Report - 2209.exe

Gen2 Gen1 UPX Malicious Library PE File PE64
ScreenShot
Created 2023.02.23 12:19 Machine s1_win7_x6401
Filename 2209.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score Not founds Behavior Score
1.2
ZERO API file : malware
VT API (file) 29 detected (Malicious, score, GenericKD, Unsafe, Upatre, FileRepMalware, Misc, CLOUD, W23Z7G, Minerva, isddw, Tiggre, Detected, ai score=86, Oader, Lcnw, Chgt, confidence, 100%)
md5 f3d4ae3bf283967e6091cc6fad4d80d4
sha256 cce45884a2b9e6e7060e0d69e9e2eb0d104cd32932403010eacc6ecf8a007107
ssdeep 6144:pIr3dfiMXANZqskF1JPyMNmYzfAoIlni8oAGV6uIZagNP:pIxR11yQzKk8WXcP
imphash 74d717a617b5b98781bb59a3bf2e6a30
impfuzzy 48:GKo/kNEA+EQbH6UWXiHFyNvJELtsgGy+CAkJE/yLnBn6gIE9oz6UygAwovGfSYkm:GKsY+pbH6UWXiHFyNvitsgGyZ9tsLoNQ
  Network IP location

Signature (3cnts)

Level Description
warning File has been identified by 29 AntiVirus engines on VirusTotal as malicious
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path

Rules (6cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)
info Win32_Trojan_Gen_2_0904B0_Zero Win32 Trojan Gen binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

ADVAPI32.dll
 0x14004b000 RegCreateKeyExW
 0x14004b008 RegCloseKey
 0x14004b010 RegSetValueExW
 0x14004b018 RegQueryValueExW
 0x14004b020 RegDeleteValueW
 0x14004b028 RegOpenKeyExW
 0x14004b030 RegNotifyChangeKeyValue
 0x14004b038 RegFlushKey
KERNEL32.dll
 0x14004b080 EnterCriticalSection
 0x14004b088 DeleteCriticalSection
 0x14004b090 GetCommandLineW
 0x14004b098 lstrlenA
 0x14004b0a0 FreeLibrary
 0x14004b0a8 WaitForSingleObject
 0x14004b0b0 SetEvent
 0x14004b0b8 RegisterApplicationRestart
 0x14004b0c0 LoadLibraryW
 0x14004b0c8 Sleep
 0x14004b0d0 CreateEventW
 0x14004b0d8 WaitForMultipleObjects
 0x14004b0e0 HeapSetInformation
 0x14004b0e8 GetCurrentThreadId
 0x14004b0f0 CloseHandle
 0x14004b0f8 GetVersionExW
 0x14004b100 GetProcAddress
 0x14004b108 GetSystemInfo
 0x14004b110 GetFullPathNameW
 0x14004b118 WideCharToMultiByte
 0x14004b120 ReadConsoleW
 0x14004b128 ReadFile
 0x14004b130 GetProcessHeap
 0x14004b138 GetCurrentDirectoryW
 0x14004b140 WriteConsoleW
 0x14004b148 VirtualQuery
 0x14004b150 VirtualProtect
 0x14004b158 VirtualAlloc
 0x14004b160 SetThreadStackGuarantee
 0x14004b168 FlushFileBuffers
 0x14004b170 SetStdHandle
 0x14004b178 CreateFileW
 0x14004b180 SetFilePointer
 0x14004b188 GetConsoleMode
 0x14004b190 GetConsoleCP
 0x14004b198 LCMapStringW
 0x14004b1a0 GetStringTypeW
 0x14004b1a8 MultiByteToWideChar
 0x14004b1b0 LoadLibraryExW
 0x14004b1b8 InitializeCriticalSectionAndSpinCount
 0x14004b1c0 HeapSize
 0x14004b1c8 GetCPInfo
 0x14004b1d0 GetOEMCP
 0x14004b1d8 GetACP
 0x14004b1e0 IsValidCodePage
 0x14004b1e8 OutputDebugStringA
 0x14004b1f0 FreeEnvironmentStringsW
 0x14004b1f8 lstrlenW
 0x14004b200 GetModuleFileNameW
 0x14004b208 GetFileAttributesW
 0x14004b210 LeaveCriticalSection
 0x14004b218 GetSystemDirectoryW
 0x14004b220 InitializeCriticalSection
 0x14004b228 SetEndOfFile
 0x14004b230 GetEnvironmentStringsW
 0x14004b238 GetTickCount
 0x14004b240 GetSystemTimeAsFileTime
 0x14004b248 GetCurrentProcessId
 0x14004b250 QueryPerformanceCounter
 0x14004b258 SetHandleCount
 0x14004b260 GetFileType
 0x14004b268 HeapCreate
 0x14004b270 GetModuleFileNameA
 0x14004b278 WriteFile
 0x14004b280 GetCommandLineA
 0x14004b288 GetStartupInfoW
 0x14004b290 GetLastError
 0x14004b298 HeapFree
 0x14004b2a0 HeapReAlloc
 0x14004b2a8 FlsGetValue
 0x14004b2b0 FlsSetValue
 0x14004b2b8 CreateThread
 0x14004b2c0 ExitThread
 0x14004b2c8 RtlCaptureContext
 0x14004b2d0 RtlLookupFunctionEntry
 0x14004b2d8 RtlVirtualUnwind
 0x14004b2e0 UnhandledExceptionFilter
 0x14004b2e8 SetUnhandledExceptionFilter
 0x14004b2f0 GetCurrentProcess
 0x14004b2f8 TerminateProcess
 0x14004b300 RtlPcToFileHeader
 0x14004b308 RaiseException
 0x14004b310 RtlUnwindEx
 0x14004b318 HeapAlloc
 0x14004b320 GetModuleHandleW
 0x14004b328 EncodePointer
 0x14004b330 DecodePointer
 0x14004b338 SetLastError
 0x14004b340 FlsAlloc
 0x14004b348 FlsFree
 0x14004b350 ExitProcess
 0x14004b358 GetModuleHandleExW
 0x14004b360 GetStdHandle
USER32.dll
 0x14004b3a8 UpdateWindow
 0x14004b3b0 SetWindowTextW
 0x14004b3b8 DispatchMessageW
 0x14004b3c0 EnableWindow
 0x14004b3c8 DestroyWindow
 0x14004b3d0 SetTimer
 0x14004b3d8 GetWindowRect
 0x14004b3e0 PostQuitMessage
 0x14004b3e8 PostMessageW
 0x14004b3f0 KillTimer
 0x14004b3f8 MsgWaitForMultipleObjects
 0x14004b400 GetKeyState
 0x14004b408 SetForegroundWindow
 0x14004b410 GetFocus
 0x14004b418 DialogBoxParamW
 0x14004b420 CallNextHookEx
 0x14004b428 IsWindowEnabled
 0x14004b430 GetWindowLongPtrW
 0x14004b438 GetClientRect
 0x14004b440 SetFocus
 0x14004b448 TranslateMessage
 0x14004b450 IsDialogMessageW
 0x14004b458 LoadIconW
 0x14004b460 GetWindowLongW
 0x14004b468 PeekMessageW
 0x14004b470 GetDlgItem
 0x14004b478 EndDialog
 0x14004b480 GetDesktopWindow
 0x14004b488 SetWindowPos
 0x14004b490 CheckDlgButton
 0x14004b498 LoadStringW
 0x14004b4a0 ShowWindow
 0x14004b4a8 CreateDialogParamW
 0x14004b4b0 SetWindowsHookExW
 0x14004b4b8 AdjustWindowRectEx
 0x14004b4c0 UnhookWindowsHookEx
 0x14004b4c8 MessageBoxW
 0x14004b4d0 SendMessageW
COMCTL32.dll
 0x14004b048 ImageList_Create
 0x14004b050 ImageList_ReplaceIcon
 0x14004b058 None
 0x14004b060 ImageList_Destroy
COMDLG32.dll
 0x14004b070 GetSaveFileNameW
SHELL32.dll
 0x14004b398 ShellExecuteW
ole32.dll
 0x14004b4e0 CoUninitialize
 0x14004b4e8 CoInitializeSecurity
 0x14004b4f0 CoInitialize
 0x14004b4f8 CoCreateInstance
OLEAUT32.dll
 0x14004b370 SysFreeString
 0x14004b378 SysAllocString
 0x14004b380 VariantInit
 0x14004b388 VariantClear

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure