ScreenShot
| Created | 2023.06.14 09:39 | Machine | s1_win7_x6403 |
| Filename | shrpubw.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 9910d5c62428ec5f92b04abf9428eec9 | ||
| sha256 | 6b84e6e55d8572d7edf0b6243d00abb651fcb0cddddac8461de5f9bb80035a2e | ||
| ssdeep | 1536:YGanoDUow1Wt446VQFRlrDk7BOrkfRIUUgzwpRc:5nDKWt446VQF/r5k+jAww | ||
| imphash | 521c24cdd31ac7eeae6ae8e5130a93f2 | ||
| impfuzzy | 96:Dk78mrOAwnieMSQ7hU1AJs9azdX/t6YEIGLtW2kq:D8OQx1U1A69idXQYWLtWS | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14000a0b8 RegQueryValueExW
0x14000a0c0 RegCloseKey
0x14000a0c8 FreeSid
0x14000a0d0 GetLengthSid
0x14000a0d8 AddAccessAllowedAce
0x14000a0e0 InitializeAcl
0x14000a0e8 InitializeSecurityDescriptor
0x14000a0f0 RegOpenKeyExW
0x14000a0f8 MakeSelfRelativeSD
0x14000a100 AllocateAndInitializeSid
0x14000a108 LookupAccountNameW
0x14000a110 MapGenericMask
0x14000a118 GetSecurityDescriptorLength
0x14000a120 GetSecurityDescriptorControl
0x14000a128 RegOpenKeyExA
0x14000a130 SetSecurityDescriptorDacl
0x14000a138 RegConnectRegistryW
0x14000a140 RegQueryValueExA
KERNEL32.dll
0x14000a190 LocalAlloc
0x14000a198 GlobalAlloc
0x14000a1a0 CreateDirectoryW
0x14000a1a8 GetComputerNameExW
0x14000a1b0 lstrcmpiW
0x14000a1b8 LocalFree
0x14000a1c0 GetFileAttributesW
0x14000a1c8 GetDriveTypeW
0x14000a1d0 GetLogicalDriveStringsW
0x14000a1d8 FormatMessageW
0x14000a1e0 GetProcAddress
0x14000a1e8 ExpandEnvironmentStringsA
0x14000a1f0 LoadLibraryExA
0x14000a1f8 TerminateProcess
0x14000a200 GetCurrentProcess
0x14000a208 UnhandledExceptionFilter
0x14000a210 RtlVirtualUnwind
0x14000a218 RtlLookupFunctionEntry
0x14000a220 RtlCaptureContext
0x14000a228 GetTickCount
0x14000a230 GetSystemTimeAsFileTime
0x14000a238 GetCurrentThreadId
0x14000a240 HeapSetInformation
0x14000a248 RegisterApplicationRestart
0x14000a250 GetComputerNameW
0x14000a258 GetLastError
0x14000a260 Sleep
0x14000a268 GetStartupInfoW
0x14000a270 SetUnhandledExceptionFilter
0x14000a278 GetModuleHandleW
0x14000a280 QueryPerformanceCounter
0x14000a288 GetCurrentProcessId
0x14000a290 FreeLibrary
0x14000a298 LoadLibraryW
GDI32.dll
0x14000a170 CreateFontIndirectW
0x14000a178 GetDeviceCaps
0x14000a180 DeleteObject
USER32.dll
0x14000a708 SystemParametersInfoW
0x14000a710 MessageBoxW
0x14000a718 RegisterClipboardFormatW
0x14000a720 EnableWindow
0x14000a728 SendMessageW
0x14000a730 GetParent
0x14000a738 GetActiveWindow
0x14000a740 ReleaseDC
0x14000a748 PostMessageW
0x14000a750 LoadImageW
0x14000a758 GetDC
MFC42u.dll
0x14000a2a8 None
0x14000a2b0 None
0x14000a2b8 None
0x14000a2c0 None
0x14000a2c8 None
0x14000a2d0 None
0x14000a2d8 None
0x14000a2e0 None
0x14000a2e8 None
0x14000a2f0 None
0x14000a2f8 None
0x14000a300 None
0x14000a308 None
0x14000a310 None
0x14000a318 None
0x14000a320 None
0x14000a328 None
0x14000a330 None
0x14000a338 None
0x14000a340 None
0x14000a348 None
0x14000a350 None
0x14000a358 None
0x14000a360 None
0x14000a368 None
0x14000a370 None
0x14000a378 None
0x14000a380 None
0x14000a388 None
0x14000a390 None
0x14000a398 None
0x14000a3a0 None
0x14000a3a8 None
0x14000a3b0 None
0x14000a3b8 None
0x14000a3c0 None
0x14000a3c8 None
0x14000a3d0 None
0x14000a3d8 None
0x14000a3e0 None
0x14000a3e8 None
0x14000a3f0 None
0x14000a3f8 None
0x14000a400 None
0x14000a408 None
0x14000a410 None
0x14000a418 None
0x14000a420 None
0x14000a428 None
0x14000a430 None
0x14000a438 None
0x14000a440 None
0x14000a448 None
0x14000a450 None
0x14000a458 None
0x14000a460 None
0x14000a468 None
0x14000a470 None
0x14000a478 None
0x14000a480 None
0x14000a488 None
0x14000a490 None
0x14000a498 None
0x14000a4a0 None
0x14000a4a8 None
0x14000a4b0 None
0x14000a4b8 None
0x14000a4c0 None
0x14000a4c8 None
0x14000a4d0 None
0x14000a4d8 None
0x14000a4e0 None
0x14000a4e8 None
0x14000a4f0 None
0x14000a4f8 None
0x14000a500 None
0x14000a508 None
0x14000a510 None
0x14000a518 None
0x14000a520 None
0x14000a528 None
0x14000a530 None
0x14000a538 None
0x14000a540 None
0x14000a548 None
0x14000a550 None
0x14000a558 None
0x14000a560 None
0x14000a568 None
0x14000a570 None
0x14000a578 None
0x14000a580 None
0x14000a588 None
0x14000a590 None
0x14000a598 None
0x14000a5a0 None
0x14000a5a8 None
0x14000a5b0 None
0x14000a5b8 None
0x14000a5c0 None
0x14000a5c8 None
0x14000a5d0 None
0x14000a5d8 None
0x14000a5e0 None
0x14000a5e8 None
0x14000a5f0 None
0x14000a5f8 None
0x14000a600 None
0x14000a608 None
0x14000a610 None
0x14000a618 None
0x14000a620 None
0x14000a628 None
0x14000a630 None
0x14000a638 None
0x14000a640 None
0x14000a648 None
0x14000a650 None
0x14000a658 None
0x14000a660 None
0x14000a668 None
0x14000a670 None
0x14000a678 None
0x14000a680 None
0x14000a688 None
0x14000a690 None
msvcrt.dll
0x14000a7a8 _wcsnicmp
0x14000a7b0 ??1type_info@@UEAA@XZ
0x14000a7b8 memset
0x14000a7c0 __set_app_type
0x14000a7c8 __wgetmainargs
0x14000a7d0 exit
0x14000a7d8 _amsg_exit
0x14000a7e0 __dllonexit
0x14000a7e8 _unlock
0x14000a7f0 _lock
0x14000a7f8 ?terminate@@YAXXZ
0x14000a800 _commode
0x14000a808 _fmode
0x14000a810 _wcmdln
0x14000a818 __C_specific_handler
0x14000a820 _initterm
0x14000a828 __setusermatherr
0x14000a830 _cexit
0x14000a838 _XcptFilter
0x14000a840 memmove
0x14000a848 _onexit
0x14000a850 memcpy
0x14000a858 wcschr
0x14000a860 wcsrchr
0x14000a868 iswspace
0x14000a870 free
0x14000a878 wcsncmp
0x14000a880 calloc
0x14000a888 __CxxFrameHandler3
0x14000a890 _exit
0x14000a898 towupper
0x14000a8a0 wcscmp
COMCTL32.dll
0x14000a150 DestroyPropertySheetPage
0x14000a158 PropertySheetW
0x14000a160 None
netutils.dll
0x14000a8b0 NetpwPathType
0x14000a8b8 NetpIsRemote
0x14000a8c0 NetpwNameValidate
0x14000a8c8 NetApiBufferFree
srvcli.dll
0x14000a8d8 NetServerDiskEnum
0x14000a8e0 NetpsNameValidate
0x14000a8e8 NetShareAdd
0x14000a8f0 NetShareSetInfo
0x14000a8f8 NetShareEnum
0x14000a900 NetShareGetInfo
0x14000a908 NetServerGetInfo
ACLUI.dll
0x14000a0a8 None
WS2_32.dll
0x14000a768 WSAStringToAddressW
0x14000a770 WSACleanup
0x14000a778 WSAStartup
SHELL32.dll
0x14000a6a0 SHGetPathFromIDListW
0x14000a6a8 SHGetMalloc
0x14000a6b0 None
0x14000a6b8 None
0x14000a6c0 None
0x14000a6c8 None
0x14000a6d0 None
0x14000a6d8 None
0x14000a6e0 SHChangeNotify
0x14000a6e8 SHBrowseForFolderW
0x14000a6f0 SHGetSpecialFolderLocation
0x14000a6f8 SHGetDesktopFolder
api-ms-win-core-com-l1-1-0.dll
0x14000a788 CoInitializeEx
0x14000a790 CoUninitialize
0x14000a798 CoCreateInstance
EAT(Export Address Table) is none
ADVAPI32.dll
0x14000a0b8 RegQueryValueExW
0x14000a0c0 RegCloseKey
0x14000a0c8 FreeSid
0x14000a0d0 GetLengthSid
0x14000a0d8 AddAccessAllowedAce
0x14000a0e0 InitializeAcl
0x14000a0e8 InitializeSecurityDescriptor
0x14000a0f0 RegOpenKeyExW
0x14000a0f8 MakeSelfRelativeSD
0x14000a100 AllocateAndInitializeSid
0x14000a108 LookupAccountNameW
0x14000a110 MapGenericMask
0x14000a118 GetSecurityDescriptorLength
0x14000a120 GetSecurityDescriptorControl
0x14000a128 RegOpenKeyExA
0x14000a130 SetSecurityDescriptorDacl
0x14000a138 RegConnectRegistryW
0x14000a140 RegQueryValueExA
KERNEL32.dll
0x14000a190 LocalAlloc
0x14000a198 GlobalAlloc
0x14000a1a0 CreateDirectoryW
0x14000a1a8 GetComputerNameExW
0x14000a1b0 lstrcmpiW
0x14000a1b8 LocalFree
0x14000a1c0 GetFileAttributesW
0x14000a1c8 GetDriveTypeW
0x14000a1d0 GetLogicalDriveStringsW
0x14000a1d8 FormatMessageW
0x14000a1e0 GetProcAddress
0x14000a1e8 ExpandEnvironmentStringsA
0x14000a1f0 LoadLibraryExA
0x14000a1f8 TerminateProcess
0x14000a200 GetCurrentProcess
0x14000a208 UnhandledExceptionFilter
0x14000a210 RtlVirtualUnwind
0x14000a218 RtlLookupFunctionEntry
0x14000a220 RtlCaptureContext
0x14000a228 GetTickCount
0x14000a230 GetSystemTimeAsFileTime
0x14000a238 GetCurrentThreadId
0x14000a240 HeapSetInformation
0x14000a248 RegisterApplicationRestart
0x14000a250 GetComputerNameW
0x14000a258 GetLastError
0x14000a260 Sleep
0x14000a268 GetStartupInfoW
0x14000a270 SetUnhandledExceptionFilter
0x14000a278 GetModuleHandleW
0x14000a280 QueryPerformanceCounter
0x14000a288 GetCurrentProcessId
0x14000a290 FreeLibrary
0x14000a298 LoadLibraryW
GDI32.dll
0x14000a170 CreateFontIndirectW
0x14000a178 GetDeviceCaps
0x14000a180 DeleteObject
USER32.dll
0x14000a708 SystemParametersInfoW
0x14000a710 MessageBoxW
0x14000a718 RegisterClipboardFormatW
0x14000a720 EnableWindow
0x14000a728 SendMessageW
0x14000a730 GetParent
0x14000a738 GetActiveWindow
0x14000a740 ReleaseDC
0x14000a748 PostMessageW
0x14000a750 LoadImageW
0x14000a758 GetDC
MFC42u.dll
0x14000a2a8 None
0x14000a2b0 None
0x14000a2b8 None
0x14000a2c0 None
0x14000a2c8 None
0x14000a2d0 None
0x14000a2d8 None
0x14000a2e0 None
0x14000a2e8 None
0x14000a2f0 None
0x14000a2f8 None
0x14000a300 None
0x14000a308 None
0x14000a310 None
0x14000a318 None
0x14000a320 None
0x14000a328 None
0x14000a330 None
0x14000a338 None
0x14000a340 None
0x14000a348 None
0x14000a350 None
0x14000a358 None
0x14000a360 None
0x14000a368 None
0x14000a370 None
0x14000a378 None
0x14000a380 None
0x14000a388 None
0x14000a390 None
0x14000a398 None
0x14000a3a0 None
0x14000a3a8 None
0x14000a3b0 None
0x14000a3b8 None
0x14000a3c0 None
0x14000a3c8 None
0x14000a3d0 None
0x14000a3d8 None
0x14000a3e0 None
0x14000a3e8 None
0x14000a3f0 None
0x14000a3f8 None
0x14000a400 None
0x14000a408 None
0x14000a410 None
0x14000a418 None
0x14000a420 None
0x14000a428 None
0x14000a430 None
0x14000a438 None
0x14000a440 None
0x14000a448 None
0x14000a450 None
0x14000a458 None
0x14000a460 None
0x14000a468 None
0x14000a470 None
0x14000a478 None
0x14000a480 None
0x14000a488 None
0x14000a490 None
0x14000a498 None
0x14000a4a0 None
0x14000a4a8 None
0x14000a4b0 None
0x14000a4b8 None
0x14000a4c0 None
0x14000a4c8 None
0x14000a4d0 None
0x14000a4d8 None
0x14000a4e0 None
0x14000a4e8 None
0x14000a4f0 None
0x14000a4f8 None
0x14000a500 None
0x14000a508 None
0x14000a510 None
0x14000a518 None
0x14000a520 None
0x14000a528 None
0x14000a530 None
0x14000a538 None
0x14000a540 None
0x14000a548 None
0x14000a550 None
0x14000a558 None
0x14000a560 None
0x14000a568 None
0x14000a570 None
0x14000a578 None
0x14000a580 None
0x14000a588 None
0x14000a590 None
0x14000a598 None
0x14000a5a0 None
0x14000a5a8 None
0x14000a5b0 None
0x14000a5b8 None
0x14000a5c0 None
0x14000a5c8 None
0x14000a5d0 None
0x14000a5d8 None
0x14000a5e0 None
0x14000a5e8 None
0x14000a5f0 None
0x14000a5f8 None
0x14000a600 None
0x14000a608 None
0x14000a610 None
0x14000a618 None
0x14000a620 None
0x14000a628 None
0x14000a630 None
0x14000a638 None
0x14000a640 None
0x14000a648 None
0x14000a650 None
0x14000a658 None
0x14000a660 None
0x14000a668 None
0x14000a670 None
0x14000a678 None
0x14000a680 None
0x14000a688 None
0x14000a690 None
msvcrt.dll
0x14000a7a8 _wcsnicmp
0x14000a7b0 ??1type_info@@UEAA@XZ
0x14000a7b8 memset
0x14000a7c0 __set_app_type
0x14000a7c8 __wgetmainargs
0x14000a7d0 exit
0x14000a7d8 _amsg_exit
0x14000a7e0 __dllonexit
0x14000a7e8 _unlock
0x14000a7f0 _lock
0x14000a7f8 ?terminate@@YAXXZ
0x14000a800 _commode
0x14000a808 _fmode
0x14000a810 _wcmdln
0x14000a818 __C_specific_handler
0x14000a820 _initterm
0x14000a828 __setusermatherr
0x14000a830 _cexit
0x14000a838 _XcptFilter
0x14000a840 memmove
0x14000a848 _onexit
0x14000a850 memcpy
0x14000a858 wcschr
0x14000a860 wcsrchr
0x14000a868 iswspace
0x14000a870 free
0x14000a878 wcsncmp
0x14000a880 calloc
0x14000a888 __CxxFrameHandler3
0x14000a890 _exit
0x14000a898 towupper
0x14000a8a0 wcscmp
COMCTL32.dll
0x14000a150 DestroyPropertySheetPage
0x14000a158 PropertySheetW
0x14000a160 None
netutils.dll
0x14000a8b0 NetpwPathType
0x14000a8b8 NetpIsRemote
0x14000a8c0 NetpwNameValidate
0x14000a8c8 NetApiBufferFree
srvcli.dll
0x14000a8d8 NetServerDiskEnum
0x14000a8e0 NetpsNameValidate
0x14000a8e8 NetShareAdd
0x14000a8f0 NetShareSetInfo
0x14000a8f8 NetShareEnum
0x14000a900 NetShareGetInfo
0x14000a908 NetServerGetInfo
ACLUI.dll
0x14000a0a8 None
WS2_32.dll
0x14000a768 WSAStringToAddressW
0x14000a770 WSACleanup
0x14000a778 WSAStartup
SHELL32.dll
0x14000a6a0 SHGetPathFromIDListW
0x14000a6a8 SHGetMalloc
0x14000a6b0 None
0x14000a6b8 None
0x14000a6c0 None
0x14000a6c8 None
0x14000a6d0 None
0x14000a6d8 None
0x14000a6e0 SHChangeNotify
0x14000a6e8 SHBrowseForFolderW
0x14000a6f0 SHGetSpecialFolderLocation
0x14000a6f8 SHGetDesktopFolder
api-ms-win-core-com-l1-1-0.dll
0x14000a788 CoInitializeEx
0x14000a790 CoUninitialize
0x14000a798 CoCreateInstance
EAT(Export Address Table) is none