ScreenShot
| Created | 2023.04.02 13:08 | Machine | s1_win7_x6401 |
| Filename | cc1be3c6d243a4d8f90e87c84709d44fe442722f59d42b8f18d41f017958bcbc_2688-517c38c042288036.exe_ | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 1 detected (score) | ||
| md5 | 9fddc313ba5774bdc646aef46d2de313 | ||
| sha256 | cc1be3c6d243a4d8f90e87c84709d44fe442722f59d42b8f18d41f017958bcbc | ||
| ssdeep | 768:jDNXOLLFM1taXSRqbSEln5IyYpamDjobj8SpM:fNixM16SRqln5IUmDjoXV | ||
| imphash | ef8a44fe2f9ad4ab85e55004aaa024a9 | ||
| impfuzzy | 48:9ueKK9Mg5dFSV8KUmCSYv/KAS5RkoOX0W+j/gjd50XG5KbbsK:o7K2gDFSV8K8q9cdQG5KbbJ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | File has been identified by one AntiVirus engine on VirusTotal as malicious |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x941000 HeapSetInformation
0x941004 QueryActCtxW
0x941008 CloseHandle
0x94100c SetFilePointer
0x941010 ReadFile
0x941014 CreateFileW
0x941018 LocalFree
0x94101c lstrlenA
0x941020 WideCharToMultiByte
0x941024 LocalAlloc
0x941028 lstrlenW
0x94102c GetProcAddress
0x941030 WaitForSingleObject
0x941034 CreateProcessW
0x941038 GetCommandLineW
0x94103c Wow64EnableWow64FsRedirection
0x941040 GetSystemDirectoryW
0x941044 GetNativeSystemInfo
0x941048 IsWow64Process
0x94104c GetCurrentProcess
0x941050 SetProcessDEPPolicy
0x941054 FormatMessageW
0x941058 GetLastError
0x94105c LoadLibraryExW
0x941060 FreeLibrary
0x941064 ExitProcess
0x941068 SetErrorMode
0x94106c DelayLoadFailureHook
0x941070 InterlockedCompareExchange
0x941074 LoadLibraryExA
0x941078 Sleep
0x94107c GetStartupInfoW
0x941080 InterlockedExchange
0x941084 SetUnhandledExceptionFilter
0x941088 GetModuleHandleA
0x94108c QueryPerformanceCounter
0x941090 GetTickCount
0x941094 GetCurrentThreadId
0x941098 GetCurrentProcessId
0x94109c GetSystemTimeAsFileTime
0x9410a0 TerminateProcess
0x9410a4 UnhandledExceptionFilter
0x9410a8 CompareStringW
0x9410ac ReleaseActCtx
0x9410b0 DeactivateActCtx
0x9410b4 GetFileAttributesW
0x9410b8 SearchPathW
0x9410bc CreateActCtxW
0x9410c0 GetModuleHandleW
0x9410c4 ActivateActCtx
USER32.dll
0x9410cc LoadIconW
0x9410d0 CharNextW
0x9410d4 DefWindowProcW
0x9410d8 GetClassLongW
0x9410dc GetClassNameW
0x9410e0 GetWindow
0x9410e4 GetWindowLongW
0x9410e8 SetWindowLongW
0x9410ec SetClassLongW
0x9410f0 CreateWindowExW
0x9410f4 RegisterClassW
0x9410f8 LoadCursorW
0x9410fc LoadStringW
0x941100 MessageBoxW
0x941104 DestroyWindow
msvcrt.dll
0x94110c iswalpha
0x941110 _wtoi
0x941114 wcschr
0x941118 __wgetmainargs
0x94111c memset
0x941120 _vsnwprintf
0x941124 __set_app_type
0x941128 _controlfp
0x94112c _except_handler4_common
0x941130 ?terminate@@YAXXZ
0x941134 __p__fmode
0x941138 __p__commode
0x94113c __setusermatherr
0x941140 _amsg_exit
0x941144 _initterm
0x941148 _wcmdln
0x94114c exit
0x941150 _XcptFilter
0x941154 _exit
0x941158 _cexit
imagehlp.dll
0x941160 ImageDirectoryEntryToData
ntdll.dll
0x941168 NtClose
0x94116c NtOpenProcessToken
0x941170 NtSetInformationToken
0x941174 RtlImageNtHeader
0x941178 NtSetInformationProcess
0x94117c NtQueryInformationToken
EAT(Export Address Table) is none
KERNEL32.dll
0x941000 HeapSetInformation
0x941004 QueryActCtxW
0x941008 CloseHandle
0x94100c SetFilePointer
0x941010 ReadFile
0x941014 CreateFileW
0x941018 LocalFree
0x94101c lstrlenA
0x941020 WideCharToMultiByte
0x941024 LocalAlloc
0x941028 lstrlenW
0x94102c GetProcAddress
0x941030 WaitForSingleObject
0x941034 CreateProcessW
0x941038 GetCommandLineW
0x94103c Wow64EnableWow64FsRedirection
0x941040 GetSystemDirectoryW
0x941044 GetNativeSystemInfo
0x941048 IsWow64Process
0x94104c GetCurrentProcess
0x941050 SetProcessDEPPolicy
0x941054 FormatMessageW
0x941058 GetLastError
0x94105c LoadLibraryExW
0x941060 FreeLibrary
0x941064 ExitProcess
0x941068 SetErrorMode
0x94106c DelayLoadFailureHook
0x941070 InterlockedCompareExchange
0x941074 LoadLibraryExA
0x941078 Sleep
0x94107c GetStartupInfoW
0x941080 InterlockedExchange
0x941084 SetUnhandledExceptionFilter
0x941088 GetModuleHandleA
0x94108c QueryPerformanceCounter
0x941090 GetTickCount
0x941094 GetCurrentThreadId
0x941098 GetCurrentProcessId
0x94109c GetSystemTimeAsFileTime
0x9410a0 TerminateProcess
0x9410a4 UnhandledExceptionFilter
0x9410a8 CompareStringW
0x9410ac ReleaseActCtx
0x9410b0 DeactivateActCtx
0x9410b4 GetFileAttributesW
0x9410b8 SearchPathW
0x9410bc CreateActCtxW
0x9410c0 GetModuleHandleW
0x9410c4 ActivateActCtx
USER32.dll
0x9410cc LoadIconW
0x9410d0 CharNextW
0x9410d4 DefWindowProcW
0x9410d8 GetClassLongW
0x9410dc GetClassNameW
0x9410e0 GetWindow
0x9410e4 GetWindowLongW
0x9410e8 SetWindowLongW
0x9410ec SetClassLongW
0x9410f0 CreateWindowExW
0x9410f4 RegisterClassW
0x9410f8 LoadCursorW
0x9410fc LoadStringW
0x941100 MessageBoxW
0x941104 DestroyWindow
msvcrt.dll
0x94110c iswalpha
0x941110 _wtoi
0x941114 wcschr
0x941118 __wgetmainargs
0x94111c memset
0x941120 _vsnwprintf
0x941124 __set_app_type
0x941128 _controlfp
0x94112c _except_handler4_common
0x941130 ?terminate@@YAXXZ
0x941134 __p__fmode
0x941138 __p__commode
0x94113c __setusermatherr
0x941140 _amsg_exit
0x941144 _initterm
0x941148 _wcmdln
0x94114c exit
0x941150 _XcptFilter
0x941154 _exit
0x941158 _cexit
imagehlp.dll
0x941160 ImageDirectoryEntryToData
ntdll.dll
0x941168 NtClose
0x94116c NtOpenProcessToken
0x941170 NtSetInformationToken
0x941174 RtlImageNtHeader
0x941178 NtSetInformationProcess
0x94117c NtQueryInformationToken
EAT(Export Address Table) is none