ScreenShot
| Created | 2023.10.11 11:38 | Machine | s1_win7_x6402 |
| Filename | vpn_2.41_x86.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 5 detected (Artemis, Shella) | ||
| md5 | e9f6a165d0e416dc8b7bd49465a3fa5c | ||
| sha256 | 725b94d66ecd5e1238401746bc89b063f4ffa5767995119d7bc23ab2ed827c03 | ||
| ssdeep | 49152:8q3QscuJsVPCYc80pixEXY2QpvH8naf9Gion08x2sChdI:80nJsVPBcexz2QpvHqu9GioJ2sChdI | ||
| imphash | 94dd02744fcb699e42c8cab9862521cf | ||
| impfuzzy | 48:vZKEw9036ypZ8X1STcn25xXwOp7teHu3e0533:vZKEw06sZ8X1STcn2HgAteHs5H | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| watch | Attempts to remove evidence of file being downloaded from the Internet |
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| notice | One or more potentially interesting buffers were extracted |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x57d000 SizeofResource
0x57d004 LockResource
0x57d008 LoadResource
0x57d00c FindResourceW
0x57d010 GetProcAddress
0x57d014 GetModuleHandleW
0x57d018 SetLastError
0x57d01c GetLastError
0x57d020 GetTickCount
0x57d024 HeapFree
0x57d028 InitializeCriticalSectionAndSpinCount
0x57d02c HeapSize
0x57d030 HeapReAlloc
0x57d034 RaiseException
0x57d038 HeapAlloc
0x57d03c DecodePointer
0x57d040 HeapDestroy
0x57d044 DeleteCriticalSection
0x57d048 GetProcessHeap
0x57d04c WideCharToMultiByte
0x57d050 GlobalAlloc
0x57d054 GlobalSize
0x57d058 GlobalLock
0x57d05c GlobalUnlock
0x57d060 GlobalFree
0x57d064 LocalFree
0x57d068 MulDiv
0x57d06c FormatMessageW
0x57d070 CopyFileW
0x57d074 MultiByteToWideChar
0x57d078 GetCurrentThread
0x57d07c GetCurrentThreadId
0x57d080 GetVersionExW
0x57d084 FreeLibrary
0x57d088 GetModuleFileNameW
0x57d08c LoadLibraryExW
0x57d090 GlobalDeleteAtom
0x57d094 lstrcmpA
0x57d098 lstrcmpW
0x57d09c CompareStringA
0x57d0a0 FreeResource
0x57d0a4 OutputDebugStringA
0x57d0a8 GetModuleHandleA
0x57d0ac LoadLibraryW
0x57d0b0 CloseHandle
0x57d0b4 SetEvent
0x57d0b8 WaitForSingleObject
0x57d0bc CreateEventW
0x57d0c0 SetThreadPriority
0x57d0c4 ResumeThread
0x57d0c8 GetPrivateProfileIntW
0x57d0cc GetPrivateProfileStringW
0x57d0d0 WritePrivateProfileStringW
0x57d0d4 GlobalAddAtomW
0x57d0d8 GetCurrentProcessId
0x57d0dc EncodePointer
0x57d0e0 GetSystemDirectoryW
0x57d0e4 LoadLibraryA
0x57d0e8 GlobalFindAtomW
0x57d0ec EnterCriticalSection
0x57d0f0 LeaveCriticalSection
0x57d0f4 LocalAlloc
0x57d0f8 SystemTimeToTzSpecificLocalTime
0x57d0fc FileTimeToSystemTime
0x57d100 InitializeCriticalSection
0x57d104 TlsAlloc
0x57d108 TlsGetValue
0x57d10c TlsSetValue
0x57d110 TlsFree
0x57d114 GlobalReAlloc
0x57d118 GlobalHandle
0x57d11c LocalReAlloc
0x57d120 GlobalGetAtomNameW
0x57d124 GetThreadLocale
0x57d128 GetCurrentDirectoryW
0x57d12c CompareStringW
0x57d130 GetLocaleInfoW
0x57d134 GetSystemDefaultUILanguage
0x57d138 GetUserDefaultUILanguage
0x57d13c GlobalFlags
0x57d140 DeleteFileW
0x57d144 CreateFileW
0x57d148 FindClose
0x57d14c FindFirstFileW
0x57d150 FlushFileBuffers
0x57d154 GetFileSize
0x57d158 GetFullPathNameW
0x57d15c GetVolumeInformationW
0x57d160 LockFile
0x57d164 ReadFile
0x57d168 SetEndOfFile
0x57d16c SetFilePointer
0x57d170 UnlockFile
0x57d174 WriteFile
0x57d178 DuplicateHandle
0x57d17c GetCurrentProcess
0x57d180 lstrcmpiW
0x57d184 VirtualProtect
0x57d188 FileTimeToLocalFileTime
0x57d18c GetFileAttributesW
0x57d190 GetFileAttributesExW
0x57d194 GetFileSizeEx
0x57d198 GetFileTime
0x57d19c FindNextFileW
0x57d1a0 SetErrorMode
0x57d1a4 GetWindowsDirectoryW
0x57d1a8 lstrcpyW
0x57d1ac FindResourceExW
0x57d1b0 VerSetConditionMask
0x57d1b4 VerifyVersionInfoW
0x57d1b8 GetTempFileNameW
0x57d1bc GetTempPathW
0x57d1c0 GetProfileIntW
0x57d1c4 SearchPathW
0x57d1c8 Sleep
0x57d1cc ResetEvent
0x57d1d0 WaitForSingleObjectEx
0x57d1d4 UnhandledExceptionFilter
0x57d1d8 SetUnhandledExceptionFilter
0x57d1dc TerminateProcess
0x57d1e0 IsProcessorFeaturePresent
0x57d1e4 QueryPerformanceCounter
0x57d1e8 GetSystemTimeAsFileTime
0x57d1ec InitializeSListHead
0x57d1f0 IsDebuggerPresent
0x57d1f4 GetStartupInfoW
0x57d1f8 WriteConsoleW
0x57d1fc SetEnvironmentVariableA
0x57d200 OutputDebugStringW
0x57d204 RtlUnwind
0x57d208 GetCommandLineA
0x57d20c GetCommandLineW
0x57d210 GetSystemInfo
0x57d214 VirtualAlloc
0x57d218 VirtualQuery
0x57d21c CreateThread
0x57d220 ExitThread
0x57d224 FreeLibraryAndExitThread
0x57d228 GetModuleHandleExW
0x57d22c HeapQueryInformation
0x57d230 SetStdHandle
0x57d234 GetFileType
0x57d238 QueryPerformanceFrequency
0x57d23c GetStdHandle
0x57d240 ExitProcess
0x57d244 GetACP
0x57d248 GetStringTypeW
0x57d24c LCMapStringW
0x57d250 GetTimeZoneInformation
0x57d254 GetConsoleCP
0x57d258 GetConsoleMode
0x57d25c ReadConsoleW
0x57d260 SetFilePointerEx
0x57d264 FindFirstFileExW
0x57d268 IsValidCodePage
0x57d26c GetOEMCP
0x57d270 GetCPInfo
0x57d274 GetEnvironmentStringsW
0x57d278 FreeEnvironmentStringsW
0x57d27c LoadLibraryExA
WINSPOOL.DRV
0x57d284 ClosePrinter
0x57d288 DocumentPropertiesW
0x57d28c OpenPrinterW
EAT(Export Address Table) is none
KERNEL32.dll
0x57d000 SizeofResource
0x57d004 LockResource
0x57d008 LoadResource
0x57d00c FindResourceW
0x57d010 GetProcAddress
0x57d014 GetModuleHandleW
0x57d018 SetLastError
0x57d01c GetLastError
0x57d020 GetTickCount
0x57d024 HeapFree
0x57d028 InitializeCriticalSectionAndSpinCount
0x57d02c HeapSize
0x57d030 HeapReAlloc
0x57d034 RaiseException
0x57d038 HeapAlloc
0x57d03c DecodePointer
0x57d040 HeapDestroy
0x57d044 DeleteCriticalSection
0x57d048 GetProcessHeap
0x57d04c WideCharToMultiByte
0x57d050 GlobalAlloc
0x57d054 GlobalSize
0x57d058 GlobalLock
0x57d05c GlobalUnlock
0x57d060 GlobalFree
0x57d064 LocalFree
0x57d068 MulDiv
0x57d06c FormatMessageW
0x57d070 CopyFileW
0x57d074 MultiByteToWideChar
0x57d078 GetCurrentThread
0x57d07c GetCurrentThreadId
0x57d080 GetVersionExW
0x57d084 FreeLibrary
0x57d088 GetModuleFileNameW
0x57d08c LoadLibraryExW
0x57d090 GlobalDeleteAtom
0x57d094 lstrcmpA
0x57d098 lstrcmpW
0x57d09c CompareStringA
0x57d0a0 FreeResource
0x57d0a4 OutputDebugStringA
0x57d0a8 GetModuleHandleA
0x57d0ac LoadLibraryW
0x57d0b0 CloseHandle
0x57d0b4 SetEvent
0x57d0b8 WaitForSingleObject
0x57d0bc CreateEventW
0x57d0c0 SetThreadPriority
0x57d0c4 ResumeThread
0x57d0c8 GetPrivateProfileIntW
0x57d0cc GetPrivateProfileStringW
0x57d0d0 WritePrivateProfileStringW
0x57d0d4 GlobalAddAtomW
0x57d0d8 GetCurrentProcessId
0x57d0dc EncodePointer
0x57d0e0 GetSystemDirectoryW
0x57d0e4 LoadLibraryA
0x57d0e8 GlobalFindAtomW
0x57d0ec EnterCriticalSection
0x57d0f0 LeaveCriticalSection
0x57d0f4 LocalAlloc
0x57d0f8 SystemTimeToTzSpecificLocalTime
0x57d0fc FileTimeToSystemTime
0x57d100 InitializeCriticalSection
0x57d104 TlsAlloc
0x57d108 TlsGetValue
0x57d10c TlsSetValue
0x57d110 TlsFree
0x57d114 GlobalReAlloc
0x57d118 GlobalHandle
0x57d11c LocalReAlloc
0x57d120 GlobalGetAtomNameW
0x57d124 GetThreadLocale
0x57d128 GetCurrentDirectoryW
0x57d12c CompareStringW
0x57d130 GetLocaleInfoW
0x57d134 GetSystemDefaultUILanguage
0x57d138 GetUserDefaultUILanguage
0x57d13c GlobalFlags
0x57d140 DeleteFileW
0x57d144 CreateFileW
0x57d148 FindClose
0x57d14c FindFirstFileW
0x57d150 FlushFileBuffers
0x57d154 GetFileSize
0x57d158 GetFullPathNameW
0x57d15c GetVolumeInformationW
0x57d160 LockFile
0x57d164 ReadFile
0x57d168 SetEndOfFile
0x57d16c SetFilePointer
0x57d170 UnlockFile
0x57d174 WriteFile
0x57d178 DuplicateHandle
0x57d17c GetCurrentProcess
0x57d180 lstrcmpiW
0x57d184 VirtualProtect
0x57d188 FileTimeToLocalFileTime
0x57d18c GetFileAttributesW
0x57d190 GetFileAttributesExW
0x57d194 GetFileSizeEx
0x57d198 GetFileTime
0x57d19c FindNextFileW
0x57d1a0 SetErrorMode
0x57d1a4 GetWindowsDirectoryW
0x57d1a8 lstrcpyW
0x57d1ac FindResourceExW
0x57d1b0 VerSetConditionMask
0x57d1b4 VerifyVersionInfoW
0x57d1b8 GetTempFileNameW
0x57d1bc GetTempPathW
0x57d1c0 GetProfileIntW
0x57d1c4 SearchPathW
0x57d1c8 Sleep
0x57d1cc ResetEvent
0x57d1d0 WaitForSingleObjectEx
0x57d1d4 UnhandledExceptionFilter
0x57d1d8 SetUnhandledExceptionFilter
0x57d1dc TerminateProcess
0x57d1e0 IsProcessorFeaturePresent
0x57d1e4 QueryPerformanceCounter
0x57d1e8 GetSystemTimeAsFileTime
0x57d1ec InitializeSListHead
0x57d1f0 IsDebuggerPresent
0x57d1f4 GetStartupInfoW
0x57d1f8 WriteConsoleW
0x57d1fc SetEnvironmentVariableA
0x57d200 OutputDebugStringW
0x57d204 RtlUnwind
0x57d208 GetCommandLineA
0x57d20c GetCommandLineW
0x57d210 GetSystemInfo
0x57d214 VirtualAlloc
0x57d218 VirtualQuery
0x57d21c CreateThread
0x57d220 ExitThread
0x57d224 FreeLibraryAndExitThread
0x57d228 GetModuleHandleExW
0x57d22c HeapQueryInformation
0x57d230 SetStdHandle
0x57d234 GetFileType
0x57d238 QueryPerformanceFrequency
0x57d23c GetStdHandle
0x57d240 ExitProcess
0x57d244 GetACP
0x57d248 GetStringTypeW
0x57d24c LCMapStringW
0x57d250 GetTimeZoneInformation
0x57d254 GetConsoleCP
0x57d258 GetConsoleMode
0x57d25c ReadConsoleW
0x57d260 SetFilePointerEx
0x57d264 FindFirstFileExW
0x57d268 IsValidCodePage
0x57d26c GetOEMCP
0x57d270 GetCPInfo
0x57d274 GetEnvironmentStringsW
0x57d278 FreeEnvironmentStringsW
0x57d27c LoadLibraryExA
WINSPOOL.DRV
0x57d284 ClosePrinter
0x57d288 DocumentPropertiesW
0x57d28c OpenPrinterW
EAT(Export Address Table) is none