ScreenShot
| Created | 2023.08.25 18:21 | Machine | s1_win7_x6403 |
| Filename | Install.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 2 detected () | ||
| md5 | 3813559c9eeac4f4dc8b7b322b695007 | ||
| sha256 | e728a9ec09d7e49171144459b742ee41dabaf206970d2a2260694204cd1f5161 | ||
| ssdeep | 49152:z4jNK7Anf5WYoyY/PIsYgkBAASKeiq15Jj915tmfErb1OFrfFnFSteh5o+ID8+Al:GMEEYuIsDAbfq1triL5o+IDsl | ||
| imphash | 3fa70d43fd8740c853f484160e706724 | ||
| impfuzzy | 96:+WBzX7eaw9pVDBEtXkRWXH+Yb8Wu6xAv+lS:Jj5XURWdQWBU | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140336000 CryptGenRandom
0x140336008 CryptReleaseContext
0x140336010 RegGetValueW
0x140336018 RegCloseKey
0x140336020 RegOpenKeyExA
0x140336028 CryptAcquireContextW
KERNEL32.dll
0x140336038 GetFileAttributesW
0x140336040 CreateFileW
0x140336048 CloseHandle
0x140336050 GetLastError
0x140336058 GetEnvironmentVariableW
0x140336060 GetCurrentDirectoryW
0x140336068 CreateDirectoryW
0x140336070 ReadFile
0x140336078 GetModuleFileNameW
0x140336080 GetDiskFreeSpaceExA
0x140336088 SetCurrentDirectoryW
0x140336090 GetVolumePathNameW
0x140336098 GetDriveTypeW
0x1403360a0 GetFinalPathNameByHandleW
0x1403360a8 GetFileInformationByHandle
0x1403360b0 MoveFileExW
0x1403360b8 GetFileType
0x1403360c0 SetFileTime
0x1403360c8 CreateFileMappingW
0x1403360d0 MapViewOfFile
0x1403360d8 VirtualQuery
0x1403360e0 GetCurrentProcess
0x1403360e8 DuplicateHandle
0x1403360f0 UnmapViewOfFile
0x1403360f8 FlushFileBuffers
0x140336100 GetSystemInfo
0x140336108 FindFirstFileExW
0x140336110 FindNextFileW
0x140336118 FindClose
0x140336120 GetSystemTime
0x140336128 SystemTimeToFileTime
0x140336130 GetStdHandle
0x140336138 MultiByteToWideChar
0x140336140 WideCharToMultiByte
0x140336148 SetFileInformationByHandle
0x140336150 SetLastError
0x140336158 TerminateProcess
0x140336160 GetCurrentProcessId
0x140336168 GetNativeSystemInfo
0x140336170 GetProcessTimes
0x140336178 SetErrorMode
0x140336180 GetCommandLineW
0x140336188 FindFirstFileW
0x140336190 GetLongPathNameW
0x140336198 GetConsoleMode
0x1403361a0 GetConsoleScreenBufferInfo
0x1403361a8 SetConsoleTextAttribute
0x1403361b0 GetSystemTimeAsFileTime
0x1403361b8 GetModuleHandleW
0x1403361c0 GetProcAddress
0x1403361c8 WriteConsoleW
0x1403361d0 CreateProcessW
0x1403361d8 CreateJobObjectW
0x1403361e0 SetInformationJobObject
0x1403361e8 AssignProcessToJobObject
0x1403361f0 WaitForSingleObject
0x1403361f8 SetProcessAffinityMask
0x140336200 ResumeThread
0x140336208 K32GetProcessMemoryInfo
0x140336210 GetExitCodeProcess
0x140336218 SearchPathW
0x140336220 FormatMessageA
0x140336228 LocalFree
0x140336230 LeaveCriticalSection
0x140336238 LoadLibraryW
0x140336240 EnterCriticalSection
0x140336248 InitializeCriticalSection
0x140336250 SetUnhandledExceptionFilter
0x140336258 SetConsoleCtrlHandler
0x140336260 RtlCaptureContext
0x140336268 GetCurrentThread
0x140336270 GetCurrentThreadId
0x140336278 ExpandEnvironmentStringsW
0x140336280 RaiseException
0x140336288 SetThreadGroupAffinity
0x140336290 GetLogicalProcessorInformationEx
0x140336298 GetProcessGroupAffinity
0x1403362a0 GetProcessAffinityMask
0x1403362a8 VirtualProtect
0x1403362b0 FreeLibrary
0x1403362b8 LoadLibraryExA
0x1403362c0 InitializeSRWLock
0x1403362c8 ReleaseSRWLockExclusive
0x1403362d0 AcquireSRWLockExclusive
0x1403362d8 InitializeCriticalSectionEx
0x1403362e0 TryEnterCriticalSection
0x1403362e8 DeleteCriticalSection
0x1403362f0 InitializeConditionVariable
0x1403362f8 WakeConditionVariable
0x140336300 WakeAllConditionVariable
0x140336308 SleepConditionVariableCS
0x140336310 SleepConditionVariableSRW
0x140336318 RtlPcToFileHeader
0x140336320 QueryPerformanceCounter
0x140336328 ReleaseSRWLockShared
0x140336330 AcquireSRWLockShared
0x140336338 WaitForSingleObjectEx
0x140336340 FlsAlloc
0x140336348 FlsGetValue
0x140336350 FlsSetValue
0x140336358 FlsFree
0x140336360 EncodePointer
0x140336368 DecodePointer
0x140336370 LCMapStringEx
0x140336378 GetStringTypeW
0x140336380 GetCPInfo
0x140336388 InitializeCriticalSectionAndSpinCount
0x140336390 SetEvent
0x140336398 ResetEvent
0x1403363a0 CreateEventW
0x1403363a8 RtlLookupFunctionEntry
0x1403363b0 RtlVirtualUnwind
0x1403363b8 UnhandledExceptionFilter
0x1403363c0 IsProcessorFeaturePresent
0x1403363c8 IsDebuggerPresent
0x1403363d0 GetStartupInfoW
0x1403363d8 InitializeSListHead
0x1403363e0 GetThreadLocale
0x1403363e8 LoadLibraryA
0x1403363f0 RtlUnwindEx
0x1403363f8 RtlUnwind
0x140336400 TlsAlloc
0x140336408 TlsGetValue
0x140336410 TlsSetValue
0x140336418 TlsFree
0x140336420 LoadLibraryExW
0x140336428 ExitProcess
0x140336430 GetModuleHandleExW
0x140336438 SetStdHandle
0x140336440 SetFilePointerEx
0x140336448 CreateThread
0x140336450 ExitThread
0x140336458 FreeLibraryAndExitThread
0x140336460 WriteFile
0x140336468 GetCommandLineA
0x140336470 ReadConsoleW
0x140336478 GetConsoleOutputCP
0x140336480 HeapFree
0x140336488 HeapAlloc
0x140336490 GetDateFormatW
0x140336498 GetTimeFormatW
0x1403364a0 CompareStringW
0x1403364a8 LCMapStringW
0x1403364b0 GetLocaleInfoW
0x1403364b8 IsValidLocale
0x1403364c0 GetUserDefaultLCID
0x1403364c8 EnumSystemLocalesW
0x1403364d0 GetProcessHeap
0x1403364d8 HeapReAlloc
0x1403364e0 GetTimeZoneInformation
0x1403364e8 GetFileSizeEx
0x1403364f0 IsValidCodePage
0x1403364f8 GetACP
0x140336500 GetOEMCP
0x140336508 GetEnvironmentStringsW
0x140336510 FreeEnvironmentStringsW
0x140336518 SetEnvironmentVariableW
0x140336520 HeapSize
EAT(Export Address Table) is none
ADVAPI32.dll
0x140336000 CryptGenRandom
0x140336008 CryptReleaseContext
0x140336010 RegGetValueW
0x140336018 RegCloseKey
0x140336020 RegOpenKeyExA
0x140336028 CryptAcquireContextW
KERNEL32.dll
0x140336038 GetFileAttributesW
0x140336040 CreateFileW
0x140336048 CloseHandle
0x140336050 GetLastError
0x140336058 GetEnvironmentVariableW
0x140336060 GetCurrentDirectoryW
0x140336068 CreateDirectoryW
0x140336070 ReadFile
0x140336078 GetModuleFileNameW
0x140336080 GetDiskFreeSpaceExA
0x140336088 SetCurrentDirectoryW
0x140336090 GetVolumePathNameW
0x140336098 GetDriveTypeW
0x1403360a0 GetFinalPathNameByHandleW
0x1403360a8 GetFileInformationByHandle
0x1403360b0 MoveFileExW
0x1403360b8 GetFileType
0x1403360c0 SetFileTime
0x1403360c8 CreateFileMappingW
0x1403360d0 MapViewOfFile
0x1403360d8 VirtualQuery
0x1403360e0 GetCurrentProcess
0x1403360e8 DuplicateHandle
0x1403360f0 UnmapViewOfFile
0x1403360f8 FlushFileBuffers
0x140336100 GetSystemInfo
0x140336108 FindFirstFileExW
0x140336110 FindNextFileW
0x140336118 FindClose
0x140336120 GetSystemTime
0x140336128 SystemTimeToFileTime
0x140336130 GetStdHandle
0x140336138 MultiByteToWideChar
0x140336140 WideCharToMultiByte
0x140336148 SetFileInformationByHandle
0x140336150 SetLastError
0x140336158 TerminateProcess
0x140336160 GetCurrentProcessId
0x140336168 GetNativeSystemInfo
0x140336170 GetProcessTimes
0x140336178 SetErrorMode
0x140336180 GetCommandLineW
0x140336188 FindFirstFileW
0x140336190 GetLongPathNameW
0x140336198 GetConsoleMode
0x1403361a0 GetConsoleScreenBufferInfo
0x1403361a8 SetConsoleTextAttribute
0x1403361b0 GetSystemTimeAsFileTime
0x1403361b8 GetModuleHandleW
0x1403361c0 GetProcAddress
0x1403361c8 WriteConsoleW
0x1403361d0 CreateProcessW
0x1403361d8 CreateJobObjectW
0x1403361e0 SetInformationJobObject
0x1403361e8 AssignProcessToJobObject
0x1403361f0 WaitForSingleObject
0x1403361f8 SetProcessAffinityMask
0x140336200 ResumeThread
0x140336208 K32GetProcessMemoryInfo
0x140336210 GetExitCodeProcess
0x140336218 SearchPathW
0x140336220 FormatMessageA
0x140336228 LocalFree
0x140336230 LeaveCriticalSection
0x140336238 LoadLibraryW
0x140336240 EnterCriticalSection
0x140336248 InitializeCriticalSection
0x140336250 SetUnhandledExceptionFilter
0x140336258 SetConsoleCtrlHandler
0x140336260 RtlCaptureContext
0x140336268 GetCurrentThread
0x140336270 GetCurrentThreadId
0x140336278 ExpandEnvironmentStringsW
0x140336280 RaiseException
0x140336288 SetThreadGroupAffinity
0x140336290 GetLogicalProcessorInformationEx
0x140336298 GetProcessGroupAffinity
0x1403362a0 GetProcessAffinityMask
0x1403362a8 VirtualProtect
0x1403362b0 FreeLibrary
0x1403362b8 LoadLibraryExA
0x1403362c0 InitializeSRWLock
0x1403362c8 ReleaseSRWLockExclusive
0x1403362d0 AcquireSRWLockExclusive
0x1403362d8 InitializeCriticalSectionEx
0x1403362e0 TryEnterCriticalSection
0x1403362e8 DeleteCriticalSection
0x1403362f0 InitializeConditionVariable
0x1403362f8 WakeConditionVariable
0x140336300 WakeAllConditionVariable
0x140336308 SleepConditionVariableCS
0x140336310 SleepConditionVariableSRW
0x140336318 RtlPcToFileHeader
0x140336320 QueryPerformanceCounter
0x140336328 ReleaseSRWLockShared
0x140336330 AcquireSRWLockShared
0x140336338 WaitForSingleObjectEx
0x140336340 FlsAlloc
0x140336348 FlsGetValue
0x140336350 FlsSetValue
0x140336358 FlsFree
0x140336360 EncodePointer
0x140336368 DecodePointer
0x140336370 LCMapStringEx
0x140336378 GetStringTypeW
0x140336380 GetCPInfo
0x140336388 InitializeCriticalSectionAndSpinCount
0x140336390 SetEvent
0x140336398 ResetEvent
0x1403363a0 CreateEventW
0x1403363a8 RtlLookupFunctionEntry
0x1403363b0 RtlVirtualUnwind
0x1403363b8 UnhandledExceptionFilter
0x1403363c0 IsProcessorFeaturePresent
0x1403363c8 IsDebuggerPresent
0x1403363d0 GetStartupInfoW
0x1403363d8 InitializeSListHead
0x1403363e0 GetThreadLocale
0x1403363e8 LoadLibraryA
0x1403363f0 RtlUnwindEx
0x1403363f8 RtlUnwind
0x140336400 TlsAlloc
0x140336408 TlsGetValue
0x140336410 TlsSetValue
0x140336418 TlsFree
0x140336420 LoadLibraryExW
0x140336428 ExitProcess
0x140336430 GetModuleHandleExW
0x140336438 SetStdHandle
0x140336440 SetFilePointerEx
0x140336448 CreateThread
0x140336450 ExitThread
0x140336458 FreeLibraryAndExitThread
0x140336460 WriteFile
0x140336468 GetCommandLineA
0x140336470 ReadConsoleW
0x140336478 GetConsoleOutputCP
0x140336480 HeapFree
0x140336488 HeapAlloc
0x140336490 GetDateFormatW
0x140336498 GetTimeFormatW
0x1403364a0 CompareStringW
0x1403364a8 LCMapStringW
0x1403364b0 GetLocaleInfoW
0x1403364b8 IsValidLocale
0x1403364c0 GetUserDefaultLCID
0x1403364c8 EnumSystemLocalesW
0x1403364d0 GetProcessHeap
0x1403364d8 HeapReAlloc
0x1403364e0 GetTimeZoneInformation
0x1403364e8 GetFileSizeEx
0x1403364f0 IsValidCodePage
0x1403364f8 GetACP
0x140336500 GetOEMCP
0x140336508 GetEnvironmentStringsW
0x140336510 FreeEnvironmentStringsW
0x140336518 SetEnvironmentVariableW
0x140336520 HeapSize
EAT(Export Address Table) is none