ScreenShot
| Created | 2023.04.03 08:47 | Machine | s1_win7_x6403 |
| Filename | oskg25 | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 27 detected (GenericKD, Artemis, Downuk, Eldorado, a variant of Generik, FKHLKGS, xyaoiu, FileRepMalware, Misc, Cplw, pmmpz, Sabsik, Wacatac, Detected, ai score=85, unsafe, CLOUD, PossibleThreat) | ||
| md5 | ab28d926012b7cf54ea99eafe85e580b | ||
| sha256 | b4ea2b4b198552bd5507a504480d1efe41343c84c317de4ed44f571f608c8d47 | ||
| ssdeep | 6144:g/ji2H5h8EvzoWdN46Jd6VWxtoloBV+rLx:Yb8EvbdN9JsVJ6BV+rLx | ||
| imphash | 070e553ddabe88527fa952a08fb09ea6 | ||
| impfuzzy | 192:9BwBPV6b3YkEreQUp4XmLDf2gOd0glI7JI:9mBjkErPq4XmLDf2gtglI7+ | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x100021000 DPtoLP
0x100021008 CreateFontIndirectW
0x100021010 SelectObject
0x100021018 DeleteObject
0x100021020 RestoreDC
0x100021028 CreateCompatibleDC
0x100021030 CreateCompatibleBitmap
0x100021038 CreateSolidBrush
0x100021040 SetWindowOrgEx
0x100021048 SetBkMode
0x100021050 SetTextColor
0x100021058 GetStockObject
0x100021060 GetObjectA
0x100021068 GetObjectW
0x100021070 DeleteDC
0x100021078 CreateBitmap
0x100021080 SetLayout
0x100021088 SetViewportOrgEx
0x100021090 ModifyWorldTransform
0x100021098 SetGraphicsMode
0x1000210a0 SaveDC
0x1000210a8 BitBlt
0x1000210b0 GetDeviceCaps
USER32.dll
0x1000210c0 SetWindowLongPtrW
0x1000210c8 DefWindowProcW
0x1000210d0 GetWindowLongPtrW
0x1000210d8 PostMessageW
0x1000210e0 PostQuitMessage
0x1000210e8 SendMessageW
0x1000210f0 SetWindowTextW
0x1000210f8 ShowWindow
0x100021100 UpdateWindow
0x100021108 GetMessageW
0x100021110 TranslateMessage
0x100021118 DispatchMessageW
0x100021120 FindWindowExW
0x100021128 IsWindow
0x100021130 CallWindowProcW
0x100021138 RegisterClassExW
0x100021140 GetClassInfoExW
0x100021148 LoadCursorW
0x100021150 CreateWindowExW
0x100021158 CharNextW
0x100021160 RegisterWindowMessageW
0x100021168 LoadIconW
0x100021170 LoadImageW
0x100021178 GetSystemMetrics
0x100021180 PeekMessageW
0x100021188 MsgWaitForMultipleObjectsEx
0x100021190 DestroyIcon
0x100021198 KillTimer
0x1000211a0 LoadStringW
0x1000211a8 GetDC
0x1000211b0 ReleaseDC
0x1000211b8 SetForegroundWindow
0x1000211c0 UnregisterClassA
0x1000211c8 SetTimer
0x1000211d0 GetCursorPos
0x1000211d8 CreatePopupMenu
0x1000211e0 AppendMenuW
0x1000211e8 SetMenuItemInfoW
0x1000211f0 SetMenuDefaultItem
0x1000211f8 TrackPopupMenu
0x100021200 DestroyMenu
0x100021208 BringWindowToTop
0x100021210 GetSysColor
0x100021218 SystemParametersInfoW
0x100021220 GetWindowRect
0x100021228 MapWindowPoints
0x100021230 FillRect
0x100021238 GetAncestor
0x100021240 IsIconic
0x100021248 GetLastActivePopup
0x100021250 BeginPaint
0x100021258 EndPaint
0x100021260 MoveWindow
0x100021268 InvalidateRect
0x100021270 GetWindowLongW
0x100021278 GetWindowTextW
0x100021280 GetWindowTextLengthW
0x100021288 DrawTextW
0x100021290 IsWindowEnabled
0x100021298 GetParent
0x1000212a0 TrackMouseEvent
0x1000212a8 SetRect
0x1000212b0 ScreenToClient
0x1000212b8 GetDlgItem
0x1000212c0 SetFocus
0x1000212c8 DestroyWindow
0x1000212d0 GetScrollInfo
0x1000212d8 SetScrollInfo
0x1000212e0 ScrollWindowEx
0x1000212e8 GetScrollPos
0x1000212f0 SetScrollPos
0x1000212f8 ScrollWindow
0x100021300 GetFocus
0x100021308 DrawIcon
0x100021310 EnableWindow
0x100021318 IsWindowVisible
0x100021320 SendNotifyMessageW
0x100021328 GetKeyState
0x100021330 GetClientRect
msvcrt.dll
0x100021340 free
0x100021348 swprintf_s
0x100021350 memcpy_s
0x100021358 memmove_s
0x100021360 malloc
0x100021368 _vscwprintf
0x100021370 wcsncpy_s
0x100021378 vswprintf_s
0x100021380 _wtof
0x100021388 wcstol
0x100021390 towupper
0x100021398 wcsstr
0x1000213a0 wcschr
0x1000213a8 iswspace
0x1000213b0 _resetstkoflw
0x1000213b8 wcscat_s
0x1000213c0 _vsnwprintf
0x1000213c8 memcmp
0x1000213d0 __CxxFrameHandler3
0x1000213d8 _onexit
0x1000213e0 _lock
0x1000213e8 __dllonexit
0x1000213f0 memset
0x1000213f8 _errno
0x100021400 realloc
0x100021408 ??1type_info@@UEAA@XZ
0x100021410 ?terminate@@YAXXZ
0x100021418 __set_app_type
0x100021420 _fmode
0x100021428 _commode
0x100021430 __setusermatherr
0x100021438 _amsg_exit
0x100021440 _initterm
0x100021448 _wcmdln
0x100021450 exit
0x100021458 _cexit
0x100021460 _exit
0x100021468 _XcptFilter
0x100021470 __wgetmainargs
0x100021478 _callnewh
0x100021480 _CxxThrowException
0x100021488 ??0exception@@QEAA@AEBV0@@Z
0x100021490 ??1exception@@UEAA@XZ
0x100021498 ?what@exception@@UEBAPEBDXZ
0x1000214a0 ??0exception@@QEAA@AEBQEBDH@Z
0x1000214a8 wcscpy_s
0x1000214b0 __C_specific_handler
0x1000214b8 _unlock
0x1000214c0 memcpy
ntdll.dll
0x1000214d0 RtlCaptureContext
0x1000214d8 RtlLookupFunctionEntry
0x1000214e0 RtlVirtualUnwind
0x1000214e8 EtwUnregisterTraceGuids
0x1000214f0 EtwRegisterTraceGuidsW
0x1000214f8 EtwGetTraceEnableFlags
0x100021500 EtwGetTraceEnableLevel
0x100021508 EtwGetTraceLoggerHandle
0x100021510 EtwTraceMessage
gdiplus.dll
0x100021540 GdiplusShutdown
0x100021548 GdipAddPathArcI
0x100021550 GdipClosePathFigure
0x100021558 GdipCreateFromHDC
0x100021560 GdipDeleteGraphics
0x100021568 GdipSetSmoothingMode
0x100021570 GdipCreateLineBrushFromRectI
0x100021578 GdipDeleteBrush
0x100021580 GdipFree
0x100021588 GdipDrawPath
0x100021590 GdipDrawImageRectI
0x100021598 GdipCreateBitmapFromHICON
0x1000215a0 GdipFillPath
0x1000215a8 GdipDeletePath
0x1000215b0 GdipCreatePath
0x1000215b8 GdipDeletePen
0x1000215c0 GdipCreatePen1
0x1000215c8 GdipCreateSolidFill
0x1000215d0 GdipCreateLineBrushFromRectWithAngleI
0x1000215d8 GdipMeasureString
0x1000215e0 GdipDeleteStringFormat
0x1000215e8 GdipCreateStringFormat
0x1000215f0 GdipDeleteFont
0x1000215f8 GdipCreateFontFromLogfontA
0x100021600 GdipCreateFontFromDC
0x100021608 GdipDrawImageRectRectI
0x100021610 GdipGetImageHeight
0x100021618 GdipGetImageWidth
0x100021620 GdipDisposeImage
0x100021628 GdipCloneImage
0x100021630 GdipLoadImageFromFile
0x100021638 GdipFillRectangleI
0x100021640 GdipAlloc
0x100021648 GdiplusStartup
COMCTL32.dll
0x100021658 None
KERNEL32.dll
0x100021668 VirtualAlloc
0x100021670 InterlockedPopEntrySList
0x100021678 VirtualFree
0x100021680 HeapSize
0x100021688 HeapReAlloc
0x100021690 HeapDestroy
0x100021698 GetVersionExA
0x1000216a0 DelayLoadFailureHook
0x1000216a8 LoadLibraryExA
0x1000216b0 GetSystemTimeAsFileTime
0x1000216b8 LocalFree
0x1000216c0 MoveFileExW
0x1000216c8 WriteFile
0x1000216d0 CreateFileW
0x1000216d8 GetTempFileNameW
0x1000216e0 GetTempPathW
0x1000216e8 GetSystemDefaultLangID
0x1000216f0 DeleteFileW
0x1000216f8 GetTimeFormatW
0x100021700 InterlockedPushEntrySList
0x100021708 FileTimeToSystemTime
0x100021710 FileTimeToLocalFileTime
0x100021718 CheckElevationEnabled
0x100021720 GetUserPreferredUILanguages
0x100021728 SetProcessWorkingSetSize
0x100021730 GetLocaleInfoW
0x100021738 RegQueryValueExW
0x100021740 FindResourceExW
0x100021748 WaitForSingleObject
0x100021750 CreateThread
0x100021758 GlobalFree
0x100021760 GetCommandLineW
0x100021768 CreateProcessW
0x100021770 FormatMessageW
0x100021778 SetEvent
0x100021780 CreateMutexW
0x100021788 CreateEventW
0x100021790 CloseHandle
0x100021798 LoadLibraryExW
0x1000217a0 MultiByteToWideChar
0x1000217a8 RegDeleteValueW
0x1000217b0 RegCreateKeyExW
0x1000217b8 RegSetValueExW
0x1000217c0 lstrcmpiW
0x1000217c8 RegOpenKeyExW
0x1000217d0 RegEnumKeyExW
0x1000217d8 RegQueryInfoKeyW
0x1000217e0 RegCloseKey
0x1000217e8 GetModuleHandleW
0x1000217f0 LoadLibraryW
0x1000217f8 GetProcAddress
0x100021800 FreeLibrary
0x100021808 DeleteCriticalSection
0x100021810 InitializeCriticalSection
0x100021818 GetLastError
0x100021820 HeapSetInformation
0x100021828 FindResourceW
0x100021830 LoadResource
0x100021838 LockResource
0x100021840 SizeofResource
0x100021848 GetUserDefaultUILanguage
0x100021850 HeapFree
0x100021858 GetProcessHeap
0x100021860 HeapAlloc
0x100021868 RaiseException
0x100021870 SetLastError
0x100021878 lstrlenW
0x100021880 GetModuleFileNameW
0x100021888 LeaveCriticalSection
0x100021890 EnterCriticalSection
0x100021898 GetCurrentThreadId
0x1000218a0 FlushInstructionCache
0x1000218a8 GetCurrentProcess
0x1000218b0 Sleep
0x1000218b8 GetStartupInfoW
0x1000218c0 SetUnhandledExceptionFilter
0x1000218c8 QueryPerformanceCounter
0x1000218d0 GetTickCount
0x1000218d8 GetDateFormatW
0x1000218e0 TerminateProcess
0x1000218e8 UnhandledExceptionFilter
0x1000218f0 OutputDebugStringA
0x1000218f8 GetCurrentProcessId
EAT(Export Address Table) is none
GDI32.dll
0x100021000 DPtoLP
0x100021008 CreateFontIndirectW
0x100021010 SelectObject
0x100021018 DeleteObject
0x100021020 RestoreDC
0x100021028 CreateCompatibleDC
0x100021030 CreateCompatibleBitmap
0x100021038 CreateSolidBrush
0x100021040 SetWindowOrgEx
0x100021048 SetBkMode
0x100021050 SetTextColor
0x100021058 GetStockObject
0x100021060 GetObjectA
0x100021068 GetObjectW
0x100021070 DeleteDC
0x100021078 CreateBitmap
0x100021080 SetLayout
0x100021088 SetViewportOrgEx
0x100021090 ModifyWorldTransform
0x100021098 SetGraphicsMode
0x1000210a0 SaveDC
0x1000210a8 BitBlt
0x1000210b0 GetDeviceCaps
USER32.dll
0x1000210c0 SetWindowLongPtrW
0x1000210c8 DefWindowProcW
0x1000210d0 GetWindowLongPtrW
0x1000210d8 PostMessageW
0x1000210e0 PostQuitMessage
0x1000210e8 SendMessageW
0x1000210f0 SetWindowTextW
0x1000210f8 ShowWindow
0x100021100 UpdateWindow
0x100021108 GetMessageW
0x100021110 TranslateMessage
0x100021118 DispatchMessageW
0x100021120 FindWindowExW
0x100021128 IsWindow
0x100021130 CallWindowProcW
0x100021138 RegisterClassExW
0x100021140 GetClassInfoExW
0x100021148 LoadCursorW
0x100021150 CreateWindowExW
0x100021158 CharNextW
0x100021160 RegisterWindowMessageW
0x100021168 LoadIconW
0x100021170 LoadImageW
0x100021178 GetSystemMetrics
0x100021180 PeekMessageW
0x100021188 MsgWaitForMultipleObjectsEx
0x100021190 DestroyIcon
0x100021198 KillTimer
0x1000211a0 LoadStringW
0x1000211a8 GetDC
0x1000211b0 ReleaseDC
0x1000211b8 SetForegroundWindow
0x1000211c0 UnregisterClassA
0x1000211c8 SetTimer
0x1000211d0 GetCursorPos
0x1000211d8 CreatePopupMenu
0x1000211e0 AppendMenuW
0x1000211e8 SetMenuItemInfoW
0x1000211f0 SetMenuDefaultItem
0x1000211f8 TrackPopupMenu
0x100021200 DestroyMenu
0x100021208 BringWindowToTop
0x100021210 GetSysColor
0x100021218 SystemParametersInfoW
0x100021220 GetWindowRect
0x100021228 MapWindowPoints
0x100021230 FillRect
0x100021238 GetAncestor
0x100021240 IsIconic
0x100021248 GetLastActivePopup
0x100021250 BeginPaint
0x100021258 EndPaint
0x100021260 MoveWindow
0x100021268 InvalidateRect
0x100021270 GetWindowLongW
0x100021278 GetWindowTextW
0x100021280 GetWindowTextLengthW
0x100021288 DrawTextW
0x100021290 IsWindowEnabled
0x100021298 GetParent
0x1000212a0 TrackMouseEvent
0x1000212a8 SetRect
0x1000212b0 ScreenToClient
0x1000212b8 GetDlgItem
0x1000212c0 SetFocus
0x1000212c8 DestroyWindow
0x1000212d0 GetScrollInfo
0x1000212d8 SetScrollInfo
0x1000212e0 ScrollWindowEx
0x1000212e8 GetScrollPos
0x1000212f0 SetScrollPos
0x1000212f8 ScrollWindow
0x100021300 GetFocus
0x100021308 DrawIcon
0x100021310 EnableWindow
0x100021318 IsWindowVisible
0x100021320 SendNotifyMessageW
0x100021328 GetKeyState
0x100021330 GetClientRect
msvcrt.dll
0x100021340 free
0x100021348 swprintf_s
0x100021350 memcpy_s
0x100021358 memmove_s
0x100021360 malloc
0x100021368 _vscwprintf
0x100021370 wcsncpy_s
0x100021378 vswprintf_s
0x100021380 _wtof
0x100021388 wcstol
0x100021390 towupper
0x100021398 wcsstr
0x1000213a0 wcschr
0x1000213a8 iswspace
0x1000213b0 _resetstkoflw
0x1000213b8 wcscat_s
0x1000213c0 _vsnwprintf
0x1000213c8 memcmp
0x1000213d0 __CxxFrameHandler3
0x1000213d8 _onexit
0x1000213e0 _lock
0x1000213e8 __dllonexit
0x1000213f0 memset
0x1000213f8 _errno
0x100021400 realloc
0x100021408 ??1type_info@@UEAA@XZ
0x100021410 ?terminate@@YAXXZ
0x100021418 __set_app_type
0x100021420 _fmode
0x100021428 _commode
0x100021430 __setusermatherr
0x100021438 _amsg_exit
0x100021440 _initterm
0x100021448 _wcmdln
0x100021450 exit
0x100021458 _cexit
0x100021460 _exit
0x100021468 _XcptFilter
0x100021470 __wgetmainargs
0x100021478 _callnewh
0x100021480 _CxxThrowException
0x100021488 ??0exception@@QEAA@AEBV0@@Z
0x100021490 ??1exception@@UEAA@XZ
0x100021498 ?what@exception@@UEBAPEBDXZ
0x1000214a0 ??0exception@@QEAA@AEBQEBDH@Z
0x1000214a8 wcscpy_s
0x1000214b0 __C_specific_handler
0x1000214b8 _unlock
0x1000214c0 memcpy
ntdll.dll
0x1000214d0 RtlCaptureContext
0x1000214d8 RtlLookupFunctionEntry
0x1000214e0 RtlVirtualUnwind
0x1000214e8 EtwUnregisterTraceGuids
0x1000214f0 EtwRegisterTraceGuidsW
0x1000214f8 EtwGetTraceEnableFlags
0x100021500 EtwGetTraceEnableLevel
0x100021508 EtwGetTraceLoggerHandle
0x100021510 EtwTraceMessage
gdiplus.dll
0x100021540 GdiplusShutdown
0x100021548 GdipAddPathArcI
0x100021550 GdipClosePathFigure
0x100021558 GdipCreateFromHDC
0x100021560 GdipDeleteGraphics
0x100021568 GdipSetSmoothingMode
0x100021570 GdipCreateLineBrushFromRectI
0x100021578 GdipDeleteBrush
0x100021580 GdipFree
0x100021588 GdipDrawPath
0x100021590 GdipDrawImageRectI
0x100021598 GdipCreateBitmapFromHICON
0x1000215a0 GdipFillPath
0x1000215a8 GdipDeletePath
0x1000215b0 GdipCreatePath
0x1000215b8 GdipDeletePen
0x1000215c0 GdipCreatePen1
0x1000215c8 GdipCreateSolidFill
0x1000215d0 GdipCreateLineBrushFromRectWithAngleI
0x1000215d8 GdipMeasureString
0x1000215e0 GdipDeleteStringFormat
0x1000215e8 GdipCreateStringFormat
0x1000215f0 GdipDeleteFont
0x1000215f8 GdipCreateFontFromLogfontA
0x100021600 GdipCreateFontFromDC
0x100021608 GdipDrawImageRectRectI
0x100021610 GdipGetImageHeight
0x100021618 GdipGetImageWidth
0x100021620 GdipDisposeImage
0x100021628 GdipCloneImage
0x100021630 GdipLoadImageFromFile
0x100021638 GdipFillRectangleI
0x100021640 GdipAlloc
0x100021648 GdiplusStartup
COMCTL32.dll
0x100021658 None
KERNEL32.dll
0x100021668 VirtualAlloc
0x100021670 InterlockedPopEntrySList
0x100021678 VirtualFree
0x100021680 HeapSize
0x100021688 HeapReAlloc
0x100021690 HeapDestroy
0x100021698 GetVersionExA
0x1000216a0 DelayLoadFailureHook
0x1000216a8 LoadLibraryExA
0x1000216b0 GetSystemTimeAsFileTime
0x1000216b8 LocalFree
0x1000216c0 MoveFileExW
0x1000216c8 WriteFile
0x1000216d0 CreateFileW
0x1000216d8 GetTempFileNameW
0x1000216e0 GetTempPathW
0x1000216e8 GetSystemDefaultLangID
0x1000216f0 DeleteFileW
0x1000216f8 GetTimeFormatW
0x100021700 InterlockedPushEntrySList
0x100021708 FileTimeToSystemTime
0x100021710 FileTimeToLocalFileTime
0x100021718 CheckElevationEnabled
0x100021720 GetUserPreferredUILanguages
0x100021728 SetProcessWorkingSetSize
0x100021730 GetLocaleInfoW
0x100021738 RegQueryValueExW
0x100021740 FindResourceExW
0x100021748 WaitForSingleObject
0x100021750 CreateThread
0x100021758 GlobalFree
0x100021760 GetCommandLineW
0x100021768 CreateProcessW
0x100021770 FormatMessageW
0x100021778 SetEvent
0x100021780 CreateMutexW
0x100021788 CreateEventW
0x100021790 CloseHandle
0x100021798 LoadLibraryExW
0x1000217a0 MultiByteToWideChar
0x1000217a8 RegDeleteValueW
0x1000217b0 RegCreateKeyExW
0x1000217b8 RegSetValueExW
0x1000217c0 lstrcmpiW
0x1000217c8 RegOpenKeyExW
0x1000217d0 RegEnumKeyExW
0x1000217d8 RegQueryInfoKeyW
0x1000217e0 RegCloseKey
0x1000217e8 GetModuleHandleW
0x1000217f0 LoadLibraryW
0x1000217f8 GetProcAddress
0x100021800 FreeLibrary
0x100021808 DeleteCriticalSection
0x100021810 InitializeCriticalSection
0x100021818 GetLastError
0x100021820 HeapSetInformation
0x100021828 FindResourceW
0x100021830 LoadResource
0x100021838 LockResource
0x100021840 SizeofResource
0x100021848 GetUserDefaultUILanguage
0x100021850 HeapFree
0x100021858 GetProcessHeap
0x100021860 HeapAlloc
0x100021868 RaiseException
0x100021870 SetLastError
0x100021878 lstrlenW
0x100021880 GetModuleFileNameW
0x100021888 LeaveCriticalSection
0x100021890 EnterCriticalSection
0x100021898 GetCurrentThreadId
0x1000218a0 FlushInstructionCache
0x1000218a8 GetCurrentProcess
0x1000218b0 Sleep
0x1000218b8 GetStartupInfoW
0x1000218c0 SetUnhandledExceptionFilter
0x1000218c8 QueryPerformanceCounter
0x1000218d0 GetTickCount
0x1000218d8 GetDateFormatW
0x1000218e0 TerminateProcess
0x1000218e8 UnhandledExceptionFilter
0x1000218f0 OutputDebugStringA
0x1000218f8 GetCurrentProcessId
EAT(Export Address Table) is none