ScreenShot
| Created | 2023.03.09 15:38 | Machine | s1_win7_x6402 |
| Filename | c95d3e98bd8a782a492370ad69bf820587d4a8c3a7952da93f234228b966529f_664-f2a293995f22f56d.exe_ | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | e95942eabc6c7e41201180d1a2219673 | ||
| sha256 | c95d3e98bd8a782a492370ad69bf820587d4a8c3a7952da93f234228b966529f | ||
| ssdeep | 384:LSnCxkWBmak0GfWwJX7d1g2iV50QWr+TLHW:LS3CzgtX7d6X+UL | ||
| imphash | a2dad36bd73280726da578eb659d0583 | ||
| impfuzzy | 24:F1FIiZjj8OeDxag09m1BzeV+8dJv9RGMTX5AA2RQPpSHQdchsrzs4+s:zrTX9m1le88dJv/GMTXr2KpSwdccsds | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0xef1000 RegQueryValueW
0xef1004 RegOpenKeyExW
0xef1008 RegCloseKey
KERNEL32.dll
0xef1018 ReadFile
0xef101c CreateFileW
0xef1020 GetExitCodeProcess
0xef1024 WaitForSingleObject
0xef1028 CreateProcessW
0xef102c Wow64EnableWow64FsRedirection
0xef1030 GetSystemDirectoryW
0xef1034 GetNativeSystemInfo
0xef1038 IsWow64Process
0xef103c GetCurrentProcess
0xef1040 GetCommandLineW
0xef1044 lstrlenW
0xef1048 GetProcAddress
0xef104c GetModuleHandleW
0xef1050 GetLastError
0xef1054 FreeLibrary
0xef1058 SetFilePointer
0xef105c LoadLibraryExW
0xef1060 WideCharToMultiByte
0xef1064 SetErrorMode
0xef1068 FormatMessageW
0xef106c LocalAlloc
0xef1070 HeapSetInformation
0xef1074 TerminateProcess
0xef1078 GetSystemTimeAsFileTime
0xef107c GetCurrentProcessId
0xef1080 GetCurrentThreadId
0xef1084 GetTickCount
0xef1088 QueryPerformanceCounter
0xef108c GetModuleHandleA
0xef1090 SetUnhandledExceptionFilter
0xef1094 GetStartupInfoW
0xef1098 InterlockedCompareExchange
0xef109c Sleep
0xef10a0 UnhandledExceptionFilter
0xef10a4 InterlockedExchange
0xef10a8 CloseHandle
0xef10ac lstrcmpW
USER32.dll
0xef10b4 CharNextW
0xef10b8 LoadStringW
msvcrt.dll
0xef10c0 _initterm
0xef10c4 _amsg_exit
0xef10c8 __setusermatherr
0xef10cc __p__commode
0xef10d0 __p__fmode
0xef10d4 __set_app_type
0xef10d8 _wcmdln
0xef10dc _except_handler4_common
0xef10e0 _controlfp
0xef10e4 exit
0xef10e8 ?terminate@@YAXXZ
0xef10ec __argc
0xef10f0 _XcptFilter
0xef10f4 wcsncpy_s
0xef10f8 memset
0xef10fc _exit
0xef1100 _cexit
0xef1104 __wgetmainargs
0xef1108 __wargv
0xef110c strcat_s
0xef1110 swprintf_s
0xef1114 _wsplitpath_s
0xef1118 wcscat_s
0xef111c wcscpy_s
ole32.dll
0xef1130 OleUninitialize
0xef1134 OleInitialize
ntdll.dll
0xef1124 NtSetInformationProcess
0xef1128 RtlImageNtHeader
COMCTL32.dll
0xef1010 None
EAT(Export Address Table) is none
ADVAPI32.dll
0xef1000 RegQueryValueW
0xef1004 RegOpenKeyExW
0xef1008 RegCloseKey
KERNEL32.dll
0xef1018 ReadFile
0xef101c CreateFileW
0xef1020 GetExitCodeProcess
0xef1024 WaitForSingleObject
0xef1028 CreateProcessW
0xef102c Wow64EnableWow64FsRedirection
0xef1030 GetSystemDirectoryW
0xef1034 GetNativeSystemInfo
0xef1038 IsWow64Process
0xef103c GetCurrentProcess
0xef1040 GetCommandLineW
0xef1044 lstrlenW
0xef1048 GetProcAddress
0xef104c GetModuleHandleW
0xef1050 GetLastError
0xef1054 FreeLibrary
0xef1058 SetFilePointer
0xef105c LoadLibraryExW
0xef1060 WideCharToMultiByte
0xef1064 SetErrorMode
0xef1068 FormatMessageW
0xef106c LocalAlloc
0xef1070 HeapSetInformation
0xef1074 TerminateProcess
0xef1078 GetSystemTimeAsFileTime
0xef107c GetCurrentProcessId
0xef1080 GetCurrentThreadId
0xef1084 GetTickCount
0xef1088 QueryPerformanceCounter
0xef108c GetModuleHandleA
0xef1090 SetUnhandledExceptionFilter
0xef1094 GetStartupInfoW
0xef1098 InterlockedCompareExchange
0xef109c Sleep
0xef10a0 UnhandledExceptionFilter
0xef10a4 InterlockedExchange
0xef10a8 CloseHandle
0xef10ac lstrcmpW
USER32.dll
0xef10b4 CharNextW
0xef10b8 LoadStringW
msvcrt.dll
0xef10c0 _initterm
0xef10c4 _amsg_exit
0xef10c8 __setusermatherr
0xef10cc __p__commode
0xef10d0 __p__fmode
0xef10d4 __set_app_type
0xef10d8 _wcmdln
0xef10dc _except_handler4_common
0xef10e0 _controlfp
0xef10e4 exit
0xef10e8 ?terminate@@YAXXZ
0xef10ec __argc
0xef10f0 _XcptFilter
0xef10f4 wcsncpy_s
0xef10f8 memset
0xef10fc _exit
0xef1100 _cexit
0xef1104 __wgetmainargs
0xef1108 __wargv
0xef110c strcat_s
0xef1110 swprintf_s
0xef1114 _wsplitpath_s
0xef1118 wcscat_s
0xef111c wcscpy_s
ole32.dll
0xef1130 OleUninitialize
0xef1134 OleInitialize
ntdll.dll
0xef1124 NtSetInformationProcess
0xef1128 RtlImageNtHeader
COMCTL32.dll
0xef1010 None
EAT(Export Address Table) is none