Report - main.exe

Gen1 Malicious Library UPX Anti_VM PE File PE64 OS Processor Check DLL ZIP Format
ScreenShot
Created 2024.02.05 16:41 Machine s1_win7_x6403
Filename main.exe
Type PE32+ executable (console) x86-64, for MS Windows
AI Score
1
Behavior Score
1.8
ZERO API file : mailcious
VT API (file) 13 detected (Malicious, score, unsafe, Save, Artemis, Pyfatget, Wacatac, Casdet, Chgt, Static AI, Suspicious PE)
md5 847a21513809ca25f688d6a34b3d3599
sha256 7e35e936aaf628cc8d82296dc3677551e6ef2117ea8cc1adb36702da8e8a2b46
ssdeep 98304:e88jkCIf8708vsa2x6OMD/x/0feyGgatgQ940BDlgwdnpka9R/k9t+28Gt+xB70+:e8QF08JPDfyGgjwBdnpkYRMOzeC
imphash bae3d3e8262d7ce7e9ee69cc1b630d3a
impfuzzy 48:lEkCpS9IteXhEc+p4uCJcgTkOtVil/mbU1M:lCpSmteXhEc+p4ustki8qyM
  Network IP location

Signature (5cnts)

Level Description
watch File has been identified by 13 AntiVirus engines on VirusTotal as malicious
notice Creates executable files on the filesystem
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (14cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
notice anti_vm_detect Possibly employs anti-virtualization techniques binaries (download)
info IsDLL (no description) binaries (download)
info IsPE64 (no description) binaries (download)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info zip_file_format ZIP file format binaries (download)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

USER32.dll
 0x14002b360 GetWindowThreadProcessId
 0x14002b368 ShowWindow
KERNEL32.dll
 0x14002b028 GetModuleFileNameW
 0x14002b030 CreateSymbolicLinkW
 0x14002b038 GetProcAddress
 0x14002b040 GetCommandLineW
 0x14002b048 GetEnvironmentVariableW
 0x14002b050 SetEnvironmentVariableW
 0x14002b058 ExpandEnvironmentStringsW
 0x14002b060 CreateDirectoryW
 0x14002b068 GetTempPathW
 0x14002b070 WaitForSingleObject
 0x14002b078 Sleep
 0x14002b080 GetExitCodeProcess
 0x14002b088 CreateProcessW
 0x14002b090 SetDllDirectoryW
 0x14002b098 FreeLibrary
 0x14002b0a0 LoadLibraryExW
 0x14002b0a8 SetConsoleCtrlHandler
 0x14002b0b0 FindClose
 0x14002b0b8 FindFirstFileExW
 0x14002b0c0 CloseHandle
 0x14002b0c8 GetCurrentProcess
 0x14002b0d0 GetCurrentProcessId
 0x14002b0d8 LocalFree
 0x14002b0e0 FormatMessageW
 0x14002b0e8 MultiByteToWideChar
 0x14002b0f0 WideCharToMultiByte
 0x14002b0f8 GetConsoleWindow
 0x14002b100 HeapSize
 0x14002b108 GetLastError
 0x14002b110 WriteConsoleW
 0x14002b118 SetEndOfFile
 0x14002b120 GetStartupInfoW
 0x14002b128 TlsSetValue
 0x14002b130 RtlCaptureContext
 0x14002b138 RtlLookupFunctionEntry
 0x14002b140 RtlVirtualUnwind
 0x14002b148 UnhandledExceptionFilter
 0x14002b150 SetUnhandledExceptionFilter
 0x14002b158 TerminateProcess
 0x14002b160 IsProcessorFeaturePresent
 0x14002b168 QueryPerformanceCounter
 0x14002b170 GetCurrentThreadId
 0x14002b178 GetSystemTimeAsFileTime
 0x14002b180 InitializeSListHead
 0x14002b188 IsDebuggerPresent
 0x14002b190 GetModuleHandleW
 0x14002b198 RtlUnwindEx
 0x14002b1a0 SetLastError
 0x14002b1a8 EnterCriticalSection
 0x14002b1b0 LeaveCriticalSection
 0x14002b1b8 DeleteCriticalSection
 0x14002b1c0 InitializeCriticalSectionAndSpinCount
 0x14002b1c8 TlsAlloc
 0x14002b1d0 TlsGetValue
 0x14002b1d8 TlsFree
 0x14002b1e0 EncodePointer
 0x14002b1e8 RaiseException
 0x14002b1f0 RtlPcToFileHeader
 0x14002b1f8 GetCommandLineA
 0x14002b200 CreateFileW
 0x14002b208 GetDriveTypeW
 0x14002b210 GetFileInformationByHandle
 0x14002b218 GetFileType
 0x14002b220 PeekNamedPipe
 0x14002b228 SystemTimeToTzSpecificLocalTime
 0x14002b230 FileTimeToSystemTime
 0x14002b238 GetFullPathNameW
 0x14002b240 RemoveDirectoryW
 0x14002b248 FindNextFileW
 0x14002b250 SetStdHandle
 0x14002b258 DeleteFileW
 0x14002b260 ReadFile
 0x14002b268 GetStdHandle
 0x14002b270 WriteFile
 0x14002b278 ExitProcess
 0x14002b280 GetModuleHandleExW
 0x14002b288 HeapFree
 0x14002b290 GetConsoleMode
 0x14002b298 ReadConsoleW
 0x14002b2a0 SetFilePointerEx
 0x14002b2a8 GetConsoleOutputCP
 0x14002b2b0 GetFileSizeEx
 0x14002b2b8 HeapAlloc
 0x14002b2c0 FlsAlloc
 0x14002b2c8 FlsGetValue
 0x14002b2d0 FlsSetValue
 0x14002b2d8 FlsFree
 0x14002b2e0 CompareStringW
 0x14002b2e8 LCMapStringW
 0x14002b2f0 GetCurrentDirectoryW
 0x14002b2f8 FlushFileBuffers
 0x14002b300 HeapReAlloc
 0x14002b308 GetFileAttributesExW
 0x14002b310 GetStringTypeW
 0x14002b318 IsValidCodePage
 0x14002b320 GetACP
 0x14002b328 GetOEMCP
 0x14002b330 GetCPInfo
 0x14002b338 GetEnvironmentStringsW
 0x14002b340 FreeEnvironmentStringsW
 0x14002b348 GetProcessHeap
 0x14002b350 GetTimeZoneInformation
ADVAPI32.dll
 0x14002b000 ConvertSidToStringSidW
 0x14002b008 GetTokenInformation
 0x14002b010 OpenProcessToken
 0x14002b018 ConvertStringSecurityDescriptorToSecurityDescriptorW

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure