ScreenShot
| Created | 2023.07.20 07:59 | Machine | s1_win7_x6401 |
| Filename | mjifi | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 551c155f4fce82bba4cc92e56f1ecb84 | ||
| sha256 | 6abe94df833ec0e6d145429bba99fdca9ad3fcbb685a432b20c04f74de9a42a5 | ||
| ssdeep | 1536:297aJ0EPusaVPSHY1WmsZz/oSVNwNtK0F1NbpSVOTlyZ8H3:AM0EPuhKHxrZz8L5wV6M | ||
| imphash | f718d257cb3a4bbbe8310fa60e7d1ded | ||
| impfuzzy | 96:25Xs3GPcqC/jVrjVcvazxqLjV5qnjVBxQyWl/UpjbmEEBTCuYzLwzRUa:25Xs20tBeva8Lf2FM+vmnTCOz9 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x140010a08 _fmode
0x140010a10 ?terminate@@YAXXZ
0x140010a18 _wcmdln
0x140010a20 _initterm
0x140010a28 ??1type_info@@UEAA@XZ
0x140010a30 _lock
0x140010a38 __setusermatherr
0x140010a40 _cexit
0x140010a48 _exit
0x140010a50 exit
0x140010a58 _unlock
0x140010a60 __dllonexit
0x140010a68 _onexit
0x140010a70 memmove
0x140010a78 _commode
0x140010a80 __set_app_type
0x140010a88 __wgetmainargs
0x140010a90 _amsg_exit
0x140010a98 isdigit
0x140010aa0 _XcptFilter
0x140010aa8 _CxxThrowException
0x140010ab0 _callnewh
0x140010ab8 ??0exception@@QEAA@AEBQEBDH@Z
0x140010ac0 ??0exception@@QEAA@XZ
0x140010ac8 memmove_s
0x140010ad0 memcpy_s
0x140010ad8 _wcsicmp
0x140010ae0 ?what@exception@@UEBAPEBDXZ
0x140010ae8 realloc
0x140010af0 wcscat_s
0x140010af8 malloc
0x140010b00 free
0x140010b08 ??0exception@@QEAA@AEBV0@@Z
0x140010b10 ??1exception@@UEAA@XZ
0x140010b18 ??0exception@@QEAA@AEBQEBD@Z
0x140010b20 __C_specific_handler
0x140010b28 __CxxFrameHandler3
0x140010b30 memcmp
0x140010b38 memcpy
0x140010b40 memset
api-ms-win-core-synch-l1-1-0.dll
0x140010960 SetEvent
0x140010968 DeleteCriticalSection
0x140010970 InitializeCriticalSection
0x140010978 EnterCriticalSection
0x140010980 LeaveCriticalSection
0x140010988 CreateEventW
0x140010990 WaitForSingleObject
api-ms-win-core-libraryloader-l1-2-0.dll
0x1400107f8 FindResourceExW
0x140010800 SizeofResource
0x140010808 GetModuleFileNameW
0x140010810 LoadResource
0x140010818 GetModuleHandleW
0x140010820 LoadLibraryExW
0x140010828 GetProcAddress
0x140010830 FreeLibrary
api-ms-win-core-string-l2-1-0.dll
0x140010930 CharPrevW
0x140010938 CharNextW
api-ms-win-core-errorhandling-l1-1-0.dll
0x140010760 SetUnhandledExceptionFilter
0x140010768 RaiseException
0x140010770 GetLastError
0x140010778 UnhandledExceptionFilter
api-ms-win-core-registry-l1-1-0.dll
0x1400108a8 RegNotifyChangeKeyValue
0x1400108b0 RegOpenKeyExW
0x1400108b8 RegQueryValueExW
0x1400108c0 RegQueryInfoKeyW
0x1400108c8 RegDeleteValueW
0x1400108d0 RegSetValueExW
0x1400108d8 RegEnumKeyExW
0x1400108e0 RegEnumValueW
0x1400108e8 RegCloseKey
0x1400108f0 RegCreateKeyExW
api-ms-win-core-memory-l1-1-0.dll
0x140010840 VirtualAlloc
0x140010848 VirtualQuery
0x140010850 VirtualProtect
api-ms-win-core-sysinfo-l1-1-0.dll
0x1400109c0 GetSystemInfo
0x1400109c8 GetTickCount
0x1400109d0 GetSystemTimeAsFileTime
api-ms-win-core-string-l1-1-0.dll
0x140010920 MultiByteToWideChar
api-ms-win-core-handle-l1-1-0.dll
0x1400107a0 DuplicateHandle
0x1400107a8 CloseHandle
api-ms-win-core-synch-l1-2-1.dll
0x1400109b0 WaitForMultipleObjects
api-ms-win-core-synch-l1-2-0.dll
0x1400109a0 Sleep
api-ms-win-core-heap-l1-1-0.dll
0x1400107b8 HeapFree
0x1400107c0 GetProcessHeap
0x1400107c8 HeapSetInformation
0x1400107d0 HeapAlloc
0x1400107d8 HeapDestroy
api-ms-win-core-processthreads-l1-1-0.dll
0x140010860 GetCurrentThreadId
0x140010868 TerminateProcess
0x140010870 GetCurrentProcessId
0x140010878 CreateThread
0x140010880 GetCurrentProcess
0x140010888 GetStartupInfoW
api-ms-win-core-profile-l1-1-0.dll
0x140010898 QueryPerformanceCounter
api-ms-win-core-rtlsupport-l1-1-0.dll
0x140010900 RtlLookupFunctionEntry
0x140010908 RtlCaptureContext
0x140010910 RtlVirtualUnwind
api-ms-win-core-threadpool-legacy-l1-1-0.dll
0x1400109e0 CreateTimerQueue
0x1400109e8 DeleteTimerQueueTimer
0x1400109f0 CreateTimerQueueTimer
0x1400109f8 DeleteTimerQueueEx
api-ms-win-core-string-obsolete-l1-1-0.dll
0x140010948 lstrcmpiW
0x140010950 lstrcpynW
CRYPTBASE.dll
0x140010718 SystemFunction036
MSWSOCK.dll
0x140010728 AcceptEx
0x140010730 GetAcceptExSockaddrs
api-ms-win-core-file-l1-1-0.dll
0x140010788 WriteFile
0x140010790 ReadFile
api-ms-win-core-delayload-l1-1-1.dll
0x140010750 ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll
0x140010740 DelayLoadFailureHook
api-ms-win-core-kernel32-legacy-l1-1-0.dll
0x1400107e8 BindIoCompletionCallback
EAT(Export Address Table) is none
msvcrt.dll
0x140010a08 _fmode
0x140010a10 ?terminate@@YAXXZ
0x140010a18 _wcmdln
0x140010a20 _initterm
0x140010a28 ??1type_info@@UEAA@XZ
0x140010a30 _lock
0x140010a38 __setusermatherr
0x140010a40 _cexit
0x140010a48 _exit
0x140010a50 exit
0x140010a58 _unlock
0x140010a60 __dllonexit
0x140010a68 _onexit
0x140010a70 memmove
0x140010a78 _commode
0x140010a80 __set_app_type
0x140010a88 __wgetmainargs
0x140010a90 _amsg_exit
0x140010a98 isdigit
0x140010aa0 _XcptFilter
0x140010aa8 _CxxThrowException
0x140010ab0 _callnewh
0x140010ab8 ??0exception@@QEAA@AEBQEBDH@Z
0x140010ac0 ??0exception@@QEAA@XZ
0x140010ac8 memmove_s
0x140010ad0 memcpy_s
0x140010ad8 _wcsicmp
0x140010ae0 ?what@exception@@UEBAPEBDXZ
0x140010ae8 realloc
0x140010af0 wcscat_s
0x140010af8 malloc
0x140010b00 free
0x140010b08 ??0exception@@QEAA@AEBV0@@Z
0x140010b10 ??1exception@@UEAA@XZ
0x140010b18 ??0exception@@QEAA@AEBQEBD@Z
0x140010b20 __C_specific_handler
0x140010b28 __CxxFrameHandler3
0x140010b30 memcmp
0x140010b38 memcpy
0x140010b40 memset
api-ms-win-core-synch-l1-1-0.dll
0x140010960 SetEvent
0x140010968 DeleteCriticalSection
0x140010970 InitializeCriticalSection
0x140010978 EnterCriticalSection
0x140010980 LeaveCriticalSection
0x140010988 CreateEventW
0x140010990 WaitForSingleObject
api-ms-win-core-libraryloader-l1-2-0.dll
0x1400107f8 FindResourceExW
0x140010800 SizeofResource
0x140010808 GetModuleFileNameW
0x140010810 LoadResource
0x140010818 GetModuleHandleW
0x140010820 LoadLibraryExW
0x140010828 GetProcAddress
0x140010830 FreeLibrary
api-ms-win-core-string-l2-1-0.dll
0x140010930 CharPrevW
0x140010938 CharNextW
api-ms-win-core-errorhandling-l1-1-0.dll
0x140010760 SetUnhandledExceptionFilter
0x140010768 RaiseException
0x140010770 GetLastError
0x140010778 UnhandledExceptionFilter
api-ms-win-core-registry-l1-1-0.dll
0x1400108a8 RegNotifyChangeKeyValue
0x1400108b0 RegOpenKeyExW
0x1400108b8 RegQueryValueExW
0x1400108c0 RegQueryInfoKeyW
0x1400108c8 RegDeleteValueW
0x1400108d0 RegSetValueExW
0x1400108d8 RegEnumKeyExW
0x1400108e0 RegEnumValueW
0x1400108e8 RegCloseKey
0x1400108f0 RegCreateKeyExW
api-ms-win-core-memory-l1-1-0.dll
0x140010840 VirtualAlloc
0x140010848 VirtualQuery
0x140010850 VirtualProtect
api-ms-win-core-sysinfo-l1-1-0.dll
0x1400109c0 GetSystemInfo
0x1400109c8 GetTickCount
0x1400109d0 GetSystemTimeAsFileTime
api-ms-win-core-string-l1-1-0.dll
0x140010920 MultiByteToWideChar
api-ms-win-core-handle-l1-1-0.dll
0x1400107a0 DuplicateHandle
0x1400107a8 CloseHandle
api-ms-win-core-synch-l1-2-1.dll
0x1400109b0 WaitForMultipleObjects
api-ms-win-core-synch-l1-2-0.dll
0x1400109a0 Sleep
api-ms-win-core-heap-l1-1-0.dll
0x1400107b8 HeapFree
0x1400107c0 GetProcessHeap
0x1400107c8 HeapSetInformation
0x1400107d0 HeapAlloc
0x1400107d8 HeapDestroy
api-ms-win-core-processthreads-l1-1-0.dll
0x140010860 GetCurrentThreadId
0x140010868 TerminateProcess
0x140010870 GetCurrentProcessId
0x140010878 CreateThread
0x140010880 GetCurrentProcess
0x140010888 GetStartupInfoW
api-ms-win-core-profile-l1-1-0.dll
0x140010898 QueryPerformanceCounter
api-ms-win-core-rtlsupport-l1-1-0.dll
0x140010900 RtlLookupFunctionEntry
0x140010908 RtlCaptureContext
0x140010910 RtlVirtualUnwind
api-ms-win-core-threadpool-legacy-l1-1-0.dll
0x1400109e0 CreateTimerQueue
0x1400109e8 DeleteTimerQueueTimer
0x1400109f0 CreateTimerQueueTimer
0x1400109f8 DeleteTimerQueueEx
api-ms-win-core-string-obsolete-l1-1-0.dll
0x140010948 lstrcmpiW
0x140010950 lstrcpynW
CRYPTBASE.dll
0x140010718 SystemFunction036
MSWSOCK.dll
0x140010728 AcceptEx
0x140010730 GetAcceptExSockaddrs
api-ms-win-core-file-l1-1-0.dll
0x140010788 WriteFile
0x140010790 ReadFile
api-ms-win-core-delayload-l1-1-1.dll
0x140010750 ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll
0x140010740 DelayLoadFailureHook
api-ms-win-core-kernel32-legacy-l1-1-0.dll
0x1400107e8 BindIoCompletionCallback
EAT(Export Address Table) is none