ScreenShot
| Created | 2021.11.11 20:30 | Machine | s1_win7_x6401 |
| Filename | hh.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 2c8fe78d53c8ca27523a71dfd2938241 | ||
| sha256 | eb63fd45ed7ec773eccaf0f20d44bc9b4ed0a3e01779d62321b1da954a0f6eb8 | ||
| ssdeep | 192:U8kHEFbfhORz4NqRGQE7KpcPUKU/dlk06Sl0+m5GJ1KDJD/QWc7:U8kH67heMMRGQEOpR/dlk06I1KDuWc7 | ||
| imphash | d3d9c3e81a404e7f5c5302429636f04c | ||
| impfuzzy | 24:FI21wM1S/2esVDpR8veL6z7F4ZsGvq5C0MA:b7Sk3R8veLE6sGig0H | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140003128 RegOpenKeyExW
0x140003130 RegOpenKeyExA
0x140003138 RegQueryValueExA
0x140003140 RegCloseKey
0x140003148 RegQueryValueExW
KERNEL32.dll
0x140003158 ExpandEnvironmentStringsA
0x140003160 LoadLibraryA
0x140003168 HeapSetInformation
0x140003170 SetProcessDEPPolicy
0x140003178 GetProcAddress
0x140003180 FreeLibrary
0x140003188 GetCurrentThreadId
0x140003190 GetCurrentProcessId
0x140003198 QueryPerformanceCounter
0x1400031a0 GetModuleHandleW
0x1400031a8 TerminateProcess
0x1400031b0 GetCurrentProcess
0x1400031b8 SetUnhandledExceptionFilter
0x1400031c0 UnhandledExceptionFilter
0x1400031c8 RtlVirtualUnwind
0x1400031d0 RtlLookupFunctionEntry
0x1400031d8 RtlCaptureContext
0x1400031e0 GetStartupInfoW
0x1400031e8 GetSystemTimeAsFileTime
0x1400031f0 Sleep
0x1400031f8 GetTickCount
msvcrt.dll
0x140003208 ?terminate@@YAXXZ
0x140003210 _fmode
0x140003218 _acmdln
0x140003220 _initterm
0x140003228 __setusermatherr
0x140003230 _ismbblead
0x140003238 _cexit
0x140003240 _exit
0x140003248 exit
0x140003250 __set_app_type
0x140003258 __getmainargs
0x140003260 _amsg_exit
0x140003268 _XcptFilter
0x140003270 _vsnprintf
0x140003278 _commode
0x140003280 __C_specific_handler
0x140003288 memset
EAT(Export Address Table) is none
ADVAPI32.dll
0x140003128 RegOpenKeyExW
0x140003130 RegOpenKeyExA
0x140003138 RegQueryValueExA
0x140003140 RegCloseKey
0x140003148 RegQueryValueExW
KERNEL32.dll
0x140003158 ExpandEnvironmentStringsA
0x140003160 LoadLibraryA
0x140003168 HeapSetInformation
0x140003170 SetProcessDEPPolicy
0x140003178 GetProcAddress
0x140003180 FreeLibrary
0x140003188 GetCurrentThreadId
0x140003190 GetCurrentProcessId
0x140003198 QueryPerformanceCounter
0x1400031a0 GetModuleHandleW
0x1400031a8 TerminateProcess
0x1400031b0 GetCurrentProcess
0x1400031b8 SetUnhandledExceptionFilter
0x1400031c0 UnhandledExceptionFilter
0x1400031c8 RtlVirtualUnwind
0x1400031d0 RtlLookupFunctionEntry
0x1400031d8 RtlCaptureContext
0x1400031e0 GetStartupInfoW
0x1400031e8 GetSystemTimeAsFileTime
0x1400031f0 Sleep
0x1400031f8 GetTickCount
msvcrt.dll
0x140003208 ?terminate@@YAXXZ
0x140003210 _fmode
0x140003218 _acmdln
0x140003220 _initterm
0x140003228 __setusermatherr
0x140003230 _ismbblead
0x140003238 _cexit
0x140003240 _exit
0x140003248 exit
0x140003250 __set_app_type
0x140003258 __getmainargs
0x140003260 _amsg_exit
0x140003268 _XcptFilter
0x140003270 _vsnprintf
0x140003278 _commode
0x140003280 __C_specific_handler
0x140003288 memset
EAT(Export Address Table) is none