ScreenShot
Created | 2023.03.08 11:09 | Machine | s1_win7_x6401 |
Filename | ss25.exe | ||
Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 16 detected (malicious, moderate confidence, GenericKD, FileRepMalware, Misc, PRIVATELOADER, YXDCGZ, Artemis, Casdet, ai score=81) | ||
md5 | 48f4f6461f03606000016cee556bab4f | ||
sha256 | b840bd433a47d42c5ff7e6ef94c39b1309849398e7d4a51938fdcfacfa26b793 | ||
ssdeep | 3072:xVFE/ZYueQ6059PKEywh8QzEfae1NJLgf7nDVF6PUp1Yo3ICgC:MYue05FhyI8wEHN5gfzDVlVXg | ||
imphash | 90292de38e2bd6803e8e5e27da945a11 | ||
impfuzzy | 96:D6SJ3UVGbt6HPc2iJJSAomSIGLlCT6DX2fXHLk:D6i3sc2iJUALILlCT6DX2f7k |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | The file contains an unknown PE resource name possibly indicative of a packer |
info | This executable has a PDB path |
Rules (7cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14001d000 RegQueryValueExW
0x14001d008 RegCreateKeyW
0x14001d010 RegCloseKey
0x14001d018 RegOpenKeyExW
0x14001d020 DuplicateEncryptionInfoFile
0x14001d028 IsTextUnicode
0x14001d030 RegSetValueExW
KERNEL32.dll
0x14001d040 UnmapViewOfFile
0x14001d048 FindNLSString
0x14001d050 GlobalAlloc
0x14001d058 GetLocalTime
0x14001d060 GetDateFormatW
0x14001d068 GetTimeFormatW
0x14001d070 GlobalLock
0x14001d078 GlobalUnlock
0x14001d080 GetUserDefaultUILanguage
0x14001d088 LocalReAlloc
0x14001d090 MultiByteToWideChar
0x14001d098 MapViewOfFile
0x14001d0a0 CreateFileMappingW
0x14001d0a8 GetFileInformationByHandle
0x14001d0b0 SetEndOfFile
0x14001d0b8 DeleteFileW
0x14001d0c0 GetACP
0x14001d0c8 GetFileAttributesW
0x14001d0d0 WriteFile
0x14001d0d8 SetLastError
0x14001d0e0 WideCharToMultiByte
0x14001d0e8 GetLastError
0x14001d0f0 LocalSize
0x14001d0f8 GetFullPathNameW
0x14001d100 FoldStringW
0x14001d108 LocalUnlock
0x14001d110 LocalLock
0x14001d118 FormatMessageW
0x14001d120 FindClose
0x14001d128 FindFirstFileW
0x14001d130 lstrcmpW
0x14001d138 GetCurrentProcessId
0x14001d140 GetModuleHandleExW
0x14001d148 GetModuleFileNameW
0x14001d150 HeapSetInformation
0x14001d158 GetProcessHeap
0x14001d160 HeapFree
0x14001d168 GetProcAddress
0x14001d170 HeapAlloc
0x14001d178 GetTickCount
0x14001d180 GetSystemTimeAsFileTime
0x14001d188 GetCommandLineW
0x14001d190 lstrlenW
0x14001d198 MulDiv
0x14001d1a0 GetLocaleInfoW
0x14001d1a8 GlobalFree
0x14001d1b0 LocalAlloc
0x14001d1b8 CloseHandle
0x14001d1c0 ReadFile
0x14001d1c8 CreateFileW
0x14001d1d0 GetCurrentThreadId
0x14001d1d8 SetErrorMode
0x14001d1e0 lstrcmpiW
0x14001d1e8 LocalFree
0x14001d1f0 QueryPerformanceCounter
0x14001d1f8 GetModuleHandleW
0x14001d200 TerminateProcess
0x14001d208 Sleep
0x14001d210 GetStartupInfoW
0x14001d218 UnhandledExceptionFilter
0x14001d220 SetUnhandledExceptionFilter
0x14001d228 GetCurrentProcess
GDI32.dll
0x14001d238 CreateDCW
0x14001d240 StartPage
0x14001d248 StartDocW
0x14001d250 SetAbortProc
0x14001d258 DeleteDC
0x14001d260 EndDoc
0x14001d268 AbortDoc
0x14001d270 EndPage
0x14001d278 GetTextMetricsW
0x14001d280 SetBkMode
0x14001d288 LPtoDP
0x14001d290 SetWindowExtEx
0x14001d298 SetViewportExtEx
0x14001d2a0 SetMapMode
0x14001d2a8 GetTextExtentPoint32W
0x14001d2b0 TextOutW
0x14001d2b8 EnumFontsW
0x14001d2c0 GetTextFaceW
0x14001d2c8 SelectObject
0x14001d2d0 DeleteObject
0x14001d2d8 CreateFontIndirectW
0x14001d2e0 GetDeviceCaps
USER32.dll
0x14001d2f0 WinHelpW
0x14001d2f8 GetCursorPos
0x14001d300 ScreenToClient
0x14001d308 ChildWindowFromPoint
0x14001d310 GetParent
0x14001d318 GetWindowPlacement
0x14001d320 CharUpperW
0x14001d328 GetSystemMenu
0x14001d330 LoadAcceleratorsW
0x14001d338 SetWindowLongW
0x14001d340 RegisterWindowMessageW
0x14001d348 LoadCursorW
0x14001d350 CreateWindowExW
0x14001d358 SetWindowPlacement
0x14001d360 LoadImageW
0x14001d368 RegisterClassExW
0x14001d370 SetScrollPos
0x14001d378 InvalidateRect
0x14001d380 UpdateWindow
0x14001d388 GetWindowTextLengthW
0x14001d390 GetWindowLongW
0x14001d398 PeekMessageW
0x14001d3a0 GetWindowTextW
0x14001d3a8 EnableWindow
0x14001d3b0 CreateDialogParamW
0x14001d3b8 DrawTextExW
0x14001d3c0 GetDlgCtrlID
0x14001d3c8 SendDlgItemMessageW
0x14001d3d0 EndDialog
0x14001d3d8 GetDlgItemTextW
0x14001d3e0 SetDlgItemTextW
0x14001d3e8 CloseClipboard
0x14001d3f0 IsClipboardFormatAvailable
0x14001d3f8 OpenClipboard
0x14001d400 GetMenuState
0x14001d408 SetWindowTextW
0x14001d410 UnhookWinEvent
0x14001d418 DispatchMessageW
0x14001d420 TranslateMessage
0x14001d428 TranslateAcceleratorW
0x14001d430 IsDialogMessageW
0x14001d438 GetMessageW
0x14001d440 SetWinEventHook
0x14001d448 CharNextW
0x14001d450 GetKeyboardLayout
0x14001d458 GetForegroundWindow
0x14001d460 MessageBeep
0x14001d468 DestroyWindow
0x14001d470 PostQuitMessage
0x14001d478 IsIconic
0x14001d480 LoadStringW
0x14001d488 SetActiveWindow
0x14001d490 SetCursor
0x14001d498 ReleaseDC
0x14001d4a0 GetDC
0x14001d4a8 ShowWindow
0x14001d4b0 GetClientRect
0x14001d4b8 CheckMenuItem
0x14001d4c0 MessageBoxW
0x14001d4c8 GetFocus
0x14001d4d0 LoadIconW
0x14001d4d8 DialogBoxParamW
0x14001d4e0 SetFocus
0x14001d4e8 GetSubMenu
0x14001d4f0 EnableMenuItem
0x14001d4f8 GetMenu
0x14001d500 PostMessageW
0x14001d508 MoveWindow
0x14001d510 SendMessageW
0x14001d518 DefWindowProcW
msvcrt.dll
0x14001d528 _wtol
0x14001d530 memcpy
0x14001d538 memset
0x14001d540 _vsnwprintf
0x14001d548 strchr
0x14001d550 _commode
0x14001d558 iswctype
0x14001d560 _XcptFilter
0x14001d568 _amsg_exit
0x14001d570 __getmainargs
0x14001d578 __set_app_type
0x14001d580 ?terminate@@YAXXZ
0x14001d588 wcscmp
0x14001d590 _fmode
0x14001d598 _acmdln
0x14001d5a0 __C_specific_handler
0x14001d5a8 _initterm
0x14001d5b0 __setusermatherr
0x14001d5b8 _ismbblead
0x14001d5c0 _cexit
0x14001d5c8 _exit
0x14001d5d0 exit
COMDLG32.dll
0x14001d5e0 GetOpenFileNameW
0x14001d5e8 GetSaveFileNameW
0x14001d5f0 ReplaceTextW
0x14001d5f8 FindTextW
0x14001d600 PageSetupDlgW
0x14001d608 ChooseFontW
0x14001d610 GetFileTitleW
0x14001d618 PrintDlgExW
0x14001d620 CommDlgExtendedError
SHELL32.dll
0x14001d630 SHCreateItemFromParsingName
0x14001d638 ShellAboutW
0x14001d640 DragQueryFileW
0x14001d648 SHAddToRecentDocs
0x14001d650 DragAcceptFiles
0x14001d658 DragFinish
WINSPOOL.DRV
0x14001d668 OpenPrinterW
0x14001d670 ClosePrinter
0x14001d678 GetPrinterDriverW
ole32.dll
0x14001d688 CoUninitialize
0x14001d690 CoInitializeEx
0x14001d698 CoCreateInstance
0x14001d6a0 CoTaskMemAlloc
0x14001d6a8 CoTaskMemFree
SHLWAPI.dll
0x14001d6b8 SHStrDupW
0x14001d6c0 PathIsFileSpecW
COMCTL32.dll
0x14001d6d0 CreateStatusWindowW
0x14001d6d8 None
OLEAUT32.dll
0x14001d6e8 SysFreeString
0x14001d6f0 SysAllocString
ntdll.dll
0x14001d700 RtlVirtualUnwind
0x14001d708 RtlLookupFunctionEntry
0x14001d710 RtlCaptureContext
0x14001d718 WinSqmAddToStream
EAT(Export Address Table) is none
ADVAPI32.dll
0x14001d000 RegQueryValueExW
0x14001d008 RegCreateKeyW
0x14001d010 RegCloseKey
0x14001d018 RegOpenKeyExW
0x14001d020 DuplicateEncryptionInfoFile
0x14001d028 IsTextUnicode
0x14001d030 RegSetValueExW
KERNEL32.dll
0x14001d040 UnmapViewOfFile
0x14001d048 FindNLSString
0x14001d050 GlobalAlloc
0x14001d058 GetLocalTime
0x14001d060 GetDateFormatW
0x14001d068 GetTimeFormatW
0x14001d070 GlobalLock
0x14001d078 GlobalUnlock
0x14001d080 GetUserDefaultUILanguage
0x14001d088 LocalReAlloc
0x14001d090 MultiByteToWideChar
0x14001d098 MapViewOfFile
0x14001d0a0 CreateFileMappingW
0x14001d0a8 GetFileInformationByHandle
0x14001d0b0 SetEndOfFile
0x14001d0b8 DeleteFileW
0x14001d0c0 GetACP
0x14001d0c8 GetFileAttributesW
0x14001d0d0 WriteFile
0x14001d0d8 SetLastError
0x14001d0e0 WideCharToMultiByte
0x14001d0e8 GetLastError
0x14001d0f0 LocalSize
0x14001d0f8 GetFullPathNameW
0x14001d100 FoldStringW
0x14001d108 LocalUnlock
0x14001d110 LocalLock
0x14001d118 FormatMessageW
0x14001d120 FindClose
0x14001d128 FindFirstFileW
0x14001d130 lstrcmpW
0x14001d138 GetCurrentProcessId
0x14001d140 GetModuleHandleExW
0x14001d148 GetModuleFileNameW
0x14001d150 HeapSetInformation
0x14001d158 GetProcessHeap
0x14001d160 HeapFree
0x14001d168 GetProcAddress
0x14001d170 HeapAlloc
0x14001d178 GetTickCount
0x14001d180 GetSystemTimeAsFileTime
0x14001d188 GetCommandLineW
0x14001d190 lstrlenW
0x14001d198 MulDiv
0x14001d1a0 GetLocaleInfoW
0x14001d1a8 GlobalFree
0x14001d1b0 LocalAlloc
0x14001d1b8 CloseHandle
0x14001d1c0 ReadFile
0x14001d1c8 CreateFileW
0x14001d1d0 GetCurrentThreadId
0x14001d1d8 SetErrorMode
0x14001d1e0 lstrcmpiW
0x14001d1e8 LocalFree
0x14001d1f0 QueryPerformanceCounter
0x14001d1f8 GetModuleHandleW
0x14001d200 TerminateProcess
0x14001d208 Sleep
0x14001d210 GetStartupInfoW
0x14001d218 UnhandledExceptionFilter
0x14001d220 SetUnhandledExceptionFilter
0x14001d228 GetCurrentProcess
GDI32.dll
0x14001d238 CreateDCW
0x14001d240 StartPage
0x14001d248 StartDocW
0x14001d250 SetAbortProc
0x14001d258 DeleteDC
0x14001d260 EndDoc
0x14001d268 AbortDoc
0x14001d270 EndPage
0x14001d278 GetTextMetricsW
0x14001d280 SetBkMode
0x14001d288 LPtoDP
0x14001d290 SetWindowExtEx
0x14001d298 SetViewportExtEx
0x14001d2a0 SetMapMode
0x14001d2a8 GetTextExtentPoint32W
0x14001d2b0 TextOutW
0x14001d2b8 EnumFontsW
0x14001d2c0 GetTextFaceW
0x14001d2c8 SelectObject
0x14001d2d0 DeleteObject
0x14001d2d8 CreateFontIndirectW
0x14001d2e0 GetDeviceCaps
USER32.dll
0x14001d2f0 WinHelpW
0x14001d2f8 GetCursorPos
0x14001d300 ScreenToClient
0x14001d308 ChildWindowFromPoint
0x14001d310 GetParent
0x14001d318 GetWindowPlacement
0x14001d320 CharUpperW
0x14001d328 GetSystemMenu
0x14001d330 LoadAcceleratorsW
0x14001d338 SetWindowLongW
0x14001d340 RegisterWindowMessageW
0x14001d348 LoadCursorW
0x14001d350 CreateWindowExW
0x14001d358 SetWindowPlacement
0x14001d360 LoadImageW
0x14001d368 RegisterClassExW
0x14001d370 SetScrollPos
0x14001d378 InvalidateRect
0x14001d380 UpdateWindow
0x14001d388 GetWindowTextLengthW
0x14001d390 GetWindowLongW
0x14001d398 PeekMessageW
0x14001d3a0 GetWindowTextW
0x14001d3a8 EnableWindow
0x14001d3b0 CreateDialogParamW
0x14001d3b8 DrawTextExW
0x14001d3c0 GetDlgCtrlID
0x14001d3c8 SendDlgItemMessageW
0x14001d3d0 EndDialog
0x14001d3d8 GetDlgItemTextW
0x14001d3e0 SetDlgItemTextW
0x14001d3e8 CloseClipboard
0x14001d3f0 IsClipboardFormatAvailable
0x14001d3f8 OpenClipboard
0x14001d400 GetMenuState
0x14001d408 SetWindowTextW
0x14001d410 UnhookWinEvent
0x14001d418 DispatchMessageW
0x14001d420 TranslateMessage
0x14001d428 TranslateAcceleratorW
0x14001d430 IsDialogMessageW
0x14001d438 GetMessageW
0x14001d440 SetWinEventHook
0x14001d448 CharNextW
0x14001d450 GetKeyboardLayout
0x14001d458 GetForegroundWindow
0x14001d460 MessageBeep
0x14001d468 DestroyWindow
0x14001d470 PostQuitMessage
0x14001d478 IsIconic
0x14001d480 LoadStringW
0x14001d488 SetActiveWindow
0x14001d490 SetCursor
0x14001d498 ReleaseDC
0x14001d4a0 GetDC
0x14001d4a8 ShowWindow
0x14001d4b0 GetClientRect
0x14001d4b8 CheckMenuItem
0x14001d4c0 MessageBoxW
0x14001d4c8 GetFocus
0x14001d4d0 LoadIconW
0x14001d4d8 DialogBoxParamW
0x14001d4e0 SetFocus
0x14001d4e8 GetSubMenu
0x14001d4f0 EnableMenuItem
0x14001d4f8 GetMenu
0x14001d500 PostMessageW
0x14001d508 MoveWindow
0x14001d510 SendMessageW
0x14001d518 DefWindowProcW
msvcrt.dll
0x14001d528 _wtol
0x14001d530 memcpy
0x14001d538 memset
0x14001d540 _vsnwprintf
0x14001d548 strchr
0x14001d550 _commode
0x14001d558 iswctype
0x14001d560 _XcptFilter
0x14001d568 _amsg_exit
0x14001d570 __getmainargs
0x14001d578 __set_app_type
0x14001d580 ?terminate@@YAXXZ
0x14001d588 wcscmp
0x14001d590 _fmode
0x14001d598 _acmdln
0x14001d5a0 __C_specific_handler
0x14001d5a8 _initterm
0x14001d5b0 __setusermatherr
0x14001d5b8 _ismbblead
0x14001d5c0 _cexit
0x14001d5c8 _exit
0x14001d5d0 exit
COMDLG32.dll
0x14001d5e0 GetOpenFileNameW
0x14001d5e8 GetSaveFileNameW
0x14001d5f0 ReplaceTextW
0x14001d5f8 FindTextW
0x14001d600 PageSetupDlgW
0x14001d608 ChooseFontW
0x14001d610 GetFileTitleW
0x14001d618 PrintDlgExW
0x14001d620 CommDlgExtendedError
SHELL32.dll
0x14001d630 SHCreateItemFromParsingName
0x14001d638 ShellAboutW
0x14001d640 DragQueryFileW
0x14001d648 SHAddToRecentDocs
0x14001d650 DragAcceptFiles
0x14001d658 DragFinish
WINSPOOL.DRV
0x14001d668 OpenPrinterW
0x14001d670 ClosePrinter
0x14001d678 GetPrinterDriverW
ole32.dll
0x14001d688 CoUninitialize
0x14001d690 CoInitializeEx
0x14001d698 CoCreateInstance
0x14001d6a0 CoTaskMemAlloc
0x14001d6a8 CoTaskMemFree
SHLWAPI.dll
0x14001d6b8 SHStrDupW
0x14001d6c0 PathIsFileSpecW
COMCTL32.dll
0x14001d6d0 CreateStatusWindowW
0x14001d6d8 None
OLEAUT32.dll
0x14001d6e8 SysFreeString
0x14001d6f0 SysAllocString
ntdll.dll
0x14001d700 RtlVirtualUnwind
0x14001d708 RtlLookupFunctionEntry
0x14001d710 RtlCaptureContext
0x14001d718 WinSqmAddToStream
EAT(Export Address Table) is none