ScreenShot
| Created | 2022.11.03 13:32 | Machine | s1_win7_x6403 |
| Filename | moycMR | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 2c6d64a28e21945fa8fc13356f659bbc | ||
| sha256 | cf4b7a3fef2fa902d39bfb20def4c8855ef425b3a281947c691fc76ad4c1dd00 | ||
| ssdeep | 12288:ezhsu7PWe6Fth9tmzQS+37pzGIz/mXpo1z+XSjq+DsCJqzfo:ktR6rhjmzhsT/Yg6CjtJqzf | ||
| imphash | f26dad9f8445297eee4d3315e0e818a0 | ||
| impfuzzy | 96:gbtpTIQ/gGlIf4SFYsLgUDcNVrk8t1319W4tcncOMFLQPD:gA0kF+UDcNVrkW1319WmcncXQPD | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Attempts to remove evidence of file being downloaded from the Internet |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | Expresses interest in specific running processes |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (8cnts) ?
Suricata ids
ET CNC Feodo Tracker Reported CnC Server group 16
ET CNC Feodo Tracker Reported CnC Server group 23
ET CNC Feodo Tracker Reported CnC Server group 10
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 8
ET CNC Feodo Tracker Reported CnC Server group 23
ET CNC Feodo Tracker Reported CnC Server group 10
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 8
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180065140 FlsSetValue
0x180065148 GetCommandLineA
0x180065150 HeapAlloc
0x180065158 HeapFree
0x180065160 Sleep
0x180065168 ExitProcess
0x180065170 HeapReAlloc
0x180065178 HeapQueryInformation
0x180065180 HeapSize
0x180065188 EncodePointer
0x180065190 DecodePointer
0x180065198 FlsGetValue
0x1800651a0 FlsFree
0x1800651a8 FlsAlloc
0x1800651b0 TerminateProcess
0x1800651b8 UnhandledExceptionFilter
0x1800651c0 SetUnhandledExceptionFilter
0x1800651c8 IsDebuggerPresent
0x1800651d0 RtlVirtualUnwind
0x1800651d8 RtlCaptureContext
0x1800651e0 GetACP
0x1800651e8 IsValidCodePage
0x1800651f0 GetSystemTimeAsFileTime
0x1800651f8 GetStdHandle
0x180065200 GetFileType
0x180065208 GetStartupInfoA
0x180065210 FreeEnvironmentStringsA
0x180065218 GetEnvironmentStrings
0x180065220 FreeEnvironmentStringsW
0x180065228 GetEnvironmentStringsW
0x180065230 HeapSetInformation
0x180065238 HeapCreate
0x180065240 HeapDestroy
0x180065248 QueryPerformanceCounter
0x180065250 GetTickCount
0x180065258 InitializeCriticalSectionAndSpinCount
0x180065260 LCMapStringA
0x180065268 LCMapStringW
0x180065270 GetStringTypeA
0x180065278 GetStringTypeW
0x180065280 GetUserDefaultLCID
0x180065288 EnumSystemLocalesA
0x180065290 IsValidLocale
0x180065298 GetConsoleCP
0x1800652a0 GetConsoleMode
0x1800652a8 GetLocaleInfoW
0x1800652b0 SetStdHandle
0x1800652b8 WriteConsoleA
0x1800652c0 GetConsoleOutputCP
0x1800652c8 WriteConsoleW
0x1800652d0 RtlPcToFileHeader
0x1800652d8 RaiseException
0x1800652e0 RtlUnwindEx
0x1800652e8 RtlLookupFunctionEntry
0x1800652f0 GetModuleHandleW
0x1800652f8 GetOEMCP
0x180065300 GetCPInfo
0x180065308 CreateFileA
0x180065310 GetCurrentProcess
0x180065318 FlushFileBuffers
0x180065320 SetFilePointer
0x180065328 WriteFile
0x180065330 ReadFile
0x180065338 DeleteCriticalSection
0x180065340 LocalReAlloc
0x180065348 TlsSetValue
0x180065350 GlobalHandle
0x180065358 GlobalReAlloc
0x180065360 TlsAlloc
0x180065368 InitializeCriticalSection
0x180065370 EnterCriticalSection
0x180065378 TlsGetValue
0x180065380 LeaveCriticalSection
0x180065388 LocalAlloc
0x180065390 GlobalFlags
0x180065398 WritePrivateProfileStringA
0x1800653a0 FormatMessageA
0x1800653a8 LocalFree
0x1800653b0 MulDiv
0x1800653b8 lstrlenA
0x1800653c0 GlobalGetAtomNameA
0x1800653c8 GlobalFindAtomA
0x1800653d0 MultiByteToWideChar
0x1800653d8 lstrcmpW
0x1800653e0 GetVersionExA
0x1800653e8 GlobalUnlock
0x1800653f0 GlobalFree
0x1800653f8 FreeResource
0x180065400 GetCurrentProcessId
0x180065408 GetLastError
0x180065410 SetLastError
0x180065418 GlobalAddAtomA
0x180065420 CloseHandle
0x180065428 GlobalDeleteAtom
0x180065430 GetCurrentThread
0x180065438 GetCurrentThreadId
0x180065440 ConvertDefaultLocale
0x180065448 EnumResourceLanguagesA
0x180065450 GetModuleFileNameA
0x180065458 GetLocaleInfoA
0x180065460 LoadLibraryA
0x180065468 CompareStringA
0x180065470 GlobalLock
0x180065478 lstrcmpA
0x180065480 GlobalAlloc
0x180065488 FreeLibrary
0x180065490 GetModuleHandleA
0x180065498 GetProcAddress
0x1800654a0 LoadResource
0x1800654a8 LockResource
0x1800654b0 SizeofResource
0x1800654b8 FindResourceA
0x1800654c0 SetHandleCount
0x1800654c8 WideCharToMultiByte
USER32.dll
0x180065508 SetRect
0x180065510 KillTimer
0x180065518 WindowFromPoint
0x180065520 EndPaint
0x180065528 BeginPaint
0x180065530 GetWindowDC
0x180065538 ReleaseDC
0x180065540 GetDC
0x180065548 ClientToScreen
0x180065550 GrayStringA
0x180065558 DrawTextExA
0x180065560 DrawTextA
0x180065568 TabbedTextOutA
0x180065570 DestroyMenu
0x180065578 ShowWindow
0x180065580 SetWindowTextA
0x180065588 IsDialogMessageA
0x180065590 RegisterWindowMessageA
0x180065598 SendDlgItemMessageA
0x1800655a0 WinHelpA
0x1800655a8 IsChild
0x1800655b0 GetCapture
0x1800655b8 GetClassLongA
0x1800655c0 GetClassNameA
0x1800655c8 GetClassLongPtrA
0x1800655d0 SetPropA
0x1800655d8 GetPropA
0x1800655e0 RemovePropA
0x1800655e8 SetFocus
0x1800655f0 InvalidateRect
0x1800655f8 GetForegroundWindow
0x180065600 BeginDeferWindowPos
0x180065608 EndDeferWindowPos
0x180065610 GetTopWindow
0x180065618 GetWindowLongPtrA
0x180065620 UnhookWindowsHookEx
0x180065628 GetMessageTime
0x180065630 GetMessagePos
0x180065638 MapWindowPoints
0x180065640 SetMenu
0x180065648 SetForegroundWindow
0x180065650 UpdateWindow
0x180065658 GetSubMenu
0x180065660 GetMenuItemID
0x180065668 GetMenuItemCount
0x180065670 CreateWindowExA
0x180065678 GetClassInfoExA
0x180065680 GetClassInfoA
0x180065688 RegisterClassA
0x180065690 GetSysColor
0x180065698 AdjustWindowRectEx
0x1800656a0 ScreenToClient
0x1800656a8 EqualRect
0x1800656b0 DeferWindowPos
0x1800656b8 CopyRect
0x1800656c0 PtInRect
0x1800656c8 GetDlgCtrlID
0x1800656d0 DefWindowProcA
0x1800656d8 CallWindowProcA
0x1800656e0 GetMenu
0x1800656e8 SetWindowLongA
0x1800656f0 SetWindowPos
0x1800656f8 SystemParametersInfoA
0x180065700 LoadIconA
0x180065708 SetTimer
0x180065710 GetClientRect
0x180065718 SendMessageA
0x180065720 GetWindowPlacement
0x180065728 GetWindow
0x180065730 GetWindowRect
0x180065738 OffsetRect
0x180065740 SetRectEmpty
0x180065748 IsZoomed
0x180065750 GetDesktopWindow
0x180065758 SetActiveWindow
0x180065760 CreateDialogIndirectParamA
0x180065768 DestroyWindow
0x180065770 IsWindow
0x180065778 GetDlgItem
0x180065780 GetNextDlgTabItem
0x180065788 GetSysColorBrush
0x180065790 GetWindowTextA
0x180065798 LoadCursorA
0x1800657a0 AppendMenuA
0x1800657a8 GetSystemMenu
0x1800657b0 DrawIcon
0x1800657b8 GetSystemMetrics
0x1800657c0 IsIconic
0x1800657c8 EnableWindow
0x1800657d0 PostQuitMessage
0x1800657d8 PostMessageA
0x1800657e0 CheckMenuItem
0x1800657e8 EnableMenuItem
0x1800657f0 GetMenuState
0x1800657f8 ModifyMenuA
0x180065800 GetParent
0x180065808 GetFocus
0x180065810 LoadBitmapA
0x180065818 GetMenuCheckMarkDimensions
0x180065820 SetMenuItemBitmaps
0x180065828 ValidateRect
0x180065830 GetCursorPos
0x180065838 PeekMessageA
0x180065840 GetKeyState
0x180065848 EndDialog
0x180065850 GetWindowThreadProcessId
0x180065858 GetWindowLongA
0x180065860 GetLastActivePopup
0x180065868 IsWindowEnabled
0x180065870 MessageBoxA
0x180065878 SetCursor
0x180065880 SetWindowsHookExA
0x180065888 CallNextHookEx
0x180065890 GetMessageA
0x180065898 TranslateMessage
0x1800658a0 DispatchMessageA
0x1800658a8 GetActiveWindow
0x1800658b0 IsWindowVisible
0x1800658b8 SetWindowLongPtrA
GDI32.dll
0x180065050 DeleteDC
0x180065058 GetStockObject
0x180065060 GetDeviceCaps
0x180065068 GetBkColor
0x180065070 SetWindowExtEx
0x180065078 ScaleWindowExtEx
0x180065080 ScaleViewportExtEx
0x180065088 SetViewportExtEx
0x180065090 OffsetViewportOrgEx
0x180065098 SetViewportOrgEx
0x1800650a0 Escape
0x1800650a8 TextOutA
0x1800650b0 RectVisible
0x1800650b8 PtVisible
0x1800650c0 CreateBitmap
0x1800650c8 DeleteObject
0x1800650d0 IntersectClipRect
0x1800650d8 ExcludeClipRect
0x1800650e0 SetMapMode
0x1800650e8 RestoreDC
0x1800650f0 SaveDC
0x1800650f8 ExtTextOutA
0x180065100 GetObjectA
0x180065108 SetBkColor
0x180065110 SetTextColor
0x180065118 GetClipBox
0x180065120 GetTextExtentPoint32A
0x180065128 GetTextMetricsA
0x180065130 SelectObject
WINSPOOL.DRV
0x1800658c8 DocumentPropertiesA
0x1800658d0 OpenPrinterA
0x1800658d8 ClosePrinter
ADVAPI32.dll
0x180065000 RegSetValueExA
0x180065008 RegCreateKeyExA
0x180065010 RegQueryValueA
0x180065018 RegOpenKeyA
0x180065020 RegEnumKeyA
0x180065028 RegDeleteKeyA
0x180065030 RegOpenKeyExA
0x180065038 RegQueryValueExA
0x180065040 RegCloseKey
SHLWAPI.dll
0x1800654f8 PathFindExtensionA
ole32.dll
0x1800658e8 CoLoadLibrary
OLEAUT32.dll
0x1800654d8 VariantClear
0x1800654e0 VariantChangeType
0x1800654e8 VariantInit
EAT(Export Address Table) Library
0x180021db0 DllRegisterServer
KERNEL32.dll
0x180065140 FlsSetValue
0x180065148 GetCommandLineA
0x180065150 HeapAlloc
0x180065158 HeapFree
0x180065160 Sleep
0x180065168 ExitProcess
0x180065170 HeapReAlloc
0x180065178 HeapQueryInformation
0x180065180 HeapSize
0x180065188 EncodePointer
0x180065190 DecodePointer
0x180065198 FlsGetValue
0x1800651a0 FlsFree
0x1800651a8 FlsAlloc
0x1800651b0 TerminateProcess
0x1800651b8 UnhandledExceptionFilter
0x1800651c0 SetUnhandledExceptionFilter
0x1800651c8 IsDebuggerPresent
0x1800651d0 RtlVirtualUnwind
0x1800651d8 RtlCaptureContext
0x1800651e0 GetACP
0x1800651e8 IsValidCodePage
0x1800651f0 GetSystemTimeAsFileTime
0x1800651f8 GetStdHandle
0x180065200 GetFileType
0x180065208 GetStartupInfoA
0x180065210 FreeEnvironmentStringsA
0x180065218 GetEnvironmentStrings
0x180065220 FreeEnvironmentStringsW
0x180065228 GetEnvironmentStringsW
0x180065230 HeapSetInformation
0x180065238 HeapCreate
0x180065240 HeapDestroy
0x180065248 QueryPerformanceCounter
0x180065250 GetTickCount
0x180065258 InitializeCriticalSectionAndSpinCount
0x180065260 LCMapStringA
0x180065268 LCMapStringW
0x180065270 GetStringTypeA
0x180065278 GetStringTypeW
0x180065280 GetUserDefaultLCID
0x180065288 EnumSystemLocalesA
0x180065290 IsValidLocale
0x180065298 GetConsoleCP
0x1800652a0 GetConsoleMode
0x1800652a8 GetLocaleInfoW
0x1800652b0 SetStdHandle
0x1800652b8 WriteConsoleA
0x1800652c0 GetConsoleOutputCP
0x1800652c8 WriteConsoleW
0x1800652d0 RtlPcToFileHeader
0x1800652d8 RaiseException
0x1800652e0 RtlUnwindEx
0x1800652e8 RtlLookupFunctionEntry
0x1800652f0 GetModuleHandleW
0x1800652f8 GetOEMCP
0x180065300 GetCPInfo
0x180065308 CreateFileA
0x180065310 GetCurrentProcess
0x180065318 FlushFileBuffers
0x180065320 SetFilePointer
0x180065328 WriteFile
0x180065330 ReadFile
0x180065338 DeleteCriticalSection
0x180065340 LocalReAlloc
0x180065348 TlsSetValue
0x180065350 GlobalHandle
0x180065358 GlobalReAlloc
0x180065360 TlsAlloc
0x180065368 InitializeCriticalSection
0x180065370 EnterCriticalSection
0x180065378 TlsGetValue
0x180065380 LeaveCriticalSection
0x180065388 LocalAlloc
0x180065390 GlobalFlags
0x180065398 WritePrivateProfileStringA
0x1800653a0 FormatMessageA
0x1800653a8 LocalFree
0x1800653b0 MulDiv
0x1800653b8 lstrlenA
0x1800653c0 GlobalGetAtomNameA
0x1800653c8 GlobalFindAtomA
0x1800653d0 MultiByteToWideChar
0x1800653d8 lstrcmpW
0x1800653e0 GetVersionExA
0x1800653e8 GlobalUnlock
0x1800653f0 GlobalFree
0x1800653f8 FreeResource
0x180065400 GetCurrentProcessId
0x180065408 GetLastError
0x180065410 SetLastError
0x180065418 GlobalAddAtomA
0x180065420 CloseHandle
0x180065428 GlobalDeleteAtom
0x180065430 GetCurrentThread
0x180065438 GetCurrentThreadId
0x180065440 ConvertDefaultLocale
0x180065448 EnumResourceLanguagesA
0x180065450 GetModuleFileNameA
0x180065458 GetLocaleInfoA
0x180065460 LoadLibraryA
0x180065468 CompareStringA
0x180065470 GlobalLock
0x180065478 lstrcmpA
0x180065480 GlobalAlloc
0x180065488 FreeLibrary
0x180065490 GetModuleHandleA
0x180065498 GetProcAddress
0x1800654a0 LoadResource
0x1800654a8 LockResource
0x1800654b0 SizeofResource
0x1800654b8 FindResourceA
0x1800654c0 SetHandleCount
0x1800654c8 WideCharToMultiByte
USER32.dll
0x180065508 SetRect
0x180065510 KillTimer
0x180065518 WindowFromPoint
0x180065520 EndPaint
0x180065528 BeginPaint
0x180065530 GetWindowDC
0x180065538 ReleaseDC
0x180065540 GetDC
0x180065548 ClientToScreen
0x180065550 GrayStringA
0x180065558 DrawTextExA
0x180065560 DrawTextA
0x180065568 TabbedTextOutA
0x180065570 DestroyMenu
0x180065578 ShowWindow
0x180065580 SetWindowTextA
0x180065588 IsDialogMessageA
0x180065590 RegisterWindowMessageA
0x180065598 SendDlgItemMessageA
0x1800655a0 WinHelpA
0x1800655a8 IsChild
0x1800655b0 GetCapture
0x1800655b8 GetClassLongA
0x1800655c0 GetClassNameA
0x1800655c8 GetClassLongPtrA
0x1800655d0 SetPropA
0x1800655d8 GetPropA
0x1800655e0 RemovePropA
0x1800655e8 SetFocus
0x1800655f0 InvalidateRect
0x1800655f8 GetForegroundWindow
0x180065600 BeginDeferWindowPos
0x180065608 EndDeferWindowPos
0x180065610 GetTopWindow
0x180065618 GetWindowLongPtrA
0x180065620 UnhookWindowsHookEx
0x180065628 GetMessageTime
0x180065630 GetMessagePos
0x180065638 MapWindowPoints
0x180065640 SetMenu
0x180065648 SetForegroundWindow
0x180065650 UpdateWindow
0x180065658 GetSubMenu
0x180065660 GetMenuItemID
0x180065668 GetMenuItemCount
0x180065670 CreateWindowExA
0x180065678 GetClassInfoExA
0x180065680 GetClassInfoA
0x180065688 RegisterClassA
0x180065690 GetSysColor
0x180065698 AdjustWindowRectEx
0x1800656a0 ScreenToClient
0x1800656a8 EqualRect
0x1800656b0 DeferWindowPos
0x1800656b8 CopyRect
0x1800656c0 PtInRect
0x1800656c8 GetDlgCtrlID
0x1800656d0 DefWindowProcA
0x1800656d8 CallWindowProcA
0x1800656e0 GetMenu
0x1800656e8 SetWindowLongA
0x1800656f0 SetWindowPos
0x1800656f8 SystemParametersInfoA
0x180065700 LoadIconA
0x180065708 SetTimer
0x180065710 GetClientRect
0x180065718 SendMessageA
0x180065720 GetWindowPlacement
0x180065728 GetWindow
0x180065730 GetWindowRect
0x180065738 OffsetRect
0x180065740 SetRectEmpty
0x180065748 IsZoomed
0x180065750 GetDesktopWindow
0x180065758 SetActiveWindow
0x180065760 CreateDialogIndirectParamA
0x180065768 DestroyWindow
0x180065770 IsWindow
0x180065778 GetDlgItem
0x180065780 GetNextDlgTabItem
0x180065788 GetSysColorBrush
0x180065790 GetWindowTextA
0x180065798 LoadCursorA
0x1800657a0 AppendMenuA
0x1800657a8 GetSystemMenu
0x1800657b0 DrawIcon
0x1800657b8 GetSystemMetrics
0x1800657c0 IsIconic
0x1800657c8 EnableWindow
0x1800657d0 PostQuitMessage
0x1800657d8 PostMessageA
0x1800657e0 CheckMenuItem
0x1800657e8 EnableMenuItem
0x1800657f0 GetMenuState
0x1800657f8 ModifyMenuA
0x180065800 GetParent
0x180065808 GetFocus
0x180065810 LoadBitmapA
0x180065818 GetMenuCheckMarkDimensions
0x180065820 SetMenuItemBitmaps
0x180065828 ValidateRect
0x180065830 GetCursorPos
0x180065838 PeekMessageA
0x180065840 GetKeyState
0x180065848 EndDialog
0x180065850 GetWindowThreadProcessId
0x180065858 GetWindowLongA
0x180065860 GetLastActivePopup
0x180065868 IsWindowEnabled
0x180065870 MessageBoxA
0x180065878 SetCursor
0x180065880 SetWindowsHookExA
0x180065888 CallNextHookEx
0x180065890 GetMessageA
0x180065898 TranslateMessage
0x1800658a0 DispatchMessageA
0x1800658a8 GetActiveWindow
0x1800658b0 IsWindowVisible
0x1800658b8 SetWindowLongPtrA
GDI32.dll
0x180065050 DeleteDC
0x180065058 GetStockObject
0x180065060 GetDeviceCaps
0x180065068 GetBkColor
0x180065070 SetWindowExtEx
0x180065078 ScaleWindowExtEx
0x180065080 ScaleViewportExtEx
0x180065088 SetViewportExtEx
0x180065090 OffsetViewportOrgEx
0x180065098 SetViewportOrgEx
0x1800650a0 Escape
0x1800650a8 TextOutA
0x1800650b0 RectVisible
0x1800650b8 PtVisible
0x1800650c0 CreateBitmap
0x1800650c8 DeleteObject
0x1800650d0 IntersectClipRect
0x1800650d8 ExcludeClipRect
0x1800650e0 SetMapMode
0x1800650e8 RestoreDC
0x1800650f0 SaveDC
0x1800650f8 ExtTextOutA
0x180065100 GetObjectA
0x180065108 SetBkColor
0x180065110 SetTextColor
0x180065118 GetClipBox
0x180065120 GetTextExtentPoint32A
0x180065128 GetTextMetricsA
0x180065130 SelectObject
WINSPOOL.DRV
0x1800658c8 DocumentPropertiesA
0x1800658d0 OpenPrinterA
0x1800658d8 ClosePrinter
ADVAPI32.dll
0x180065000 RegSetValueExA
0x180065008 RegCreateKeyExA
0x180065010 RegQueryValueA
0x180065018 RegOpenKeyA
0x180065020 RegEnumKeyA
0x180065028 RegDeleteKeyA
0x180065030 RegOpenKeyExA
0x180065038 RegQueryValueExA
0x180065040 RegCloseKey
SHLWAPI.dll
0x1800654f8 PathFindExtensionA
ole32.dll
0x1800658e8 CoLoadLibrary
OLEAUT32.dll
0x1800654d8 VariantClear
0x1800654e0 VariantChangeType
0x1800654e8 VariantInit
EAT(Export Address Table) Library
0x180021db0 DllRegisterServer