ScreenShot
| Created | 2021.11.15 14:51 | Machine | s1_win7_x6401 |
| Filename | hazmat.exe | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (malicious, high confidence, GenericKD, Jaik, Unsafe, GenKryptik, Attribute, HighConfidence, FNLI, HacktoolX, Falsesign, Lmvf, UnclassifiedMalware@0, Artemis, Krypt, MeterpreterSC, cmlwr, Woreflint, iObit, score, ai score=89, R002H0CKD21, Static AI, Malicious PE, InvalidSig, confidence) | ||
| md5 | 38df87ccac12d33a0fa25687b1341d0e | ||
| sha256 | 69e66efe150fc4cc9685bb0c57fd164edb85979281643ec63b6b54490aae9374 | ||
| ssdeep | 6144:u5XYXEeWwC42fWao+tPY7fnEOv31ewJWTTXhLDE2Wlut65ahYgsnfva6Oz8dePT2:uZanCHONvyDTW3jfo8drTKziy+P | ||
| imphash | 197f07b08e08be453ab745c2056b9eea | ||
| impfuzzy | 48:tKo/xTu9kniVRLi9SOBYBnEnE1o/pfiuoS5vi6xvetJkSv4SY/gRlQjKEkzZlXUD:tKsxTu6iVRLi9SQYA96KtK+ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| warning | Performs 220 file moves indicative of a ransomware file encryption process |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
advapi32.dll
0x5010c6 RegCloseKey
0x5010ca RegSetValueExW
0x5010ce RegQueryValueExW
0x5010d2 RegDeleteValueW
0x5010d6 RegOpenKeyW
0x5010da RegOpenKeyExW
0x5010de RegCreateKeyExW
0x5010e2 RegCreateKeyW
comctl32.dll
0x5010ea InitCommonControlsEx
gdi32.dll
0x5010f2 GetTextExtentPoint32W
0x5010f6 SetTextColor
0x5010fa GetStockObject
0x5010fe SelectObject
0x501102 SetBkMode
kernel32.dll
0x50110a GlobalFree
0x50110e GetStartupInfoW
0x501112 WideCharToMultiByte
0x501116 GetModuleFileNameA
0x50111a WaitForSingleObjectEx
0x50111e LockResource
0x501122 InitializeCriticalSectionAndSpinCount
0x501126 CreateProcessW
0x50112a CloseHandle
0x50112e SetEvent
0x501132 UnhandledExceptionFilter
0x501136 IsProcessorFeaturePresent
0x50113a CreateDirectoryW
0x50113e FormatMessageW
0x501142 ResetEvent
0x501146 VerSetConditionMask
0x50114a LeaveCriticalSection
0x50114e CreateThread
0x501152 GetModuleHandleW
0x501156 GetModuleFileNameW
0x50115a CompareFileTime
0x50115e GetFileAttributesW
0x501162 MultiByteToWideChar
0x501166 DeleteCriticalSection
0x50116a SetUnhandledExceptionFilter
0x50116e VirtualProtect
0x501172 GetLastError
0x501176 QueryPerformanceCounter
0x50117a GetSystemTime
0x50117e EnterCriticalSection
0x501182 FreeLibrary
0x501186 FindResourceW
0x50118a TerminateProcess
0x50118e LocalFree
0x501192 VerifyVersionInfoW
0x501196 SizeofResource
0x50119a GetCurrentProcessId
0x50119e GlobalAlloc
0x5011a2 GlobalUnlock
0x5011a6 InitializeSListHead
0x5011aa LoadResource
0x5011ae MoveFileW
0x5011b2 CreateEventW
0x5011b6 WriteFile
0x5011ba FindNextFileW
0x5011be GlobalLock
0x5011c2 GetProcAddress
0x5011c6 DeleteFileW
0x5011ca FindFirstFileW
0x5011ce GetCurrentProcess
0x5011d2 LoadLibraryA
0x5011d6 FindClose
0x5011da LoadLibraryW
0x5011de GetCurrentThreadId
0x5011e2 WaitForSingleObject
0x5011e6 IsDebuggerPresent
msyuv.dll
0x5011ee DriverProc
ole32.dll
0x5011f6 CoCreateGuid
shell32.dll
0x5011fe SHGetFolderPathW
shlwapi.dll
0x501206 PathAppendW
themeui.dll
0x50120e DllInstall
user32.dll
0x501216 BeginPaint
0x50121a GetDlgItemTextW
0x50121e EnableWindow
0x501222 SetPropW
0x501226 GetClientRect
0x50122a OpenClipboard
0x50122e SendDlgItemMessageW
0x501232 IsClipboardFormatAvailable
0x501236 SetWindowLongW
0x50123a EndPaint
0x50123e SetFocus
0x501242 MoveWindow
0x501246 DialogBoxIndirectParamW
0x50124a CheckDlgButton
0x50124e GetSysColor
0x501252 IsDlgButtonChecked
0x501256 GetWindowLongW
0x50125a EndDialog
0x50125e GetDC
0x501262 LoadIconW
0x501266 MessageBoxW
0x50126a GetPropW
0x50126e SendMessageW
0x501272 InvalidateRect
0x501276 ChildWindowFromPoint
0x50127a ShowWindow
0x50127e GetWindowTextW
0x501282 SetDlgItemTextW
0x501286 RemovePropW
0x50128a MapWindowPoints
0x50128e FillRect
0x501292 GetWindowRect
0x501296 DrawTextW
0x50129a SetWindowTextW
0x50129e SetTimer
0x5012a2 GetClipboardData
0x5012a6 CloseClipboard
0x5012aa IsWindowEnabled
0x5012ae GetFocus
0x5012b2 DialogBoxParamW
0x5012b6 PostMessageW
wininet.dll
0x5012be InternetReadFile
0x5012c2 InternetSetOptionW
0x5012c6 InternetConnectW
0x5012ca InternetOpenW
0x5012ce HttpQueryInfoW
0x5012d2 InternetCrackUrlW
0x5012d6 HttpAddRequestHeadersW
0x5012da HttpSendRequestW
0x5012de HttpOpenRequestW
0x5012e2 InternetQueryDataAvailable
0x5012e6 InternetCloseHandle
ws2_32.dll
0x5012ee socket
0x5012f2 getsockname
EAT(Export Address Table) is none
advapi32.dll
0x5010c6 RegCloseKey
0x5010ca RegSetValueExW
0x5010ce RegQueryValueExW
0x5010d2 RegDeleteValueW
0x5010d6 RegOpenKeyW
0x5010da RegOpenKeyExW
0x5010de RegCreateKeyExW
0x5010e2 RegCreateKeyW
comctl32.dll
0x5010ea InitCommonControlsEx
gdi32.dll
0x5010f2 GetTextExtentPoint32W
0x5010f6 SetTextColor
0x5010fa GetStockObject
0x5010fe SelectObject
0x501102 SetBkMode
kernel32.dll
0x50110a GlobalFree
0x50110e GetStartupInfoW
0x501112 WideCharToMultiByte
0x501116 GetModuleFileNameA
0x50111a WaitForSingleObjectEx
0x50111e LockResource
0x501122 InitializeCriticalSectionAndSpinCount
0x501126 CreateProcessW
0x50112a CloseHandle
0x50112e SetEvent
0x501132 UnhandledExceptionFilter
0x501136 IsProcessorFeaturePresent
0x50113a CreateDirectoryW
0x50113e FormatMessageW
0x501142 ResetEvent
0x501146 VerSetConditionMask
0x50114a LeaveCriticalSection
0x50114e CreateThread
0x501152 GetModuleHandleW
0x501156 GetModuleFileNameW
0x50115a CompareFileTime
0x50115e GetFileAttributesW
0x501162 MultiByteToWideChar
0x501166 DeleteCriticalSection
0x50116a SetUnhandledExceptionFilter
0x50116e VirtualProtect
0x501172 GetLastError
0x501176 QueryPerformanceCounter
0x50117a GetSystemTime
0x50117e EnterCriticalSection
0x501182 FreeLibrary
0x501186 FindResourceW
0x50118a TerminateProcess
0x50118e LocalFree
0x501192 VerifyVersionInfoW
0x501196 SizeofResource
0x50119a GetCurrentProcessId
0x50119e GlobalAlloc
0x5011a2 GlobalUnlock
0x5011a6 InitializeSListHead
0x5011aa LoadResource
0x5011ae MoveFileW
0x5011b2 CreateEventW
0x5011b6 WriteFile
0x5011ba FindNextFileW
0x5011be GlobalLock
0x5011c2 GetProcAddress
0x5011c6 DeleteFileW
0x5011ca FindFirstFileW
0x5011ce GetCurrentProcess
0x5011d2 LoadLibraryA
0x5011d6 FindClose
0x5011da LoadLibraryW
0x5011de GetCurrentThreadId
0x5011e2 WaitForSingleObject
0x5011e6 IsDebuggerPresent
msyuv.dll
0x5011ee DriverProc
ole32.dll
0x5011f6 CoCreateGuid
shell32.dll
0x5011fe SHGetFolderPathW
shlwapi.dll
0x501206 PathAppendW
themeui.dll
0x50120e DllInstall
user32.dll
0x501216 BeginPaint
0x50121a GetDlgItemTextW
0x50121e EnableWindow
0x501222 SetPropW
0x501226 GetClientRect
0x50122a OpenClipboard
0x50122e SendDlgItemMessageW
0x501232 IsClipboardFormatAvailable
0x501236 SetWindowLongW
0x50123a EndPaint
0x50123e SetFocus
0x501242 MoveWindow
0x501246 DialogBoxIndirectParamW
0x50124a CheckDlgButton
0x50124e GetSysColor
0x501252 IsDlgButtonChecked
0x501256 GetWindowLongW
0x50125a EndDialog
0x50125e GetDC
0x501262 LoadIconW
0x501266 MessageBoxW
0x50126a GetPropW
0x50126e SendMessageW
0x501272 InvalidateRect
0x501276 ChildWindowFromPoint
0x50127a ShowWindow
0x50127e GetWindowTextW
0x501282 SetDlgItemTextW
0x501286 RemovePropW
0x50128a MapWindowPoints
0x50128e FillRect
0x501292 GetWindowRect
0x501296 DrawTextW
0x50129a SetWindowTextW
0x50129e SetTimer
0x5012a2 GetClipboardData
0x5012a6 CloseClipboard
0x5012aa IsWindowEnabled
0x5012ae GetFocus
0x5012b2 DialogBoxParamW
0x5012b6 PostMessageW
wininet.dll
0x5012be InternetReadFile
0x5012c2 InternetSetOptionW
0x5012c6 InternetConnectW
0x5012ca InternetOpenW
0x5012ce HttpQueryInfoW
0x5012d2 InternetCrackUrlW
0x5012d6 HttpAddRequestHeadersW
0x5012da HttpSendRequestW
0x5012de HttpOpenRequestW
0x5012e2 InternetQueryDataAvailable
0x5012e6 InternetCloseHandle
ws2_32.dll
0x5012ee socket
0x5012f2 getsockname
EAT(Export Address Table) is none