Report - ZeroBOX

ScreenShot

Info
Location map


Created	2023.10.19 09:58	Machine	s1_win7_x6401
Filename	EngineChromium.exe
Type	PE32+ executable (GUI) x86-64, for MS Windows
AI Score	Not founds	Behavior Score	1.6
ZERO API	file : clean
VT API (file)	30 detected (GenericKD, Artemis, TrojanBanker, Bandra, malicious, confidence, 100%, Attribute, HighConfidence, dcuwr, Znyonm, ai score=82, unsafe, CLOUD)
md5	2f943946efaa3e446ee3cbd43a540f5b
sha256	24583182ec1b84afbbe4df0f74bed1c0a378905f7c2a9136eb6dbd65c0811e42
ssdeep	196608:ZU3EEacrhPmCVA9NG6YrYgWepN1YWtJlrnzFtrWfEFF4ch1g:ZcpHhPmCVAe6gVYWtJRrrWgKcc
imphash	6cec7edefbae8ff608d630f3b5df02de
impfuzzy	192:OF71wIfuUnW4ej9E2gWB0vFAklSNupQENjzi/XB:g7WORVPSNupQUq/XB

Network IP location

Signature (4cnts)

Level	Description
danger	File has been identified by 30 AntiVirus engines on VirusTotal as malicious
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	This executable has a PDB path

Rules (12cnts)

Level	Name	Description	Collection
danger	Win32_Trojan_Emotet_2_Zero	Win32 Trojan Emotet	binaries (upload)
danger	Win32_Trojan_Gen_1_0904B0_Zero	Win32 Trojan Emotet	binaries (upload)
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
watch	Antivirus	Contains references to security software	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	Malicious_Packer_Zero	Malicious Packer	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
watch	Win32_Trojan_PWS_Net_1_Zero	Win32 Trojan PWS .NET Azorult	binaries (upload)
info	ftp_command	ftp command	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x1405fd0a8 MultiByteToWideChar
0x1405fd0b0 GetTickCount
0x1405fd0b8 QueryPerformanceFrequency
0x1405fd0c0 QueryPerformanceCounter
0x1405fd0c8 GetModuleHandleW
0x1405fd0d0 FlushInstructionCache
0x1405fd0d8 RtlLookupFunctionEntry
0x1405fd0e0 RtlDeleteFunctionTable
0x1405fd0e8 InterlockedPushEntrySList
0x1405fd0f0 InterlockedFlushSList
0x1405fd0f8 InitializeSListHead
0x1405fd100 GetTickCount64
0x1405fd108 DuplicateHandle
0x1405fd110 QueueUserAPC
0x1405fd118 WaitForSingleObjectEx
0x1405fd120 SetThreadPriority
0x1405fd128 GetThreadPriority
0x1405fd130 ResumeThread
0x1405fd138 GetCurrentThreadId
0x1405fd140 Sleep
0x1405fd148 TlsAlloc
0x1405fd150 GetCurrentThread
0x1405fd158 CreateThread
0x1405fd160 WaitForMultipleObjectsEx
0x1405fd168 SignalObjectAndWait
0x1405fd170 RtlCaptureContext
0x1405fd178 SetThreadStackGuarantee
0x1405fd180 VirtualQuery
0x1405fd188 GetStdHandle
0x1405fd190 WideCharToMultiByte
0x1405fd198 GetConsoleOutputCP
0x1405fd1a0 MapViewOfFileEx
0x1405fd1a8 UnmapViewOfFile
0x1405fd1b0 GetStringTypeExW
0x1405fd1b8 SetEvent
0x1405fd1c0 GetCurrentProcessorNumber
0x1405fd1c8 GlobalMemoryStatusEx
0x1405fd1d0 CreateIoCompletionPort
0x1405fd1d8 PostQueuedCompletionStatus
0x1405fd1e0 SleepEx
0x1405fd1e8 GetQueuedCompletionStatus
0x1405fd1f0 InterlockedPopEntrySList
0x1405fd1f8 GetCurrentProcessorNumberEx
0x1405fd200 ExitProcess
0x1405fd208 CreateMemoryResourceNotification
0x1405fd210 GetProcessAffinityMask
0x1405fd218 SetThreadIdealProcessorEx
0x1405fd220 GetThreadIdealProcessorEx
0x1405fd228 GetLargePageMinimum
0x1405fd230 VirtualUnlock
0x1405fd238 GetLogicalProcessorInformation
0x1405fd240 SetThreadGroupAffinity
0x1405fd248 SetThreadAffinityMask
0x1405fd250 IsProcessInJob
0x1405fd258 QueryInformationJobObject
0x1405fd260 K32GetProcessMemoryInfo
0x1405fd268 VirtualAlloc
0x1405fd270 VirtualFree
0x1405fd278 VirtualProtect
0x1405fd280 SwitchToThread
0x1405fd288 CloseThreadpoolTimer
0x1405fd290 CreateThreadpoolTimer
0x1405fd298 SetThreadpoolTimer
0x1405fd2a0 GetFileSize
0x1405fd2a8 GetEnvironmentVariableW
0x1405fd2b0 SetEnvironmentVariableW
0x1405fd2b8 CreateEventW
0x1405fd2c0 ResetEvent
0x1405fd2c8 CreateSemaphoreExW
0x1405fd2d0 ReleaseSemaphore
0x1405fd2d8 CreateMutexW
0x1405fd2e0 ReleaseMutex
0x1405fd2e8 GetThreadContext
0x1405fd2f0 SuspendThread
0x1405fd2f8 SetThreadContext
0x1405fd300 GetEnabledXStateFeatures
0x1405fd308 InitializeContext
0x1405fd310 RtlRestoreContext
0x1405fd318 RtlInstallFunctionTableCallback
0x1405fd320 GetSystemDefaultLCID
0x1405fd328 GetUserDefaultLCID
0x1405fd330 RtlUnwind
0x1405fd338 LoadLibraryExW
0x1405fd340 HeapAlloc
0x1405fd348 HeapFree
0x1405fd350 GetProcessHeap
0x1405fd358 HeapCreate
0x1405fd360 HeapDestroy
0x1405fd368 GetEnvironmentStringsW
0x1405fd370 FreeEnvironmentStringsW
0x1405fd378 FormatMessageW
0x1405fd380 OutputDebugStringA
0x1405fd388 GetACP
0x1405fd390 LCMapStringEx
0x1405fd398 LocalFree
0x1405fd3a0 VerSetConditionMask
0x1405fd3a8 VerifyVersionInfoW
0x1405fd3b0 FindClose
0x1405fd3b8 GetModuleFileNameW
0x1405fd3c0 FindNextFileW
0x1405fd3c8 QueryThreadCycleTime
0x1405fd3d0 VirtualAllocExNuma
0x1405fd3d8 GetNumaProcessorNodeEx
0x1405fd3e0 GetNumaHighestNodeNumber
0x1405fd3e8 GetLogicalProcessorInformationEx
0x1405fd3f0 GetThreadGroupAffinity
0x1405fd3f8 GetSystemTimes
0x1405fd400 GetSystemTimeAsFileTime
0x1405fd408 CreateFileMappingW
0x1405fd410 CreateProcessW
0x1405fd418 GetCPInfo
0x1405fd420 CreateFileW
0x1405fd428 GetFileAttributesExW
0x1405fd430 GetTempPathW
0x1405fd438 GetCurrentDirectoryW
0x1405fd440 FindFirstFileExW
0x1405fd448 GetFullPathNameW
0x1405fd450 OpenProcess
0x1405fd458 LoadLibraryExA
0x1405fd460 OpenEventW
0x1405fd468 ExitThread
0x1405fd470 HeapReAlloc
0x1405fd478 CreateNamedPipeA
0x1405fd480 WaitForMultipleObjects
0x1405fd488 DisconnectNamedPipe
0x1405fd490 CreateFileA
0x1405fd498 CancelIoEx
0x1405fd4a0 GetOverlappedResult
0x1405fd4a8 ConnectNamedPipe
0x1405fd4b0 FlushFileBuffers
0x1405fd4b8 MapViewOfFile
0x1405fd4c0 GetActiveProcessorGroupCount
0x1405fd4c8 GetSystemTime
0x1405fd4d0 SetConsoleCtrlHandler
0x1405fd4d8 GetLocaleInfoEx
0x1405fd4e0 GetUserDefaultLocaleName
0x1405fd4e8 RtlAddFunctionTable
0x1405fd4f0 CreateDirectoryW
0x1405fd4f8 RemoveDirectoryW
0x1405fd500 GetFileSizeEx
0x1405fd508 LoadLibraryA
0x1405fd510 IsWow64Process
0x1405fd518 InitializeCriticalSectionAndSpinCount
0x1405fd520 AddVectoredExceptionHandler
0x1405fd528 SetUnhandledExceptionFilter
0x1405fd530 UnhandledExceptionFilter
0x1405fd538 TerminateProcess
0x1405fd540 GetCurrentProcessId
0x1405fd548 RaiseFailFastException
0x1405fd550 FreeLibrary
0x1405fd558 RaiseException
0x1405fd560 WaitForSingleObject
0x1405fd568 TlsSetValue
0x1405fd570 TlsGetValue
0x1405fd578 GetSystemInfo
0x1405fd580 IsDebuggerPresent
0x1405fd588 LeaveCriticalSection
0x1405fd590 EnterCriticalSection
0x1405fd598 DeleteCriticalSection
0x1405fd5a0 InitializeCriticalSection
0x1405fd5a8 WriteFile
0x1405fd5b0 GetProcessTimes
0x1405fd5b8 GetCommandLineW
0x1405fd5c0 ReadFile
0x1405fd5c8 SetFilePointer
0x1405fd5d0 GetProcAddress
0x1405fd5d8 GetModuleHandleExW
0x1405fd5e0 SetErrorMode
0x1405fd5e8 CloseHandle
0x1405fd5f0 GetCurrentProcess
0x1405fd5f8 FlushProcessWriteBuffers
0x1405fd600 SetLastError
0x1405fd608 GetLastError
0x1405fd610 OutputDebugStringW
0x1405fd618 SetXStateFeaturesMask
0x1405fd620 DebugBreak
0x1405fd628 DecodePointer
0x1405fd630 GetStringTypeW
0x1405fd638 RtlVirtualUnwind
0x1405fd640 IsProcessorFeaturePresent
0x1405fd648 RtlUnwindEx
0x1405fd650 EncodePointer
0x1405fd658 TlsFree
0x1405fd660 RtlPcToFileHeader
0x1405fd668 InitializeConditionVariable
0x1405fd670 WakeConditionVariable
0x1405fd678 WakeAllConditionVariable
0x1405fd680 SleepConditionVariableCS
0x1405fd688 SleepConditionVariableSRW
0x1405fd690 InitializeSRWLock
0x1405fd698 ReleaseSRWLockExclusive
0x1405fd6a0 AcquireSRWLockExclusive
0x1405fd6a8 InitializeCriticalSectionEx
0x1405fd6b0 TryEnterCriticalSection
0x1405fd6b8 GetExitCodeThread
0x1405fd6c0 CreateFileMappingA
ADVAPI32.dll
0x1405fd000 RegGetValueW
0x1405fd008 SetKernelObjectSecurity
0x1405fd010 GetSidSubAuthorityCount
0x1405fd018 GetSidSubAuthority
0x1405fd020 GetTokenInformation
0x1405fd028 DeregisterEventSource
0x1405fd030 ReportEventW
0x1405fd038 RegisterEventSourceW
0x1405fd040 RegQueryValueExW
0x1405fd048 RegOpenKeyExW
0x1405fd050 RegCloseKey
0x1405fd058 EventRegister
0x1405fd060 AdjustTokenPrivileges
0x1405fd068 OpenProcessToken
0x1405fd070 LookupPrivilegeValueW
0x1405fd078 SetThreadToken
0x1405fd080 RevertToSelf
0x1405fd088 OpenThreadToken
0x1405fd090 EventWriteTransfer
0x1405fd098 EventWrite
ole32.dll
0x1405fde10 CoGetClassObject
0x1405fde18 CoGetContextToken
0x1405fde20 CoGetObjectContext
0x1405fde28 CoUnmarshalInterface
0x1405fde30 StringFromGUID2
0x1405fde38 CoCreateFreeThreadedMarshaler
0x1405fde40 CoUninitialize
0x1405fde48 CoWaitForMultipleHandles
0x1405fde50 CoRegisterInitializeSpy
0x1405fde58 CoMarshalInterface
0x1405fde60 CreateStreamOnHGlobal
0x1405fde68 CoCreateGuid
0x1405fde70 CoRevokeInitializeSpy
0x1405fde78 CoTaskMemAlloc
0x1405fde80 CoTaskMemFree
0x1405fde88 CoInitializeEx
0x1405fde90 CoReleaseMarshalData
0x1405fde98 IIDFromString
0x1405fdea0 CLSIDFromProgID
0x1405fdea8 CoGetMarshalSizeMax
OLEAUT32.dll
0x1405fd6d0 SafeArrayAllocData
0x1405fd6d8 SafeArrayGetElemsize
0x1405fd6e0 SysStringByteLen
0x1405fd6e8 SysAllocStringByteLen
0x1405fd6f0 SafeArrayCreateVector
0x1405fd6f8 SafeArrayPutElement
0x1405fd700 LoadRegTypeLib
0x1405fd708 CreateErrorInfo
0x1405fd710 SafeArrayAllocDescriptorEx
0x1405fd718 VarCyFromDec
0x1405fd720 VariantInit
0x1405fd728 VariantClear
0x1405fd730 SafeArraySetRecordInfo
0x1405fd738 VariantChangeType
0x1405fd740 SafeArrayGetVartype
0x1405fd748 LoadTypeLibEx
0x1405fd750 QueryPathOfRegTypeLib
0x1405fd758 SafeArrayDestroy
0x1405fd760 SafeArrayGetLBound
0x1405fd768 SafeArrayGetDim
0x1405fd770 SysAllocStringLen
0x1405fd778 SysStringLen
0x1405fd780 SysAllocString
0x1405fd788 SetErrorInfo
0x1405fd790 GetErrorInfo
0x1405fd798 SysFreeString
0x1405fd7a0 VariantChangeTypeEx
0x1405fd7a8 GetRecordInfoFromTypeInfo
USER32.dll
0x1405fd7c8 MessageBoxW
0x1405fd7d0 LoadStringW
SHELL32.dll
0x1405fd7b8 ShellExecuteW
api-ms-win-crt-string-l1-1-0.dll
0x1405fdcc0 isupper
0x1405fdcc8 strncpy_s
0x1405fdcd0 strncmp
0x1405fdcd8 _strnicmp
0x1405fdce0 wcsncat_s
0x1405fdce8 _stricmp
0x1405fdcf0 tolower
0x1405fdcf8 wcsncmp
0x1405fdd00 iswupper
0x1405fdd08 towlower
0x1405fdd10 isalpha
0x1405fdd18 isdigit
0x1405fdd20 wcstok_s
0x1405fdd28 strnlen
0x1405fdd30 strcspn
0x1405fdd38 iswascii
0x1405fdd40 towupper
0x1405fdd48 _wcsdup
0x1405fdd50 wcscat_s
0x1405fdd58 wcscpy_s
0x1405fdd60 strcpy_s
0x1405fdd68 islower
0x1405fdd70 strlen
0x1405fdd78 strcmp
0x1405fdd80 _wcsnicmp
0x1405fdd88 strtok_s
0x1405fdd90 isspace
0x1405fdd98 __strncnt
0x1405fdda0 strncat_s
0x1405fdda8 strcat_s
0x1405fddb0 iswspace
0x1405fddb8 wcsnlen
0x1405fddc0 _wcsicmp
0x1405fddc8 wcsncpy_s
0x1405fddd0 _strdup
api-ms-win-crt-stdio-l1-1-0.dll
0x1405fdb90 fclose
0x1405fdb98 _wfopen
0x1405fdba0 __p__commode
0x1405fdba8 _set_fmode
0x1405fdbb0 fgets
0x1405fdbb8 __stdio_common_vsscanf
0x1405fdbc0 __stdio_common_vsnwprintf_s
0x1405fdbc8 fputs
0x1405fdbd0 fopen
0x1405fdbd8 __stdio_common_vsnprintf_s
0x1405fdbe0 fwrite
0x1405fdbe8 __stdio_common_vswprintf_s
0x1405fdbf0 fputws
0x1405fdbf8 _putws
0x1405fdc00 _flushall
0x1405fdc08 __stdio_common_vfprintf
0x1405fdc10 fseek
0x1405fdc18 __stdio_common_vsprintf_s
0x1405fdc20 fputwc
0x1405fdc28 __acrt_iob_func
0x1405fdc30 fflush
0x1405fdc38 ftell
0x1405fdc40 _fileno
0x1405fdc48 _wfsopen
0x1405fdc50 _get_stream_buffer_pointers
0x1405fdc58 _fseeki64
0x1405fdc60 fread
0x1405fdc68 fsetpos
0x1405fdc70 ungetc
0x1405fdc78 fgetpos
0x1405fdc80 _dup
0x1405fdc88 _setmode
0x1405fdc90 setvbuf
0x1405fdc98 __stdio_common_vfwprintf
0x1405fdca0 __stdio_common_vswprintf
0x1405fdca8 fputc
0x1405fdcb0 fgetc
api-ms-win-crt-runtime-l1-1-0.dll
0x1405fdac0 _wcserror
0x1405fdac8 _invalid_parameter_noinfo
0x1405fdad0 _errno
0x1405fdad8 _controlfp_s
0x1405fdae0 abort
0x1405fdae8 exit
0x1405fdaf0 _initialize_onexit_table
0x1405fdaf8 _register_onexit_function
0x1405fdb00 _crt_atexit
0x1405fdb08 _cexit
0x1405fdb10 _seh_filter_exe
0x1405fdb18 _set_app_type
0x1405fdb20 _configure_wide_argv
0x1405fdb28 _initialize_wide_environment
0x1405fdb30 _get_initial_wide_environment
0x1405fdb38 _initterm
0x1405fdb40 _initterm_e
0x1405fdb48 _exit
0x1405fdb50 terminate
0x1405fdb58 __p___argc
0x1405fdb60 __p___wargv
0x1405fdb68 _c_exit
0x1405fdb70 _register_thread_local_exe_atexit_callback
0x1405fdb78 _invalid_parameter_noinfo_noreturn
0x1405fdb80 _beginthreadex
api-ms-win-crt-convert-l1-1-0.dll
0x1405fd7e0 _wtoi
0x1405fd7e8 _ltow_s
0x1405fd7f0 atol
0x1405fd7f8 _atoi64
0x1405fd800 strtoull
0x1405fd808 wcstoul
0x1405fd810 _itow_s
0x1405fd818 strtoul
0x1405fd820 _wcstoui64
api-ms-win-crt-heap-l1-1-0.dll
0x1405fd858 _set_new_mode
0x1405fd860 malloc
0x1405fd868 realloc
0x1405fd870 calloc
0x1405fd878 free
api-ms-win-crt-utility-l1-1-0.dll
0x1405fde00 qsort
api-ms-win-crt-math-l1-1-0.dll
0x1405fd8d8 cosf
0x1405fd8e0 cos
0x1405fd8e8 ceilf
0x1405fd8f0 ceil
0x1405fd8f8 atanf
0x1405fd900 atan2f
0x1405fd908 atan2
0x1405fd910 atan
0x1405fd918 asinf
0x1405fd920 asin
0x1405fd928 acosf
0x1405fd930 acos
0x1405fd938 modff
0x1405fd940 log2
0x1405fd948 atanh
0x1405fd950 acosh
0x1405fd958 ilogb
0x1405fd960 cbrt
0x1405fd968 asinh
0x1405fd970 asinhf
0x1405fd978 ilogbf
0x1405fd980 cosh
0x1405fd988 cbrtf
0x1405fd990 acoshf
0x1405fd998 log2f
0x1405fd9a0 coshf
0x1405fd9a8 fmod
0x1405fd9b0 powf
0x1405fd9b8 pow
0x1405fd9c0 fmodf
0x1405fd9c8 log
0x1405fd9d0 exp
0x1405fd9d8 expf
0x1405fd9e0 _fdopen
0x1405fd9e8 floor
0x1405fd9f0 modf
0x1405fd9f8 _copysignf
0x1405fda00 _isnanf
0x1405fda08 floorf
0x1405fda10 tanhf
0x1405fda18 tanh
0x1405fda20 fma
0x1405fda28 fmaf
0x1405fda30 frexp
0x1405fda38 log10
0x1405fda40 log10f
0x1405fda48 _copysign
0x1405fda50 _isnan
0x1405fda58 logf
0x1405fda60 __setusermatherr
0x1405fda68 sin
0x1405fda70 sinf
0x1405fda78 atanhf
0x1405fda80 _finite
0x1405fda88 sinh
0x1405fda90 tanf
0x1405fda98 sinhf
0x1405fdaa0 sqrt
0x1405fdaa8 sqrtf
0x1405fdab0 tan
api-ms-win-crt-time-l1-1-0.dll
0x1405fdde0 _gmtime64_s
0x1405fdde8 _time64
0x1405fddf0 wcsftime
api-ms-win-crt-locale-l1-1-0.dll
0x1405fd888 _lock_locales
0x1405fd890 _unlock_locales
0x1405fd898 localeconv
0x1405fd8a0 setlocale
0x1405fd8a8 _configthreadlocale
0x1405fd8b0 __pctype_func
0x1405fd8b8 ___lc_locale_name_func
0x1405fd8c0 ___lc_codepage_func
0x1405fd8c8 ___mb_cur_max_func
api-ms-win-crt-filesystem-l1-1-0.dll
0x1405fd830 _wremove
0x1405fd838 _wrename
0x1405fd840 _lock_file
0x1405fd848 _unlock_file

EAT(Export Address Table) Library

0x140787f4c CLRJitAttachState
0x1407764a0 DotNetRuntimeInfo
0x140544f30 MetaDataGetDispenser
0x140775cd0 g_CLREngineMetrics

Report - EngineChromium.exe

Signature (4cnts)

Rules (12cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure