ScreenShot
| Created | 2021.11.11 20:34 | Machine | s1_win7_x6401 |
| Filename | dchcfg64.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | beaf031df22943effaa894d980b9eade | ||
| sha256 | eb4e08802267ace97a0687c7776e857686408820eace05a130c67f9b25d670d3 | ||
| ssdeep | 6144:04jeeUBzxSogbMaQrhu9Ixm/pTrTVaE3fOUOhubmT5NZjPWQ4QSzBIu8fe:NjeeUBzxz9gtp1vbSSh8m | ||
| imphash | 8f66670831632e8c0e295e659a1189de | ||
| impfuzzy | 96:eRfc+/ruV2tF9egwcL4R0427b7sfVrPXmYoajcemjmkP:eRoa/P42Yoajs | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140068a30 LoadLibraryW
0x140068a38 FreeLibrary
0x140068a40 GetProcAddress
0x140068a48 GetVersionExW
0x140068a50 GetCurrentProcess
0x140068a58 InitializeCriticalSection
0x140068a60 EnterCriticalSection
0x140068a68 LeaveCriticalSection
0x140068a70 DeleteCriticalSection
0x140068a78 OpenMutexW
0x140068a80 CreateSemaphoreW
0x140068a88 ReleaseSemaphore
0x140068a90 OpenSemaphoreW
0x140068a98 MapViewOfFile
0x140068aa0 CreateFileMappingW
0x140068aa8 OpenFileMappingW
0x140068ab0 UnmapViewOfFile
0x140068ab8 CreateEventW
0x140068ac0 OpenEventW
0x140068ac8 SetEvent
0x140068ad0 ResetEvent
0x140068ad8 PulseEvent
0x140068ae0 GetLastError
0x140068ae8 GetComputerNameA
0x140068af0 GetComputerNameExA
0x140068af8 GetSystemDefaultLangID
0x140068b00 MultiByteToWideChar
0x140068b08 GetACP
0x140068b10 HeapFree
0x140068b18 HeapAlloc
0x140068b20 GetProcessHeap
0x140068b28 GetCurrentThread
0x140068b30 LocalFree
0x140068b38 lstrlenA
0x140068b40 lstrcmpA
0x140068b48 LocalAlloc
0x140068b50 GetModuleHandleA
0x140068b58 GetVersion
0x140068b60 LoadLibraryA
0x140068b68 GetSystemTimeAsFileTime
0x140068b70 DecodePointer
0x140068b78 EncodePointer
0x140068b80 SetConsoleCtrlHandler
0x140068b88 GetCommandLineA
0x140068b90 HeapReAlloc
0x140068b98 FindClose
0x140068ba0 FileTimeToSystemTime
0x140068ba8 FileTimeToLocalFileTime
0x140068bb0 GetDriveTypeA
0x140068bb8 FindFirstFileExA
0x140068bc0 MoveFileA
0x140068bc8 FlushFileBuffers
0x140068bd0 UnhandledExceptionFilter
0x140068bd8 SetUnhandledExceptionFilter
0x140068be0 IsDebuggerPresent
0x140068be8 GetCurrentThreadId
0x140068bf0 RtlLookupFunctionEntry
0x140068bf8 RtlCaptureContext
0x140068c00 TerminateProcess
0x140068c08 RtlUnwindEx
0x140068c10 SetHandleCount
0x140068c18 GetStdHandle
0x140068c20 InitializeCriticalSectionAndSpinCount
0x140068c28 GetFileType
0x140068c30 GetStartupInfoW
0x140068c38 WriteFile
0x140068c40 GetConsoleCP
0x140068c48 GetConsoleMode
0x140068c50 FatalAppExitA
0x140068c58 GetModuleHandleW
0x140068c60 ExitProcess
0x140068c68 FlsGetValue
0x140068c70 FlsSetValue
0x140068c78 FlsFree
0x140068c80 SetLastError
0x140068c88 FlsAlloc
0x140068c90 GetModuleFileNameW
0x140068c98 GetModuleFileNameA
0x140068ca0 FreeEnvironmentStringsW
0x140068ca8 GetEnvironmentStringsW
0x140068cb0 HeapSetInformation
0x140068cb8 HeapCreate
0x140068cc0 HeapDestroy
0x140068cc8 QueryPerformanceCounter
0x140068cd0 GetTickCount
0x140068cd8 GetCurrentProcessId
0x140068ce0 GetCPInfo
0x140068ce8 GetOEMCP
0x140068cf0 IsValidCodePage
0x140068cf8 LCMapStringW
0x140068d00 GetFullPathNameA
0x140068d08 GetFileInformationByHandle
0x140068d10 PeekNamedPipe
0x140068d18 CreateFileA
0x140068d20 GetCurrentDirectoryW
0x140068d28 SetCurrentDirectoryW
0x140068d30 SetStdHandle
0x140068d38 ReadFile
0x140068d40 SetFilePointer
0x140068d48 GetFileAttributesA
0x140068d50 GetTimeZoneInformation
0x140068d58 WriteConsoleW
0x140068d60 GetLocaleInfoW
0x140068d68 GetStringTypeW
0x140068d70 GetUserDefaultLCID
0x140068d78 GetLocaleInfoA
0x140068d80 EnumSystemLocalesA
0x140068d88 IsValidLocale
0x140068d90 GetDriveTypeW
0x140068d98 SetEndOfFile
0x140068da0 CompareStringW
0x140068da8 SetEnvironmentVariableA
0x140068db0 RaiseException
0x140068db8 CreateFileW
0x140068dc0 HeapSize
0x140068dc8 Sleep
0x140068dd0 TerminateThread
0x140068dd8 CreateMutexW
0x140068de0 CreateThread
0x140068de8 CloseHandle
0x140068df0 WaitForSingleObject
0x140068df8 ReleaseMutex
0x140068e00 ExpandEnvironmentStringsW
0x140068e08 WideCharToMultiByte
0x140068e10 ReadConsoleInputA
0x140068e18 SetConsoleMode
0x140068e20 PeekConsoleInputA
0x140068e28 GetNumberOfConsoleInputEvents
0x140068e30 DeleteFileA
0x140068e38 SetFileAttributesA
0x140068e40 CreateDirectoryA
0x140068e48 RemoveDirectoryA
0x140068e50 GetCurrentDirectoryA
0x140068e58 RtlVirtualUnwind
0x140068e60 SetErrorMode
0x140068e68 SetCurrentDirectoryA
dchcfl64.dll
0x140069110 HCFLGetSysType
0x140069118 HCFLGetSupportedSysType
WS2_32.dll
0x140069068 WSAAddressToStringA
0x140069070 WSAStringToAddressA
0x140069078 WSAGetLastError
0x140069080 WSAStartup
0x140069088 WSACleanup
0x140069090 gethostbyname
0x140069098 inet_addr
0x1400690a0 inet_ntoa
0x1400690a8 gethostname
USER32.dll
0x140068fa0 GetSystemMetrics
0x140068fa8 ExitWindowsEx
0x140068fb0 GetProcessWindowStation
0x140068fb8 GetThreadDesktop
0x140068fc0 OpenWindowStationW
0x140068fc8 SetProcessWindowStation
0x140068fd0 OpenDesktopW
0x140068fd8 SetThreadDesktop
0x140068fe0 EnumDesktopWindows
0x140068fe8 CloseDesktop
0x140068ff0 CloseWindowStation
0x140068ff8 PostMessageW
ADVAPI32.dll
0x1400688f8 AdjustTokenPrivileges
0x140068900 RegisterEventSourceW
0x140068908 ReportEventW
0x140068910 DeregisterEventSource
0x140068918 RegOpenKeyExW
0x140068920 RegQueryValueExW
0x140068928 RegCloseKey
0x140068930 LookupPrivilegeValueW
0x140068938 OpenProcessToken
0x140068940 FreeSid
0x140068948 GetLengthSid
0x140068950 RegOpenKeyA
0x140068958 RegQueryValueExA
0x140068960 InitializeSecurityDescriptor
0x140068968 AllocateAndInitializeSid
0x140068970 AddAccessAllowedAce
0x140068978 IsValidSid
0x140068980 GetTokenInformation
0x140068988 OpenThreadToken
0x140068990 GetSecurityDescriptorDacl
0x140068998 SetSecurityDescriptorDacl
0x1400689a0 CheckTokenMembership
0x1400689a8 InitializeAcl
0x1400689b0 InitiateSystemShutdownW
EAT(Export Address Table) is none
KERNEL32.dll
0x140068a30 LoadLibraryW
0x140068a38 FreeLibrary
0x140068a40 GetProcAddress
0x140068a48 GetVersionExW
0x140068a50 GetCurrentProcess
0x140068a58 InitializeCriticalSection
0x140068a60 EnterCriticalSection
0x140068a68 LeaveCriticalSection
0x140068a70 DeleteCriticalSection
0x140068a78 OpenMutexW
0x140068a80 CreateSemaphoreW
0x140068a88 ReleaseSemaphore
0x140068a90 OpenSemaphoreW
0x140068a98 MapViewOfFile
0x140068aa0 CreateFileMappingW
0x140068aa8 OpenFileMappingW
0x140068ab0 UnmapViewOfFile
0x140068ab8 CreateEventW
0x140068ac0 OpenEventW
0x140068ac8 SetEvent
0x140068ad0 ResetEvent
0x140068ad8 PulseEvent
0x140068ae0 GetLastError
0x140068ae8 GetComputerNameA
0x140068af0 GetComputerNameExA
0x140068af8 GetSystemDefaultLangID
0x140068b00 MultiByteToWideChar
0x140068b08 GetACP
0x140068b10 HeapFree
0x140068b18 HeapAlloc
0x140068b20 GetProcessHeap
0x140068b28 GetCurrentThread
0x140068b30 LocalFree
0x140068b38 lstrlenA
0x140068b40 lstrcmpA
0x140068b48 LocalAlloc
0x140068b50 GetModuleHandleA
0x140068b58 GetVersion
0x140068b60 LoadLibraryA
0x140068b68 GetSystemTimeAsFileTime
0x140068b70 DecodePointer
0x140068b78 EncodePointer
0x140068b80 SetConsoleCtrlHandler
0x140068b88 GetCommandLineA
0x140068b90 HeapReAlloc
0x140068b98 FindClose
0x140068ba0 FileTimeToSystemTime
0x140068ba8 FileTimeToLocalFileTime
0x140068bb0 GetDriveTypeA
0x140068bb8 FindFirstFileExA
0x140068bc0 MoveFileA
0x140068bc8 FlushFileBuffers
0x140068bd0 UnhandledExceptionFilter
0x140068bd8 SetUnhandledExceptionFilter
0x140068be0 IsDebuggerPresent
0x140068be8 GetCurrentThreadId
0x140068bf0 RtlLookupFunctionEntry
0x140068bf8 RtlCaptureContext
0x140068c00 TerminateProcess
0x140068c08 RtlUnwindEx
0x140068c10 SetHandleCount
0x140068c18 GetStdHandle
0x140068c20 InitializeCriticalSectionAndSpinCount
0x140068c28 GetFileType
0x140068c30 GetStartupInfoW
0x140068c38 WriteFile
0x140068c40 GetConsoleCP
0x140068c48 GetConsoleMode
0x140068c50 FatalAppExitA
0x140068c58 GetModuleHandleW
0x140068c60 ExitProcess
0x140068c68 FlsGetValue
0x140068c70 FlsSetValue
0x140068c78 FlsFree
0x140068c80 SetLastError
0x140068c88 FlsAlloc
0x140068c90 GetModuleFileNameW
0x140068c98 GetModuleFileNameA
0x140068ca0 FreeEnvironmentStringsW
0x140068ca8 GetEnvironmentStringsW
0x140068cb0 HeapSetInformation
0x140068cb8 HeapCreate
0x140068cc0 HeapDestroy
0x140068cc8 QueryPerformanceCounter
0x140068cd0 GetTickCount
0x140068cd8 GetCurrentProcessId
0x140068ce0 GetCPInfo
0x140068ce8 GetOEMCP
0x140068cf0 IsValidCodePage
0x140068cf8 LCMapStringW
0x140068d00 GetFullPathNameA
0x140068d08 GetFileInformationByHandle
0x140068d10 PeekNamedPipe
0x140068d18 CreateFileA
0x140068d20 GetCurrentDirectoryW
0x140068d28 SetCurrentDirectoryW
0x140068d30 SetStdHandle
0x140068d38 ReadFile
0x140068d40 SetFilePointer
0x140068d48 GetFileAttributesA
0x140068d50 GetTimeZoneInformation
0x140068d58 WriteConsoleW
0x140068d60 GetLocaleInfoW
0x140068d68 GetStringTypeW
0x140068d70 GetUserDefaultLCID
0x140068d78 GetLocaleInfoA
0x140068d80 EnumSystemLocalesA
0x140068d88 IsValidLocale
0x140068d90 GetDriveTypeW
0x140068d98 SetEndOfFile
0x140068da0 CompareStringW
0x140068da8 SetEnvironmentVariableA
0x140068db0 RaiseException
0x140068db8 CreateFileW
0x140068dc0 HeapSize
0x140068dc8 Sleep
0x140068dd0 TerminateThread
0x140068dd8 CreateMutexW
0x140068de0 CreateThread
0x140068de8 CloseHandle
0x140068df0 WaitForSingleObject
0x140068df8 ReleaseMutex
0x140068e00 ExpandEnvironmentStringsW
0x140068e08 WideCharToMultiByte
0x140068e10 ReadConsoleInputA
0x140068e18 SetConsoleMode
0x140068e20 PeekConsoleInputA
0x140068e28 GetNumberOfConsoleInputEvents
0x140068e30 DeleteFileA
0x140068e38 SetFileAttributesA
0x140068e40 CreateDirectoryA
0x140068e48 RemoveDirectoryA
0x140068e50 GetCurrentDirectoryA
0x140068e58 RtlVirtualUnwind
0x140068e60 SetErrorMode
0x140068e68 SetCurrentDirectoryA
dchcfl64.dll
0x140069110 HCFLGetSysType
0x140069118 HCFLGetSupportedSysType
WS2_32.dll
0x140069068 WSAAddressToStringA
0x140069070 WSAStringToAddressA
0x140069078 WSAGetLastError
0x140069080 WSAStartup
0x140069088 WSACleanup
0x140069090 gethostbyname
0x140069098 inet_addr
0x1400690a0 inet_ntoa
0x1400690a8 gethostname
USER32.dll
0x140068fa0 GetSystemMetrics
0x140068fa8 ExitWindowsEx
0x140068fb0 GetProcessWindowStation
0x140068fb8 GetThreadDesktop
0x140068fc0 OpenWindowStationW
0x140068fc8 SetProcessWindowStation
0x140068fd0 OpenDesktopW
0x140068fd8 SetThreadDesktop
0x140068fe0 EnumDesktopWindows
0x140068fe8 CloseDesktop
0x140068ff0 CloseWindowStation
0x140068ff8 PostMessageW
ADVAPI32.dll
0x1400688f8 AdjustTokenPrivileges
0x140068900 RegisterEventSourceW
0x140068908 ReportEventW
0x140068910 DeregisterEventSource
0x140068918 RegOpenKeyExW
0x140068920 RegQueryValueExW
0x140068928 RegCloseKey
0x140068930 LookupPrivilegeValueW
0x140068938 OpenProcessToken
0x140068940 FreeSid
0x140068948 GetLengthSid
0x140068950 RegOpenKeyA
0x140068958 RegQueryValueExA
0x140068960 InitializeSecurityDescriptor
0x140068968 AllocateAndInitializeSid
0x140068970 AddAccessAllowedAce
0x140068978 IsValidSid
0x140068980 GetTokenInformation
0x140068988 OpenThreadToken
0x140068990 GetSecurityDescriptorDacl
0x140068998 SetSecurityDescriptorDacl
0x1400689a0 CheckTokenMembership
0x1400689a8 InitializeAcl
0x1400689b0 InitiateSystemShutdownW
EAT(Export Address Table) is none