ScreenShot
Created | 2024.02.05 16:41 | Machine | s1_win7_x6403 |
Filename | main.exe | ||
Type | PE32+ executable (console) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 13 detected (Malicious, score, unsafe, Save, Artemis, Pyfatget, Wacatac, Casdet, Chgt, Static AI, Suspicious PE) | ||
md5 | 847a21513809ca25f688d6a34b3d3599 | ||
sha256 | 7e35e936aaf628cc8d82296dc3677551e6ef2117ea8cc1adb36702da8e8a2b46 | ||
ssdeep | 98304:e88jkCIf8708vsa2x6OMD/x/0feyGgatgQ940BDlgwdnpka9R/k9t+28Gt+xB70+:e8QF08JPDfyGgjwBdnpkYRMOzeC | ||
imphash | bae3d3e8262d7ce7e9ee69cc1b630d3a | ||
impfuzzy | 48:lEkCpS9IteXhEc+p4uCJcgTkOtVil/mbU1M:lCpSmteXhEc+p4ustki8qyM |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
notice | Creates executable files on the filesystem |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | Checks amount of memory in system |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (14cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
info | IsDLL | (no description) | binaries (download) |
info | IsPE64 | (no description) | binaries (download) |
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x14002b360 GetWindowThreadProcessId
0x14002b368 ShowWindow
KERNEL32.dll
0x14002b028 GetModuleFileNameW
0x14002b030 CreateSymbolicLinkW
0x14002b038 GetProcAddress
0x14002b040 GetCommandLineW
0x14002b048 GetEnvironmentVariableW
0x14002b050 SetEnvironmentVariableW
0x14002b058 ExpandEnvironmentStringsW
0x14002b060 CreateDirectoryW
0x14002b068 GetTempPathW
0x14002b070 WaitForSingleObject
0x14002b078 Sleep
0x14002b080 GetExitCodeProcess
0x14002b088 CreateProcessW
0x14002b090 SetDllDirectoryW
0x14002b098 FreeLibrary
0x14002b0a0 LoadLibraryExW
0x14002b0a8 SetConsoleCtrlHandler
0x14002b0b0 FindClose
0x14002b0b8 FindFirstFileExW
0x14002b0c0 CloseHandle
0x14002b0c8 GetCurrentProcess
0x14002b0d0 GetCurrentProcessId
0x14002b0d8 LocalFree
0x14002b0e0 FormatMessageW
0x14002b0e8 MultiByteToWideChar
0x14002b0f0 WideCharToMultiByte
0x14002b0f8 GetConsoleWindow
0x14002b100 HeapSize
0x14002b108 GetLastError
0x14002b110 WriteConsoleW
0x14002b118 SetEndOfFile
0x14002b120 GetStartupInfoW
0x14002b128 TlsSetValue
0x14002b130 RtlCaptureContext
0x14002b138 RtlLookupFunctionEntry
0x14002b140 RtlVirtualUnwind
0x14002b148 UnhandledExceptionFilter
0x14002b150 SetUnhandledExceptionFilter
0x14002b158 TerminateProcess
0x14002b160 IsProcessorFeaturePresent
0x14002b168 QueryPerformanceCounter
0x14002b170 GetCurrentThreadId
0x14002b178 GetSystemTimeAsFileTime
0x14002b180 InitializeSListHead
0x14002b188 IsDebuggerPresent
0x14002b190 GetModuleHandleW
0x14002b198 RtlUnwindEx
0x14002b1a0 SetLastError
0x14002b1a8 EnterCriticalSection
0x14002b1b0 LeaveCriticalSection
0x14002b1b8 DeleteCriticalSection
0x14002b1c0 InitializeCriticalSectionAndSpinCount
0x14002b1c8 TlsAlloc
0x14002b1d0 TlsGetValue
0x14002b1d8 TlsFree
0x14002b1e0 EncodePointer
0x14002b1e8 RaiseException
0x14002b1f0 RtlPcToFileHeader
0x14002b1f8 GetCommandLineA
0x14002b200 CreateFileW
0x14002b208 GetDriveTypeW
0x14002b210 GetFileInformationByHandle
0x14002b218 GetFileType
0x14002b220 PeekNamedPipe
0x14002b228 SystemTimeToTzSpecificLocalTime
0x14002b230 FileTimeToSystemTime
0x14002b238 GetFullPathNameW
0x14002b240 RemoveDirectoryW
0x14002b248 FindNextFileW
0x14002b250 SetStdHandle
0x14002b258 DeleteFileW
0x14002b260 ReadFile
0x14002b268 GetStdHandle
0x14002b270 WriteFile
0x14002b278 ExitProcess
0x14002b280 GetModuleHandleExW
0x14002b288 HeapFree
0x14002b290 GetConsoleMode
0x14002b298 ReadConsoleW
0x14002b2a0 SetFilePointerEx
0x14002b2a8 GetConsoleOutputCP
0x14002b2b0 GetFileSizeEx
0x14002b2b8 HeapAlloc
0x14002b2c0 FlsAlloc
0x14002b2c8 FlsGetValue
0x14002b2d0 FlsSetValue
0x14002b2d8 FlsFree
0x14002b2e0 CompareStringW
0x14002b2e8 LCMapStringW
0x14002b2f0 GetCurrentDirectoryW
0x14002b2f8 FlushFileBuffers
0x14002b300 HeapReAlloc
0x14002b308 GetFileAttributesExW
0x14002b310 GetStringTypeW
0x14002b318 IsValidCodePage
0x14002b320 GetACP
0x14002b328 GetOEMCP
0x14002b330 GetCPInfo
0x14002b338 GetEnvironmentStringsW
0x14002b340 FreeEnvironmentStringsW
0x14002b348 GetProcessHeap
0x14002b350 GetTimeZoneInformation
ADVAPI32.dll
0x14002b000 ConvertSidToStringSidW
0x14002b008 GetTokenInformation
0x14002b010 OpenProcessToken
0x14002b018 ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none
USER32.dll
0x14002b360 GetWindowThreadProcessId
0x14002b368 ShowWindow
KERNEL32.dll
0x14002b028 GetModuleFileNameW
0x14002b030 CreateSymbolicLinkW
0x14002b038 GetProcAddress
0x14002b040 GetCommandLineW
0x14002b048 GetEnvironmentVariableW
0x14002b050 SetEnvironmentVariableW
0x14002b058 ExpandEnvironmentStringsW
0x14002b060 CreateDirectoryW
0x14002b068 GetTempPathW
0x14002b070 WaitForSingleObject
0x14002b078 Sleep
0x14002b080 GetExitCodeProcess
0x14002b088 CreateProcessW
0x14002b090 SetDllDirectoryW
0x14002b098 FreeLibrary
0x14002b0a0 LoadLibraryExW
0x14002b0a8 SetConsoleCtrlHandler
0x14002b0b0 FindClose
0x14002b0b8 FindFirstFileExW
0x14002b0c0 CloseHandle
0x14002b0c8 GetCurrentProcess
0x14002b0d0 GetCurrentProcessId
0x14002b0d8 LocalFree
0x14002b0e0 FormatMessageW
0x14002b0e8 MultiByteToWideChar
0x14002b0f0 WideCharToMultiByte
0x14002b0f8 GetConsoleWindow
0x14002b100 HeapSize
0x14002b108 GetLastError
0x14002b110 WriteConsoleW
0x14002b118 SetEndOfFile
0x14002b120 GetStartupInfoW
0x14002b128 TlsSetValue
0x14002b130 RtlCaptureContext
0x14002b138 RtlLookupFunctionEntry
0x14002b140 RtlVirtualUnwind
0x14002b148 UnhandledExceptionFilter
0x14002b150 SetUnhandledExceptionFilter
0x14002b158 TerminateProcess
0x14002b160 IsProcessorFeaturePresent
0x14002b168 QueryPerformanceCounter
0x14002b170 GetCurrentThreadId
0x14002b178 GetSystemTimeAsFileTime
0x14002b180 InitializeSListHead
0x14002b188 IsDebuggerPresent
0x14002b190 GetModuleHandleW
0x14002b198 RtlUnwindEx
0x14002b1a0 SetLastError
0x14002b1a8 EnterCriticalSection
0x14002b1b0 LeaveCriticalSection
0x14002b1b8 DeleteCriticalSection
0x14002b1c0 InitializeCriticalSectionAndSpinCount
0x14002b1c8 TlsAlloc
0x14002b1d0 TlsGetValue
0x14002b1d8 TlsFree
0x14002b1e0 EncodePointer
0x14002b1e8 RaiseException
0x14002b1f0 RtlPcToFileHeader
0x14002b1f8 GetCommandLineA
0x14002b200 CreateFileW
0x14002b208 GetDriveTypeW
0x14002b210 GetFileInformationByHandle
0x14002b218 GetFileType
0x14002b220 PeekNamedPipe
0x14002b228 SystemTimeToTzSpecificLocalTime
0x14002b230 FileTimeToSystemTime
0x14002b238 GetFullPathNameW
0x14002b240 RemoveDirectoryW
0x14002b248 FindNextFileW
0x14002b250 SetStdHandle
0x14002b258 DeleteFileW
0x14002b260 ReadFile
0x14002b268 GetStdHandle
0x14002b270 WriteFile
0x14002b278 ExitProcess
0x14002b280 GetModuleHandleExW
0x14002b288 HeapFree
0x14002b290 GetConsoleMode
0x14002b298 ReadConsoleW
0x14002b2a0 SetFilePointerEx
0x14002b2a8 GetConsoleOutputCP
0x14002b2b0 GetFileSizeEx
0x14002b2b8 HeapAlloc
0x14002b2c0 FlsAlloc
0x14002b2c8 FlsGetValue
0x14002b2d0 FlsSetValue
0x14002b2d8 FlsFree
0x14002b2e0 CompareStringW
0x14002b2e8 LCMapStringW
0x14002b2f0 GetCurrentDirectoryW
0x14002b2f8 FlushFileBuffers
0x14002b300 HeapReAlloc
0x14002b308 GetFileAttributesExW
0x14002b310 GetStringTypeW
0x14002b318 IsValidCodePage
0x14002b320 GetACP
0x14002b328 GetOEMCP
0x14002b330 GetCPInfo
0x14002b338 GetEnvironmentStringsW
0x14002b340 FreeEnvironmentStringsW
0x14002b348 GetProcessHeap
0x14002b350 GetTimeZoneInformation
ADVAPI32.dll
0x14002b000 ConvertSidToStringSidW
0x14002b008 GetTokenInformation
0x14002b010 OpenProcessToken
0x14002b018 ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none