ScreenShot
| Created | 2023.05.12 09:21 | Machine | s1_win7_x6403 |
| Filename | 96692826357471468817.bin | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (AIDetectMalware, malicious, high confidence, Semper, unsafe, Kryptik, Vrv4, confidence, 100%, Eldorado, HRTC, score, Agen, Imnw, high, Static AI, Malicious PE, Sabsik, Detected, R526042, Artemis, ai score=84, BScope, TrojanPSW, Coins, Genetic, o8wrBs1QCtE, Krypt, ZexaF, @F0@aOe8nRgi) | ||
| md5 | fab02f4052aadb65ebe180e58da323b9 | ||
| sha256 | dd87e832d0e814f6a5f50c00cc7a8eb7a67ebbc7100973a4a7039b1a905446cb | ||
| ssdeep | 196608:FmExMeoCVrfaN9xVpWrysh+QlulEak022uWjO5:FmExd1lsYryG1v022l | ||
| imphash | 895e5e6e037e9108574fb94ed614d804 | ||
| impfuzzy | 48:IFONXYu14ASXJ+Zcp++vZZZwTSttKiyuQ3a:IFO11AXJ+Zcp+qjwSttLyuua | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x75b000 LoadLibraryW
0x75b004 GetProcAddress
0x75b008 ReadFile
0x75b00c WriteFile
0x75b010 lstrlenA
0x75b014 WaitForSingleObject
0x75b018 LocalAlloc
0x75b01c CreateFileW
0x75b020 MultiByteToWideChar
0x75b024 DeleteFileW
0x75b028 CloseHandle
0x75b02c ExitProcess
0x75b030 CreateProcessW
0x75b034 CopyFileW
0x75b038 WideCharToMultiByte
0x75b03c Sleep
0x75b040 GlobalFree
SHELL32.dll
0x75b048 SHGetFolderPathW
KERNEL32.dll
0x75b050 GetSystemTimeAsFileTime
0x75b054 GetModuleHandleA
0x75b058 CreateEventA
0x75b05c GetModuleFileNameW
0x75b060 TerminateProcess
0x75b064 GetCurrentProcess
0x75b068 CreateToolhelp32Snapshot
0x75b06c Thread32First
0x75b070 GetCurrentProcessId
0x75b074 GetCurrentThreadId
0x75b078 OpenThread
0x75b07c Thread32Next
0x75b080 CloseHandle
0x75b084 SuspendThread
0x75b088 ResumeThread
0x75b08c WriteProcessMemory
0x75b090 GetSystemInfo
0x75b094 VirtualAlloc
0x75b098 VirtualProtect
0x75b09c VirtualFree
0x75b0a0 GetProcessAffinityMask
0x75b0a4 SetProcessAffinityMask
0x75b0a8 GetCurrentThread
0x75b0ac SetThreadAffinityMask
0x75b0b0 Sleep
0x75b0b4 LoadLibraryA
0x75b0b8 FreeLibrary
0x75b0bc GetTickCount
0x75b0c0 SystemTimeToFileTime
0x75b0c4 FileTimeToSystemTime
0x75b0c8 GlobalFree
0x75b0cc LocalAlloc
0x75b0d0 LocalFree
0x75b0d4 GetProcAddress
0x75b0d8 ExitProcess
0x75b0dc EnterCriticalSection
0x75b0e0 LeaveCriticalSection
0x75b0e4 InitializeCriticalSection
0x75b0e8 DeleteCriticalSection
0x75b0ec GetModuleHandleW
0x75b0f0 LoadResource
0x75b0f4 MultiByteToWideChar
0x75b0f8 FindResourceExW
0x75b0fc FindResourceExA
0x75b100 WideCharToMultiByte
0x75b104 GetThreadLocale
0x75b108 GetUserDefaultLCID
0x75b10c GetSystemDefaultLCID
0x75b110 EnumResourceNamesA
0x75b114 EnumResourceNamesW
0x75b118 EnumResourceLanguagesA
0x75b11c EnumResourceLanguagesW
0x75b120 EnumResourceTypesA
0x75b124 EnumResourceTypesW
0x75b128 CreateFileW
0x75b12c LoadLibraryW
0x75b130 GetLastError
0x75b134 FlushFileBuffers
0x75b138 WriteConsoleW
0x75b13c SetStdHandle
0x75b140 IsProcessorFeaturePresent
0x75b144 DecodePointer
0x75b148 GetCommandLineA
0x75b14c RaiseException
0x75b150 HeapFree
0x75b154 GetCPInfo
0x75b158 InterlockedIncrement
0x75b15c InterlockedDecrement
0x75b160 GetACP
0x75b164 GetOEMCP
0x75b168 IsValidCodePage
0x75b16c EncodePointer
0x75b170 TlsAlloc
0x75b174 TlsGetValue
0x75b178 TlsSetValue
0x75b17c TlsFree
0x75b180 SetLastError
0x75b184 UnhandledExceptionFilter
0x75b188 SetUnhandledExceptionFilter
0x75b18c IsDebuggerPresent
0x75b190 HeapAlloc
0x75b194 LCMapStringW
0x75b198 GetStringTypeW
0x75b19c SetHandleCount
0x75b1a0 GetStdHandle
0x75b1a4 InitializeCriticalSectionAndSpinCount
0x75b1a8 GetFileType
0x75b1ac GetStartupInfoW
0x75b1b0 GetModuleFileNameA
0x75b1b4 FreeEnvironmentStringsW
0x75b1b8 GetEnvironmentStringsW
0x75b1bc HeapCreate
0x75b1c0 HeapDestroy
0x75b1c4 QueryPerformanceCounter
0x75b1c8 HeapSize
0x75b1cc WriteFile
0x75b1d0 RtlUnwind
0x75b1d4 SetFilePointer
0x75b1d8 GetConsoleCP
0x75b1dc GetConsoleMode
0x75b1e0 HeapReAlloc
0x75b1e4 VirtualQuery
USER32.dll
0x75b1ec CharUpperBuffW
KERNEL32.dll
0x75b1f4 LocalAlloc
0x75b1f8 LocalFree
0x75b1fc GetModuleFileNameW
0x75b200 ExitProcess
0x75b204 LoadLibraryA
0x75b208 GetModuleHandleA
0x75b20c GetProcAddress
EAT(Export Address Table) Library
KERNEL32.dll
0x75b000 LoadLibraryW
0x75b004 GetProcAddress
0x75b008 ReadFile
0x75b00c WriteFile
0x75b010 lstrlenA
0x75b014 WaitForSingleObject
0x75b018 LocalAlloc
0x75b01c CreateFileW
0x75b020 MultiByteToWideChar
0x75b024 DeleteFileW
0x75b028 CloseHandle
0x75b02c ExitProcess
0x75b030 CreateProcessW
0x75b034 CopyFileW
0x75b038 WideCharToMultiByte
0x75b03c Sleep
0x75b040 GlobalFree
SHELL32.dll
0x75b048 SHGetFolderPathW
KERNEL32.dll
0x75b050 GetSystemTimeAsFileTime
0x75b054 GetModuleHandleA
0x75b058 CreateEventA
0x75b05c GetModuleFileNameW
0x75b060 TerminateProcess
0x75b064 GetCurrentProcess
0x75b068 CreateToolhelp32Snapshot
0x75b06c Thread32First
0x75b070 GetCurrentProcessId
0x75b074 GetCurrentThreadId
0x75b078 OpenThread
0x75b07c Thread32Next
0x75b080 CloseHandle
0x75b084 SuspendThread
0x75b088 ResumeThread
0x75b08c WriteProcessMemory
0x75b090 GetSystemInfo
0x75b094 VirtualAlloc
0x75b098 VirtualProtect
0x75b09c VirtualFree
0x75b0a0 GetProcessAffinityMask
0x75b0a4 SetProcessAffinityMask
0x75b0a8 GetCurrentThread
0x75b0ac SetThreadAffinityMask
0x75b0b0 Sleep
0x75b0b4 LoadLibraryA
0x75b0b8 FreeLibrary
0x75b0bc GetTickCount
0x75b0c0 SystemTimeToFileTime
0x75b0c4 FileTimeToSystemTime
0x75b0c8 GlobalFree
0x75b0cc LocalAlloc
0x75b0d0 LocalFree
0x75b0d4 GetProcAddress
0x75b0d8 ExitProcess
0x75b0dc EnterCriticalSection
0x75b0e0 LeaveCriticalSection
0x75b0e4 InitializeCriticalSection
0x75b0e8 DeleteCriticalSection
0x75b0ec GetModuleHandleW
0x75b0f0 LoadResource
0x75b0f4 MultiByteToWideChar
0x75b0f8 FindResourceExW
0x75b0fc FindResourceExA
0x75b100 WideCharToMultiByte
0x75b104 GetThreadLocale
0x75b108 GetUserDefaultLCID
0x75b10c GetSystemDefaultLCID
0x75b110 EnumResourceNamesA
0x75b114 EnumResourceNamesW
0x75b118 EnumResourceLanguagesA
0x75b11c EnumResourceLanguagesW
0x75b120 EnumResourceTypesA
0x75b124 EnumResourceTypesW
0x75b128 CreateFileW
0x75b12c LoadLibraryW
0x75b130 GetLastError
0x75b134 FlushFileBuffers
0x75b138 WriteConsoleW
0x75b13c SetStdHandle
0x75b140 IsProcessorFeaturePresent
0x75b144 DecodePointer
0x75b148 GetCommandLineA
0x75b14c RaiseException
0x75b150 HeapFree
0x75b154 GetCPInfo
0x75b158 InterlockedIncrement
0x75b15c InterlockedDecrement
0x75b160 GetACP
0x75b164 GetOEMCP
0x75b168 IsValidCodePage
0x75b16c EncodePointer
0x75b170 TlsAlloc
0x75b174 TlsGetValue
0x75b178 TlsSetValue
0x75b17c TlsFree
0x75b180 SetLastError
0x75b184 UnhandledExceptionFilter
0x75b188 SetUnhandledExceptionFilter
0x75b18c IsDebuggerPresent
0x75b190 HeapAlloc
0x75b194 LCMapStringW
0x75b198 GetStringTypeW
0x75b19c SetHandleCount
0x75b1a0 GetStdHandle
0x75b1a4 InitializeCriticalSectionAndSpinCount
0x75b1a8 GetFileType
0x75b1ac GetStartupInfoW
0x75b1b0 GetModuleFileNameA
0x75b1b4 FreeEnvironmentStringsW
0x75b1b8 GetEnvironmentStringsW
0x75b1bc HeapCreate
0x75b1c0 HeapDestroy
0x75b1c4 QueryPerformanceCounter
0x75b1c8 HeapSize
0x75b1cc WriteFile
0x75b1d0 RtlUnwind
0x75b1d4 SetFilePointer
0x75b1d8 GetConsoleCP
0x75b1dc GetConsoleMode
0x75b1e0 HeapReAlloc
0x75b1e4 VirtualQuery
USER32.dll
0x75b1ec CharUpperBuffW
KERNEL32.dll
0x75b1f4 LocalAlloc
0x75b1f8 LocalFree
0x75b1fc GetModuleFileNameW
0x75b200 ExitProcess
0x75b204 LoadLibraryA
0x75b208 GetModuleHandleA
0x75b20c GetProcAddress
EAT(Export Address Table) Library