ScreenShot
| Created | 2023.03.27 10:28 | Machine | s1_win7_x6403 |
| Filename | 33293939193898579265.bin | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (AIDetectNet, Wzwhi, malicious, high confidence, @F0@tC1wzWhi, Save, Kryptik, confidence, 100%, Eldorado, Attribute, HighConfidence, HRTC, score, Uylw, Generic ML PUA, high, XPACK, Casdet, Detected, ClipBanker, R528972, Artemis, ai score=87, BScope, TrojanPSW, Coins, o8wrBs1QCtE, Static AI, Malicious PE, FXIU, Genetic) | ||
| md5 | b3c8c890a8a14c823da4fcebb050a8d5 | ||
| sha256 | c03940a1d58fde9e082ee6ef03396eae85f2a34d26c26fe74cf29cad173e1358 | ||
| ssdeep | 196608:s0NZi2IpAkQEyCCv73m/rvgu+weImT5/FD77A:fi2mEym73m/zETb | ||
| imphash | 895e5e6e037e9108574fb94ed614d804 | ||
| impfuzzy | 48:IFONXYu14ASXJ+Zcp++vZZZwTSttKiyuQ3a:IFO11AXJ+Zcp+qjwSttLyuua | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x75d000 LoadLibraryW
0x75d004 GetProcAddress
0x75d008 ReadFile
0x75d00c WriteFile
0x75d010 lstrlenA
0x75d014 WaitForSingleObject
0x75d018 LocalAlloc
0x75d01c CreateFileW
0x75d020 MultiByteToWideChar
0x75d024 DeleteFileW
0x75d028 CloseHandle
0x75d02c ExitProcess
0x75d030 CreateProcessW
0x75d034 CopyFileW
0x75d038 WideCharToMultiByte
0x75d03c Sleep
0x75d040 GlobalFree
SHELL32.dll
0x75d048 SHGetFolderPathW
KERNEL32.dll
0x75d050 GetSystemTimeAsFileTime
0x75d054 GetModuleHandleA
0x75d058 CreateEventA
0x75d05c GetModuleFileNameW
0x75d060 TerminateProcess
0x75d064 GetCurrentProcess
0x75d068 CreateToolhelp32Snapshot
0x75d06c Thread32First
0x75d070 GetCurrentProcessId
0x75d074 GetCurrentThreadId
0x75d078 OpenThread
0x75d07c Thread32Next
0x75d080 CloseHandle
0x75d084 SuspendThread
0x75d088 ResumeThread
0x75d08c WriteProcessMemory
0x75d090 GetSystemInfo
0x75d094 VirtualAlloc
0x75d098 VirtualProtect
0x75d09c VirtualFree
0x75d0a0 GetProcessAffinityMask
0x75d0a4 SetProcessAffinityMask
0x75d0a8 GetCurrentThread
0x75d0ac SetThreadAffinityMask
0x75d0b0 Sleep
0x75d0b4 LoadLibraryA
0x75d0b8 FreeLibrary
0x75d0bc GetTickCount
0x75d0c0 SystemTimeToFileTime
0x75d0c4 FileTimeToSystemTime
0x75d0c8 GlobalFree
0x75d0cc LocalAlloc
0x75d0d0 LocalFree
0x75d0d4 GetProcAddress
0x75d0d8 ExitProcess
0x75d0dc EnterCriticalSection
0x75d0e0 LeaveCriticalSection
0x75d0e4 InitializeCriticalSection
0x75d0e8 DeleteCriticalSection
0x75d0ec GetModuleHandleW
0x75d0f0 LoadResource
0x75d0f4 MultiByteToWideChar
0x75d0f8 FindResourceExW
0x75d0fc FindResourceExA
0x75d100 WideCharToMultiByte
0x75d104 GetThreadLocale
0x75d108 GetUserDefaultLCID
0x75d10c GetSystemDefaultLCID
0x75d110 EnumResourceNamesA
0x75d114 EnumResourceNamesW
0x75d118 EnumResourceLanguagesA
0x75d11c EnumResourceLanguagesW
0x75d120 EnumResourceTypesA
0x75d124 EnumResourceTypesW
0x75d128 CreateFileW
0x75d12c LoadLibraryW
0x75d130 GetLastError
0x75d134 FlushFileBuffers
0x75d138 WriteConsoleW
0x75d13c SetStdHandle
0x75d140 IsProcessorFeaturePresent
0x75d144 DecodePointer
0x75d148 GetCommandLineA
0x75d14c RaiseException
0x75d150 HeapFree
0x75d154 GetCPInfo
0x75d158 InterlockedIncrement
0x75d15c InterlockedDecrement
0x75d160 GetACP
0x75d164 GetOEMCP
0x75d168 IsValidCodePage
0x75d16c EncodePointer
0x75d170 TlsAlloc
0x75d174 TlsGetValue
0x75d178 TlsSetValue
0x75d17c TlsFree
0x75d180 SetLastError
0x75d184 UnhandledExceptionFilter
0x75d188 SetUnhandledExceptionFilter
0x75d18c IsDebuggerPresent
0x75d190 HeapAlloc
0x75d194 LCMapStringW
0x75d198 GetStringTypeW
0x75d19c SetHandleCount
0x75d1a0 GetStdHandle
0x75d1a4 InitializeCriticalSectionAndSpinCount
0x75d1a8 GetFileType
0x75d1ac GetStartupInfoW
0x75d1b0 GetModuleFileNameA
0x75d1b4 FreeEnvironmentStringsW
0x75d1b8 GetEnvironmentStringsW
0x75d1bc HeapCreate
0x75d1c0 HeapDestroy
0x75d1c4 QueryPerformanceCounter
0x75d1c8 HeapSize
0x75d1cc WriteFile
0x75d1d0 RtlUnwind
0x75d1d4 SetFilePointer
0x75d1d8 GetConsoleCP
0x75d1dc GetConsoleMode
0x75d1e0 HeapReAlloc
0x75d1e4 VirtualQuery
USER32.dll
0x75d1ec CharUpperBuffW
KERNEL32.dll
0x75d1f4 LocalAlloc
0x75d1f8 LocalFree
0x75d1fc GetModuleFileNameW
0x75d200 ExitProcess
0x75d204 LoadLibraryA
0x75d208 GetModuleHandleA
0x75d20c GetProcAddress
EAT(Export Address Table) Library
KERNEL32.dll
0x75d000 LoadLibraryW
0x75d004 GetProcAddress
0x75d008 ReadFile
0x75d00c WriteFile
0x75d010 lstrlenA
0x75d014 WaitForSingleObject
0x75d018 LocalAlloc
0x75d01c CreateFileW
0x75d020 MultiByteToWideChar
0x75d024 DeleteFileW
0x75d028 CloseHandle
0x75d02c ExitProcess
0x75d030 CreateProcessW
0x75d034 CopyFileW
0x75d038 WideCharToMultiByte
0x75d03c Sleep
0x75d040 GlobalFree
SHELL32.dll
0x75d048 SHGetFolderPathW
KERNEL32.dll
0x75d050 GetSystemTimeAsFileTime
0x75d054 GetModuleHandleA
0x75d058 CreateEventA
0x75d05c GetModuleFileNameW
0x75d060 TerminateProcess
0x75d064 GetCurrentProcess
0x75d068 CreateToolhelp32Snapshot
0x75d06c Thread32First
0x75d070 GetCurrentProcessId
0x75d074 GetCurrentThreadId
0x75d078 OpenThread
0x75d07c Thread32Next
0x75d080 CloseHandle
0x75d084 SuspendThread
0x75d088 ResumeThread
0x75d08c WriteProcessMemory
0x75d090 GetSystemInfo
0x75d094 VirtualAlloc
0x75d098 VirtualProtect
0x75d09c VirtualFree
0x75d0a0 GetProcessAffinityMask
0x75d0a4 SetProcessAffinityMask
0x75d0a8 GetCurrentThread
0x75d0ac SetThreadAffinityMask
0x75d0b0 Sleep
0x75d0b4 LoadLibraryA
0x75d0b8 FreeLibrary
0x75d0bc GetTickCount
0x75d0c0 SystemTimeToFileTime
0x75d0c4 FileTimeToSystemTime
0x75d0c8 GlobalFree
0x75d0cc LocalAlloc
0x75d0d0 LocalFree
0x75d0d4 GetProcAddress
0x75d0d8 ExitProcess
0x75d0dc EnterCriticalSection
0x75d0e0 LeaveCriticalSection
0x75d0e4 InitializeCriticalSection
0x75d0e8 DeleteCriticalSection
0x75d0ec GetModuleHandleW
0x75d0f0 LoadResource
0x75d0f4 MultiByteToWideChar
0x75d0f8 FindResourceExW
0x75d0fc FindResourceExA
0x75d100 WideCharToMultiByte
0x75d104 GetThreadLocale
0x75d108 GetUserDefaultLCID
0x75d10c GetSystemDefaultLCID
0x75d110 EnumResourceNamesA
0x75d114 EnumResourceNamesW
0x75d118 EnumResourceLanguagesA
0x75d11c EnumResourceLanguagesW
0x75d120 EnumResourceTypesA
0x75d124 EnumResourceTypesW
0x75d128 CreateFileW
0x75d12c LoadLibraryW
0x75d130 GetLastError
0x75d134 FlushFileBuffers
0x75d138 WriteConsoleW
0x75d13c SetStdHandle
0x75d140 IsProcessorFeaturePresent
0x75d144 DecodePointer
0x75d148 GetCommandLineA
0x75d14c RaiseException
0x75d150 HeapFree
0x75d154 GetCPInfo
0x75d158 InterlockedIncrement
0x75d15c InterlockedDecrement
0x75d160 GetACP
0x75d164 GetOEMCP
0x75d168 IsValidCodePage
0x75d16c EncodePointer
0x75d170 TlsAlloc
0x75d174 TlsGetValue
0x75d178 TlsSetValue
0x75d17c TlsFree
0x75d180 SetLastError
0x75d184 UnhandledExceptionFilter
0x75d188 SetUnhandledExceptionFilter
0x75d18c IsDebuggerPresent
0x75d190 HeapAlloc
0x75d194 LCMapStringW
0x75d198 GetStringTypeW
0x75d19c SetHandleCount
0x75d1a0 GetStdHandle
0x75d1a4 InitializeCriticalSectionAndSpinCount
0x75d1a8 GetFileType
0x75d1ac GetStartupInfoW
0x75d1b0 GetModuleFileNameA
0x75d1b4 FreeEnvironmentStringsW
0x75d1b8 GetEnvironmentStringsW
0x75d1bc HeapCreate
0x75d1c0 HeapDestroy
0x75d1c4 QueryPerformanceCounter
0x75d1c8 HeapSize
0x75d1cc WriteFile
0x75d1d0 RtlUnwind
0x75d1d4 SetFilePointer
0x75d1d8 GetConsoleCP
0x75d1dc GetConsoleMode
0x75d1e0 HeapReAlloc
0x75d1e4 VirtualQuery
USER32.dll
0x75d1ec CharUpperBuffW
KERNEL32.dll
0x75d1f4 LocalAlloc
0x75d1f8 LocalFree
0x75d1fc GetModuleFileNameW
0x75d200 ExitProcess
0x75d204 LoadLibraryA
0x75d208 GetModuleHandleA
0x75d20c GetProcAddress
EAT(Export Address Table) Library