ScreenShot
| Created | 2022.03.03 17:24 | Machine | s1_win7_x6403 |
| Filename | Zgye2 | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 10 detected (malicious, high confidence, GenKryptik, FRMF, Convagent, BotX, Emotet, Mansabo, YzY0OqH1I6GjhpCs) | ||
| md5 | 14c497524246f9c91d46942447d4dc9c | ||
| sha256 | dd77b40b9c6fb4ff049fabec3532c756c4803956ff94d1f58e52606b1d9e542b | ||
| ssdeep | 12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATft:AqxETMJ777u3OmONFqNJtN1v96TOAn92 | ||
| imphash | b193e4975b360aaa9ff34a6f93823ae8 | ||
| impfuzzy | 96:sibtrjLo14XoVDdE4wnxmQk4dvKSUH2DcL6cyqF1QPD:H1mdEXxmQk4dvKSUWDc+cRQPD | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | Generates some ICMP traffic |
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 10 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Expresses interest in specific running processes |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (16cnts) ?
Suricata ids
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 13
ET CNC Feodo Tracker Reported CnC Server group 4
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 13
ET CNC Feodo Tracker Reported CnC Server group 4
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x100400ac HeapFree
0x100400b0 RtlUnwind
0x100400b4 VirtualAlloc
0x100400b8 HeapAlloc
0x100400bc HeapReAlloc
0x100400c0 GetCommandLineA
0x100400c4 GetProcessHeap
0x100400c8 RaiseException
0x100400cc HeapSize
0x100400d0 HeapDestroy
0x100400d4 HeapCreate
0x100400d8 VirtualFree
0x100400dc TerminateProcess
0x100400e0 UnhandledExceptionFilter
0x100400e4 SetUnhandledExceptionFilter
0x100400e8 IsDebuggerPresent
0x100400ec GetStdHandle
0x100400f0 Sleep
0x100400f4 SetHandleCount
0x100400f8 GetFileType
0x100400fc FreeEnvironmentStringsA
0x10040100 GetEnvironmentStrings
0x10040104 FreeEnvironmentStringsW
0x10040108 GetEnvironmentStringsW
0x1004010c QueryPerformanceCounter
0x10040110 GetTickCount
0x10040114 GetSystemTimeAsFileTime
0x10040118 GetACP
0x1004011c LCMapStringA
0x10040120 LCMapStringW
0x10040124 GetStringTypeA
0x10040128 GetStringTypeW
0x1004012c GetConsoleCP
0x10040130 GetConsoleMode
0x10040134 SetStdHandle
0x10040138 WriteConsoleA
0x1004013c GetConsoleOutputCP
0x10040140 WriteConsoleW
0x10040144 CreateFileA
0x10040148 GetCurrentProcess
0x1004014c GetThreadLocale
0x10040150 FlushFileBuffers
0x10040154 SetFilePointer
0x10040158 WriteFile
0x1004015c ReadFile
0x10040160 GetOEMCP
0x10040164 GetCPInfo
0x10040168 TlsFree
0x1004016c DeleteCriticalSection
0x10040170 LocalReAlloc
0x10040174 TlsSetValue
0x10040178 TlsAlloc
0x1004017c InitializeCriticalSection
0x10040180 GlobalHandle
0x10040184 GlobalReAlloc
0x10040188 EnterCriticalSection
0x1004018c TlsGetValue
0x10040190 LeaveCriticalSection
0x10040194 LocalAlloc
0x10040198 InterlockedIncrement
0x1004019c GlobalFlags
0x100401a0 WritePrivateProfileStringA
0x100401a4 GetCurrentProcessId
0x100401a8 CloseHandle
0x100401ac GetCurrentThread
0x100401b0 ConvertDefaultLocale
0x100401b4 GetModuleFileNameA
0x100401b8 EnumResourceLanguagesA
0x100401bc GetLocaleInfoA
0x100401c0 lstrcmpA
0x100401c4 InterlockedDecrement
0x100401c8 GetCurrentThreadId
0x100401cc GlobalGetAtomNameA
0x100401d0 GlobalAddAtomA
0x100401d4 GlobalFindAtomA
0x100401d8 GlobalDeleteAtom
0x100401dc FreeLibrary
0x100401e0 lstrcmpW
0x100401e4 GetVersionExA
0x100401e8 GlobalAlloc
0x100401ec FormatMessageA
0x100401f0 LocalFree
0x100401f4 SizeofResource
0x100401f8 MulDiv
0x100401fc GlobalLock
0x10040200 GlobalUnlock
0x10040204 GlobalFree
0x10040208 FindResourceA
0x1004020c LoadResource
0x10040210 LockResource
0x10040214 FreeResource
0x10040218 ExitProcess
0x1004021c GetModuleHandleA
0x10040220 LoadLibraryA
0x10040224 GetProcAddress
0x10040228 GetLastError
0x1004022c SetLastError
0x10040230 lstrlenA
0x10040234 WideCharToMultiByte
0x10040238 CompareStringA
0x1004023c MultiByteToWideChar
0x10040240 GetVersion
0x10040244 GetStartupInfoA
0x10040248 InterlockedExchange
USER32.dll
0x10040268 LoadCursorA
0x1004026c GetSysColorBrush
0x10040270 GetWindowThreadProcessId
0x10040274 SetCursor
0x10040278 GetMessageA
0x1004027c TranslateMessage
0x10040280 GetCursorPos
0x10040284 ValidateRect
0x10040288 PostQuitMessage
0x1004028c EndPaint
0x10040290 BeginPaint
0x10040294 ClientToScreen
0x10040298 GrayStringA
0x1004029c DrawTextExA
0x100402a0 DrawTextA
0x100402a4 TabbedTextOutA
0x100402a8 GetDC
0x100402ac ShowWindow
0x100402b0 SetWindowTextA
0x100402b4 IsDialogMessageA
0x100402b8 SetMenuItemBitmaps
0x100402bc GetMenuCheckMarkDimensions
0x100402c0 ModifyMenuA
0x100402c4 EnableMenuItem
0x100402c8 CheckMenuItem
0x100402cc RegisterWindowMessageA
0x100402d0 SendDlgItemMessageA
0x100402d4 WinHelpA
0x100402d8 GetCapture
0x100402dc CallNextHookEx
0x100402e0 GetClassLongA
0x100402e4 GetClassNameA
0x100402e8 GetPropA
0x100402ec RemovePropA
0x100402f0 GetFocus
0x100402f4 SetFocus
0x100402f8 GetWindowTextA
0x100402fc GetForegroundWindow
0x10040300 GetLastActivePopup
0x10040304 DispatchMessageA
0x10040308 GetTopWindow
0x1004030c UnhookWindowsHookEx
0x10040310 GetMessageTime
0x10040314 GetMessagePos
0x10040318 PeekMessageA
0x1004031c MapWindowPoints
0x10040320 GetKeyState
0x10040324 SetForegroundWindow
0x10040328 IsWindowVisible
0x1004032c UpdateWindow
0x10040330 GetMenu
0x10040334 PostMessageA
0x10040338 MessageBoxA
0x1004033c CreateWindowExA
0x10040340 GetClassInfoExA
0x10040344 GetClassInfoA
0x10040348 RegisterClassA
0x1004034c AdjustWindowRectEx
0x10040350 EnableWindow
0x10040354 SendMessageA
0x10040358 CopyRect
0x1004035c PtInRect
0x10040360 GetDlgCtrlID
0x10040364 DefWindowProcA
0x10040368 CallWindowProcA
0x1004036c SetWindowLongA
0x10040370 SetWindowPos
0x10040374 SystemParametersInfoA
0x10040378 GetWindowPlacement
0x1004037c GetWindowRect
0x10040380 UnregisterClassA
0x10040384 DestroyMenu
0x10040388 SetWindowsHookExA
0x1004038c LoadBitmapA
0x10040390 ReleaseDC
0x10040394 InvalidateRect
0x10040398 LoadIconA
0x1004039c FillRect
0x100403a0 GetSysColor
0x100403a4 DrawIcon
0x100403a8 GetClientRect
0x100403ac GetSystemMetrics
0x100403b0 IsIconic
0x100403b4 EndDialog
0x100403b8 GetNextDlgTabItem
0x100403bc GetParent
0x100403c0 IsWindowEnabled
0x100403c4 GetDlgItem
0x100403c8 GetWindowLongA
0x100403cc IsWindow
0x100403d0 DestroyWindow
0x100403d4 GetWindow
0x100403d8 GetMenuState
0x100403dc GetMenuItemID
0x100403e0 GetMenuItemCount
0x100403e4 GetSubMenu
0x100403e8 GetDesktopWindow
0x100403ec GetActiveWindow
0x100403f0 SetActiveWindow
0x100403f4 CreateDialogIndirectParamA
0x100403f8 SetPropA
GDI32.dll
0x10040030 ScaleViewportExtEx
0x10040034 SetWindowExtEx
0x10040038 ScaleWindowExtEx
0x1004003c DeleteDC
0x10040040 GetStockObject
0x10040044 SetViewportExtEx
0x10040048 CreateSolidBrush
0x1004004c OffsetViewportOrgEx
0x10040050 SetViewportOrgEx
0x10040054 SelectObject
0x10040058 Escape
0x1004005c ExtTextOutA
0x10040060 TextOutA
0x10040064 RectVisible
0x10040068 PtVisible
0x1004006c BitBlt
0x10040070 DeleteObject
0x10040074 MoveToEx
0x10040078 LineTo
0x1004007c SetMapMode
0x10040080 RestoreDC
0x10040084 SaveDC
0x10040088 CreateBitmap
0x1004008c GetObjectA
0x10040090 SetBkColor
0x10040094 SetTextColor
0x10040098 GetClipBox
0x1004009c GetDeviceCaps
0x100400a0 CreateCompatibleDC
0x100400a4 CreateCompatibleBitmap
WINSPOOL.DRV
0x10040400 ClosePrinter
0x10040404 DocumentPropertiesA
0x10040408 OpenPrinterA
ADVAPI32.dll
0x10040000 RegEnumKeyA
0x10040004 RegSetValueExA
0x10040008 RegCreateKeyExA
0x1004000c RegQueryValueA
0x10040010 RegCloseKey
0x10040014 RegDeleteKeyA
0x10040018 RegOpenKeyExA
0x1004001c RegQueryValueExA
0x10040020 RegOpenKeyA
COMCTL32.dll
0x10040028 InitCommonControlsEx
SHLWAPI.dll
0x10040260 PathFindExtensionA
OLEAUT32.dll
0x10040250 VariantClear
0x10040254 VariantChangeType
0x10040258 VariantInit
EAT(Export Address Table) Library
0x1001b370 DllRegisterClass
0x1001b330 DllRegisterServer
0x1001b370 DllUnregisterClass
0x1001b370 DllUnregisterServer
KERNEL32.dll
0x100400ac HeapFree
0x100400b0 RtlUnwind
0x100400b4 VirtualAlloc
0x100400b8 HeapAlloc
0x100400bc HeapReAlloc
0x100400c0 GetCommandLineA
0x100400c4 GetProcessHeap
0x100400c8 RaiseException
0x100400cc HeapSize
0x100400d0 HeapDestroy
0x100400d4 HeapCreate
0x100400d8 VirtualFree
0x100400dc TerminateProcess
0x100400e0 UnhandledExceptionFilter
0x100400e4 SetUnhandledExceptionFilter
0x100400e8 IsDebuggerPresent
0x100400ec GetStdHandle
0x100400f0 Sleep
0x100400f4 SetHandleCount
0x100400f8 GetFileType
0x100400fc FreeEnvironmentStringsA
0x10040100 GetEnvironmentStrings
0x10040104 FreeEnvironmentStringsW
0x10040108 GetEnvironmentStringsW
0x1004010c QueryPerformanceCounter
0x10040110 GetTickCount
0x10040114 GetSystemTimeAsFileTime
0x10040118 GetACP
0x1004011c LCMapStringA
0x10040120 LCMapStringW
0x10040124 GetStringTypeA
0x10040128 GetStringTypeW
0x1004012c GetConsoleCP
0x10040130 GetConsoleMode
0x10040134 SetStdHandle
0x10040138 WriteConsoleA
0x1004013c GetConsoleOutputCP
0x10040140 WriteConsoleW
0x10040144 CreateFileA
0x10040148 GetCurrentProcess
0x1004014c GetThreadLocale
0x10040150 FlushFileBuffers
0x10040154 SetFilePointer
0x10040158 WriteFile
0x1004015c ReadFile
0x10040160 GetOEMCP
0x10040164 GetCPInfo
0x10040168 TlsFree
0x1004016c DeleteCriticalSection
0x10040170 LocalReAlloc
0x10040174 TlsSetValue
0x10040178 TlsAlloc
0x1004017c InitializeCriticalSection
0x10040180 GlobalHandle
0x10040184 GlobalReAlloc
0x10040188 EnterCriticalSection
0x1004018c TlsGetValue
0x10040190 LeaveCriticalSection
0x10040194 LocalAlloc
0x10040198 InterlockedIncrement
0x1004019c GlobalFlags
0x100401a0 WritePrivateProfileStringA
0x100401a4 GetCurrentProcessId
0x100401a8 CloseHandle
0x100401ac GetCurrentThread
0x100401b0 ConvertDefaultLocale
0x100401b4 GetModuleFileNameA
0x100401b8 EnumResourceLanguagesA
0x100401bc GetLocaleInfoA
0x100401c0 lstrcmpA
0x100401c4 InterlockedDecrement
0x100401c8 GetCurrentThreadId
0x100401cc GlobalGetAtomNameA
0x100401d0 GlobalAddAtomA
0x100401d4 GlobalFindAtomA
0x100401d8 GlobalDeleteAtom
0x100401dc FreeLibrary
0x100401e0 lstrcmpW
0x100401e4 GetVersionExA
0x100401e8 GlobalAlloc
0x100401ec FormatMessageA
0x100401f0 LocalFree
0x100401f4 SizeofResource
0x100401f8 MulDiv
0x100401fc GlobalLock
0x10040200 GlobalUnlock
0x10040204 GlobalFree
0x10040208 FindResourceA
0x1004020c LoadResource
0x10040210 LockResource
0x10040214 FreeResource
0x10040218 ExitProcess
0x1004021c GetModuleHandleA
0x10040220 LoadLibraryA
0x10040224 GetProcAddress
0x10040228 GetLastError
0x1004022c SetLastError
0x10040230 lstrlenA
0x10040234 WideCharToMultiByte
0x10040238 CompareStringA
0x1004023c MultiByteToWideChar
0x10040240 GetVersion
0x10040244 GetStartupInfoA
0x10040248 InterlockedExchange
USER32.dll
0x10040268 LoadCursorA
0x1004026c GetSysColorBrush
0x10040270 GetWindowThreadProcessId
0x10040274 SetCursor
0x10040278 GetMessageA
0x1004027c TranslateMessage
0x10040280 GetCursorPos
0x10040284 ValidateRect
0x10040288 PostQuitMessage
0x1004028c EndPaint
0x10040290 BeginPaint
0x10040294 ClientToScreen
0x10040298 GrayStringA
0x1004029c DrawTextExA
0x100402a0 DrawTextA
0x100402a4 TabbedTextOutA
0x100402a8 GetDC
0x100402ac ShowWindow
0x100402b0 SetWindowTextA
0x100402b4 IsDialogMessageA
0x100402b8 SetMenuItemBitmaps
0x100402bc GetMenuCheckMarkDimensions
0x100402c0 ModifyMenuA
0x100402c4 EnableMenuItem
0x100402c8 CheckMenuItem
0x100402cc RegisterWindowMessageA
0x100402d0 SendDlgItemMessageA
0x100402d4 WinHelpA
0x100402d8 GetCapture
0x100402dc CallNextHookEx
0x100402e0 GetClassLongA
0x100402e4 GetClassNameA
0x100402e8 GetPropA
0x100402ec RemovePropA
0x100402f0 GetFocus
0x100402f4 SetFocus
0x100402f8 GetWindowTextA
0x100402fc GetForegroundWindow
0x10040300 GetLastActivePopup
0x10040304 DispatchMessageA
0x10040308 GetTopWindow
0x1004030c UnhookWindowsHookEx
0x10040310 GetMessageTime
0x10040314 GetMessagePos
0x10040318 PeekMessageA
0x1004031c MapWindowPoints
0x10040320 GetKeyState
0x10040324 SetForegroundWindow
0x10040328 IsWindowVisible
0x1004032c UpdateWindow
0x10040330 GetMenu
0x10040334 PostMessageA
0x10040338 MessageBoxA
0x1004033c CreateWindowExA
0x10040340 GetClassInfoExA
0x10040344 GetClassInfoA
0x10040348 RegisterClassA
0x1004034c AdjustWindowRectEx
0x10040350 EnableWindow
0x10040354 SendMessageA
0x10040358 CopyRect
0x1004035c PtInRect
0x10040360 GetDlgCtrlID
0x10040364 DefWindowProcA
0x10040368 CallWindowProcA
0x1004036c SetWindowLongA
0x10040370 SetWindowPos
0x10040374 SystemParametersInfoA
0x10040378 GetWindowPlacement
0x1004037c GetWindowRect
0x10040380 UnregisterClassA
0x10040384 DestroyMenu
0x10040388 SetWindowsHookExA
0x1004038c LoadBitmapA
0x10040390 ReleaseDC
0x10040394 InvalidateRect
0x10040398 LoadIconA
0x1004039c FillRect
0x100403a0 GetSysColor
0x100403a4 DrawIcon
0x100403a8 GetClientRect
0x100403ac GetSystemMetrics
0x100403b0 IsIconic
0x100403b4 EndDialog
0x100403b8 GetNextDlgTabItem
0x100403bc GetParent
0x100403c0 IsWindowEnabled
0x100403c4 GetDlgItem
0x100403c8 GetWindowLongA
0x100403cc IsWindow
0x100403d0 DestroyWindow
0x100403d4 GetWindow
0x100403d8 GetMenuState
0x100403dc GetMenuItemID
0x100403e0 GetMenuItemCount
0x100403e4 GetSubMenu
0x100403e8 GetDesktopWindow
0x100403ec GetActiveWindow
0x100403f0 SetActiveWindow
0x100403f4 CreateDialogIndirectParamA
0x100403f8 SetPropA
GDI32.dll
0x10040030 ScaleViewportExtEx
0x10040034 SetWindowExtEx
0x10040038 ScaleWindowExtEx
0x1004003c DeleteDC
0x10040040 GetStockObject
0x10040044 SetViewportExtEx
0x10040048 CreateSolidBrush
0x1004004c OffsetViewportOrgEx
0x10040050 SetViewportOrgEx
0x10040054 SelectObject
0x10040058 Escape
0x1004005c ExtTextOutA
0x10040060 TextOutA
0x10040064 RectVisible
0x10040068 PtVisible
0x1004006c BitBlt
0x10040070 DeleteObject
0x10040074 MoveToEx
0x10040078 LineTo
0x1004007c SetMapMode
0x10040080 RestoreDC
0x10040084 SaveDC
0x10040088 CreateBitmap
0x1004008c GetObjectA
0x10040090 SetBkColor
0x10040094 SetTextColor
0x10040098 GetClipBox
0x1004009c GetDeviceCaps
0x100400a0 CreateCompatibleDC
0x100400a4 CreateCompatibleBitmap
WINSPOOL.DRV
0x10040400 ClosePrinter
0x10040404 DocumentPropertiesA
0x10040408 OpenPrinterA
ADVAPI32.dll
0x10040000 RegEnumKeyA
0x10040004 RegSetValueExA
0x10040008 RegCreateKeyExA
0x1004000c RegQueryValueA
0x10040010 RegCloseKey
0x10040014 RegDeleteKeyA
0x10040018 RegOpenKeyExA
0x1004001c RegQueryValueExA
0x10040020 RegOpenKeyA
COMCTL32.dll
0x10040028 InitCommonControlsEx
SHLWAPI.dll
0x10040260 PathFindExtensionA
OLEAUT32.dll
0x10040250 VariantClear
0x10040254 VariantChangeType
0x10040258 VariantInit
EAT(Export Address Table) Library
0x1001b370 DllRegisterClass
0x1001b330 DllRegisterServer
0x1001b370 DllUnregisterClass
0x1001b370 DllUnregisterServer