ScreenShot
| Created | 2023.04.14 18:07 | Machine | s1_win7_x6401 |
| Filename | 74134271465999811757.bin | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetectNet, malicious, high confidence, Lazy, Artemis, Kryptik, V6gv, Tasker, confidence, 100%, Attribute, HighConfidence, HRTC, score, azee, jvlzmn, AGEN, MulDrop21, R002C0DDB23, high, Static AI, Malicious PE, Detected, ClipBanker, R528972, ZexaF, @F0@aSahwPni, ai score=83, BScope, TrojanPSW, Coins, unsafe, Genetic, Itgl, susgen, FXIU) | ||
| md5 | 8c8f6bd95d195dc90693368e807e4044 | ||
| sha256 | 26155f8203ad0721338279ddb0bc84c25996a2a52e911a9fee9b3966831a14e7 | ||
| ssdeep | 196608:WFFpZbzq0QL7/qYaUln6h3JmyZLxtWEmpe:eF/LQ/qYa0A3J/ZVt | ||
| imphash | 895e5e6e037e9108574fb94ed614d804 | ||
| impfuzzy | 48:IFONXYu14ASXJ+Zcp++vZZZwTSttKiyuQ3a:IFO11AXJ+Zcp+qjwSttLyuua | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x760000 LoadLibraryW
0x760004 GetProcAddress
0x760008 ReadFile
0x76000c WriteFile
0x760010 lstrlenA
0x760014 WaitForSingleObject
0x760018 LocalAlloc
0x76001c CreateFileW
0x760020 MultiByteToWideChar
0x760024 DeleteFileW
0x760028 CloseHandle
0x76002c ExitProcess
0x760030 CreateProcessW
0x760034 CopyFileW
0x760038 WideCharToMultiByte
0x76003c Sleep
0x760040 GlobalFree
SHELL32.dll
0x760048 SHGetFolderPathW
KERNEL32.dll
0x760050 GetSystemTimeAsFileTime
0x760054 GetModuleHandleA
0x760058 CreateEventA
0x76005c GetModuleFileNameW
0x760060 TerminateProcess
0x760064 GetCurrentProcess
0x760068 CreateToolhelp32Snapshot
0x76006c Thread32First
0x760070 GetCurrentProcessId
0x760074 GetCurrentThreadId
0x760078 OpenThread
0x76007c Thread32Next
0x760080 CloseHandle
0x760084 SuspendThread
0x760088 ResumeThread
0x76008c WriteProcessMemory
0x760090 GetSystemInfo
0x760094 VirtualAlloc
0x760098 VirtualProtect
0x76009c VirtualFree
0x7600a0 GetProcessAffinityMask
0x7600a4 SetProcessAffinityMask
0x7600a8 GetCurrentThread
0x7600ac SetThreadAffinityMask
0x7600b0 Sleep
0x7600b4 LoadLibraryA
0x7600b8 FreeLibrary
0x7600bc GetTickCount
0x7600c0 SystemTimeToFileTime
0x7600c4 FileTimeToSystemTime
0x7600c8 GlobalFree
0x7600cc LocalAlloc
0x7600d0 LocalFree
0x7600d4 GetProcAddress
0x7600d8 ExitProcess
0x7600dc EnterCriticalSection
0x7600e0 LeaveCriticalSection
0x7600e4 InitializeCriticalSection
0x7600e8 DeleteCriticalSection
0x7600ec GetModuleHandleW
0x7600f0 LoadResource
0x7600f4 MultiByteToWideChar
0x7600f8 FindResourceExW
0x7600fc FindResourceExA
0x760100 WideCharToMultiByte
0x760104 GetThreadLocale
0x760108 GetUserDefaultLCID
0x76010c GetSystemDefaultLCID
0x760110 EnumResourceNamesA
0x760114 EnumResourceNamesW
0x760118 EnumResourceLanguagesA
0x76011c EnumResourceLanguagesW
0x760120 EnumResourceTypesA
0x760124 EnumResourceTypesW
0x760128 CreateFileW
0x76012c LoadLibraryW
0x760130 GetLastError
0x760134 FlushFileBuffers
0x760138 WriteConsoleW
0x76013c SetStdHandle
0x760140 IsProcessorFeaturePresent
0x760144 DecodePointer
0x760148 GetCommandLineA
0x76014c RaiseException
0x760150 HeapFree
0x760154 GetCPInfo
0x760158 InterlockedIncrement
0x76015c InterlockedDecrement
0x760160 GetACP
0x760164 GetOEMCP
0x760168 IsValidCodePage
0x76016c EncodePointer
0x760170 TlsAlloc
0x760174 TlsGetValue
0x760178 TlsSetValue
0x76017c TlsFree
0x760180 SetLastError
0x760184 UnhandledExceptionFilter
0x760188 SetUnhandledExceptionFilter
0x76018c IsDebuggerPresent
0x760190 HeapAlloc
0x760194 LCMapStringW
0x760198 GetStringTypeW
0x76019c SetHandleCount
0x7601a0 GetStdHandle
0x7601a4 InitializeCriticalSectionAndSpinCount
0x7601a8 GetFileType
0x7601ac GetStartupInfoW
0x7601b0 GetModuleFileNameA
0x7601b4 FreeEnvironmentStringsW
0x7601b8 GetEnvironmentStringsW
0x7601bc HeapCreate
0x7601c0 HeapDestroy
0x7601c4 QueryPerformanceCounter
0x7601c8 HeapSize
0x7601cc WriteFile
0x7601d0 RtlUnwind
0x7601d4 SetFilePointer
0x7601d8 GetConsoleCP
0x7601dc GetConsoleMode
0x7601e0 HeapReAlloc
0x7601e4 VirtualQuery
USER32.dll
0x7601ec CharUpperBuffW
KERNEL32.dll
0x7601f4 LocalAlloc
0x7601f8 LocalFree
0x7601fc GetModuleFileNameW
0x760200 ExitProcess
0x760204 LoadLibraryA
0x760208 GetModuleHandleA
0x76020c GetProcAddress
EAT(Export Address Table) Library
KERNEL32.dll
0x760000 LoadLibraryW
0x760004 GetProcAddress
0x760008 ReadFile
0x76000c WriteFile
0x760010 lstrlenA
0x760014 WaitForSingleObject
0x760018 LocalAlloc
0x76001c CreateFileW
0x760020 MultiByteToWideChar
0x760024 DeleteFileW
0x760028 CloseHandle
0x76002c ExitProcess
0x760030 CreateProcessW
0x760034 CopyFileW
0x760038 WideCharToMultiByte
0x76003c Sleep
0x760040 GlobalFree
SHELL32.dll
0x760048 SHGetFolderPathW
KERNEL32.dll
0x760050 GetSystemTimeAsFileTime
0x760054 GetModuleHandleA
0x760058 CreateEventA
0x76005c GetModuleFileNameW
0x760060 TerminateProcess
0x760064 GetCurrentProcess
0x760068 CreateToolhelp32Snapshot
0x76006c Thread32First
0x760070 GetCurrentProcessId
0x760074 GetCurrentThreadId
0x760078 OpenThread
0x76007c Thread32Next
0x760080 CloseHandle
0x760084 SuspendThread
0x760088 ResumeThread
0x76008c WriteProcessMemory
0x760090 GetSystemInfo
0x760094 VirtualAlloc
0x760098 VirtualProtect
0x76009c VirtualFree
0x7600a0 GetProcessAffinityMask
0x7600a4 SetProcessAffinityMask
0x7600a8 GetCurrentThread
0x7600ac SetThreadAffinityMask
0x7600b0 Sleep
0x7600b4 LoadLibraryA
0x7600b8 FreeLibrary
0x7600bc GetTickCount
0x7600c0 SystemTimeToFileTime
0x7600c4 FileTimeToSystemTime
0x7600c8 GlobalFree
0x7600cc LocalAlloc
0x7600d0 LocalFree
0x7600d4 GetProcAddress
0x7600d8 ExitProcess
0x7600dc EnterCriticalSection
0x7600e0 LeaveCriticalSection
0x7600e4 InitializeCriticalSection
0x7600e8 DeleteCriticalSection
0x7600ec GetModuleHandleW
0x7600f0 LoadResource
0x7600f4 MultiByteToWideChar
0x7600f8 FindResourceExW
0x7600fc FindResourceExA
0x760100 WideCharToMultiByte
0x760104 GetThreadLocale
0x760108 GetUserDefaultLCID
0x76010c GetSystemDefaultLCID
0x760110 EnumResourceNamesA
0x760114 EnumResourceNamesW
0x760118 EnumResourceLanguagesA
0x76011c EnumResourceLanguagesW
0x760120 EnumResourceTypesA
0x760124 EnumResourceTypesW
0x760128 CreateFileW
0x76012c LoadLibraryW
0x760130 GetLastError
0x760134 FlushFileBuffers
0x760138 WriteConsoleW
0x76013c SetStdHandle
0x760140 IsProcessorFeaturePresent
0x760144 DecodePointer
0x760148 GetCommandLineA
0x76014c RaiseException
0x760150 HeapFree
0x760154 GetCPInfo
0x760158 InterlockedIncrement
0x76015c InterlockedDecrement
0x760160 GetACP
0x760164 GetOEMCP
0x760168 IsValidCodePage
0x76016c EncodePointer
0x760170 TlsAlloc
0x760174 TlsGetValue
0x760178 TlsSetValue
0x76017c TlsFree
0x760180 SetLastError
0x760184 UnhandledExceptionFilter
0x760188 SetUnhandledExceptionFilter
0x76018c IsDebuggerPresent
0x760190 HeapAlloc
0x760194 LCMapStringW
0x760198 GetStringTypeW
0x76019c SetHandleCount
0x7601a0 GetStdHandle
0x7601a4 InitializeCriticalSectionAndSpinCount
0x7601a8 GetFileType
0x7601ac GetStartupInfoW
0x7601b0 GetModuleFileNameA
0x7601b4 FreeEnvironmentStringsW
0x7601b8 GetEnvironmentStringsW
0x7601bc HeapCreate
0x7601c0 HeapDestroy
0x7601c4 QueryPerformanceCounter
0x7601c8 HeapSize
0x7601cc WriteFile
0x7601d0 RtlUnwind
0x7601d4 SetFilePointer
0x7601d8 GetConsoleCP
0x7601dc GetConsoleMode
0x7601e0 HeapReAlloc
0x7601e4 VirtualQuery
USER32.dll
0x7601ec CharUpperBuffW
KERNEL32.dll
0x7601f4 LocalAlloc
0x7601f8 LocalFree
0x7601fc GetModuleFileNameW
0x760200 ExitProcess
0x760204 LoadLibraryA
0x760208 GetModuleHandleA
0x76020c GetProcAddress
EAT(Export Address Table) Library