ScreenShot
| Created | 2023.02.19 14:15 | Machine | s1_win7_x6401 |
| Filename | 57120045430889059520.bin | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (AIDetectNet, Tasker, Lazy, ClipBanker, Save, malicious, confidence, 100%, ZexaF, @F0@aSPFLRgi, Attribute, HighConfidence, high confidence, Kryptik, HRTC, score, ayxi, Kqil, high, Generic ML PUA, Static AI, Malicious PE, AGEN, Sabsik, R528972, Artemis, ai score=84, BScope, TrojanPSW, Coins, Unsafe, R002H0CBI23, o8wrBs1QCtE, FXIU) | ||
| md5 | 34e8a1e9b59e98a53c0021c0d5042b69 | ||
| sha256 | 725914e9d2640f4841b454bd652df29d25a17524eb2ea1868a1f8445af22a500 | ||
| ssdeep | 98304:BE3bhhOPV1ciYh1W/p/Rup38nMFfdlTD38/050VX7Mei/2bS:2Qd1ciWI/p/Rup38MrZDH50x7M//QS | ||
| imphash | 895e5e6e037e9108574fb94ed614d804 | ||
| impfuzzy | 48:IFONXYu14ASXJ+Zcp++vZZZwTSttKiyuQ3a:IFO11AXJ+Zcp+qjwSttLyuua | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x75f000 LoadLibraryW
0x75f004 GetProcAddress
0x75f008 ReadFile
0x75f00c WriteFile
0x75f010 lstrlenA
0x75f014 WaitForSingleObject
0x75f018 LocalAlloc
0x75f01c CreateFileW
0x75f020 MultiByteToWideChar
0x75f024 DeleteFileW
0x75f028 CloseHandle
0x75f02c ExitProcess
0x75f030 CreateProcessW
0x75f034 CopyFileW
0x75f038 WideCharToMultiByte
0x75f03c Sleep
0x75f040 GlobalFree
SHELL32.dll
0x75f048 SHGetFolderPathW
KERNEL32.dll
0x75f050 GetSystemTimeAsFileTime
0x75f054 GetModuleHandleA
0x75f058 CreateEventA
0x75f05c GetModuleFileNameW
0x75f060 TerminateProcess
0x75f064 GetCurrentProcess
0x75f068 CreateToolhelp32Snapshot
0x75f06c Thread32First
0x75f070 GetCurrentProcessId
0x75f074 GetCurrentThreadId
0x75f078 OpenThread
0x75f07c Thread32Next
0x75f080 CloseHandle
0x75f084 SuspendThread
0x75f088 ResumeThread
0x75f08c WriteProcessMemory
0x75f090 GetSystemInfo
0x75f094 VirtualAlloc
0x75f098 VirtualProtect
0x75f09c VirtualFree
0x75f0a0 GetProcessAffinityMask
0x75f0a4 SetProcessAffinityMask
0x75f0a8 GetCurrentThread
0x75f0ac SetThreadAffinityMask
0x75f0b0 Sleep
0x75f0b4 LoadLibraryA
0x75f0b8 FreeLibrary
0x75f0bc GetTickCount
0x75f0c0 SystemTimeToFileTime
0x75f0c4 FileTimeToSystemTime
0x75f0c8 GlobalFree
0x75f0cc LocalAlloc
0x75f0d0 LocalFree
0x75f0d4 GetProcAddress
0x75f0d8 ExitProcess
0x75f0dc EnterCriticalSection
0x75f0e0 LeaveCriticalSection
0x75f0e4 InitializeCriticalSection
0x75f0e8 DeleteCriticalSection
0x75f0ec GetModuleHandleW
0x75f0f0 LoadResource
0x75f0f4 MultiByteToWideChar
0x75f0f8 FindResourceExW
0x75f0fc FindResourceExA
0x75f100 WideCharToMultiByte
0x75f104 GetThreadLocale
0x75f108 GetUserDefaultLCID
0x75f10c GetSystemDefaultLCID
0x75f110 EnumResourceNamesA
0x75f114 EnumResourceNamesW
0x75f118 EnumResourceLanguagesA
0x75f11c EnumResourceLanguagesW
0x75f120 EnumResourceTypesA
0x75f124 EnumResourceTypesW
0x75f128 CreateFileW
0x75f12c LoadLibraryW
0x75f130 GetLastError
0x75f134 FlushFileBuffers
0x75f138 WriteConsoleW
0x75f13c SetStdHandle
0x75f140 IsProcessorFeaturePresent
0x75f144 DecodePointer
0x75f148 GetCommandLineA
0x75f14c RaiseException
0x75f150 HeapFree
0x75f154 GetCPInfo
0x75f158 InterlockedIncrement
0x75f15c InterlockedDecrement
0x75f160 GetACP
0x75f164 GetOEMCP
0x75f168 IsValidCodePage
0x75f16c EncodePointer
0x75f170 TlsAlloc
0x75f174 TlsGetValue
0x75f178 TlsSetValue
0x75f17c TlsFree
0x75f180 SetLastError
0x75f184 UnhandledExceptionFilter
0x75f188 SetUnhandledExceptionFilter
0x75f18c IsDebuggerPresent
0x75f190 HeapAlloc
0x75f194 LCMapStringW
0x75f198 GetStringTypeW
0x75f19c SetHandleCount
0x75f1a0 GetStdHandle
0x75f1a4 InitializeCriticalSectionAndSpinCount
0x75f1a8 GetFileType
0x75f1ac GetStartupInfoW
0x75f1b0 GetModuleFileNameA
0x75f1b4 FreeEnvironmentStringsW
0x75f1b8 GetEnvironmentStringsW
0x75f1bc HeapCreate
0x75f1c0 HeapDestroy
0x75f1c4 QueryPerformanceCounter
0x75f1c8 HeapSize
0x75f1cc WriteFile
0x75f1d0 RtlUnwind
0x75f1d4 SetFilePointer
0x75f1d8 GetConsoleCP
0x75f1dc GetConsoleMode
0x75f1e0 HeapReAlloc
0x75f1e4 VirtualQuery
USER32.dll
0x75f1ec CharUpperBuffW
KERNEL32.dll
0x75f1f4 LocalAlloc
0x75f1f8 LocalFree
0x75f1fc GetModuleFileNameW
0x75f200 ExitProcess
0x75f204 LoadLibraryA
0x75f208 GetModuleHandleA
0x75f20c GetProcAddress
EAT(Export Address Table) Library
KERNEL32.dll
0x75f000 LoadLibraryW
0x75f004 GetProcAddress
0x75f008 ReadFile
0x75f00c WriteFile
0x75f010 lstrlenA
0x75f014 WaitForSingleObject
0x75f018 LocalAlloc
0x75f01c CreateFileW
0x75f020 MultiByteToWideChar
0x75f024 DeleteFileW
0x75f028 CloseHandle
0x75f02c ExitProcess
0x75f030 CreateProcessW
0x75f034 CopyFileW
0x75f038 WideCharToMultiByte
0x75f03c Sleep
0x75f040 GlobalFree
SHELL32.dll
0x75f048 SHGetFolderPathW
KERNEL32.dll
0x75f050 GetSystemTimeAsFileTime
0x75f054 GetModuleHandleA
0x75f058 CreateEventA
0x75f05c GetModuleFileNameW
0x75f060 TerminateProcess
0x75f064 GetCurrentProcess
0x75f068 CreateToolhelp32Snapshot
0x75f06c Thread32First
0x75f070 GetCurrentProcessId
0x75f074 GetCurrentThreadId
0x75f078 OpenThread
0x75f07c Thread32Next
0x75f080 CloseHandle
0x75f084 SuspendThread
0x75f088 ResumeThread
0x75f08c WriteProcessMemory
0x75f090 GetSystemInfo
0x75f094 VirtualAlloc
0x75f098 VirtualProtect
0x75f09c VirtualFree
0x75f0a0 GetProcessAffinityMask
0x75f0a4 SetProcessAffinityMask
0x75f0a8 GetCurrentThread
0x75f0ac SetThreadAffinityMask
0x75f0b0 Sleep
0x75f0b4 LoadLibraryA
0x75f0b8 FreeLibrary
0x75f0bc GetTickCount
0x75f0c0 SystemTimeToFileTime
0x75f0c4 FileTimeToSystemTime
0x75f0c8 GlobalFree
0x75f0cc LocalAlloc
0x75f0d0 LocalFree
0x75f0d4 GetProcAddress
0x75f0d8 ExitProcess
0x75f0dc EnterCriticalSection
0x75f0e0 LeaveCriticalSection
0x75f0e4 InitializeCriticalSection
0x75f0e8 DeleteCriticalSection
0x75f0ec GetModuleHandleW
0x75f0f0 LoadResource
0x75f0f4 MultiByteToWideChar
0x75f0f8 FindResourceExW
0x75f0fc FindResourceExA
0x75f100 WideCharToMultiByte
0x75f104 GetThreadLocale
0x75f108 GetUserDefaultLCID
0x75f10c GetSystemDefaultLCID
0x75f110 EnumResourceNamesA
0x75f114 EnumResourceNamesW
0x75f118 EnumResourceLanguagesA
0x75f11c EnumResourceLanguagesW
0x75f120 EnumResourceTypesA
0x75f124 EnumResourceTypesW
0x75f128 CreateFileW
0x75f12c LoadLibraryW
0x75f130 GetLastError
0x75f134 FlushFileBuffers
0x75f138 WriteConsoleW
0x75f13c SetStdHandle
0x75f140 IsProcessorFeaturePresent
0x75f144 DecodePointer
0x75f148 GetCommandLineA
0x75f14c RaiseException
0x75f150 HeapFree
0x75f154 GetCPInfo
0x75f158 InterlockedIncrement
0x75f15c InterlockedDecrement
0x75f160 GetACP
0x75f164 GetOEMCP
0x75f168 IsValidCodePage
0x75f16c EncodePointer
0x75f170 TlsAlloc
0x75f174 TlsGetValue
0x75f178 TlsSetValue
0x75f17c TlsFree
0x75f180 SetLastError
0x75f184 UnhandledExceptionFilter
0x75f188 SetUnhandledExceptionFilter
0x75f18c IsDebuggerPresent
0x75f190 HeapAlloc
0x75f194 LCMapStringW
0x75f198 GetStringTypeW
0x75f19c SetHandleCount
0x75f1a0 GetStdHandle
0x75f1a4 InitializeCriticalSectionAndSpinCount
0x75f1a8 GetFileType
0x75f1ac GetStartupInfoW
0x75f1b0 GetModuleFileNameA
0x75f1b4 FreeEnvironmentStringsW
0x75f1b8 GetEnvironmentStringsW
0x75f1bc HeapCreate
0x75f1c0 HeapDestroy
0x75f1c4 QueryPerformanceCounter
0x75f1c8 HeapSize
0x75f1cc WriteFile
0x75f1d0 RtlUnwind
0x75f1d4 SetFilePointer
0x75f1d8 GetConsoleCP
0x75f1dc GetConsoleMode
0x75f1e0 HeapReAlloc
0x75f1e4 VirtualQuery
USER32.dll
0x75f1ec CharUpperBuffW
KERNEL32.dll
0x75f1f4 LocalAlloc
0x75f1f8 LocalFree
0x75f1fc GetModuleFileNameW
0x75f200 ExitProcess
0x75f204 LoadLibraryA
0x75f208 GetModuleHandleA
0x75f20c GetProcAddress
EAT(Export Address Table) Library