ScreenShot
| Created | 2023.03.25 02:10 | Machine | s1_win7_x6401 |
| Filename | b807c47cdaefec023b49e34b6fdd59e5ac8ada043cf9b848772dee80971ec76d_2636-091b186e53b98884.exe_ | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ff5e5be0cacada5cdf90d4b38e6187c9 | ||
| sha256 | b807c47cdaefec023b49e34b6fdd59e5ac8ada043cf9b848772dee80971ec76d | ||
| ssdeep | 12288:Tp9G6DMzHMMHMMMyMMMZMMMVcR9bzOXmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMw:TjGLbMMHMMMvMMZMMMKzb6XmMMMiMMMJ | ||
| imphash | 1ef9fb38f852f07964d44af800f98c5a | ||
| impfuzzy | 48:hb/CTVKMCL3IprZPZNop7QdP1l9uIAjv5yj+pLnSbUFQBYhC/XG3yf6Dm0:BCTVKjL3edBNop7QdP1l9uybbBYhEG3b | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0xa66000 EventWrite
0xa66008 GetTraceEnableFlags
0xa66010 RegQueryValueExW
0xa66018 EventUnregister
0xa66020 GetTraceLoggerHandle
0xa66028 TraceEvent
0xa66030 UnregisterTraceGuids
0xa66038 RegOpenKeyExW
0xa66040 EventRegister
0xa66048 GetTraceEnableLevel
0xa66050 RegCloseKey
0xa66058 RegisterTraceGuidsW
KERNEL32.dll
0xa66068 TerminateProcess
0xa66070 CreateFileW
0xa66078 lstrlenW
0xa66080 VerifyVersionInfoW
0xa66088 GetProcAddress
0xa66090 LocalAlloc
0xa66098 IsWow64Process
0xa660a0 HeapSetInformation
0xa660a8 GetFileTime
0xa660b0 DeleteCriticalSection
0xa660b8 CloseHandle
0xa660c0 GetWindowsDirectoryW
0xa660c8 LocalFree
0xa660d0 InitializeCriticalSection
0xa660d8 LoadLibraryW
0xa660e0 GetModuleHandleW
0xa660e8 GetCurrentProcess
0xa660f0 VerSetConditionMask
0xa660f8 SetDllDirectoryW
0xa66100 CreateProcessW
0xa66108 SetErrorMode
0xa66110 GetCommandLineW
0xa66118 RaiseException
0xa66120 LoadLibraryA
0xa66128 VirtualAlloc
0xa66130 GetLastError
0xa66138 GetSystemDefaultLCID
0xa66140 GetUserDefaultLCID
0xa66148 EnterCriticalSection
0xa66150 GetModuleFileNameW
0xa66158 LeaveCriticalSection
0xa66160 InitializeCriticalSectionAndSpinCount
0xa66168 GetVersionExA
0xa66170 ExpandEnvironmentStringsW
0xa66178 FreeLibrary
0xa66180 UnhandledExceptionFilter
0xa66188 GetSystemTimeAsFileTime
0xa66190 GetCurrentProcessId
0xa66198 GetCurrentThreadId
0xa661a0 GetTickCount
0xa661a8 QueryPerformanceCounter
0xa661b0 SetUnhandledExceptionFilter
0xa661b8 GetStartupInfoW
0xa661c0 Sleep
0xa661c8 GetCurrentDirectoryW
USER32.dll
0xa661d8 IsWindowEnabled
0xa661e0 LoadStringW
0xa661e8 CharNextW
0xa661f0 SendMessageTimeoutW
0xa661f8 GetWindowThreadProcessId
0xa66200 FindWindowExW
0xa66208 AllowSetForegroundWindow
0xa66210 IsWindowVisible
0xa66218 MessageBoxW
msvcrt.dll
0xa66228 rand_s
0xa66230 memset
0xa66238 ??3@YAXPEAX@Z
0xa66240 ??2@YAPEAX_K@Z
0xa66248 wcschr
0xa66250 iswalpha
0xa66258 _vsnwprintf
0xa66260 iswspace
0xa66268 _onexit
0xa66270 _lock
0xa66278 __dllonexit
0xa66280 _unlock
0xa66288 ?terminate@@YAXXZ
0xa66290 __set_app_type
0xa66298 _fmode
0xa662a0 _commode
0xa662a8 __setusermatherr
0xa662b0 _amsg_exit
0xa662b8 _initterm
0xa662c0 _wcmdln
0xa662c8 exit
0xa662d0 _cexit
0xa662d8 _exit
0xa662e0 _XcptFilter
0xa662e8 __C_specific_handler
0xa662f0 __wgetmainargs
0xa662f8 wcsncmp
0xa66300 memcpy
ntdll.dll
0xa66310 RtlVirtualUnwind
0xa66318 RtlCaptureContext
0xa66320 RtlLookupFunctionEntry
SHLWAPI.dll
0xa66330 None
0xa66338 SHGetValueW
0xa66340 SHRegGetValueW
0xa66348 SHSetValueW
0xa66350 UrlApplySchemeW
0xa66358 PathIsURLW
0xa66360 UrlCanonicalizeW
0xa66368 StrStrW
0xa66370 None
0xa66378 PathFindFileNameW
0xa66380 UrlCreateFromPathW
SHELL32.dll
0xa66390 CommandLineToArgvW
ole32.dll
0xa663a0 CoUninitialize
0xa663a8 CoInitialize
urlmon.dll
0xa663b8 None
0xa663c0 None
iertutil.dll
0xa663d0 None
0xa663d8 None
0xa663e0 None
0xa663e8 None
0xa663f0 None
0xa663f8 None
0xa66400 None
0xa66408 None
0xa66410 None
EAT(Export Address Table) is none
ADVAPI32.dll
0xa66000 EventWrite
0xa66008 GetTraceEnableFlags
0xa66010 RegQueryValueExW
0xa66018 EventUnregister
0xa66020 GetTraceLoggerHandle
0xa66028 TraceEvent
0xa66030 UnregisterTraceGuids
0xa66038 RegOpenKeyExW
0xa66040 EventRegister
0xa66048 GetTraceEnableLevel
0xa66050 RegCloseKey
0xa66058 RegisterTraceGuidsW
KERNEL32.dll
0xa66068 TerminateProcess
0xa66070 CreateFileW
0xa66078 lstrlenW
0xa66080 VerifyVersionInfoW
0xa66088 GetProcAddress
0xa66090 LocalAlloc
0xa66098 IsWow64Process
0xa660a0 HeapSetInformation
0xa660a8 GetFileTime
0xa660b0 DeleteCriticalSection
0xa660b8 CloseHandle
0xa660c0 GetWindowsDirectoryW
0xa660c8 LocalFree
0xa660d0 InitializeCriticalSection
0xa660d8 LoadLibraryW
0xa660e0 GetModuleHandleW
0xa660e8 GetCurrentProcess
0xa660f0 VerSetConditionMask
0xa660f8 SetDllDirectoryW
0xa66100 CreateProcessW
0xa66108 SetErrorMode
0xa66110 GetCommandLineW
0xa66118 RaiseException
0xa66120 LoadLibraryA
0xa66128 VirtualAlloc
0xa66130 GetLastError
0xa66138 GetSystemDefaultLCID
0xa66140 GetUserDefaultLCID
0xa66148 EnterCriticalSection
0xa66150 GetModuleFileNameW
0xa66158 LeaveCriticalSection
0xa66160 InitializeCriticalSectionAndSpinCount
0xa66168 GetVersionExA
0xa66170 ExpandEnvironmentStringsW
0xa66178 FreeLibrary
0xa66180 UnhandledExceptionFilter
0xa66188 GetSystemTimeAsFileTime
0xa66190 GetCurrentProcessId
0xa66198 GetCurrentThreadId
0xa661a0 GetTickCount
0xa661a8 QueryPerformanceCounter
0xa661b0 SetUnhandledExceptionFilter
0xa661b8 GetStartupInfoW
0xa661c0 Sleep
0xa661c8 GetCurrentDirectoryW
USER32.dll
0xa661d8 IsWindowEnabled
0xa661e0 LoadStringW
0xa661e8 CharNextW
0xa661f0 SendMessageTimeoutW
0xa661f8 GetWindowThreadProcessId
0xa66200 FindWindowExW
0xa66208 AllowSetForegroundWindow
0xa66210 IsWindowVisible
0xa66218 MessageBoxW
msvcrt.dll
0xa66228 rand_s
0xa66230 memset
0xa66238 ??3@YAXPEAX@Z
0xa66240 ??2@YAPEAX_K@Z
0xa66248 wcschr
0xa66250 iswalpha
0xa66258 _vsnwprintf
0xa66260 iswspace
0xa66268 _onexit
0xa66270 _lock
0xa66278 __dllonexit
0xa66280 _unlock
0xa66288 ?terminate@@YAXXZ
0xa66290 __set_app_type
0xa66298 _fmode
0xa662a0 _commode
0xa662a8 __setusermatherr
0xa662b0 _amsg_exit
0xa662b8 _initterm
0xa662c0 _wcmdln
0xa662c8 exit
0xa662d0 _cexit
0xa662d8 _exit
0xa662e0 _XcptFilter
0xa662e8 __C_specific_handler
0xa662f0 __wgetmainargs
0xa662f8 wcsncmp
0xa66300 memcpy
ntdll.dll
0xa66310 RtlVirtualUnwind
0xa66318 RtlCaptureContext
0xa66320 RtlLookupFunctionEntry
SHLWAPI.dll
0xa66330 None
0xa66338 SHGetValueW
0xa66340 SHRegGetValueW
0xa66348 SHSetValueW
0xa66350 UrlApplySchemeW
0xa66358 PathIsURLW
0xa66360 UrlCanonicalizeW
0xa66368 StrStrW
0xa66370 None
0xa66378 PathFindFileNameW
0xa66380 UrlCreateFromPathW
SHELL32.dll
0xa66390 CommandLineToArgvW
ole32.dll
0xa663a0 CoUninitialize
0xa663a8 CoInitialize
urlmon.dll
0xa663b8 None
0xa663c0 None
iertutil.dll
0xa663d0 None
0xa663d8 None
0xa663e0 None
0xa663e8 None
0xa663f0 None
0xa663f8 None
0xa66400 None
0xa66408 None
0xa66410 None
EAT(Export Address Table) is none