Report - ss25.exe

Gen2 Gen1 UPX Malicious Library Malicious Packer PE File PE64
ScreenShot
Created 2023.03.08 11:09 Machine s1_win7_x6401
Filename ss25.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
3
Behavior Score
1.4
ZERO API file : malware
VT API (file) 16 detected (malicious, moderate confidence, GenericKD, FileRepMalware, Misc, PRIVATELOADER, YXDCGZ, Artemis, Casdet, ai score=81)
md5 48f4f6461f03606000016cee556bab4f
sha256 b840bd433a47d42c5ff7e6ef94c39b1309849398e7d4a51938fdcfacfa26b793
ssdeep 3072:xVFE/ZYueQ6059PKEywh8QzEfae1NJLgf7nDVF6PUp1Yo3ICgC:MYue05FhyI8wEHN5gfzDVlVXg
imphash 90292de38e2bd6803e8e5e27da945a11
impfuzzy 96:D6SJ3UVGbt6HPc2iJJSAomSIGLlCT6DX2fXHLk:D6i3sc2iJUALILlCT6DX2f7k
  Network IP location

Signature (4cnts)

Level Description
watch File has been identified by 16 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info The file contains an unknown PE resource name possibly indicative of a packer
info This executable has a PDB path

Rules (7cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)
info Win32_Trojan_Gen_2_0904B0_Zero Win32 Trojan Gen binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

ADVAPI32.dll
 0x14001d000 RegQueryValueExW
 0x14001d008 RegCreateKeyW
 0x14001d010 RegCloseKey
 0x14001d018 RegOpenKeyExW
 0x14001d020 DuplicateEncryptionInfoFile
 0x14001d028 IsTextUnicode
 0x14001d030 RegSetValueExW
KERNEL32.dll
 0x14001d040 UnmapViewOfFile
 0x14001d048 FindNLSString
 0x14001d050 GlobalAlloc
 0x14001d058 GetLocalTime
 0x14001d060 GetDateFormatW
 0x14001d068 GetTimeFormatW
 0x14001d070 GlobalLock
 0x14001d078 GlobalUnlock
 0x14001d080 GetUserDefaultUILanguage
 0x14001d088 LocalReAlloc
 0x14001d090 MultiByteToWideChar
 0x14001d098 MapViewOfFile
 0x14001d0a0 CreateFileMappingW
 0x14001d0a8 GetFileInformationByHandle
 0x14001d0b0 SetEndOfFile
 0x14001d0b8 DeleteFileW
 0x14001d0c0 GetACP
 0x14001d0c8 GetFileAttributesW
 0x14001d0d0 WriteFile
 0x14001d0d8 SetLastError
 0x14001d0e0 WideCharToMultiByte
 0x14001d0e8 GetLastError
 0x14001d0f0 LocalSize
 0x14001d0f8 GetFullPathNameW
 0x14001d100 FoldStringW
 0x14001d108 LocalUnlock
 0x14001d110 LocalLock
 0x14001d118 FormatMessageW
 0x14001d120 FindClose
 0x14001d128 FindFirstFileW
 0x14001d130 lstrcmpW
 0x14001d138 GetCurrentProcessId
 0x14001d140 GetModuleHandleExW
 0x14001d148 GetModuleFileNameW
 0x14001d150 HeapSetInformation
 0x14001d158 GetProcessHeap
 0x14001d160 HeapFree
 0x14001d168 GetProcAddress
 0x14001d170 HeapAlloc
 0x14001d178 GetTickCount
 0x14001d180 GetSystemTimeAsFileTime
 0x14001d188 GetCommandLineW
 0x14001d190 lstrlenW
 0x14001d198 MulDiv
 0x14001d1a0 GetLocaleInfoW
 0x14001d1a8 GlobalFree
 0x14001d1b0 LocalAlloc
 0x14001d1b8 CloseHandle
 0x14001d1c0 ReadFile
 0x14001d1c8 CreateFileW
 0x14001d1d0 GetCurrentThreadId
 0x14001d1d8 SetErrorMode
 0x14001d1e0 lstrcmpiW
 0x14001d1e8 LocalFree
 0x14001d1f0 QueryPerformanceCounter
 0x14001d1f8 GetModuleHandleW
 0x14001d200 TerminateProcess
 0x14001d208 Sleep
 0x14001d210 GetStartupInfoW
 0x14001d218 UnhandledExceptionFilter
 0x14001d220 SetUnhandledExceptionFilter
 0x14001d228 GetCurrentProcess
GDI32.dll
 0x14001d238 CreateDCW
 0x14001d240 StartPage
 0x14001d248 StartDocW
 0x14001d250 SetAbortProc
 0x14001d258 DeleteDC
 0x14001d260 EndDoc
 0x14001d268 AbortDoc
 0x14001d270 EndPage
 0x14001d278 GetTextMetricsW
 0x14001d280 SetBkMode
 0x14001d288 LPtoDP
 0x14001d290 SetWindowExtEx
 0x14001d298 SetViewportExtEx
 0x14001d2a0 SetMapMode
 0x14001d2a8 GetTextExtentPoint32W
 0x14001d2b0 TextOutW
 0x14001d2b8 EnumFontsW
 0x14001d2c0 GetTextFaceW
 0x14001d2c8 SelectObject
 0x14001d2d0 DeleteObject
 0x14001d2d8 CreateFontIndirectW
 0x14001d2e0 GetDeviceCaps
USER32.dll
 0x14001d2f0 WinHelpW
 0x14001d2f8 GetCursorPos
 0x14001d300 ScreenToClient
 0x14001d308 ChildWindowFromPoint
 0x14001d310 GetParent
 0x14001d318 GetWindowPlacement
 0x14001d320 CharUpperW
 0x14001d328 GetSystemMenu
 0x14001d330 LoadAcceleratorsW
 0x14001d338 SetWindowLongW
 0x14001d340 RegisterWindowMessageW
 0x14001d348 LoadCursorW
 0x14001d350 CreateWindowExW
 0x14001d358 SetWindowPlacement
 0x14001d360 LoadImageW
 0x14001d368 RegisterClassExW
 0x14001d370 SetScrollPos
 0x14001d378 InvalidateRect
 0x14001d380 UpdateWindow
 0x14001d388 GetWindowTextLengthW
 0x14001d390 GetWindowLongW
 0x14001d398 PeekMessageW
 0x14001d3a0 GetWindowTextW
 0x14001d3a8 EnableWindow
 0x14001d3b0 CreateDialogParamW
 0x14001d3b8 DrawTextExW
 0x14001d3c0 GetDlgCtrlID
 0x14001d3c8 SendDlgItemMessageW
 0x14001d3d0 EndDialog
 0x14001d3d8 GetDlgItemTextW
 0x14001d3e0 SetDlgItemTextW
 0x14001d3e8 CloseClipboard
 0x14001d3f0 IsClipboardFormatAvailable
 0x14001d3f8 OpenClipboard
 0x14001d400 GetMenuState
 0x14001d408 SetWindowTextW
 0x14001d410 UnhookWinEvent
 0x14001d418 DispatchMessageW
 0x14001d420 TranslateMessage
 0x14001d428 TranslateAcceleratorW
 0x14001d430 IsDialogMessageW
 0x14001d438 GetMessageW
 0x14001d440 SetWinEventHook
 0x14001d448 CharNextW
 0x14001d450 GetKeyboardLayout
 0x14001d458 GetForegroundWindow
 0x14001d460 MessageBeep
 0x14001d468 DestroyWindow
 0x14001d470 PostQuitMessage
 0x14001d478 IsIconic
 0x14001d480 LoadStringW
 0x14001d488 SetActiveWindow
 0x14001d490 SetCursor
 0x14001d498 ReleaseDC
 0x14001d4a0 GetDC
 0x14001d4a8 ShowWindow
 0x14001d4b0 GetClientRect
 0x14001d4b8 CheckMenuItem
 0x14001d4c0 MessageBoxW
 0x14001d4c8 GetFocus
 0x14001d4d0 LoadIconW
 0x14001d4d8 DialogBoxParamW
 0x14001d4e0 SetFocus
 0x14001d4e8 GetSubMenu
 0x14001d4f0 EnableMenuItem
 0x14001d4f8 GetMenu
 0x14001d500 PostMessageW
 0x14001d508 MoveWindow
 0x14001d510 SendMessageW
 0x14001d518 DefWindowProcW
msvcrt.dll
 0x14001d528 _wtol
 0x14001d530 memcpy
 0x14001d538 memset
 0x14001d540 _vsnwprintf
 0x14001d548 strchr
 0x14001d550 _commode
 0x14001d558 iswctype
 0x14001d560 _XcptFilter
 0x14001d568 _amsg_exit
 0x14001d570 __getmainargs
 0x14001d578 __set_app_type
 0x14001d580 ?terminate@@YAXXZ
 0x14001d588 wcscmp
 0x14001d590 _fmode
 0x14001d598 _acmdln
 0x14001d5a0 __C_specific_handler
 0x14001d5a8 _initterm
 0x14001d5b0 __setusermatherr
 0x14001d5b8 _ismbblead
 0x14001d5c0 _cexit
 0x14001d5c8 _exit
 0x14001d5d0 exit
COMDLG32.dll
 0x14001d5e0 GetOpenFileNameW
 0x14001d5e8 GetSaveFileNameW
 0x14001d5f0 ReplaceTextW
 0x14001d5f8 FindTextW
 0x14001d600 PageSetupDlgW
 0x14001d608 ChooseFontW
 0x14001d610 GetFileTitleW
 0x14001d618 PrintDlgExW
 0x14001d620 CommDlgExtendedError
SHELL32.dll
 0x14001d630 SHCreateItemFromParsingName
 0x14001d638 ShellAboutW
 0x14001d640 DragQueryFileW
 0x14001d648 SHAddToRecentDocs
 0x14001d650 DragAcceptFiles
 0x14001d658 DragFinish
WINSPOOL.DRV
 0x14001d668 OpenPrinterW
 0x14001d670 ClosePrinter
 0x14001d678 GetPrinterDriverW
ole32.dll
 0x14001d688 CoUninitialize
 0x14001d690 CoInitializeEx
 0x14001d698 CoCreateInstance
 0x14001d6a0 CoTaskMemAlloc
 0x14001d6a8 CoTaskMemFree
SHLWAPI.dll
 0x14001d6b8 SHStrDupW
 0x14001d6c0 PathIsFileSpecW
COMCTL32.dll
 0x14001d6d0 CreateStatusWindowW
 0x14001d6d8 None
OLEAUT32.dll
 0x14001d6e8 SysFreeString
 0x14001d6f0 SysAllocString
ntdll.dll
 0x14001d700 RtlVirtualUnwind
 0x14001d708 RtlLookupFunctionEntry
 0x14001d710 RtlCaptureContext
 0x14001d718 WinSqmAddToStream

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure