ScreenShot
| Created | 2023.06.14 09:44 | Machine | s1_win7_x6401 |
| Filename | printui.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | fcab17a170881b4ecedfc91ab91cd1f4 | ||
| sha256 | e7d57cbe651e668904a6b154b97642d64f5b09546d1f20350c7ca5946f985f5f | ||
| ssdeep | 768:5eiAnXaz5vI1iQfCIWVM9G4qW4ne+S/ly+PKAoXRZX6fbX57UWkCRPPA7/Qns:PcXEVIPd4n+lbeRZIbSQPPA7Z | ||
| imphash | de8c59512ca98fb3e224769147985370 | ||
| impfuzzy | 24:F1/m1wIuKmkjXDp4JpOUbgfdN0WES//KA+VZ/4CMWTGgq51As:z/FKx4iAglN0WX//KAy/4CjTG9L | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140002150 RegQueryValueExW
0x140002158 RegDeleteValueW
0x140002160 RegOpenKeyExW
0x140002168 RegSetValueExW
0x140002170 RegCreateKeyExW
0x140002178 RegDeleteKeyExW
0x140002180 RegCloseKey
KERNEL32.dll
0x1400021a0 HeapSetInformation
0x1400021a8 GetProcAddress
0x1400021b0 FreeLibrary
0x1400021b8 GetCurrentProcessId
0x1400021c0 GetLastError
0x1400021c8 GetCommandLineW
0x1400021d0 LoadLibraryW
0x1400021d8 QueryPerformanceCounter
0x1400021e0 GetModuleHandleW
0x1400021e8 SetUnhandledExceptionFilter
0x1400021f0 GetStartupInfoW
0x1400021f8 Sleep
0x140002200 GetSystemTimeAsFileTime
0x140002208 GetTickCount
0x140002210 UnhandledExceptionFilter
0x140002218 GetCurrentProcess
0x140002220 TerminateProcess
0x140002228 GetCurrentThreadId
GDI32.dll
0x140002190 GetStockObject
USER32.dll
0x140002238 RegisterClassW
0x140002240 CreateWindowExW
0x140002248 DestroyWindow
0x140002250 DefWindowProcW
0x140002258 LoadCursorW
msvcrt.dll
0x140002268 _fmode
0x140002270 _commode
0x140002278 ?terminate@@YAXXZ
0x140002280 __C_specific_handler
0x140002288 __wgetmainargs
0x140002290 _amsg_exit
0x140002298 _XcptFilter
0x1400022a0 iswspace
0x1400022a8 _wcmdln
0x1400022b0 _initterm
0x1400022b8 __setusermatherr
0x1400022c0 _cexit
0x1400022c8 _exit
0x1400022d0 exit
0x1400022d8 __set_app_type
0x1400022e0 memset
ntdll.dll
0x1400022f0 RtlCaptureContext
0x1400022f8 RtlLookupFunctionEntry
0x140002300 RtlVirtualUnwind
EAT(Export Address Table) is none
ADVAPI32.dll
0x140002150 RegQueryValueExW
0x140002158 RegDeleteValueW
0x140002160 RegOpenKeyExW
0x140002168 RegSetValueExW
0x140002170 RegCreateKeyExW
0x140002178 RegDeleteKeyExW
0x140002180 RegCloseKey
KERNEL32.dll
0x1400021a0 HeapSetInformation
0x1400021a8 GetProcAddress
0x1400021b0 FreeLibrary
0x1400021b8 GetCurrentProcessId
0x1400021c0 GetLastError
0x1400021c8 GetCommandLineW
0x1400021d0 LoadLibraryW
0x1400021d8 QueryPerformanceCounter
0x1400021e0 GetModuleHandleW
0x1400021e8 SetUnhandledExceptionFilter
0x1400021f0 GetStartupInfoW
0x1400021f8 Sleep
0x140002200 GetSystemTimeAsFileTime
0x140002208 GetTickCount
0x140002210 UnhandledExceptionFilter
0x140002218 GetCurrentProcess
0x140002220 TerminateProcess
0x140002228 GetCurrentThreadId
GDI32.dll
0x140002190 GetStockObject
USER32.dll
0x140002238 RegisterClassW
0x140002240 CreateWindowExW
0x140002248 DestroyWindow
0x140002250 DefWindowProcW
0x140002258 LoadCursorW
msvcrt.dll
0x140002268 _fmode
0x140002270 _commode
0x140002278 ?terminate@@YAXXZ
0x140002280 __C_specific_handler
0x140002288 __wgetmainargs
0x140002290 _amsg_exit
0x140002298 _XcptFilter
0x1400022a0 iswspace
0x1400022a8 _wcmdln
0x1400022b0 _initterm
0x1400022b8 __setusermatherr
0x1400022c0 _cexit
0x1400022c8 _exit
0x1400022d0 exit
0x1400022d8 __set_app_type
0x1400022e0 memset
ntdll.dll
0x1400022f0 RtlCaptureContext
0x1400022f8 RtlLookupFunctionEntry
0x140002300 RtlVirtualUnwind
EAT(Export Address Table) is none