ScreenShot
| Created | 2023.06.20 18:21 | Machine | s1_win7_x6401 |
| Filename | ss41.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 12 detected (Artemis, V6bh, malicious, high confidence, BadFile, Wacatac, unsafe, Fabookie, CLOUD) | ||
| md5 | ab792c894fcf607dee3a7ffc68d3b181 | ||
| sha256 | 21c639e8a7b0bb793fe1770865c5f5aab4fbc1d9328749062bdb80528a545ebd | ||
| ssdeep | 12288:G72i43pjvLx8Xr3lRkRc4YFwjsWOfRg6gtPbcTTn7qxerx7:q83pr9Wr3/kRc4l6g6gtPbcHn7q | ||
| imphash | 4673ad56625d375f2efee239af061364 | ||
| impfuzzy | 96:eh1Ler1gNtefSph8ksR1s+9y++hEGFSHBqQNzWNh:eh1CrG2R6+9B+LAHBqQNKNh | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Executes one or more WMI queries |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (7cnts) ?
Suricata ids
ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET)
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x100001000 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x100001008 RegCreateKeyExW
0x100001010 CloseTrace
0x100001018 GetTraceLoggerHandle
0x100001020 GetTraceEnableLevel
0x100001028 GetTraceEnableFlags
0x100001030 RegisterTraceGuidsW
0x100001038 UnregisterTraceGuids
0x100001040 RegCloseKey
0x100001048 OpenProcessToken
0x100001050 TraceMessage
0x100001058 DuplicateToken
0x100001060 ControlTraceW
0x100001068 StartTraceW
0x100001070 EnableTrace
0x100001078 CheckTokenMembership
0x100001080 GetTokenInformation
0x100001088 RegOpenKeyExW
0x100001090 CreateWellKnownSid
0x100001098 RegQueryValueExW
KERNEL32.dll
0x100001158 GetLocaleInfoW
0x100001160 FormatMessageW
0x100001168 FreeLibrary
0x100001170 GetProcAddress
0x100001178 LoadLibraryW
0x100001180 Sleep
0x100001188 GetLocalTime
0x100001190 GetCalendarInfoW
0x100001198 QueryPerformanceCounter
0x1000011a0 GetModuleHandleW
0x1000011a8 SetUnhandledExceptionFilter
0x1000011b0 GetStartupInfoW
0x1000011b8 CreateThread
0x1000011c0 GetDriveTypeW
0x1000011c8 GetVolumeInformationW
0x1000011d0 InitializeSListHead
0x1000011d8 RtlCaptureStackBackTrace
0x1000011e0 InterlockedPushEntrySList
0x1000011e8 InterlockedPopEntrySList
0x1000011f0 FileTimeToSystemTime
0x1000011f8 SystemTimeToFileTime
0x100001200 LeaveCriticalSection
0x100001208 EnterCriticalSection
0x100001210 CloseHandle
0x100001218 SetEvent
0x100001220 DeleteCriticalSection
0x100001228 InitializeCriticalSection
0x100001230 GetVolumeNameForVolumeMountPointW
0x100001238 GetTimeFormatW
0x100001240 GetDateFormatW
0x100001248 SetLastError
0x100001250 WaitForSingleObject
0x100001258 CreateEventW
0x100001260 GetCurrentProcess
0x100001268 SetErrorMode
0x100001270 GetCurrentThreadId
0x100001278 GetCurrentProcessId
0x100001280 GetSystemTimeAsFileTime
0x100001288 TerminateProcess
0x100001290 GetTickCount
0x100001298 UnhandledExceptionFilter
0x1000012a0 FindFirstFileW
0x1000012a8 FindNextFileW
0x1000012b0 GetProcessHeap
0x1000012b8 HeapSetInformation
0x1000012c0 RegisterApplicationRestart
0x1000012c8 GetCommandLineW
0x1000012d0 LocalFree
0x1000012d8 GetLastError
0x1000012e0 CreateDirectoryW
0x1000012e8 DeleteFileW
0x1000012f0 GetFileAttributesW
0x1000012f8 FindClose
0x100001300 CreateFileW
0x100001308 DeviceIoControl
0x100001310 MoveFileExW
0x100001318 LoadLibraryExW
0x100001320 GetVolumePathNameW
0x100001328 ExpandEnvironmentStringsW
GDI32.dll
0x1000010f0 DeleteDC
0x1000010f8 GdiFlush
0x100001100 SelectObject
0x100001108 SetLayout
0x100001110 CreateCompatibleDC
0x100001118 CreateDIBSection
0x100001120 SetTextColor
0x100001128 ExtTextOutW
0x100001130 CreateFontIndirectW
0x100001138 DeleteObject
0x100001140 GetDeviceCaps
0x100001148 SetBkColor
USER32.dll
0x1000013c0 LoadStringW
0x1000013c8 IsDlgButtonChecked
0x1000013d0 GetDlgItemTextW
0x1000013d8 SetDlgItemTextW
0x1000013e0 CheckDlgButton
0x1000013e8 DrawFrameControl
0x1000013f0 OffsetRect
0x1000013f8 SetTimer
0x100001400 KillTimer
0x100001408 GetSysColorBrush
0x100001410 GetWindowLongPtrW
0x100001418 DestroyWindow
0x100001420 EnableWindow
0x100001428 EndDialog
0x100001430 SetWindowLongPtrW
0x100001438 EndPaint
0x100001440 GetSysColor
0x100001448 MapWindowPoints
0x100001450 BeginPaint
0x100001458 ShowWindow
0x100001460 PostMessageW
0x100001468 SetWindowPos
0x100001470 LoadImageW
0x100001478 GetDesktopWindow
0x100001480 SetFocus
0x100001488 SetWindowLongW
0x100001490 GetWindowLongW
0x100001498 GetDlgItem
0x1000014a0 DestroyIcon
0x1000014a8 MoveWindow
0x1000014b0 GetWindowRect
0x1000014b8 GetClientRect
0x1000014c0 ClientToScreen
0x1000014c8 GetSystemMetrics
0x1000014d0 SendMessageW
0x1000014d8 DialogBoxParamW
0x1000014e0 SetForegroundWindow
0x1000014e8 GetDC
0x1000014f0 SetWindowTextW
0x1000014f8 ReleaseDC
0x100001500 SystemParametersInfoW
0x100001508 SendMessageTimeoutW
0x100001510 GetWindowTextW
0x100001518 EnumWindows
0x100001520 MessageBoxW
0x100001528 ChangeWindowMessageFilter
0x100001530 RegisterWindowMessageW
0x100001538 InflateRect
msvcrt.dll
0x100001558 _vscwprintf
0x100001560 iswspace
0x100001568 memcpy
0x100001570 memset
0x100001578 ?terminate@@YAXXZ
0x100001580 __set_app_type
0x100001588 _fmode
0x100001590 _commode
0x100001598 __setusermatherr
0x1000015a0 _amsg_exit
0x1000015a8 _initterm
0x1000015b0 _acmdln
0x1000015b8 exit
0x1000015c0 _cexit
0x1000015c8 _exit
0x1000015d0 _XcptFilter
0x1000015d8 __C_specific_handler
0x1000015e0 __getmainargs
0x1000015e8 _purecall
0x1000015f0 ??2@YAPEAX_K@Z
0x1000015f8 _wtol
0x100001600 memmove
0x100001608 wcstok
0x100001610 _wcsicmp
0x100001618 ??3@YAXPEAX@Z
0x100001620 _ismbblead
0x100001628 wcschr
0x100001630 _vsnwprintf
SHELL32.dll
0x100001378 CommandLineToArgvW
0x100001380 ShellExecuteExW
0x100001388 SHGetFileInfoW
0x100001390 SHGetStockIconInfo
ole32.dll
0x100001688 CoUninitialize
0x100001690 CoTaskMemFree
0x100001698 CoTaskMemAlloc
0x1000016a0 CoDisconnectObject
0x1000016a8 CoCreateInstance
0x1000016b0 CoInitializeEx
0x1000016b8 CoInitializeSecurity
OLEAUT32.dll
0x100001338 SysStringLen
0x100001340 VariantClear
0x100001348 VariantInit
0x100001350 VariantTimeToSystemTime
0x100001358 SysFreeString
0x100001360 SysAllocString
0x100001368 SystemTimeToVariantTime
COMCTL32.dll
0x1000010a8 ImageList_AddMasked
0x1000010b0 ImageList_Add
0x1000010b8 ImageList_ReplaceIcon
0x1000010c0 ImageList_Destroy
0x1000010c8 ImageList_Create
0x1000010d0 None
0x1000010d8 InitCommonControlsEx
0x1000010e0 None
ntdll.dll
0x100001640 RtlCaptureContext
0x100001648 RtlLookupFunctionEntry
0x100001650 RtlVirtualUnwind
0x100001658 WinSqmAddToStream
0x100001660 RtlAllocateHeap
0x100001668 RtlFreeHeap
0x100001670 RtlGetLastNtStatus
0x100001678 EtwTraceMessage
VirtDisk.dll
0x100001548 GetStorageDependencyInformation
SXSHARED.dll
0x1000013a0 SxTracerDebuggerBreak
0x1000013a8 SxTracerShouldTrackFailure
0x1000013b0 SxTracerGetThreadContextRetail
EAT(Export Address Table) is none
ADVAPI32.dll
0x100001000 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x100001008 RegCreateKeyExW
0x100001010 CloseTrace
0x100001018 GetTraceLoggerHandle
0x100001020 GetTraceEnableLevel
0x100001028 GetTraceEnableFlags
0x100001030 RegisterTraceGuidsW
0x100001038 UnregisterTraceGuids
0x100001040 RegCloseKey
0x100001048 OpenProcessToken
0x100001050 TraceMessage
0x100001058 DuplicateToken
0x100001060 ControlTraceW
0x100001068 StartTraceW
0x100001070 EnableTrace
0x100001078 CheckTokenMembership
0x100001080 GetTokenInformation
0x100001088 RegOpenKeyExW
0x100001090 CreateWellKnownSid
0x100001098 RegQueryValueExW
KERNEL32.dll
0x100001158 GetLocaleInfoW
0x100001160 FormatMessageW
0x100001168 FreeLibrary
0x100001170 GetProcAddress
0x100001178 LoadLibraryW
0x100001180 Sleep
0x100001188 GetLocalTime
0x100001190 GetCalendarInfoW
0x100001198 QueryPerformanceCounter
0x1000011a0 GetModuleHandleW
0x1000011a8 SetUnhandledExceptionFilter
0x1000011b0 GetStartupInfoW
0x1000011b8 CreateThread
0x1000011c0 GetDriveTypeW
0x1000011c8 GetVolumeInformationW
0x1000011d0 InitializeSListHead
0x1000011d8 RtlCaptureStackBackTrace
0x1000011e0 InterlockedPushEntrySList
0x1000011e8 InterlockedPopEntrySList
0x1000011f0 FileTimeToSystemTime
0x1000011f8 SystemTimeToFileTime
0x100001200 LeaveCriticalSection
0x100001208 EnterCriticalSection
0x100001210 CloseHandle
0x100001218 SetEvent
0x100001220 DeleteCriticalSection
0x100001228 InitializeCriticalSection
0x100001230 GetVolumeNameForVolumeMountPointW
0x100001238 GetTimeFormatW
0x100001240 GetDateFormatW
0x100001248 SetLastError
0x100001250 WaitForSingleObject
0x100001258 CreateEventW
0x100001260 GetCurrentProcess
0x100001268 SetErrorMode
0x100001270 GetCurrentThreadId
0x100001278 GetCurrentProcessId
0x100001280 GetSystemTimeAsFileTime
0x100001288 TerminateProcess
0x100001290 GetTickCount
0x100001298 UnhandledExceptionFilter
0x1000012a0 FindFirstFileW
0x1000012a8 FindNextFileW
0x1000012b0 GetProcessHeap
0x1000012b8 HeapSetInformation
0x1000012c0 RegisterApplicationRestart
0x1000012c8 GetCommandLineW
0x1000012d0 LocalFree
0x1000012d8 GetLastError
0x1000012e0 CreateDirectoryW
0x1000012e8 DeleteFileW
0x1000012f0 GetFileAttributesW
0x1000012f8 FindClose
0x100001300 CreateFileW
0x100001308 DeviceIoControl
0x100001310 MoveFileExW
0x100001318 LoadLibraryExW
0x100001320 GetVolumePathNameW
0x100001328 ExpandEnvironmentStringsW
GDI32.dll
0x1000010f0 DeleteDC
0x1000010f8 GdiFlush
0x100001100 SelectObject
0x100001108 SetLayout
0x100001110 CreateCompatibleDC
0x100001118 CreateDIBSection
0x100001120 SetTextColor
0x100001128 ExtTextOutW
0x100001130 CreateFontIndirectW
0x100001138 DeleteObject
0x100001140 GetDeviceCaps
0x100001148 SetBkColor
USER32.dll
0x1000013c0 LoadStringW
0x1000013c8 IsDlgButtonChecked
0x1000013d0 GetDlgItemTextW
0x1000013d8 SetDlgItemTextW
0x1000013e0 CheckDlgButton
0x1000013e8 DrawFrameControl
0x1000013f0 OffsetRect
0x1000013f8 SetTimer
0x100001400 KillTimer
0x100001408 GetSysColorBrush
0x100001410 GetWindowLongPtrW
0x100001418 DestroyWindow
0x100001420 EnableWindow
0x100001428 EndDialog
0x100001430 SetWindowLongPtrW
0x100001438 EndPaint
0x100001440 GetSysColor
0x100001448 MapWindowPoints
0x100001450 BeginPaint
0x100001458 ShowWindow
0x100001460 PostMessageW
0x100001468 SetWindowPos
0x100001470 LoadImageW
0x100001478 GetDesktopWindow
0x100001480 SetFocus
0x100001488 SetWindowLongW
0x100001490 GetWindowLongW
0x100001498 GetDlgItem
0x1000014a0 DestroyIcon
0x1000014a8 MoveWindow
0x1000014b0 GetWindowRect
0x1000014b8 GetClientRect
0x1000014c0 ClientToScreen
0x1000014c8 GetSystemMetrics
0x1000014d0 SendMessageW
0x1000014d8 DialogBoxParamW
0x1000014e0 SetForegroundWindow
0x1000014e8 GetDC
0x1000014f0 SetWindowTextW
0x1000014f8 ReleaseDC
0x100001500 SystemParametersInfoW
0x100001508 SendMessageTimeoutW
0x100001510 GetWindowTextW
0x100001518 EnumWindows
0x100001520 MessageBoxW
0x100001528 ChangeWindowMessageFilter
0x100001530 RegisterWindowMessageW
0x100001538 InflateRect
msvcrt.dll
0x100001558 _vscwprintf
0x100001560 iswspace
0x100001568 memcpy
0x100001570 memset
0x100001578 ?terminate@@YAXXZ
0x100001580 __set_app_type
0x100001588 _fmode
0x100001590 _commode
0x100001598 __setusermatherr
0x1000015a0 _amsg_exit
0x1000015a8 _initterm
0x1000015b0 _acmdln
0x1000015b8 exit
0x1000015c0 _cexit
0x1000015c8 _exit
0x1000015d0 _XcptFilter
0x1000015d8 __C_specific_handler
0x1000015e0 __getmainargs
0x1000015e8 _purecall
0x1000015f0 ??2@YAPEAX_K@Z
0x1000015f8 _wtol
0x100001600 memmove
0x100001608 wcstok
0x100001610 _wcsicmp
0x100001618 ??3@YAXPEAX@Z
0x100001620 _ismbblead
0x100001628 wcschr
0x100001630 _vsnwprintf
SHELL32.dll
0x100001378 CommandLineToArgvW
0x100001380 ShellExecuteExW
0x100001388 SHGetFileInfoW
0x100001390 SHGetStockIconInfo
ole32.dll
0x100001688 CoUninitialize
0x100001690 CoTaskMemFree
0x100001698 CoTaskMemAlloc
0x1000016a0 CoDisconnectObject
0x1000016a8 CoCreateInstance
0x1000016b0 CoInitializeEx
0x1000016b8 CoInitializeSecurity
OLEAUT32.dll
0x100001338 SysStringLen
0x100001340 VariantClear
0x100001348 VariantInit
0x100001350 VariantTimeToSystemTime
0x100001358 SysFreeString
0x100001360 SysAllocString
0x100001368 SystemTimeToVariantTime
COMCTL32.dll
0x1000010a8 ImageList_AddMasked
0x1000010b0 ImageList_Add
0x1000010b8 ImageList_ReplaceIcon
0x1000010c0 ImageList_Destroy
0x1000010c8 ImageList_Create
0x1000010d0 None
0x1000010d8 InitCommonControlsEx
0x1000010e0 None
ntdll.dll
0x100001640 RtlCaptureContext
0x100001648 RtlLookupFunctionEntry
0x100001650 RtlVirtualUnwind
0x100001658 WinSqmAddToStream
0x100001660 RtlAllocateHeap
0x100001668 RtlFreeHeap
0x100001670 RtlGetLastNtStatus
0x100001678 EtwTraceMessage
VirtDisk.dll
0x100001548 GetStorageDependencyInformation
SXSHARED.dll
0x1000013a0 SxTracerDebuggerBreak
0x1000013a8 SxTracerShouldTrackFailure
0x1000013b0 SxTracerGetThreadContextRetail
EAT(Export Address Table) is none