ScreenShot
| Created | 2023.04.25 18:55 | Machine | s1_win7_x6403 |
| Filename | dan.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 57 detected (AIDetect, malware2, malicious, high confidence, Tedy, Ulise, Save, confidence, 100%, Zegost, ZexaF, hq0@aafp8Mci, Farfli, Eldorado, Attribute, HighConfidence, score, Gencirc, DownLoader32, R002C0DDH23, GenericRXKQ, AutoG, Redosdru, aevhg, AGeneric, Detected, ai score=86, BScope, unsafe, Genetic, CLASSIC, GenAsa, zN47n0WgSfw, Static AI, Suspicious PE) | ||
| md5 | 2a531fb5a055bec266f11c721ee3deca | ||
| sha256 | d8b52233d360be77ce7dc53efa56b50c039c6e8d3e579b239cec8131c6a1c4a0 | ||
| ssdeep | 1536:8BlhXZ0gaYZl5yXmhVzjn7qcc3lIOwnToIftSxb3pY+LmTHh20:mXTLhVfnvc3vETBftSxb3pY+LmTHh2 | ||
| imphash | a9a1a9708843c8adf71cdab349fb6131 | ||
| impfuzzy | 48:E87FgOBduWsQP6dsclpPKQjxXp8953sjRECvlQ7kl0cEhx02GOtqqksJeRko:E87Fg2duWsQP2sclpC+X73uXRGOtqq1U | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40e034 CloseHandle
0x40e038 WriteFile
0x40e03c SetFilePointer
0x40e040 CreateFileA
0x40e044 GetFileSize
0x40e048 ReadFile
0x40e04c GetFileAttributesA
0x40e050 GetProcAddress
0x40e054 LoadLibraryA
0x40e058 FreeLibrary
0x40e05c GetVersionExA
0x40e060 ExitProcess
0x40e064 GetModuleFileNameA
0x40e068 CreateProcessA
0x40e06c lstrlenA
0x40e070 GetLastError
0x40e074 GetCurrentProcess
0x40e078 Process32Next
0x40e07c TerminateProcess
0x40e080 OpenProcess
0x40e084 Process32First
0x40e088 CreateToolhelp32Snapshot
0x40e08c Sleep
0x40e090 TerminateThread
0x40e094 CreateThread
0x40e098 lstrcatA
0x40e09c GetTickCount
0x40e0a0 DeleteFileA
0x40e0a4 HeapAlloc
0x40e0a8 GetProcessHeap
0x40e0ac GetDiskFreeSpaceExA
0x40e0b0 GetDriveTypeA
0x40e0b4 GetCurrentThreadId
0x40e0b8 GetModuleHandleA
0x40e0bc GlobalMemoryStatusEx
0x40e0c0 GetSystemInfo
0x40e0c4 OutputDebugStringA
0x40e0c8 SetErrorMode
0x40e0cc SetUnhandledExceptionFilter
0x40e0d0 SetPriorityClass
0x40e0d4 GetCurrentProcessId
0x40e0d8 GetStartupInfoA
0x40e0dc CancelIo
0x40e0e0 InterlockedExchange
0x40e0e4 SetEvent
0x40e0e8 ResetEvent
0x40e0ec WaitForSingleObject
0x40e0f0 CreateEventA
0x40e0f4 VirtualAlloc
0x40e0f8 EnterCriticalSection
0x40e0fc LeaveCriticalSection
0x40e100 VirtualFree
0x40e104 DeleteCriticalSection
0x40e108 InitializeCriticalSection
0x40e10c lstrcpyA
USER32.dll
0x40e19c wsprintfA
0x40e1a0 CloseDesktop
0x40e1a4 SetThreadDesktop
0x40e1a8 GetUserObjectInformationA
0x40e1ac GetThreadDesktop
0x40e1b0 OpenInputDesktop
0x40e1b4 OpenDesktopA
0x40e1b8 GetClassNameA
0x40e1bc GetWindow
0x40e1c0 GetWindowTextA
0x40e1c4 FindWindowA
0x40e1c8 SetProcessWindowStation
0x40e1cc OpenWindowStationA
ADVAPI32.dll
0x40e000 ClearEventLogA
0x40e004 OpenEventLogA
0x40e008 AdjustTokenPrivileges
0x40e00c LookupPrivilegeValueA
0x40e010 OpenProcessToken
0x40e014 GetUserNameA
0x40e018 RegCloseKey
0x40e01c RegQueryValueExA
0x40e020 RegOpenKeyExA
0x40e024 RegOpenKeyA
0x40e028 RegSetValueExA
0x40e02c CloseEventLog
SHELL32.dll
0x40e18c ShellExecuteExA
0x40e190 ShellExecuteA
0x40e194 SHGetSpecialFolderPathA
ole32.dll
0x40e228 CoCreateInstance
0x40e22c CoUninitialize
0x40e230 CoInitialize
OLEAUT32.dll
0x40e184 SysFreeString
MFC42.DLL
0x40e114 None
0x40e118 None
MSVCRT.dll
0x40e120 _controlfp
0x40e124 __set_app_type
0x40e128 __p__fmode
0x40e12c __p__commode
0x40e130 _adjust_fdiv
0x40e134 __setusermatherr
0x40e138 _initterm
0x40e13c __getmainargs
0x40e140 _acmdln
0x40e144 exit
0x40e148 _exit
0x40e14c _strcmpi
0x40e150 free
0x40e154 realloc
0x40e158 _beginthreadex
0x40e15c sprintf
0x40e160 atol
0x40e164 _except_handler3
0x40e168 malloc
0x40e16c __CxxFrameHandler
0x40e170 _ftol
0x40e174 _XcptFilter
0x40e178 atoi
0x40e17c memmove
WS2_32.dll
0x40e1e4 recv
0x40e1e8 WSAIoctl
0x40e1ec setsockopt
0x40e1f0 connect
0x40e1f4 htons
0x40e1f8 select
0x40e1fc socket
0x40e200 closesocket
0x40e204 send
0x40e208 WSACleanup
0x40e20c gethostname
0x40e210 getsockname
0x40e214 WSAStartup
0x40e218 gethostbyname
iphlpapi.dll
0x40e220 GetIfTable
WININET.dll
0x40e1d4 InternetOpenA
0x40e1d8 InternetOpenUrlA
0x40e1dc InternetCloseHandle
EAT(Export Address Table) is none
KERNEL32.dll
0x40e034 CloseHandle
0x40e038 WriteFile
0x40e03c SetFilePointer
0x40e040 CreateFileA
0x40e044 GetFileSize
0x40e048 ReadFile
0x40e04c GetFileAttributesA
0x40e050 GetProcAddress
0x40e054 LoadLibraryA
0x40e058 FreeLibrary
0x40e05c GetVersionExA
0x40e060 ExitProcess
0x40e064 GetModuleFileNameA
0x40e068 CreateProcessA
0x40e06c lstrlenA
0x40e070 GetLastError
0x40e074 GetCurrentProcess
0x40e078 Process32Next
0x40e07c TerminateProcess
0x40e080 OpenProcess
0x40e084 Process32First
0x40e088 CreateToolhelp32Snapshot
0x40e08c Sleep
0x40e090 TerminateThread
0x40e094 CreateThread
0x40e098 lstrcatA
0x40e09c GetTickCount
0x40e0a0 DeleteFileA
0x40e0a4 HeapAlloc
0x40e0a8 GetProcessHeap
0x40e0ac GetDiskFreeSpaceExA
0x40e0b0 GetDriveTypeA
0x40e0b4 GetCurrentThreadId
0x40e0b8 GetModuleHandleA
0x40e0bc GlobalMemoryStatusEx
0x40e0c0 GetSystemInfo
0x40e0c4 OutputDebugStringA
0x40e0c8 SetErrorMode
0x40e0cc SetUnhandledExceptionFilter
0x40e0d0 SetPriorityClass
0x40e0d4 GetCurrentProcessId
0x40e0d8 GetStartupInfoA
0x40e0dc CancelIo
0x40e0e0 InterlockedExchange
0x40e0e4 SetEvent
0x40e0e8 ResetEvent
0x40e0ec WaitForSingleObject
0x40e0f0 CreateEventA
0x40e0f4 VirtualAlloc
0x40e0f8 EnterCriticalSection
0x40e0fc LeaveCriticalSection
0x40e100 VirtualFree
0x40e104 DeleteCriticalSection
0x40e108 InitializeCriticalSection
0x40e10c lstrcpyA
USER32.dll
0x40e19c wsprintfA
0x40e1a0 CloseDesktop
0x40e1a4 SetThreadDesktop
0x40e1a8 GetUserObjectInformationA
0x40e1ac GetThreadDesktop
0x40e1b0 OpenInputDesktop
0x40e1b4 OpenDesktopA
0x40e1b8 GetClassNameA
0x40e1bc GetWindow
0x40e1c0 GetWindowTextA
0x40e1c4 FindWindowA
0x40e1c8 SetProcessWindowStation
0x40e1cc OpenWindowStationA
ADVAPI32.dll
0x40e000 ClearEventLogA
0x40e004 OpenEventLogA
0x40e008 AdjustTokenPrivileges
0x40e00c LookupPrivilegeValueA
0x40e010 OpenProcessToken
0x40e014 GetUserNameA
0x40e018 RegCloseKey
0x40e01c RegQueryValueExA
0x40e020 RegOpenKeyExA
0x40e024 RegOpenKeyA
0x40e028 RegSetValueExA
0x40e02c CloseEventLog
SHELL32.dll
0x40e18c ShellExecuteExA
0x40e190 ShellExecuteA
0x40e194 SHGetSpecialFolderPathA
ole32.dll
0x40e228 CoCreateInstance
0x40e22c CoUninitialize
0x40e230 CoInitialize
OLEAUT32.dll
0x40e184 SysFreeString
MFC42.DLL
0x40e114 None
0x40e118 None
MSVCRT.dll
0x40e120 _controlfp
0x40e124 __set_app_type
0x40e128 __p__fmode
0x40e12c __p__commode
0x40e130 _adjust_fdiv
0x40e134 __setusermatherr
0x40e138 _initterm
0x40e13c __getmainargs
0x40e140 _acmdln
0x40e144 exit
0x40e148 _exit
0x40e14c _strcmpi
0x40e150 free
0x40e154 realloc
0x40e158 _beginthreadex
0x40e15c sprintf
0x40e160 atol
0x40e164 _except_handler3
0x40e168 malloc
0x40e16c __CxxFrameHandler
0x40e170 _ftol
0x40e174 _XcptFilter
0x40e178 atoi
0x40e17c memmove
WS2_32.dll
0x40e1e4 recv
0x40e1e8 WSAIoctl
0x40e1ec setsockopt
0x40e1f0 connect
0x40e1f4 htons
0x40e1f8 select
0x40e1fc socket
0x40e200 closesocket
0x40e204 send
0x40e208 WSACleanup
0x40e20c gethostname
0x40e210 getsockname
0x40e214 WSAStartup
0x40e218 gethostbyname
iphlpapi.dll
0x40e220 GetIfTable
WININET.dll
0x40e1d4 InternetOpenA
0x40e1d8 InternetOpenUrlA
0x40e1dc InternetCloseHandle
EAT(Export Address Table) is none