ScreenShot
| Created | 2023.10.27 00:09 | Machine | s1_win7_x6401 |
| Filename | winrar-x64-700b1.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 2 detected (AIDetectMalware) | ||
| md5 | ec258c62501e30c84217db59cd156e84 | ||
| sha256 | 672837ea26b14cd6d6117a769bb01672045db533847e357331471271cbad1a64 | ||
| ssdeep | 98304:ea8BfKEBaP2bW2OQZWQ5je9sjMAvmOk4c:n/2ZegMpOk4c | ||
| imphash | 7b1b7be9b33b393d0cea67e08d991dd0 | ||
| impfuzzy | 48:J9gOdzKckLXF9Bi+fcIX1IuNxLpt0/XCBs0Dv:JGGKckLXFji+fcIX1I0pt0/XCBsOv | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates executable files on the filesystem |
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (17cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | chm_file_format | chm file format | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140043000 GetLastError
0x140043008 FormatMessageW
0x140043010 LocalFree
0x140043018 SetLastError
0x140043020 CreateHardLinkW
0x140043028 SetFileTime
0x140043030 GetCurrentProcess
0x140043038 CloseHandle
0x140043040 CreateFileW
0x140043048 DeviceIoControl
0x140043050 RemoveDirectoryW
0x140043058 DeleteFileW
0x140043060 GetLongPathNameW
0x140043068 GetShortPathNameW
0x140043070 MoveFileW
0x140043078 GetStdHandle
0x140043080 WriteFile
0x140043088 ReadFile
0x140043090 SetFilePointer
0x140043098 SetEndOfFile
0x1400430a0 FlushFileBuffers
0x1400430a8 GetFileType
0x1400430b0 CreateDirectoryW
0x1400430b8 GetFileAttributesW
0x1400430c0 SetFileAttributesW
0x1400430c8 GetCurrentProcessId
0x1400430d0 FindClose
0x1400430d8 FindFirstFileW
0x1400430e0 FindNextFileW
0x1400430e8 GetVersionExW
0x1400430f0 GetFullPathNameW
0x1400430f8 FoldStringW
0x140043100 GetModuleFileNameW
0x140043108 SetCurrentDirectoryW
0x140043110 GetCurrentDirectoryW
0x140043118 GetModuleHandleW
0x140043120 FindResourceW
0x140043128 FreeLibrary
0x140043130 GetProcAddress
0x140043138 SetThreadExecutionState
0x140043140 CompareStringW
0x140043148 AllocConsole
0x140043150 AttachConsole
0x140043158 WriteConsoleW
0x140043160 Sleep
0x140043168 FreeConsole
0x140043170 ExitProcess
0x140043178 GetSystemDirectoryW
0x140043180 LoadLibraryW
0x140043188 InitializeCriticalSection
0x140043190 DeleteCriticalSection
0x140043198 EnterCriticalSection
0x1400431a0 LeaveCriticalSection
0x1400431a8 CreateThread
0x1400431b0 WaitForSingleObject
0x1400431b8 GetProcessAffinityMask
0x1400431c0 CreateSemaphoreW
0x1400431c8 CreateEventW
0x1400431d0 ReleaseSemaphore
0x1400431d8 SetThreadPriority
0x1400431e0 SetEvent
0x1400431e8 ResetEvent
0x1400431f0 FileTimeToLocalFileTime
0x1400431f8 FileTimeToSystemTime
0x140043200 SystemTimeToTzSpecificLocalTime
0x140043208 SystemTimeToFileTime
0x140043210 LocalFileTimeToFileTime
0x140043218 TzSpecificLocalTimeToSystemTime
0x140043220 GetSystemTime
0x140043228 WideCharToMultiByte
0x140043230 MultiByteToWideChar
0x140043238 GetCPInfo
0x140043240 IsDBCSLeadByte
0x140043248 GlobalAlloc
0x140043250 SizeofResource
0x140043258 LoadResource
0x140043260 LockResource
0x140043268 GlobalLock
0x140043270 GlobalUnlock
0x140043278 GlobalFree
0x140043280 GetDateFormatW
0x140043288 GetTimeFormatW
0x140043290 GlobalMemoryStatusEx
0x140043298 GetLocaleInfoW
0x1400432a0 GetNumberFormatW
0x1400432a8 GetCommandLineW
0x1400432b0 OpenFileMappingW
0x1400432b8 MapViewOfFile
0x1400432c0 UnmapViewOfFile
0x1400432c8 SetEnvironmentVariableW
0x1400432d0 GetLocalTime
0x1400432d8 GetTickCount
0x1400432e0 CreateFileMappingW
0x1400432e8 MoveFileExW
0x1400432f0 GetTempPathW
0x1400432f8 GetExitCodeProcess
0x140043300 GetConsoleMode
0x140043308 GetConsoleOutputCP
0x140043310 HeapSize
0x140043318 SetFilePointerEx
0x140043320 GetStringTypeW
0x140043328 SetStdHandle
0x140043330 GetProcessHeap
0x140043338 LCMapStringW
0x140043340 FlsFree
0x140043348 FlsSetValue
0x140043350 RaiseException
0x140043358 GetSystemInfo
0x140043360 VirtualProtect
0x140043368 VirtualQuery
0x140043370 LoadLibraryExA
0x140043378 RtlCaptureContext
0x140043380 RtlLookupFunctionEntry
0x140043388 RtlVirtualUnwind
0x140043390 UnhandledExceptionFilter
0x140043398 SetUnhandledExceptionFilter
0x1400433a0 TerminateProcess
0x1400433a8 IsProcessorFeaturePresent
0x1400433b0 InitializeCriticalSectionAndSpinCount
0x1400433b8 WaitForSingleObjectEx
0x1400433c0 IsDebuggerPresent
0x1400433c8 GetStartupInfoW
0x1400433d0 QueryPerformanceCounter
0x1400433d8 GetCurrentThreadId
0x1400433e0 GetSystemTimeAsFileTime
0x1400433e8 InitializeSListHead
0x1400433f0 RtlUnwindEx
0x1400433f8 RtlPcToFileHeader
0x140043400 EncodePointer
0x140043408 TlsAlloc
0x140043410 TlsGetValue
0x140043418 TlsSetValue
0x140043420 TlsFree
0x140043428 LoadLibraryExW
0x140043430 QueryPerformanceFrequency
0x140043438 GetModuleHandleExW
0x140043440 HeapFree
0x140043448 HeapAlloc
0x140043450 HeapReAlloc
0x140043458 FindFirstFileExW
0x140043460 IsValidCodePage
0x140043468 GetACP
0x140043470 GetOEMCP
0x140043478 GetCommandLineA
0x140043480 GetEnvironmentStringsW
0x140043488 FreeEnvironmentStringsW
0x140043490 FlsAlloc
0x140043498 FlsGetValue
OLEAUT32.dll
0x1400434a8 SysAllocString
0x1400434b0 SysFreeString
0x1400434b8 VariantClear
gdiplus.dll
0x1400434c8 GdipFree
0x1400434d0 GdipAlloc
0x1400434d8 GdipCloneImage
0x1400434e0 GdipDisposeImage
0x1400434e8 GdipCreateHBITMAPFromBitmap
0x1400434f0 GdiplusStartup
0x1400434f8 GdiplusShutdown
0x140043500 GdipCreateBitmapFromStream
EAT(Export Address Table) Library
KERNEL32.dll
0x140043000 GetLastError
0x140043008 FormatMessageW
0x140043010 LocalFree
0x140043018 SetLastError
0x140043020 CreateHardLinkW
0x140043028 SetFileTime
0x140043030 GetCurrentProcess
0x140043038 CloseHandle
0x140043040 CreateFileW
0x140043048 DeviceIoControl
0x140043050 RemoveDirectoryW
0x140043058 DeleteFileW
0x140043060 GetLongPathNameW
0x140043068 GetShortPathNameW
0x140043070 MoveFileW
0x140043078 GetStdHandle
0x140043080 WriteFile
0x140043088 ReadFile
0x140043090 SetFilePointer
0x140043098 SetEndOfFile
0x1400430a0 FlushFileBuffers
0x1400430a8 GetFileType
0x1400430b0 CreateDirectoryW
0x1400430b8 GetFileAttributesW
0x1400430c0 SetFileAttributesW
0x1400430c8 GetCurrentProcessId
0x1400430d0 FindClose
0x1400430d8 FindFirstFileW
0x1400430e0 FindNextFileW
0x1400430e8 GetVersionExW
0x1400430f0 GetFullPathNameW
0x1400430f8 FoldStringW
0x140043100 GetModuleFileNameW
0x140043108 SetCurrentDirectoryW
0x140043110 GetCurrentDirectoryW
0x140043118 GetModuleHandleW
0x140043120 FindResourceW
0x140043128 FreeLibrary
0x140043130 GetProcAddress
0x140043138 SetThreadExecutionState
0x140043140 CompareStringW
0x140043148 AllocConsole
0x140043150 AttachConsole
0x140043158 WriteConsoleW
0x140043160 Sleep
0x140043168 FreeConsole
0x140043170 ExitProcess
0x140043178 GetSystemDirectoryW
0x140043180 LoadLibraryW
0x140043188 InitializeCriticalSection
0x140043190 DeleteCriticalSection
0x140043198 EnterCriticalSection
0x1400431a0 LeaveCriticalSection
0x1400431a8 CreateThread
0x1400431b0 WaitForSingleObject
0x1400431b8 GetProcessAffinityMask
0x1400431c0 CreateSemaphoreW
0x1400431c8 CreateEventW
0x1400431d0 ReleaseSemaphore
0x1400431d8 SetThreadPriority
0x1400431e0 SetEvent
0x1400431e8 ResetEvent
0x1400431f0 FileTimeToLocalFileTime
0x1400431f8 FileTimeToSystemTime
0x140043200 SystemTimeToTzSpecificLocalTime
0x140043208 SystemTimeToFileTime
0x140043210 LocalFileTimeToFileTime
0x140043218 TzSpecificLocalTimeToSystemTime
0x140043220 GetSystemTime
0x140043228 WideCharToMultiByte
0x140043230 MultiByteToWideChar
0x140043238 GetCPInfo
0x140043240 IsDBCSLeadByte
0x140043248 GlobalAlloc
0x140043250 SizeofResource
0x140043258 LoadResource
0x140043260 LockResource
0x140043268 GlobalLock
0x140043270 GlobalUnlock
0x140043278 GlobalFree
0x140043280 GetDateFormatW
0x140043288 GetTimeFormatW
0x140043290 GlobalMemoryStatusEx
0x140043298 GetLocaleInfoW
0x1400432a0 GetNumberFormatW
0x1400432a8 GetCommandLineW
0x1400432b0 OpenFileMappingW
0x1400432b8 MapViewOfFile
0x1400432c0 UnmapViewOfFile
0x1400432c8 SetEnvironmentVariableW
0x1400432d0 GetLocalTime
0x1400432d8 GetTickCount
0x1400432e0 CreateFileMappingW
0x1400432e8 MoveFileExW
0x1400432f0 GetTempPathW
0x1400432f8 GetExitCodeProcess
0x140043300 GetConsoleMode
0x140043308 GetConsoleOutputCP
0x140043310 HeapSize
0x140043318 SetFilePointerEx
0x140043320 GetStringTypeW
0x140043328 SetStdHandle
0x140043330 GetProcessHeap
0x140043338 LCMapStringW
0x140043340 FlsFree
0x140043348 FlsSetValue
0x140043350 RaiseException
0x140043358 GetSystemInfo
0x140043360 VirtualProtect
0x140043368 VirtualQuery
0x140043370 LoadLibraryExA
0x140043378 RtlCaptureContext
0x140043380 RtlLookupFunctionEntry
0x140043388 RtlVirtualUnwind
0x140043390 UnhandledExceptionFilter
0x140043398 SetUnhandledExceptionFilter
0x1400433a0 TerminateProcess
0x1400433a8 IsProcessorFeaturePresent
0x1400433b0 InitializeCriticalSectionAndSpinCount
0x1400433b8 WaitForSingleObjectEx
0x1400433c0 IsDebuggerPresent
0x1400433c8 GetStartupInfoW
0x1400433d0 QueryPerformanceCounter
0x1400433d8 GetCurrentThreadId
0x1400433e0 GetSystemTimeAsFileTime
0x1400433e8 InitializeSListHead
0x1400433f0 RtlUnwindEx
0x1400433f8 RtlPcToFileHeader
0x140043400 EncodePointer
0x140043408 TlsAlloc
0x140043410 TlsGetValue
0x140043418 TlsSetValue
0x140043420 TlsFree
0x140043428 LoadLibraryExW
0x140043430 QueryPerformanceFrequency
0x140043438 GetModuleHandleExW
0x140043440 HeapFree
0x140043448 HeapAlloc
0x140043450 HeapReAlloc
0x140043458 FindFirstFileExW
0x140043460 IsValidCodePage
0x140043468 GetACP
0x140043470 GetOEMCP
0x140043478 GetCommandLineA
0x140043480 GetEnvironmentStringsW
0x140043488 FreeEnvironmentStringsW
0x140043490 FlsAlloc
0x140043498 FlsGetValue
OLEAUT32.dll
0x1400434a8 SysAllocString
0x1400434b0 SysFreeString
0x1400434b8 VariantClear
gdiplus.dll
0x1400434c8 GdipFree
0x1400434d0 GdipAlloc
0x1400434d8 GdipCloneImage
0x1400434e0 GdipDisposeImage
0x1400434e8 GdipCreateHBITMAPFromBitmap
0x1400434f0 GdiplusStartup
0x1400434f8 GdiplusShutdown
0x140043500 GdipCreateBitmapFromStream
EAT(Export Address Table) Library