ScreenShot
| Created | 2023.04.14 18:07 | Machine | s1_win7_x6403 |
| Filename | 37836632498586869767.bin | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (AIDetectNet, malicious, high confidence, Lazy, Kryptik, V9zp, confidence, 100%, Eldorado, Attribute, HighConfidence, HRTC, score, tewsep, Agen, Osmw, high, Static AI, Malicious PE, Woreflint, Detected, ClipBanker, R528972, Artemis, ai score=85, BScope, TrojanPSW, Coins, unsafe, R002H0CDD23, o8wrBs1QCtE, FXIU, ZexaF, @F0@aGyrfymi, Genetic) | ||
| md5 | 5e1360b5ee1d7978a48bf7892291d7d4 | ||
| sha256 | e2b8d4fd6c48d2563355a51103af72aa82d1d7e7bccc2d59f654cef52b119d13 | ||
| ssdeep | 196608:iYjUzFF7JOGsZJEcrzQ+cJO5aJ/4/xyKuAX:uF7JrsUcdcJO5aJixeI | ||
| imphash | 895e5e6e037e9108574fb94ed614d804 | ||
| impfuzzy | 48:IFONXYu14ASXJ+Zcp++vZZZwTSttKiyuQ3a:IFO11AXJ+Zcp+qjwSttLyuua | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x75e000 LoadLibraryW
0x75e004 GetProcAddress
0x75e008 ReadFile
0x75e00c WriteFile
0x75e010 lstrlenA
0x75e014 WaitForSingleObject
0x75e018 LocalAlloc
0x75e01c CreateFileW
0x75e020 MultiByteToWideChar
0x75e024 DeleteFileW
0x75e028 CloseHandle
0x75e02c ExitProcess
0x75e030 CreateProcessW
0x75e034 CopyFileW
0x75e038 WideCharToMultiByte
0x75e03c Sleep
0x75e040 GlobalFree
SHELL32.dll
0x75e048 SHGetFolderPathW
KERNEL32.dll
0x75e050 GetSystemTimeAsFileTime
0x75e054 GetModuleHandleA
0x75e058 CreateEventA
0x75e05c GetModuleFileNameW
0x75e060 TerminateProcess
0x75e064 GetCurrentProcess
0x75e068 CreateToolhelp32Snapshot
0x75e06c Thread32First
0x75e070 GetCurrentProcessId
0x75e074 GetCurrentThreadId
0x75e078 OpenThread
0x75e07c Thread32Next
0x75e080 CloseHandle
0x75e084 SuspendThread
0x75e088 ResumeThread
0x75e08c WriteProcessMemory
0x75e090 GetSystemInfo
0x75e094 VirtualAlloc
0x75e098 VirtualProtect
0x75e09c VirtualFree
0x75e0a0 GetProcessAffinityMask
0x75e0a4 SetProcessAffinityMask
0x75e0a8 GetCurrentThread
0x75e0ac SetThreadAffinityMask
0x75e0b0 Sleep
0x75e0b4 LoadLibraryA
0x75e0b8 FreeLibrary
0x75e0bc GetTickCount
0x75e0c0 SystemTimeToFileTime
0x75e0c4 FileTimeToSystemTime
0x75e0c8 GlobalFree
0x75e0cc LocalAlloc
0x75e0d0 LocalFree
0x75e0d4 GetProcAddress
0x75e0d8 ExitProcess
0x75e0dc EnterCriticalSection
0x75e0e0 LeaveCriticalSection
0x75e0e4 InitializeCriticalSection
0x75e0e8 DeleteCriticalSection
0x75e0ec GetModuleHandleW
0x75e0f0 LoadResource
0x75e0f4 MultiByteToWideChar
0x75e0f8 FindResourceExW
0x75e0fc FindResourceExA
0x75e100 WideCharToMultiByte
0x75e104 GetThreadLocale
0x75e108 GetUserDefaultLCID
0x75e10c GetSystemDefaultLCID
0x75e110 EnumResourceNamesA
0x75e114 EnumResourceNamesW
0x75e118 EnumResourceLanguagesA
0x75e11c EnumResourceLanguagesW
0x75e120 EnumResourceTypesA
0x75e124 EnumResourceTypesW
0x75e128 CreateFileW
0x75e12c LoadLibraryW
0x75e130 GetLastError
0x75e134 FlushFileBuffers
0x75e138 WriteConsoleW
0x75e13c SetStdHandle
0x75e140 IsProcessorFeaturePresent
0x75e144 DecodePointer
0x75e148 GetCommandLineA
0x75e14c RaiseException
0x75e150 HeapFree
0x75e154 GetCPInfo
0x75e158 InterlockedIncrement
0x75e15c InterlockedDecrement
0x75e160 GetACP
0x75e164 GetOEMCP
0x75e168 IsValidCodePage
0x75e16c EncodePointer
0x75e170 TlsAlloc
0x75e174 TlsGetValue
0x75e178 TlsSetValue
0x75e17c TlsFree
0x75e180 SetLastError
0x75e184 UnhandledExceptionFilter
0x75e188 SetUnhandledExceptionFilter
0x75e18c IsDebuggerPresent
0x75e190 HeapAlloc
0x75e194 LCMapStringW
0x75e198 GetStringTypeW
0x75e19c SetHandleCount
0x75e1a0 GetStdHandle
0x75e1a4 InitializeCriticalSectionAndSpinCount
0x75e1a8 GetFileType
0x75e1ac GetStartupInfoW
0x75e1b0 GetModuleFileNameA
0x75e1b4 FreeEnvironmentStringsW
0x75e1b8 GetEnvironmentStringsW
0x75e1bc HeapCreate
0x75e1c0 HeapDestroy
0x75e1c4 QueryPerformanceCounter
0x75e1c8 HeapSize
0x75e1cc WriteFile
0x75e1d0 RtlUnwind
0x75e1d4 SetFilePointer
0x75e1d8 GetConsoleCP
0x75e1dc GetConsoleMode
0x75e1e0 HeapReAlloc
0x75e1e4 VirtualQuery
USER32.dll
0x75e1ec CharUpperBuffW
KERNEL32.dll
0x75e1f4 LocalAlloc
0x75e1f8 LocalFree
0x75e1fc GetModuleFileNameW
0x75e200 ExitProcess
0x75e204 LoadLibraryA
0x75e208 GetModuleHandleA
0x75e20c GetProcAddress
EAT(Export Address Table) Library
KERNEL32.dll
0x75e000 LoadLibraryW
0x75e004 GetProcAddress
0x75e008 ReadFile
0x75e00c WriteFile
0x75e010 lstrlenA
0x75e014 WaitForSingleObject
0x75e018 LocalAlloc
0x75e01c CreateFileW
0x75e020 MultiByteToWideChar
0x75e024 DeleteFileW
0x75e028 CloseHandle
0x75e02c ExitProcess
0x75e030 CreateProcessW
0x75e034 CopyFileW
0x75e038 WideCharToMultiByte
0x75e03c Sleep
0x75e040 GlobalFree
SHELL32.dll
0x75e048 SHGetFolderPathW
KERNEL32.dll
0x75e050 GetSystemTimeAsFileTime
0x75e054 GetModuleHandleA
0x75e058 CreateEventA
0x75e05c GetModuleFileNameW
0x75e060 TerminateProcess
0x75e064 GetCurrentProcess
0x75e068 CreateToolhelp32Snapshot
0x75e06c Thread32First
0x75e070 GetCurrentProcessId
0x75e074 GetCurrentThreadId
0x75e078 OpenThread
0x75e07c Thread32Next
0x75e080 CloseHandle
0x75e084 SuspendThread
0x75e088 ResumeThread
0x75e08c WriteProcessMemory
0x75e090 GetSystemInfo
0x75e094 VirtualAlloc
0x75e098 VirtualProtect
0x75e09c VirtualFree
0x75e0a0 GetProcessAffinityMask
0x75e0a4 SetProcessAffinityMask
0x75e0a8 GetCurrentThread
0x75e0ac SetThreadAffinityMask
0x75e0b0 Sleep
0x75e0b4 LoadLibraryA
0x75e0b8 FreeLibrary
0x75e0bc GetTickCount
0x75e0c0 SystemTimeToFileTime
0x75e0c4 FileTimeToSystemTime
0x75e0c8 GlobalFree
0x75e0cc LocalAlloc
0x75e0d0 LocalFree
0x75e0d4 GetProcAddress
0x75e0d8 ExitProcess
0x75e0dc EnterCriticalSection
0x75e0e0 LeaveCriticalSection
0x75e0e4 InitializeCriticalSection
0x75e0e8 DeleteCriticalSection
0x75e0ec GetModuleHandleW
0x75e0f0 LoadResource
0x75e0f4 MultiByteToWideChar
0x75e0f8 FindResourceExW
0x75e0fc FindResourceExA
0x75e100 WideCharToMultiByte
0x75e104 GetThreadLocale
0x75e108 GetUserDefaultLCID
0x75e10c GetSystemDefaultLCID
0x75e110 EnumResourceNamesA
0x75e114 EnumResourceNamesW
0x75e118 EnumResourceLanguagesA
0x75e11c EnumResourceLanguagesW
0x75e120 EnumResourceTypesA
0x75e124 EnumResourceTypesW
0x75e128 CreateFileW
0x75e12c LoadLibraryW
0x75e130 GetLastError
0x75e134 FlushFileBuffers
0x75e138 WriteConsoleW
0x75e13c SetStdHandle
0x75e140 IsProcessorFeaturePresent
0x75e144 DecodePointer
0x75e148 GetCommandLineA
0x75e14c RaiseException
0x75e150 HeapFree
0x75e154 GetCPInfo
0x75e158 InterlockedIncrement
0x75e15c InterlockedDecrement
0x75e160 GetACP
0x75e164 GetOEMCP
0x75e168 IsValidCodePage
0x75e16c EncodePointer
0x75e170 TlsAlloc
0x75e174 TlsGetValue
0x75e178 TlsSetValue
0x75e17c TlsFree
0x75e180 SetLastError
0x75e184 UnhandledExceptionFilter
0x75e188 SetUnhandledExceptionFilter
0x75e18c IsDebuggerPresent
0x75e190 HeapAlloc
0x75e194 LCMapStringW
0x75e198 GetStringTypeW
0x75e19c SetHandleCount
0x75e1a0 GetStdHandle
0x75e1a4 InitializeCriticalSectionAndSpinCount
0x75e1a8 GetFileType
0x75e1ac GetStartupInfoW
0x75e1b0 GetModuleFileNameA
0x75e1b4 FreeEnvironmentStringsW
0x75e1b8 GetEnvironmentStringsW
0x75e1bc HeapCreate
0x75e1c0 HeapDestroy
0x75e1c4 QueryPerformanceCounter
0x75e1c8 HeapSize
0x75e1cc WriteFile
0x75e1d0 RtlUnwind
0x75e1d4 SetFilePointer
0x75e1d8 GetConsoleCP
0x75e1dc GetConsoleMode
0x75e1e0 HeapReAlloc
0x75e1e4 VirtualQuery
USER32.dll
0x75e1ec CharUpperBuffW
KERNEL32.dll
0x75e1f4 LocalAlloc
0x75e1f8 LocalFree
0x75e1fc GetModuleFileNameW
0x75e200 ExitProcess
0x75e204 LoadLibraryA
0x75e208 GetModuleHandleA
0x75e20c GetProcAddress
EAT(Export Address Table) Library