ScreenShot
| Created | 2023.03.09 15:38 | Machine | s1_win7_x6403 |
| Filename | 8f803ff90bee714e5d243cc3b3ad701c01217a0d21d2ed4e95073bfb844e5a93_1112-a236fc9bc60add5c.exe_ | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 1e16074ff6afe068fd5f852ff66eb188 | ||
| sha256 | 8f803ff90bee714e5d243cc3b3ad701c01217a0d21d2ed4e95073bfb844e5a93 | ||
| ssdeep | 384:2oiQTx5XYoNUGP/KvR/4dKRik6ZXofB6FOWr+TLHW:RiQrXYoNUGP/Kvh4dKRik5fBwGL | ||
| imphash | 84da4a3165e248148f65dbe03b98a436 | ||
| impfuzzy | 24:FIM1nBxjNx9fdcD+0OoRvS+j9JFGH6ZX54FMmKNHwHQBpvWXO9bW:BnVx9HrIvS+jjFGHwXmF1KNQwBpeiW | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0xff193000 RegOpenKeyExW
0xff193008 RegCloseKey
0xff193010 RegQueryValueW
KERNEL32.dll
0xff193020 SetErrorMode
0xff193028 FreeLibrary
0xff193030 CreateProcessW
0xff193038 LoadLibraryExW
0xff193040 WaitForSingleObject
0xff193048 GetModuleHandleW
0xff193050 WideCharToMultiByte
0xff193058 GetSystemWow64DirectoryW
0xff193060 FormatMessageW
0xff193068 GetExitCodeProcess
0xff193070 SetFilePointer
0xff193078 ReadFile
0xff193080 CreateFileW
0xff193088 lstrcmpW
0xff193090 lstrlenW
0xff193098 Wow64EnableWow64FsRedirection
0xff1930a0 GetLastError
0xff1930a8 GetProcAddress
0xff1930b0 LocalAlloc
0xff1930b8 HeapSetInformation
0xff1930c0 CloseHandle
0xff1930c8 SetUnhandledExceptionFilter
0xff1930d0 GetStartupInfoW
0xff1930d8 Sleep
0xff1930e0 GetCommandLineW
0xff1930e8 lstrcpynW
0xff1930f0 GetTickCount
0xff1930f8 GetCurrentThreadId
0xff193100 QueryPerformanceCounter
0xff193108 GetCurrentProcessId
0xff193110 GetSystemTimeAsFileTime
0xff193118 TerminateProcess
0xff193120 GetCurrentProcess
0xff193128 UnhandledExceptionFilter
USER32.dll
0xff193138 LoadStringW
0xff193140 CharNextW
msvcrt.dll
0xff193150 exit
0xff193158 _wcmdln
0xff193160 _initterm
0xff193168 _amsg_exit
0xff193170 __setusermatherr
0xff193178 _commode
0xff193180 _fmode
0xff193188 __set_app_type
0xff193190 ?terminate@@YAXXZ
0xff193198 _cexit
0xff1931a0 __C_specific_handler
0xff1931a8 __wgetmainargs
0xff1931b0 __argc
0xff1931b8 wcscpy_s
0xff1931c0 strcat_s
0xff1931c8 __wargv
0xff1931d0 _wsplitpath_s
0xff1931d8 wcsncpy_s
0xff1931e0 swprintf_s
0xff1931e8 _exit
0xff1931f0 _XcptFilter
0xff1931f8 wcscat_s
0xff193200 memset
ole32.dll
0xff193210 OleInitialize
0xff193218 OleUninitialize
ntdll.dll
0xff193228 RtlLookupFunctionEntry
0xff193230 RtlVirtualUnwind
0xff193238 RtlCaptureContext
COMCTL32.dll
0xff193248 None
EAT(Export Address Table) is none
ADVAPI32.dll
0xff193000 RegOpenKeyExW
0xff193008 RegCloseKey
0xff193010 RegQueryValueW
KERNEL32.dll
0xff193020 SetErrorMode
0xff193028 FreeLibrary
0xff193030 CreateProcessW
0xff193038 LoadLibraryExW
0xff193040 WaitForSingleObject
0xff193048 GetModuleHandleW
0xff193050 WideCharToMultiByte
0xff193058 GetSystemWow64DirectoryW
0xff193060 FormatMessageW
0xff193068 GetExitCodeProcess
0xff193070 SetFilePointer
0xff193078 ReadFile
0xff193080 CreateFileW
0xff193088 lstrcmpW
0xff193090 lstrlenW
0xff193098 Wow64EnableWow64FsRedirection
0xff1930a0 GetLastError
0xff1930a8 GetProcAddress
0xff1930b0 LocalAlloc
0xff1930b8 HeapSetInformation
0xff1930c0 CloseHandle
0xff1930c8 SetUnhandledExceptionFilter
0xff1930d0 GetStartupInfoW
0xff1930d8 Sleep
0xff1930e0 GetCommandLineW
0xff1930e8 lstrcpynW
0xff1930f0 GetTickCount
0xff1930f8 GetCurrentThreadId
0xff193100 QueryPerformanceCounter
0xff193108 GetCurrentProcessId
0xff193110 GetSystemTimeAsFileTime
0xff193118 TerminateProcess
0xff193120 GetCurrentProcess
0xff193128 UnhandledExceptionFilter
USER32.dll
0xff193138 LoadStringW
0xff193140 CharNextW
msvcrt.dll
0xff193150 exit
0xff193158 _wcmdln
0xff193160 _initterm
0xff193168 _amsg_exit
0xff193170 __setusermatherr
0xff193178 _commode
0xff193180 _fmode
0xff193188 __set_app_type
0xff193190 ?terminate@@YAXXZ
0xff193198 _cexit
0xff1931a0 __C_specific_handler
0xff1931a8 __wgetmainargs
0xff1931b0 __argc
0xff1931b8 wcscpy_s
0xff1931c0 strcat_s
0xff1931c8 __wargv
0xff1931d0 _wsplitpath_s
0xff1931d8 wcsncpy_s
0xff1931e0 swprintf_s
0xff1931e8 _exit
0xff1931f0 _XcptFilter
0xff1931f8 wcscat_s
0xff193200 memset
ole32.dll
0xff193210 OleInitialize
0xff193218 OleUninitialize
ntdll.dll
0xff193228 RtlLookupFunctionEntry
0xff193230 RtlVirtualUnwind
0xff193238 RtlCaptureContext
COMCTL32.dll
0xff193248 None
EAT(Export Address Table) is none