ScreenShot
| Created | 2023.02.23 12:19 | Machine | s1_win7_x6401 |
| Filename | 2209.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (Malicious, score, GenericKD, Unsafe, Upatre, FileRepMalware, Misc, CLOUD, W23Z7G, Minerva, isddw, Tiggre, Detected, ai score=86, Oader, Lcnw, Chgt, confidence, 100%) | ||
| md5 | f3d4ae3bf283967e6091cc6fad4d80d4 | ||
| sha256 | cce45884a2b9e6e7060e0d69e9e2eb0d104cd32932403010eacc6ecf8a007107 | ||
| ssdeep | 6144:pIr3dfiMXANZqskF1JPyMNmYzfAoIlni8oAGV6uIZagNP:pIxR11yQzKk8WXcP | ||
| imphash | 74d717a617b5b98781bb59a3bf2e6a30 | ||
| impfuzzy | 48:GKo/kNEA+EQbH6UWXiHFyNvJELtsgGy+CAkJE/yLnBn6gIE9oz6UygAwovGfSYkm:GKsY+pbH6UWXiHFyNvitsgGyZ9tsLoNQ | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14004b000 RegCreateKeyExW
0x14004b008 RegCloseKey
0x14004b010 RegSetValueExW
0x14004b018 RegQueryValueExW
0x14004b020 RegDeleteValueW
0x14004b028 RegOpenKeyExW
0x14004b030 RegNotifyChangeKeyValue
0x14004b038 RegFlushKey
KERNEL32.dll
0x14004b080 EnterCriticalSection
0x14004b088 DeleteCriticalSection
0x14004b090 GetCommandLineW
0x14004b098 lstrlenA
0x14004b0a0 FreeLibrary
0x14004b0a8 WaitForSingleObject
0x14004b0b0 SetEvent
0x14004b0b8 RegisterApplicationRestart
0x14004b0c0 LoadLibraryW
0x14004b0c8 Sleep
0x14004b0d0 CreateEventW
0x14004b0d8 WaitForMultipleObjects
0x14004b0e0 HeapSetInformation
0x14004b0e8 GetCurrentThreadId
0x14004b0f0 CloseHandle
0x14004b0f8 GetVersionExW
0x14004b100 GetProcAddress
0x14004b108 GetSystemInfo
0x14004b110 GetFullPathNameW
0x14004b118 WideCharToMultiByte
0x14004b120 ReadConsoleW
0x14004b128 ReadFile
0x14004b130 GetProcessHeap
0x14004b138 GetCurrentDirectoryW
0x14004b140 WriteConsoleW
0x14004b148 VirtualQuery
0x14004b150 VirtualProtect
0x14004b158 VirtualAlloc
0x14004b160 SetThreadStackGuarantee
0x14004b168 FlushFileBuffers
0x14004b170 SetStdHandle
0x14004b178 CreateFileW
0x14004b180 SetFilePointer
0x14004b188 GetConsoleMode
0x14004b190 GetConsoleCP
0x14004b198 LCMapStringW
0x14004b1a0 GetStringTypeW
0x14004b1a8 MultiByteToWideChar
0x14004b1b0 LoadLibraryExW
0x14004b1b8 InitializeCriticalSectionAndSpinCount
0x14004b1c0 HeapSize
0x14004b1c8 GetCPInfo
0x14004b1d0 GetOEMCP
0x14004b1d8 GetACP
0x14004b1e0 IsValidCodePage
0x14004b1e8 OutputDebugStringA
0x14004b1f0 FreeEnvironmentStringsW
0x14004b1f8 lstrlenW
0x14004b200 GetModuleFileNameW
0x14004b208 GetFileAttributesW
0x14004b210 LeaveCriticalSection
0x14004b218 GetSystemDirectoryW
0x14004b220 InitializeCriticalSection
0x14004b228 SetEndOfFile
0x14004b230 GetEnvironmentStringsW
0x14004b238 GetTickCount
0x14004b240 GetSystemTimeAsFileTime
0x14004b248 GetCurrentProcessId
0x14004b250 QueryPerformanceCounter
0x14004b258 SetHandleCount
0x14004b260 GetFileType
0x14004b268 HeapCreate
0x14004b270 GetModuleFileNameA
0x14004b278 WriteFile
0x14004b280 GetCommandLineA
0x14004b288 GetStartupInfoW
0x14004b290 GetLastError
0x14004b298 HeapFree
0x14004b2a0 HeapReAlloc
0x14004b2a8 FlsGetValue
0x14004b2b0 FlsSetValue
0x14004b2b8 CreateThread
0x14004b2c0 ExitThread
0x14004b2c8 RtlCaptureContext
0x14004b2d0 RtlLookupFunctionEntry
0x14004b2d8 RtlVirtualUnwind
0x14004b2e0 UnhandledExceptionFilter
0x14004b2e8 SetUnhandledExceptionFilter
0x14004b2f0 GetCurrentProcess
0x14004b2f8 TerminateProcess
0x14004b300 RtlPcToFileHeader
0x14004b308 RaiseException
0x14004b310 RtlUnwindEx
0x14004b318 HeapAlloc
0x14004b320 GetModuleHandleW
0x14004b328 EncodePointer
0x14004b330 DecodePointer
0x14004b338 SetLastError
0x14004b340 FlsAlloc
0x14004b348 FlsFree
0x14004b350 ExitProcess
0x14004b358 GetModuleHandleExW
0x14004b360 GetStdHandle
USER32.dll
0x14004b3a8 UpdateWindow
0x14004b3b0 SetWindowTextW
0x14004b3b8 DispatchMessageW
0x14004b3c0 EnableWindow
0x14004b3c8 DestroyWindow
0x14004b3d0 SetTimer
0x14004b3d8 GetWindowRect
0x14004b3e0 PostQuitMessage
0x14004b3e8 PostMessageW
0x14004b3f0 KillTimer
0x14004b3f8 MsgWaitForMultipleObjects
0x14004b400 GetKeyState
0x14004b408 SetForegroundWindow
0x14004b410 GetFocus
0x14004b418 DialogBoxParamW
0x14004b420 CallNextHookEx
0x14004b428 IsWindowEnabled
0x14004b430 GetWindowLongPtrW
0x14004b438 GetClientRect
0x14004b440 SetFocus
0x14004b448 TranslateMessage
0x14004b450 IsDialogMessageW
0x14004b458 LoadIconW
0x14004b460 GetWindowLongW
0x14004b468 PeekMessageW
0x14004b470 GetDlgItem
0x14004b478 EndDialog
0x14004b480 GetDesktopWindow
0x14004b488 SetWindowPos
0x14004b490 CheckDlgButton
0x14004b498 LoadStringW
0x14004b4a0 ShowWindow
0x14004b4a8 CreateDialogParamW
0x14004b4b0 SetWindowsHookExW
0x14004b4b8 AdjustWindowRectEx
0x14004b4c0 UnhookWindowsHookEx
0x14004b4c8 MessageBoxW
0x14004b4d0 SendMessageW
COMCTL32.dll
0x14004b048 ImageList_Create
0x14004b050 ImageList_ReplaceIcon
0x14004b058 None
0x14004b060 ImageList_Destroy
COMDLG32.dll
0x14004b070 GetSaveFileNameW
SHELL32.dll
0x14004b398 ShellExecuteW
ole32.dll
0x14004b4e0 CoUninitialize
0x14004b4e8 CoInitializeSecurity
0x14004b4f0 CoInitialize
0x14004b4f8 CoCreateInstance
OLEAUT32.dll
0x14004b370 SysFreeString
0x14004b378 SysAllocString
0x14004b380 VariantInit
0x14004b388 VariantClear
EAT(Export Address Table) is none
ADVAPI32.dll
0x14004b000 RegCreateKeyExW
0x14004b008 RegCloseKey
0x14004b010 RegSetValueExW
0x14004b018 RegQueryValueExW
0x14004b020 RegDeleteValueW
0x14004b028 RegOpenKeyExW
0x14004b030 RegNotifyChangeKeyValue
0x14004b038 RegFlushKey
KERNEL32.dll
0x14004b080 EnterCriticalSection
0x14004b088 DeleteCriticalSection
0x14004b090 GetCommandLineW
0x14004b098 lstrlenA
0x14004b0a0 FreeLibrary
0x14004b0a8 WaitForSingleObject
0x14004b0b0 SetEvent
0x14004b0b8 RegisterApplicationRestart
0x14004b0c0 LoadLibraryW
0x14004b0c8 Sleep
0x14004b0d0 CreateEventW
0x14004b0d8 WaitForMultipleObjects
0x14004b0e0 HeapSetInformation
0x14004b0e8 GetCurrentThreadId
0x14004b0f0 CloseHandle
0x14004b0f8 GetVersionExW
0x14004b100 GetProcAddress
0x14004b108 GetSystemInfo
0x14004b110 GetFullPathNameW
0x14004b118 WideCharToMultiByte
0x14004b120 ReadConsoleW
0x14004b128 ReadFile
0x14004b130 GetProcessHeap
0x14004b138 GetCurrentDirectoryW
0x14004b140 WriteConsoleW
0x14004b148 VirtualQuery
0x14004b150 VirtualProtect
0x14004b158 VirtualAlloc
0x14004b160 SetThreadStackGuarantee
0x14004b168 FlushFileBuffers
0x14004b170 SetStdHandle
0x14004b178 CreateFileW
0x14004b180 SetFilePointer
0x14004b188 GetConsoleMode
0x14004b190 GetConsoleCP
0x14004b198 LCMapStringW
0x14004b1a0 GetStringTypeW
0x14004b1a8 MultiByteToWideChar
0x14004b1b0 LoadLibraryExW
0x14004b1b8 InitializeCriticalSectionAndSpinCount
0x14004b1c0 HeapSize
0x14004b1c8 GetCPInfo
0x14004b1d0 GetOEMCP
0x14004b1d8 GetACP
0x14004b1e0 IsValidCodePage
0x14004b1e8 OutputDebugStringA
0x14004b1f0 FreeEnvironmentStringsW
0x14004b1f8 lstrlenW
0x14004b200 GetModuleFileNameW
0x14004b208 GetFileAttributesW
0x14004b210 LeaveCriticalSection
0x14004b218 GetSystemDirectoryW
0x14004b220 InitializeCriticalSection
0x14004b228 SetEndOfFile
0x14004b230 GetEnvironmentStringsW
0x14004b238 GetTickCount
0x14004b240 GetSystemTimeAsFileTime
0x14004b248 GetCurrentProcessId
0x14004b250 QueryPerformanceCounter
0x14004b258 SetHandleCount
0x14004b260 GetFileType
0x14004b268 HeapCreate
0x14004b270 GetModuleFileNameA
0x14004b278 WriteFile
0x14004b280 GetCommandLineA
0x14004b288 GetStartupInfoW
0x14004b290 GetLastError
0x14004b298 HeapFree
0x14004b2a0 HeapReAlloc
0x14004b2a8 FlsGetValue
0x14004b2b0 FlsSetValue
0x14004b2b8 CreateThread
0x14004b2c0 ExitThread
0x14004b2c8 RtlCaptureContext
0x14004b2d0 RtlLookupFunctionEntry
0x14004b2d8 RtlVirtualUnwind
0x14004b2e0 UnhandledExceptionFilter
0x14004b2e8 SetUnhandledExceptionFilter
0x14004b2f0 GetCurrentProcess
0x14004b2f8 TerminateProcess
0x14004b300 RtlPcToFileHeader
0x14004b308 RaiseException
0x14004b310 RtlUnwindEx
0x14004b318 HeapAlloc
0x14004b320 GetModuleHandleW
0x14004b328 EncodePointer
0x14004b330 DecodePointer
0x14004b338 SetLastError
0x14004b340 FlsAlloc
0x14004b348 FlsFree
0x14004b350 ExitProcess
0x14004b358 GetModuleHandleExW
0x14004b360 GetStdHandle
USER32.dll
0x14004b3a8 UpdateWindow
0x14004b3b0 SetWindowTextW
0x14004b3b8 DispatchMessageW
0x14004b3c0 EnableWindow
0x14004b3c8 DestroyWindow
0x14004b3d0 SetTimer
0x14004b3d8 GetWindowRect
0x14004b3e0 PostQuitMessage
0x14004b3e8 PostMessageW
0x14004b3f0 KillTimer
0x14004b3f8 MsgWaitForMultipleObjects
0x14004b400 GetKeyState
0x14004b408 SetForegroundWindow
0x14004b410 GetFocus
0x14004b418 DialogBoxParamW
0x14004b420 CallNextHookEx
0x14004b428 IsWindowEnabled
0x14004b430 GetWindowLongPtrW
0x14004b438 GetClientRect
0x14004b440 SetFocus
0x14004b448 TranslateMessage
0x14004b450 IsDialogMessageW
0x14004b458 LoadIconW
0x14004b460 GetWindowLongW
0x14004b468 PeekMessageW
0x14004b470 GetDlgItem
0x14004b478 EndDialog
0x14004b480 GetDesktopWindow
0x14004b488 SetWindowPos
0x14004b490 CheckDlgButton
0x14004b498 LoadStringW
0x14004b4a0 ShowWindow
0x14004b4a8 CreateDialogParamW
0x14004b4b0 SetWindowsHookExW
0x14004b4b8 AdjustWindowRectEx
0x14004b4c0 UnhookWindowsHookEx
0x14004b4c8 MessageBoxW
0x14004b4d0 SendMessageW
COMCTL32.dll
0x14004b048 ImageList_Create
0x14004b050 ImageList_ReplaceIcon
0x14004b058 None
0x14004b060 ImageList_Destroy
COMDLG32.dll
0x14004b070 GetSaveFileNameW
SHELL32.dll
0x14004b398 ShellExecuteW
ole32.dll
0x14004b4e0 CoUninitialize
0x14004b4e8 CoInitializeSecurity
0x14004b4f0 CoInitialize
0x14004b4f8 CoCreateInstance
OLEAUT32.dll
0x14004b370 SysFreeString
0x14004b378 SysAllocString
0x14004b380 VariantInit
0x14004b388 VariantClear
EAT(Export Address Table) is none