ScreenShot
| Created | 2023.06.26 07:53 | Machine | s1_win7_x6401 |
| Filename | AAAd1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (AIDetectMalware, BadOffer, Zusy, Artemis, Save, malicious, confidence, 100%, Eldorado, Attribute, HighConfidence, high confidence, score, ccnc, MalOb, Cryp, Oader, Hflw, DownLoad4, ai score=89, SmallAgent, Detected, LgoogLoader, unsafe, CLOUD) | ||
| md5 | 94f7dacd5b046eba244fceebe7b9a1dd | ||
| sha256 | a5476eed216a55fa35d1a0ed0b4be51ce8c376e12a44a8f74f1ee9b1e0a1e685 | ||
| ssdeep | 3072:uaY0LwJqqkCPyIrxC55W86GOsKc9P5bivyKKT9cWCeGW801Io:u7VvxJGFrP5+vUOEf1Io | ||
| imphash | a19128c77d60d2b394dfa78b2e70b342 | ||
| impfuzzy | 48:1LzLnlC1Z9VRNTtLcfw81b6xvwFGAzJ/g/zFGnBjft09KSY/KAQAkjlR+SZnh/dX:1LzLnlWjRptLcfwzo14E69dKO | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msi.dll
0x40d244 None
0x40d248 None
credui.dll
0x40d23c CredUIParseUserNameW
VERSION.dll
0x40d22c GetFileVersionInfoSizeW
0x40d230 GetFileVersionInfoW
0x40d234 VerQueryValueW
KERNEL32.dll
0x40d060 SetStdHandle
0x40d064 LoadLibraryA
0x40d068 GetLocaleInfoA
0x40d06c GetStringTypeW
0x40d070 GetStringTypeA
0x40d074 WriteConsoleA
0x40d078 GetConsoleCP
0x40d07c SetFilePointer
0x40d080 RtlUnwind
0x40d084 InitializeCriticalSection
0x40d088 GetSystemTimeAsFileTime
0x40d08c GetCurrentProcessId
0x40d090 GetTickCount
0x40d094 QueryPerformanceCounter
0x40d098 GetFileType
0x40d09c SetHandleCount
0x40d0a0 GetEnvironmentStringsW
0x40d0a4 FreeEnvironmentStringsW
0x40d0a8 GetConsoleOutputCP
0x40d0ac GetCommandLineW
0x40d0b0 SetEnvironmentVariableW
0x40d0b4 GetCurrentProcess
0x40d0b8 GetProcAddress
0x40d0bc Sleep
0x40d0c0 CloseHandle
0x40d0c4 GetLastError
0x40d0c8 CreateProcessW
0x40d0cc GetShortPathNameW
0x40d0d0 GetModuleFileNameW
0x40d0d4 SearchPathW
0x40d0d8 GetComputerNameW
0x40d0dc FormatMessageW
0x40d0e0 LoadLibraryW
0x40d0e4 LocalAlloc
0x40d0e8 LocalFree
0x40d0ec GetModuleHandleW
0x40d0f0 WriteConsoleW
0x40d0f4 HeapSize
0x40d0f8 CreateFileA
0x40d0fc FlushFileBuffers
0x40d100 GetConsoleMode
0x40d104 GetModuleFileNameA
0x40d108 GetStdHandle
0x40d10c WriteFile
0x40d110 ExitProcess
0x40d114 GetEnvironmentStrings
0x40d118 FreeEnvironmentStringsA
0x40d11c LCMapStringW
0x40d120 WideCharToMultiByte
0x40d124 LCMapStringA
0x40d128 HeapFree
0x40d12c HeapAlloc
0x40d130 GetCommandLineA
0x40d134 GetVersionExA
0x40d138 GetProcessHeap
0x40d13c GetStartupInfoA
0x40d140 TerminateProcess
0x40d144 UnhandledExceptionFilter
0x40d148 SetUnhandledExceptionFilter
0x40d14c IsDebuggerPresent
0x40d150 HeapDestroy
0x40d154 HeapCreate
0x40d158 VirtualFree
0x40d15c DeleteCriticalSection
0x40d160 LeaveCriticalSection
0x40d164 EnterCriticalSection
0x40d168 VirtualAlloc
0x40d16c HeapReAlloc
0x40d170 GetCPInfo
0x40d174 InterlockedIncrement
0x40d178 InterlockedDecrement
0x40d17c GetACP
0x40d180 GetOEMCP
0x40d184 IsValidCodePage
0x40d188 GetModuleHandleA
0x40d18c TlsGetValue
0x40d190 TlsAlloc
0x40d194 TlsSetValue
0x40d198 TlsFree
0x40d19c SetLastError
0x40d1a0 GetCurrentThreadId
0x40d1a4 MultiByteToWideChar
USER32.dll
0x40d1c0 CreateDialogParamW
0x40d1c4 DialogBoxIndirectParamW
0x40d1c8 InflateRect
0x40d1cc GetSysColorBrush
0x40d1d0 SetCursor
0x40d1d4 DispatchMessageW
0x40d1d8 MessageBoxW
0x40d1dc EnumWindows
0x40d1e0 SetDlgItemTextW
0x40d1e4 GetMessageW
0x40d1e8 TranslateMessage
0x40d1ec PostQuitMessage
0x40d1f0 ChildWindowFromPoint
0x40d1f4 IsDialogMessageW
0x40d1f8 GetSysColor
0x40d1fc RegisterClassExW
0x40d200 ShowWindow
0x40d204 LoadIconW
0x40d208 DefWindowProcW
0x40d20c InvalidateRect
0x40d210 SetWindowTextW
0x40d214 GetWindowThreadProcessId
0x40d218 SendMessageW
0x40d21c GetDlgItem
0x40d220 LoadCursorW
0x40d224 EndDialog
GDI32.dll
0x40d02c SelectObject
0x40d030 GetStockObject
0x40d034 GetObjectW
0x40d038 SetTextColor
0x40d03c CreateFontIndirectW
0x40d040 StartPage
0x40d044 GetDeviceCaps
0x40d048 EndDoc
0x40d04c EndPage
0x40d050 StartDocW
0x40d054 SetMapMode
0x40d058 SetBkMode
COMDLG32.dll
0x40d024 PrintDlgW
ADVAPI32.dll
0x40d000 RegSetValueW
0x40d004 CreateProcessWithLogonW
0x40d008 RegCreateKeyExW
0x40d00c RegDeleteKeyW
0x40d010 RegQueryValueExW
0x40d014 RegSetValueExW
0x40d018 RegCloseKey
0x40d01c RegCreateKeyW
SHELL32.dll
0x40d1ac ShellExecuteW
0x40d1b0 CommandLineToArgvW
0x40d1b4 SHGetMalloc
0x40d1b8 SHGetDesktopFolder
ole32.dll
0x40d250 CoInitialize
0x40d254 CoCreateInstance
0x40d258 CoUninitialize
0x40d25c CoTaskMemFree
EAT(Export Address Table) is none
msi.dll
0x40d244 None
0x40d248 None
credui.dll
0x40d23c CredUIParseUserNameW
VERSION.dll
0x40d22c GetFileVersionInfoSizeW
0x40d230 GetFileVersionInfoW
0x40d234 VerQueryValueW
KERNEL32.dll
0x40d060 SetStdHandle
0x40d064 LoadLibraryA
0x40d068 GetLocaleInfoA
0x40d06c GetStringTypeW
0x40d070 GetStringTypeA
0x40d074 WriteConsoleA
0x40d078 GetConsoleCP
0x40d07c SetFilePointer
0x40d080 RtlUnwind
0x40d084 InitializeCriticalSection
0x40d088 GetSystemTimeAsFileTime
0x40d08c GetCurrentProcessId
0x40d090 GetTickCount
0x40d094 QueryPerformanceCounter
0x40d098 GetFileType
0x40d09c SetHandleCount
0x40d0a0 GetEnvironmentStringsW
0x40d0a4 FreeEnvironmentStringsW
0x40d0a8 GetConsoleOutputCP
0x40d0ac GetCommandLineW
0x40d0b0 SetEnvironmentVariableW
0x40d0b4 GetCurrentProcess
0x40d0b8 GetProcAddress
0x40d0bc Sleep
0x40d0c0 CloseHandle
0x40d0c4 GetLastError
0x40d0c8 CreateProcessW
0x40d0cc GetShortPathNameW
0x40d0d0 GetModuleFileNameW
0x40d0d4 SearchPathW
0x40d0d8 GetComputerNameW
0x40d0dc FormatMessageW
0x40d0e0 LoadLibraryW
0x40d0e4 LocalAlloc
0x40d0e8 LocalFree
0x40d0ec GetModuleHandleW
0x40d0f0 WriteConsoleW
0x40d0f4 HeapSize
0x40d0f8 CreateFileA
0x40d0fc FlushFileBuffers
0x40d100 GetConsoleMode
0x40d104 GetModuleFileNameA
0x40d108 GetStdHandle
0x40d10c WriteFile
0x40d110 ExitProcess
0x40d114 GetEnvironmentStrings
0x40d118 FreeEnvironmentStringsA
0x40d11c LCMapStringW
0x40d120 WideCharToMultiByte
0x40d124 LCMapStringA
0x40d128 HeapFree
0x40d12c HeapAlloc
0x40d130 GetCommandLineA
0x40d134 GetVersionExA
0x40d138 GetProcessHeap
0x40d13c GetStartupInfoA
0x40d140 TerminateProcess
0x40d144 UnhandledExceptionFilter
0x40d148 SetUnhandledExceptionFilter
0x40d14c IsDebuggerPresent
0x40d150 HeapDestroy
0x40d154 HeapCreate
0x40d158 VirtualFree
0x40d15c DeleteCriticalSection
0x40d160 LeaveCriticalSection
0x40d164 EnterCriticalSection
0x40d168 VirtualAlloc
0x40d16c HeapReAlloc
0x40d170 GetCPInfo
0x40d174 InterlockedIncrement
0x40d178 InterlockedDecrement
0x40d17c GetACP
0x40d180 GetOEMCP
0x40d184 IsValidCodePage
0x40d188 GetModuleHandleA
0x40d18c TlsGetValue
0x40d190 TlsAlloc
0x40d194 TlsSetValue
0x40d198 TlsFree
0x40d19c SetLastError
0x40d1a0 GetCurrentThreadId
0x40d1a4 MultiByteToWideChar
USER32.dll
0x40d1c0 CreateDialogParamW
0x40d1c4 DialogBoxIndirectParamW
0x40d1c8 InflateRect
0x40d1cc GetSysColorBrush
0x40d1d0 SetCursor
0x40d1d4 DispatchMessageW
0x40d1d8 MessageBoxW
0x40d1dc EnumWindows
0x40d1e0 SetDlgItemTextW
0x40d1e4 GetMessageW
0x40d1e8 TranslateMessage
0x40d1ec PostQuitMessage
0x40d1f0 ChildWindowFromPoint
0x40d1f4 IsDialogMessageW
0x40d1f8 GetSysColor
0x40d1fc RegisterClassExW
0x40d200 ShowWindow
0x40d204 LoadIconW
0x40d208 DefWindowProcW
0x40d20c InvalidateRect
0x40d210 SetWindowTextW
0x40d214 GetWindowThreadProcessId
0x40d218 SendMessageW
0x40d21c GetDlgItem
0x40d220 LoadCursorW
0x40d224 EndDialog
GDI32.dll
0x40d02c SelectObject
0x40d030 GetStockObject
0x40d034 GetObjectW
0x40d038 SetTextColor
0x40d03c CreateFontIndirectW
0x40d040 StartPage
0x40d044 GetDeviceCaps
0x40d048 EndDoc
0x40d04c EndPage
0x40d050 StartDocW
0x40d054 SetMapMode
0x40d058 SetBkMode
COMDLG32.dll
0x40d024 PrintDlgW
ADVAPI32.dll
0x40d000 RegSetValueW
0x40d004 CreateProcessWithLogonW
0x40d008 RegCreateKeyExW
0x40d00c RegDeleteKeyW
0x40d010 RegQueryValueExW
0x40d014 RegSetValueExW
0x40d018 RegCloseKey
0x40d01c RegCreateKeyW
SHELL32.dll
0x40d1ac ShellExecuteW
0x40d1b0 CommandLineToArgvW
0x40d1b4 SHGetMalloc
0x40d1b8 SHGetDesktopFolder
ole32.dll
0x40d250 CoInitialize
0x40d254 CoCreateInstance
0x40d258 CoUninitialize
0x40d25c CoTaskMemFree
EAT(Export Address Table) is none