popup

Report - 1.dll

Emotet Gen1 Generic Malware Malicious Library Malicious Packer Antivirus UPX PE32 PE File DLL DllRegisterServer dll OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.12.04 18:12 Machine s1_win7_x6403
Filename 1.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
12
 Behavior Score
1.8
ZERO API file : mailcious
VT API (file) 35 detected (AIDetectMalware, Babar, Save, malicious, confidence, ZedlaF, @x4@a8WWHcjb, Attribute, HighConfidence, high confidence, FlyStudio, score, Generic ML PUA, Static AI, Malicious PE, hijiu, Detected, ai score=89, OSCF@5rs7jr, 1KQMTX4, FlyAgent, Eldorado, BScope, TrojanPSW, Gamania, unsafe, ShellCodeRunner, CLASSIC, PackedFlyStudio)
md5 60cdf8bcf6966eac70e5f38c26c0003c
sha256 fcc18951dbc561372aca457cc28b1903561c19ce2d8a9f3de2e35c6cd4a35dcb
ssdeep 98304:HJKtA3jwCmf9WgdaxVAMHayPqyzRgLO5/LUGbHNk0EmM8sQdejMU:6YJ29kxeMfRxNk0EmMiy
imphash 09adf08de1c24b959dc1d60d4aeafc73
impfuzzy 192:OmP4+0hKCw5UqT0DTzStsx5cRcDcaKSZY5OQbb1AFCd:y+0K5TEE2+OQbbyQd
  Network IP location

Signature (4cnts)

Level Description
danger File has been identified by 35 AntiVirus engines on VirusTotal as malicious
notice Foreign language identified in PE resource
info The executable uses a known packer
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (12cnts)

Level Name Description Collection
danger Win32_Trojan_Emotet_1_Zero Win32 Trojan Emotet binaries (upload)
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (upload)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Antivirus Contains references to security software binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info DllRegisterServer_Zero execute regsvr32.exe binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids


Similarity measure (PE file only) - Checking for service failure