Report - main.exe

Gen1 Emotet Generic Malware UPX Malicious Library ASPack Admin Tool (Sysinternals etc ...) Anti_VM OS Processor Check PE64 PE File DLL ZIP Format
ScreenShot
Created 2023.07.17 16:49 Machine s1_win7_x6401
Filename main.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score Not founds Behavior Score
2.8
ZERO API file : clean
VT API (file) 35 detected (Common, Shelm, tseF, malicious, moderate confidence, GenericKD, unsafe, AsyncRat, ABRisk, RESR, score, FileRepMalware, Misc, prmuz, Generic Reputation PUA, Wacatac, Detected, Artemis, ai score=81, Oader, Vdkl, susgen, PossibleThreat, confidence, 100%)
md5 c66ec2c36b8a47ae1b81ea9576519478
sha256 8c744c2fea8dd76541d447997554d108d543261805d8f413b9a1b1293a65fb08
ssdeep 196608:0f0sKYu/PaQVBlibzgFDkC2CsXDjDyfmdJolpPgToa10/+jNxEbPxFOnJSgbtDlj:KQVBl80xkbCEDLJ83a10KYDxsEgbtRG
imphash 0b5552dccd9d0a834cea55c0c8fc05be
impfuzzy 48:t/gub6EwoQ54rzSv6xvi2PmeV9R+hteS1Xc+pIuCJcgTkOtV0Kq14r:phVueVuhteS1Xc+pIustkiWHS
  Network IP location

Signature (7cnts)

Level Description
danger File has been identified by 35 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates executable files on the filesystem
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (19cnts)

Level Name Description Collection
danger Win32_Trojan_Emotet_1_Zero Win32 Trojan Emotet binaries (download)
danger Win32_Trojan_Emotet_2_Zero Win32 Trojan Emotet binaries (download)
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (download)
watch Admin_Tool_IN_Zero Admin Tool Sysinternals binaries (download)
watch ASPack_Zero ASPack packed file binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
notice anti_vm_detect Possibly employs anti-virtualization techniques binaries (download)
info IsDLL (no description) binaries (download)
info IsPE64 (no description) binaries (download)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info zip_file_format ZIP file format binaries (download)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

USER32.dll
 0x14002a388 CreateWindowExW
 0x14002a390 MessageBoxW
 0x14002a398 MessageBoxA
 0x14002a3a0 SystemParametersInfoW
 0x14002a3a8 DestroyIcon
 0x14002a3b0 SetWindowLongPtrW
 0x14002a3b8 GetWindowLongPtrW
 0x14002a3c0 GetClientRect
 0x14002a3c8 InvalidateRect
 0x14002a3d0 ReleaseDC
 0x14002a3d8 GetDC
 0x14002a3e0 DrawTextW
 0x14002a3e8 GetDialogBaseUnits
 0x14002a3f0 EndDialog
 0x14002a3f8 DialogBoxIndirectParamW
 0x14002a400 MoveWindow
 0x14002a408 SendMessageW
COMCTL32.dll
 0x14002a028 None
KERNEL32.dll
 0x14002a058 GetStringTypeW
 0x14002a060 GetFileAttributesExW
 0x14002a068 HeapReAlloc
 0x14002a070 FlushFileBuffers
 0x14002a078 GetCurrentDirectoryW
 0x14002a080 IsValidCodePage
 0x14002a088 GetACP
 0x14002a090 GetModuleHandleW
 0x14002a098 MulDiv
 0x14002a0a0 GetLastError
 0x14002a0a8 SetDllDirectoryW
 0x14002a0b0 GetModuleFileNameW
 0x14002a0b8 GetProcAddress
 0x14002a0c0 GetCommandLineW
 0x14002a0c8 GetEnvironmentVariableW
 0x14002a0d0 GetOEMCP
 0x14002a0d8 ExpandEnvironmentStringsW
 0x14002a0e0 CreateDirectoryW
 0x14002a0e8 GetTempPathW
 0x14002a0f0 WaitForSingleObject
 0x14002a0f8 Sleep
 0x14002a100 GetExitCodeProcess
 0x14002a108 CreateProcessW
 0x14002a110 GetStartupInfoW
 0x14002a118 FreeLibrary
 0x14002a120 LoadLibraryExW
 0x14002a128 SetConsoleCtrlHandler
 0x14002a130 FindClose
 0x14002a138 FindFirstFileExW
 0x14002a140 CloseHandle
 0x14002a148 GetCurrentProcess
 0x14002a150 LocalFree
 0x14002a158 FormatMessageW
 0x14002a160 MultiByteToWideChar
 0x14002a168 WideCharToMultiByte
 0x14002a170 GetCPInfo
 0x14002a178 GetEnvironmentStringsW
 0x14002a180 FreeEnvironmentStringsW
 0x14002a188 GetProcessHeap
 0x14002a190 GetTimeZoneInformation
 0x14002a198 HeapSize
 0x14002a1a0 WriteConsoleW
 0x14002a1a8 SetEnvironmentVariableW
 0x14002a1b0 RtlUnwindEx
 0x14002a1b8 RtlCaptureContext
 0x14002a1c0 RtlLookupFunctionEntry
 0x14002a1c8 RtlVirtualUnwind
 0x14002a1d0 UnhandledExceptionFilter
 0x14002a1d8 SetUnhandledExceptionFilter
 0x14002a1e0 TerminateProcess
 0x14002a1e8 IsProcessorFeaturePresent
 0x14002a1f0 QueryPerformanceCounter
 0x14002a1f8 GetCurrentProcessId
 0x14002a200 GetCurrentThreadId
 0x14002a208 GetSystemTimeAsFileTime
 0x14002a210 InitializeSListHead
 0x14002a218 IsDebuggerPresent
 0x14002a220 SetEndOfFile
 0x14002a228 SetLastError
 0x14002a230 EnterCriticalSection
 0x14002a238 LeaveCriticalSection
 0x14002a240 DeleteCriticalSection
 0x14002a248 InitializeCriticalSectionAndSpinCount
 0x14002a250 TlsAlloc
 0x14002a258 TlsGetValue
 0x14002a260 TlsSetValue
 0x14002a268 TlsFree
 0x14002a270 EncodePointer
 0x14002a278 RaiseException
 0x14002a280 RtlPcToFileHeader
 0x14002a288 GetCommandLineA
 0x14002a290 CreateFileW
 0x14002a298 GetDriveTypeW
 0x14002a2a0 GetFileInformationByHandle
 0x14002a2a8 GetFileType
 0x14002a2b0 PeekNamedPipe
 0x14002a2b8 SystemTimeToTzSpecificLocalTime
 0x14002a2c0 FileTimeToSystemTime
 0x14002a2c8 GetFullPathNameW
 0x14002a2d0 RemoveDirectoryW
 0x14002a2d8 FindNextFileW
 0x14002a2e0 SetStdHandle
 0x14002a2e8 DeleteFileW
 0x14002a2f0 ReadFile
 0x14002a2f8 GetStdHandle
 0x14002a300 WriteFile
 0x14002a308 ExitProcess
 0x14002a310 GetModuleHandleExW
 0x14002a318 HeapFree
 0x14002a320 GetConsoleMode
 0x14002a328 ReadConsoleW
 0x14002a330 SetFilePointerEx
 0x14002a338 GetConsoleOutputCP
 0x14002a340 GetFileSizeEx
 0x14002a348 HeapAlloc
 0x14002a350 FlsAlloc
 0x14002a358 FlsGetValue
 0x14002a360 FlsSetValue
 0x14002a368 FlsFree
 0x14002a370 CompareStringW
 0x14002a378 LCMapStringW
ADVAPI32.dll
 0x14002a000 OpenProcessToken
 0x14002a008 GetTokenInformation
 0x14002a010 ConvertStringSecurityDescriptorToSecurityDescriptorW
 0x14002a018 ConvertSidToStringSidW
GDI32.dll
 0x14002a038 SelectObject
 0x14002a040 DeleteObject
 0x14002a048 CreateFontIndirectW

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure