ScreenShot
| Created | 2023.03.29 13:13 | Machine | s1_win7_x6401 |
| Filename | da1942e2f5f58ee90618db1cfdbd754721553a83189a5ad903b395967df1cddf_2656-f159fd2127f205aa.exe_ | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 1 detected (score) | ||
| md5 | 30bfba59058499f28d7f7de51d41a745 | ||
| sha256 | da1942e2f5f58ee90618db1cfdbd754721553a83189a5ad903b395967df1cddf | ||
| ssdeep | 768:T/D4FDH7jp4lZafSRqbSEln5IyYpamDjobj8SpM:H4FXV4lWSRqln5IUmDjoXV | ||
| imphash | ef8a44fe2f9ad4ab85e55004aaa024a9 | ||
| impfuzzy | 48:9ueKK9Mg5dFSV8KUmCSYv/KAS5RkoOX0W+j/gjd50XG5KbbsK:o7K2gDFSV8K8q9cdQG5KbbJ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by one AntiVirus engine on VirusTotal as malicious |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x381000 HeapSetInformation
0x381004 QueryActCtxW
0x381008 CloseHandle
0x38100c SetFilePointer
0x381010 ReadFile
0x381014 CreateFileW
0x381018 LocalFree
0x38101c lstrlenA
0x381020 WideCharToMultiByte
0x381024 LocalAlloc
0x381028 lstrlenW
0x38102c GetProcAddress
0x381030 WaitForSingleObject
0x381034 CreateProcessW
0x381038 GetCommandLineW
0x38103c Wow64EnableWow64FsRedirection
0x381040 GetSystemDirectoryW
0x381044 GetNativeSystemInfo
0x381048 IsWow64Process
0x38104c GetCurrentProcess
0x381050 SetProcessDEPPolicy
0x381054 FormatMessageW
0x381058 GetLastError
0x38105c LoadLibraryExW
0x381060 FreeLibrary
0x381064 ExitProcess
0x381068 SetErrorMode
0x38106c DelayLoadFailureHook
0x381070 InterlockedCompareExchange
0x381074 LoadLibraryExA
0x381078 Sleep
0x38107c GetStartupInfoW
0x381080 InterlockedExchange
0x381084 SetUnhandledExceptionFilter
0x381088 GetModuleHandleA
0x38108c QueryPerformanceCounter
0x381090 GetTickCount
0x381094 GetCurrentThreadId
0x381098 GetCurrentProcessId
0x38109c GetSystemTimeAsFileTime
0x3810a0 TerminateProcess
0x3810a4 UnhandledExceptionFilter
0x3810a8 CompareStringW
0x3810ac ReleaseActCtx
0x3810b0 DeactivateActCtx
0x3810b4 GetFileAttributesW
0x3810b8 SearchPathW
0x3810bc CreateActCtxW
0x3810c0 GetModuleHandleW
0x3810c4 ActivateActCtx
USER32.dll
0x3810cc LoadIconW
0x3810d0 CharNextW
0x3810d4 DefWindowProcW
0x3810d8 GetClassLongW
0x3810dc GetClassNameW
0x3810e0 GetWindow
0x3810e4 GetWindowLongW
0x3810e8 SetWindowLongW
0x3810ec SetClassLongW
0x3810f0 CreateWindowExW
0x3810f4 RegisterClassW
0x3810f8 LoadCursorW
0x3810fc LoadStringW
0x381100 MessageBoxW
0x381104 DestroyWindow
msvcrt.dll
0x38110c iswalpha
0x381110 _wtoi
0x381114 wcschr
0x381118 __wgetmainargs
0x38111c memset
0x381120 _vsnwprintf
0x381124 __set_app_type
0x381128 _controlfp
0x38112c _except_handler4_common
0x381130 ?terminate@@YAXXZ
0x381134 __p__fmode
0x381138 __p__commode
0x38113c __setusermatherr
0x381140 _amsg_exit
0x381144 _initterm
0x381148 _wcmdln
0x38114c exit
0x381150 _XcptFilter
0x381154 _exit
0x381158 _cexit
imagehlp.dll
0x381160 ImageDirectoryEntryToData
ntdll.dll
0x381168 NtClose
0x38116c NtOpenProcessToken
0x381170 NtSetInformationToken
0x381174 RtlImageNtHeader
0x381178 NtSetInformationProcess
0x38117c NtQueryInformationToken
EAT(Export Address Table) is none
KERNEL32.dll
0x381000 HeapSetInformation
0x381004 QueryActCtxW
0x381008 CloseHandle
0x38100c SetFilePointer
0x381010 ReadFile
0x381014 CreateFileW
0x381018 LocalFree
0x38101c lstrlenA
0x381020 WideCharToMultiByte
0x381024 LocalAlloc
0x381028 lstrlenW
0x38102c GetProcAddress
0x381030 WaitForSingleObject
0x381034 CreateProcessW
0x381038 GetCommandLineW
0x38103c Wow64EnableWow64FsRedirection
0x381040 GetSystemDirectoryW
0x381044 GetNativeSystemInfo
0x381048 IsWow64Process
0x38104c GetCurrentProcess
0x381050 SetProcessDEPPolicy
0x381054 FormatMessageW
0x381058 GetLastError
0x38105c LoadLibraryExW
0x381060 FreeLibrary
0x381064 ExitProcess
0x381068 SetErrorMode
0x38106c DelayLoadFailureHook
0x381070 InterlockedCompareExchange
0x381074 LoadLibraryExA
0x381078 Sleep
0x38107c GetStartupInfoW
0x381080 InterlockedExchange
0x381084 SetUnhandledExceptionFilter
0x381088 GetModuleHandleA
0x38108c QueryPerformanceCounter
0x381090 GetTickCount
0x381094 GetCurrentThreadId
0x381098 GetCurrentProcessId
0x38109c GetSystemTimeAsFileTime
0x3810a0 TerminateProcess
0x3810a4 UnhandledExceptionFilter
0x3810a8 CompareStringW
0x3810ac ReleaseActCtx
0x3810b0 DeactivateActCtx
0x3810b4 GetFileAttributesW
0x3810b8 SearchPathW
0x3810bc CreateActCtxW
0x3810c0 GetModuleHandleW
0x3810c4 ActivateActCtx
USER32.dll
0x3810cc LoadIconW
0x3810d0 CharNextW
0x3810d4 DefWindowProcW
0x3810d8 GetClassLongW
0x3810dc GetClassNameW
0x3810e0 GetWindow
0x3810e4 GetWindowLongW
0x3810e8 SetWindowLongW
0x3810ec SetClassLongW
0x3810f0 CreateWindowExW
0x3810f4 RegisterClassW
0x3810f8 LoadCursorW
0x3810fc LoadStringW
0x381100 MessageBoxW
0x381104 DestroyWindow
msvcrt.dll
0x38110c iswalpha
0x381110 _wtoi
0x381114 wcschr
0x381118 __wgetmainargs
0x38111c memset
0x381120 _vsnwprintf
0x381124 __set_app_type
0x381128 _controlfp
0x38112c _except_handler4_common
0x381130 ?terminate@@YAXXZ
0x381134 __p__fmode
0x381138 __p__commode
0x38113c __setusermatherr
0x381140 _amsg_exit
0x381144 _initterm
0x381148 _wcmdln
0x38114c exit
0x381150 _XcptFilter
0x381154 _exit
0x381158 _cexit
imagehlp.dll
0x381160 ImageDirectoryEntryToData
ntdll.dll
0x381168 NtClose
0x38116c NtOpenProcessToken
0x381170 NtSetInformationToken
0x381174 RtlImageNtHeader
0x381178 NtSetInformationProcess
0x38117c NtQueryInformationToken
EAT(Export Address Table) is none