41429c MapWindowPoints
0x4142a0 PeekMessageA
0x4142a4 EndPaint
0x4142a8 GetFocus
0x4142ac SetActiveWindow
0x4142b0 IsWindow
0x4142b4 SetFocus
0x4142b8 AdjustWindowRectEx
0x4142bc ScreenToClient
0x4142c0 IsWindowVisible
0x4142c4 GetTopWindow
0x4142c8 MessageBoxA
0x4142cc GetCapture
0x4142d0 WinHelpA
0x4142d4 wsprintfA
0x4142d8 GetClassInfoA
0x4142dc RegisterClassA
0x4142e0 GetMenu
0x4142e4 GetMenuItemCount
0x4142e8 GetSubMenu
0x4142ec GetMenuItemID
0x4142f0 GetDlgItem
0x4142f4 GetWindowTextLengthA
0x4142f8 GetWindowTextA
0x4142fc GetDlgCtrlID
0x414300 GetKeyState
0x414304 DefWindowProcA
0x414308 DestroyWindow
0x41430c CreateWindowExA
0x414310 SetWindowsHookExA
0x414314 CallNextHookEx
0x414318 GetClassLongA
0x41431c SetPropA
0x414320 UnhookWindowsHookEx
0x414324 GetPropA
0x414328 CallWindowProcA
0x41432c RemovePropA
0x414330 GetMessageTime
0x414334 GetMessagePos
0x414338 GetLastActivePopup
0x41433c GetForegroundWindow
0x414340 SetForegroundWindow
0x414344 GetWindow
0x414348 GetWindowLongA
0x41434c EnableWindow
0x414350 UnregisterClassA
0x414354 HideCaret
0x414358 ShowCaret
0x41435c ExcludeUpdateRgn
0x414360 DrawFocusRect
0x414364 SetWindowLongA
0x414368 SetWindowPos
0x41436c RegisterWindowMessageA
0x414370 OffsetRect
0x414374 IntersectRect
0x414378 SystemParametersInfoA
0x41437c GetWindowPlacement
0x414380 LoadImageA
0x414384 IsIconic
0x414388 BeginPaint
0x41438c GetWindowDC
0x414390 ClientToScreen
0x414394 DispatchMessageA
0x414398 GetDC
0x41439c DrawIcon
0x4143a0 GetSystemMetrics
0x4143a4 LoadIconA
0x4143a8 InvalidateRect
0x4143ac SendMessageA
0x4143b0 GetSysColor
0x4143b4 GetParent
0x4143b8 GetClientRect
0x4143bc GetWindowRect
0x4143c0 CopyRect
0x4143c4 DrawEdge
0x4143c8 IsWindowUnicode
0x4143cc CharNextA
0x4143d0 DefDlgProcA
GDI32.dll
0x41401c SaveDC
0x414020 RestoreDC
0x414024 GetStockObject
0x414028 SetBkMode
0x41402c SetMapMode
0x414030 SetViewportOrgEx
0x414034 OffsetViewportOrgEx
0x414038 SetViewportExtEx
0x41403c ScaleViewportExtEx
0x414040 SetWindowExtEx
0x414044 ScaleWindowExtEx
0x414048 IntersectClipRect
0x41404c GetDeviceCaps
0x414050 PtVisible
0x414054 RectVisible
0x414058 TextOutA
0x41405c ExtTextOutA
0x414060 Escape
0x414064 PatBlt
0x414068 CreateBitmap
0x41406c GetClipBox
0x414070 CreateHalftonePalette
0x414074 CreatePalette
0x414078 GetDIBColorTable
0x41407c GetObjectA
0x414080 CreateSolidBrush
0x414084 Ellipse
0x414088 CreateCompatibleDC
0x41408c CreateCompatibleBitmap
0x414090 BitBlt
0x414094 SetBkColor
0x414098 SetTextColor
0x41409c SelectObject
0x4140a0 DeleteObject
0x4140a4 CreateDIBitmap
0x4140a8 GetTextExtentPointA
0x4140ac DeleteDC
WINSPOOL.DRV
0x4143d8 DocumentPropertiesA
0x4143dc ClosePrinter
0x4143e0 OpenPrinterA
ADVAPI32.dll
0x414000 RegCreateKeyExA
0x414004 RegOpenKeyExA
0x414008 RegSetValueExA
0x41400c RegCloseKey
COMCTL32.dll
0x414014 None
EAT(Export Address Table) Library
0x401be2 mmjki
KERNEL32.dll
0x4140b4 HeapDestroy
0x4140b8 HeapCreate
0x4140bc VirtualFree
0x4140c0 VirtualAlloc
0x4140c4 IsBadWritePtr
0x4140c8 UnhandledExceptionFilter
0x4140cc FreeEnvironmentStringsA
0x4140d0 FreeEnvironmentStringsW
0x4140d4 GetEnvironmentStrings
0x4140d8 GetEnvironmentStringsW
0x4140dc SetHandleCount
0x4140e0 GetStdHandle
0x4140e4 GetFileType
0x4140e8 SetUnhandledExceptionFilter
0x4140ec LCMapStringA
0x4140f0 GetStringTypeA
0x4140f4 GetStringTypeW
0x4140f8 IsBadReadPtr
0x4140fc IsBadCodePtr
0x414100 GetACP
0x414104 GetProfileStringA
0x414108 HeapReAlloc
0x41410c HeapSize
0x414110 TerminateProcess
0x414114 HeapFree
0x414118 RaiseException
0x41411c GetCommandLineA
0x414120 GetStartupInfoA
0x414124 HeapAlloc
0x414128 RtlUnwind
0x41412c WriteFile
0x414130 GetCurrentProcess
0x414134 SetErrorMode
0x414138 SizeofResource
0x41413c WritePrivateProfileStringA
0x414140 MultiByteToWideChar
0x414144 WideCharToMultiByte
0x414148 GetOEMCP
0x41414c GetCPInfo
0x414150 GetProcessVersion
0x414154 GlobalFlags
0x414158 TlsGetValue
0x41415c LocalReAlloc
0x414160 TlsSetValue
0x414164 EnterCriticalSection
0x414168 GlobalReAlloc
0x41416c LeaveCriticalSection
0x414170 TlsFree
0x414174 GlobalHandle
0x414178 DeleteCriticalSection
0x41417c TlsAlloc
0x414180 InitializeCriticalSection
0x414184 LocalFree
0x414188 LocalAlloc
0x41418c GetLastError
0x414190 ExitProcess
0x414194 InterlockedDecrement
0x414198 GlobalFree
0x41419c CloseHandle
0x4141a0 GetModuleFileNameA
0x4141a4 GlobalAlloc
0x4141a8 lstrcmpA
0x4141ac GetCurrentThread
0x4141b0 lstrcpynA
0x4141b4 GlobalLock
0x4141b8 GlobalUnlock
0x4141bc MulDiv
0x4141c0 SetLastError
0x4141c4 lstrlenA
0x4141c8 FreeLibrary
0x4141cc FindResourceA
0x4141d0 LoadResource
0x4141d4 LockResource
0x4141d8 GetVersion
0x4141dc lstrcatA
0x4141e0 GetCurrentThreadId
0x4141e4 GlobalGetAtomNameA
0x4141e8 lstrcmpiA
0x4141ec GlobalAddAtomA
0x4141f0 GlobalFindAtomA
0x4141f4 GlobalDeleteAtom
0x4141f8 lstrcpyA
0x4141fc GetModuleHandleA
0x414200 GetProcAddress
0x414204 LoadLibraryA
0x414208 LCMapStringW
USER32.dll
0x414210 TabbedTextOutA
0x414214 DrawTextA
0x414218 GrayStringA
0x41421c InflateRect
0x414220 PostQuitMessage
0x414224 SetCursor
0x414228 GetCursorPos
0x41422c ValidateRect
0x414230 GetActiveWindow
0x414234 TranslateMessage
0x414238 GetMessageA
0x41423c CreateDialogIndirectParamA
0x414240 EndDialog
0x414244 GetClassNameA
0x414248 PtInRect
0x41424c LoadCursorA
0x414250 GetSysColorBrush
0x414254 DestroyMenu
0x414258 LoadStringA
0x41425c ReleaseDC
0x414260 GetMenuCheckMarkDimensions
0x414264 LoadBitmapA
0x414268 GetMenuState
0x41426c ModifyMenuA
0x414270 SetMenuItemBitmaps
0x414274 CheckMenuItem
0x414278 EnableMenuItem
0x41427c GetNextDlgTabItem
0x414280 IsWindowEnabled
0x414284 ShowWindow
0x414288 SetWindowTextA
0x41428c IsDialogMessageA
0x414290 PostMessageA
0x414294 UpdateWindow
0x414298 SendDlgItemMessageA
0x41429c MapWindowPoints
0x4142a0 PeekMessageA
0x4142a4 EndPaint
0x4142a8 GetFocus
0x4142ac SetActiveWindow
0x4142b0 IsWindow
0x4142b4 SetFocus
0x4142b8 AdjustWindowRectEx
0x4142bc ScreenToClient
0x4142c0 IsWindowVisible
0x4142c4 GetTopWindow
0x4142c8 MessageBoxA
0x4142cc GetCapture
0x4142d0 WinHelpA
0x4142d4 wsprintfA
0x4142d8 GetClassInfoA
0x4142dc RegisterClassA
0x4142e0 GetMenu
0x4142e4 GetMenuItemCount
0x4142e8 GetSubMenu
0x4142ec GetMenuItemID
0x4142f0 GetDlgItem
0x4142f4 GetWindowTextLengthA
0x4142f8 GetWindowTextA
0x4142fc GetDlgCtrlID
0x414300 GetKeyState
0x414304 DefWindowProcA
0x414308 DestroyWindow
0x41430c CreateWindowExA
0x414310 SetWindowsHookExA
0x414314 CallNextHookEx
0x414318 GetClassLongA
0x41431c SetPropA
0x414320 UnhookWindowsHookEx
0x414324 GetPropA
0x414328 CallWindowProcA
0x41432c RemovePropA
0x414330 GetMessageTime
0x414334 GetMessagePos
0x414338 GetLastActivePopup
0x41433c GetForegroundWindow
0x414340 SetForegroundWindow
0x414344 GetWindow
0x414348 GetWindowLongA
0x41434c EnableWindow
0x414350 UnregisterClassA
0x414354 HideCaret
0x414358 ShowCaret
0x41435c ExcludeUpdateRgn
0x414360 DrawFocusRect
0x414364 SetWindowLongA
0x414368 SetWindowPos
0x41436c RegisterWindowMessageA
0x414370 OffsetRect
0x414374 IntersectRect
0x414378 SystemParametersInfoA
0x41437c GetWindowPlacement
0x414380 LoadImageA
0x414384 IsIconic
0x414388 BeginPaint
0x41438c GetWindowDC
0x414390 ClientToScreen
0x414394 DispatchMessageA
0x414398 GetDC
0x41439c DrawIcon
0x4143a0 GetSystemMetrics
0x4143a4 LoadIconA
0x4143a8 InvalidateRect
0x4143ac SendMessageA
0x4143b0 GetSysColor
0x4143b4 GetParent
0x4143b8 GetClientRect
0x4143bc GetWindowRect
0x4143c0 CopyRect
0x4143c4 DrawEdge
0x4143c8 IsWindowUnicode
0x4143cc CharNextA
0x4143d0 DefDlgProcA
GDI32.dll
0x41401c SaveDC
0x414020 RestoreDC
0x414024 GetStockObject
0x414028 SetBkMode
0x41402c SetMapMode
0x414030 SetViewportOrgEx
0x414034 OffsetViewportOrgEx
0x414038 SetViewportExtEx
0x41403c ScaleViewportExtEx
0x414040 SetWindowExtEx
0x414044 ScaleWindowExtEx
0x414048 IntersectClipRect
0x41404c GetDeviceCaps
0x414050 PtVisible
0x414054 RectVisible
0x414058 TextOutA
0x41405c ExtTextOutA
0x414060 Escape
0x414064 PatBlt
0x414068 CreateBitmap
0x41406c GetClipBox
0x414070 CreateHalftonePalette
0x414074 CreatePalette
0x414078 GetDIBColorTable
0x41407c GetObjectA
0x414080 CreateSolidBrush
0x414084 Ellipse
0x414088 CreateCompatibleDC
0x41408c CreateCompatibleBitmap
0x414090 BitBlt
0x414094 SetBkColor
0x414098 SetTextColor
0x41409c SelectObject
0x4140a0 DeleteObject
0x4140a4 CreateDIBitmap
0x4140a8 GetTextExtentPointA
0x4140ac DeleteDC
WINSPOOL.DRV
0x4143d8 DocumentPropertiesA
0x4143dc ClosePrinter
0x4143e0 OpenPrinterA
ADVAPI32.dll
0x414000 RegCreateKeyExA
0x414004 RegOpenKeyExA
0x414008 RegSetValueExA
0x41400c RegCloseKey
COMCTL32.dll
0x414014 None
EAT(Export Address Table) Library
0x401be2 mmjki