ScreenShot
| Created | 2023.09.27 17:34 | Machine | s1_win7_x6401 |
| Filename | clean.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 4 detected (Malicious, Generic@AI, RDML, ghqO4y8+S0gukFIfWfS1BQ, moderate, score, susgen) | ||
| md5 | 9fa10337d494e4b832b790bd53352fc4 | ||
| sha256 | 4b28a89571ba4324f84c4ae236a7e04f72175377d987c7a66d7c51b79df831ae | ||
| ssdeep | 6144:osehzRFMaxy3iorkQEp42Tg5Y7ow1plyROoBc3TBNEE:orAaxCio0TDkw1OMJ3tNEE | ||
| imphash | c63ba316533609531fac22f3877f847b | ||
| impfuzzy | 48:4bE7qDOS0kpDm19a1SoV8SsbT5KQ9Udwt8tGTE+Xl54LpNRoACu6x9KEVSvrzapd:WEeDT0kpDsE1BV8SsbMmEvM | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 4 AntiVirus engines on VirusTotal as malicious |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_RL_Gen_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | CAB_file_format | CAB archive file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1001000 FreeSid
0x1001004 AllocateAndInitializeSid
0x1001008 EqualSid
0x100100c GetTokenInformation
0x1001010 OpenProcessToken
0x1001014 AdjustTokenPrivileges
0x1001018 LookupPrivilegeValueA
0x100101c RegCloseKey
0x1001020 RegDeleteValueA
0x1001024 RegOpenKeyExA
0x1001028 RegSetValueExA
0x100102c RegQueryValueExA
0x1001030 RegCreateKeyExA
0x1001034 RegQueryInfoKeyA
KERNEL32.dll
0x100104c LocalFree
0x1001050 LocalAlloc
0x1001054 GetLastError
0x1001058 GetCurrentProcess
0x100105c GetModuleFileNameA
0x1001060 lstrlenA
0x1001064 GetSystemDirectoryA
0x1001068 RemoveDirectoryA
0x100106c FindClose
0x1001070 FindNextFileA
0x1001074 DeleteFileA
0x1001078 SetFileAttributesA
0x100107c lstrcmpA
0x1001080 FindFirstFileA
0x1001084 lstrcatA
0x1001088 lstrcpyA
0x100108c _lclose
0x1001090 _llseek
0x1001094 _lopen
0x1001098 WritePrivateProfileStringA
0x100109c GetWindowsDirectoryA
0x10010a0 CreateDirectoryA
0x10010a4 GetFileAttributesA
0x10010a8 ExpandEnvironmentStringsA
0x10010ac IsDBCSLeadByte
0x10010b0 GetShortPathNameA
0x10010b4 GetPrivateProfileStringA
0x10010b8 GetPrivateProfileIntA
0x10010bc lstrcmpiA
0x10010c0 GlobalFree
0x10010c4 GlobalUnlock
0x10010c8 GlobalLock
0x10010cc GetProcAddress
0x10010d0 FreeResource
0x10010d4 LockResource
0x10010d8 LoadResource
0x10010dc SizeofResource
0x10010e0 FindResourceA
0x10010e4 CloseHandle
0x10010e8 WriteFile
0x10010ec SetFilePointer
0x10010f0 SetFileTime
0x10010f4 LocalFileTimeToFileTime
0x10010f8 DosDateTimeToFileTime
0x10010fc SetCurrentDirectoryA
0x1001100 GetTempFileNameA
0x1001104 ExitProcess
0x1001108 CreateFileA
0x100110c LoadLibraryExA
0x1001110 lstrcpynA
0x1001114 GetVolumeInformationA
0x1001118 FormatMessageA
0x100111c GetCurrentDirectoryA
0x1001120 GetVersionExA
0x1001124 GetExitCodeProcess
0x1001128 WaitForSingleObject
0x100112c CreateProcessA
0x1001130 GetTempPathA
0x1001134 GetSystemInfo
0x1001138 CreateMutexA
0x100113c SetEvent
0x1001140 CreateEventA
0x1001144 CreateThread
0x1001148 ResetEvent
0x100114c TerminateThread
0x1001150 GetDriveTypeA
0x1001154 GetModuleHandleA
0x1001158 GetStartupInfoA
0x100115c GetCommandLineA
0x1001160 QueryPerformanceCounter
0x1001164 GetTickCount
0x1001168 GetCurrentThreadId
0x100116c GetCurrentProcessId
0x1001170 GetSystemTimeAsFileTime
0x1001174 TerminateProcess
0x1001178 SetUnhandledExceptionFilter
0x100117c ReadFile
0x1001180 LoadLibraryA
0x1001184 GetDiskFreeSpaceA
0x1001188 MulDiv
0x100118c EnumResourceLanguagesA
0x1001190 FreeLibrary
0x1001194 GlobalAlloc
GDI32.dll
0x1001044 GetDeviceCaps
USER32.dll
0x100119c ExitWindowsEx
0x10011a0 wsprintfA
0x10011a4 CharNextA
0x10011a8 CharUpperA
0x10011ac CharPrevA
0x10011b0 SetWindowLongA
0x10011b4 GetWindowLongA
0x10011b8 CallWindowProcA
0x10011bc DispatchMessageA
0x10011c0 MsgWaitForMultipleObjects
0x10011c4 PeekMessageA
0x10011c8 SendMessageA
0x10011cc SetWindowPos
0x10011d0 ReleaseDC
0x10011d4 GetDC
0x10011d8 GetWindowRect
0x10011dc SendDlgItemMessageA
0x10011e0 GetDlgItem
0x10011e4 SetForegroundWindow
0x10011e8 SetWindowTextA
0x10011ec MessageBoxA
0x10011f0 DialogBoxIndirectParamA
0x10011f4 ShowWindow
0x10011f8 EnableWindow
0x10011fc GetDlgItemTextA
0x1001200 EndDialog
0x1001204 GetDesktopWindow
0x1001208 MessageBeep
0x100120c SetDlgItemTextA
0x1001210 LoadStringA
0x1001214 GetSystemMetrics
COMCTL32.dll
0x100103c None
VERSION.dll
0x100121c GetFileVersionInfoA
0x1001220 VerQueryValueA
0x1001224 GetFileVersionInfoSizeA
EAT(Export Address Table) is none
ADVAPI32.dll
0x1001000 FreeSid
0x1001004 AllocateAndInitializeSid
0x1001008 EqualSid
0x100100c GetTokenInformation
0x1001010 OpenProcessToken
0x1001014 AdjustTokenPrivileges
0x1001018 LookupPrivilegeValueA
0x100101c RegCloseKey
0x1001020 RegDeleteValueA
0x1001024 RegOpenKeyExA
0x1001028 RegSetValueExA
0x100102c RegQueryValueExA
0x1001030 RegCreateKeyExA
0x1001034 RegQueryInfoKeyA
KERNEL32.dll
0x100104c LocalFree
0x1001050 LocalAlloc
0x1001054 GetLastError
0x1001058 GetCurrentProcess
0x100105c GetModuleFileNameA
0x1001060 lstrlenA
0x1001064 GetSystemDirectoryA
0x1001068 RemoveDirectoryA
0x100106c FindClose
0x1001070 FindNextFileA
0x1001074 DeleteFileA
0x1001078 SetFileAttributesA
0x100107c lstrcmpA
0x1001080 FindFirstFileA
0x1001084 lstrcatA
0x1001088 lstrcpyA
0x100108c _lclose
0x1001090 _llseek
0x1001094 _lopen
0x1001098 WritePrivateProfileStringA
0x100109c GetWindowsDirectoryA
0x10010a0 CreateDirectoryA
0x10010a4 GetFileAttributesA
0x10010a8 ExpandEnvironmentStringsA
0x10010ac IsDBCSLeadByte
0x10010b0 GetShortPathNameA
0x10010b4 GetPrivateProfileStringA
0x10010b8 GetPrivateProfileIntA
0x10010bc lstrcmpiA
0x10010c0 GlobalFree
0x10010c4 GlobalUnlock
0x10010c8 GlobalLock
0x10010cc GetProcAddress
0x10010d0 FreeResource
0x10010d4 LockResource
0x10010d8 LoadResource
0x10010dc SizeofResource
0x10010e0 FindResourceA
0x10010e4 CloseHandle
0x10010e8 WriteFile
0x10010ec SetFilePointer
0x10010f0 SetFileTime
0x10010f4 LocalFileTimeToFileTime
0x10010f8 DosDateTimeToFileTime
0x10010fc SetCurrentDirectoryA
0x1001100 GetTempFileNameA
0x1001104 ExitProcess
0x1001108 CreateFileA
0x100110c LoadLibraryExA
0x1001110 lstrcpynA
0x1001114 GetVolumeInformationA
0x1001118 FormatMessageA
0x100111c GetCurrentDirectoryA
0x1001120 GetVersionExA
0x1001124 GetExitCodeProcess
0x1001128 WaitForSingleObject
0x100112c CreateProcessA
0x1001130 GetTempPathA
0x1001134 GetSystemInfo
0x1001138 CreateMutexA
0x100113c SetEvent
0x1001140 CreateEventA
0x1001144 CreateThread
0x1001148 ResetEvent
0x100114c TerminateThread
0x1001150 GetDriveTypeA
0x1001154 GetModuleHandleA
0x1001158 GetStartupInfoA
0x100115c GetCommandLineA
0x1001160 QueryPerformanceCounter
0x1001164 GetTickCount
0x1001168 GetCurrentThreadId
0x100116c GetCurrentProcessId
0x1001170 GetSystemTimeAsFileTime
0x1001174 TerminateProcess
0x1001178 SetUnhandledExceptionFilter
0x100117c ReadFile
0x1001180 LoadLibraryA
0x1001184 GetDiskFreeSpaceA
0x1001188 MulDiv
0x100118c EnumResourceLanguagesA
0x1001190 FreeLibrary
0x1001194 GlobalAlloc
GDI32.dll
0x1001044 GetDeviceCaps
USER32.dll
0x100119c ExitWindowsEx
0x10011a0 wsprintfA
0x10011a4 CharNextA
0x10011a8 CharUpperA
0x10011ac CharPrevA
0x10011b0 SetWindowLongA
0x10011b4 GetWindowLongA
0x10011b8 CallWindowProcA
0x10011bc DispatchMessageA
0x10011c0 MsgWaitForMultipleObjects
0x10011c4 PeekMessageA
0x10011c8 SendMessageA
0x10011cc SetWindowPos
0x10011d0 ReleaseDC
0x10011d4 GetDC
0x10011d8 GetWindowRect
0x10011dc SendDlgItemMessageA
0x10011e0 GetDlgItem
0x10011e4 SetForegroundWindow
0x10011e8 SetWindowTextA
0x10011ec MessageBoxA
0x10011f0 DialogBoxIndirectParamA
0x10011f4 ShowWindow
0x10011f8 EnableWindow
0x10011fc GetDlgItemTextA
0x1001200 EndDialog
0x1001204 GetDesktopWindow
0x1001208 MessageBeep
0x100120c SetDlgItemTextA
0x1001210 LoadStringA
0x1001214 GetSystemMetrics
COMCTL32.dll
0x100103c None
VERSION.dll
0x100121c GetFileVersionInfoA
0x1001220 VerQueryValueA
0x1001224 GetFileVersionInfoSizeA
EAT(Export Address Table) is none