Report - ZeroBOX

ScreenShot

Info
Location map


Created	2024.04.12 15:09	Machine	s1_win7_x6401
Filename	explores.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	8	Behavior Score	1.8
ZERO API	file : clean
VT API (file)	52 detected (Malicious, score, DeepScan, Rincux2, unsafe, Save, confidence, 100%, Kryptik, Attribute, HighConfidence, high confidence, HFZK, DropperX, Farfli, bryz, fzqipo, CLASSIC, AGEN, 0NA103DU23, dyfei, Detected, ai score=89, Fuerboos, XCFU, ZexaF, Kq0@aKgieDbj, BScope, Pynamer, Py7RiKLYMq0, susgen, DDGL)
md5	25b1052f544cdf4c57ae8b90d83df1ac
sha256	a9ff0dd4a5ee46d64169a605a859d69f39b135df8bcc8a20b5a2c693aae65666
ssdeep	6144:V8+i1XKDBMZkRhJEHEkVsWqTWVHXJTuEeJhtqJPdk8hZZx:+9KDBnRhiEAqKV30d0Pdk8n
imphash	39527421e19653ad02e31fcf8b625df3
impfuzzy	96:4dMGIQ0sJwmnqFOEX17cWn8ZMme6R8+ao4WIkVBcRcLPpuMLflwQk:4rIFiEF7TeMP6R8ho4WIkVBcRcLp/wQk

Network IP location

Signature (3cnts)

Level	Description
danger	File has been identified by 52 AntiVirus engines on VirusTotal as malicious
notice	Foreign language identified in PE resource
info	The executable uses a known packer

Rules (7cnts)

Level	Name	Description	Collection
danger	Win32_Trojan_Emotet_1_Zero	Win32 Trojan Emotet	binaries (upload)
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x42e0d4 WritePrivateProfileStringA
0x42e0d8 SetErrorMode
0x42e0dc RtlUnwind
0x42e0e0 RaiseException
0x42e0e4 GetStartupInfoA
0x42e0e8 GetCommandLineA
0x42e0ec ExitProcess
0x42e0f0 HeapFree
0x42e0f4 HeapAlloc
0x42e0f8 GetTimeZoneInformation
0x42e0fc GetLocalTime
0x42e100 GetACP
0x42e104 SetStdHandle
0x42e108 GetFileType
0x42e10c TerminateProcess
0x42e110 CreateThread
0x42e114 ExitThread
0x42e118 HeapReAlloc
0x42e11c HeapSize
0x42e120 LCMapStringA
0x42e124 LCMapStringW
0x42e128 SetUnhandledExceptionFilter
0x42e12c SystemTimeToFileTime
0x42e130 FreeEnvironmentStringsA
0x42e134 FreeEnvironmentStringsW
0x42e138 GetEnvironmentStrings
0x42e13c GetEnvironmentStringsW
0x42e140 SetHandleCount
0x42e144 GetStdHandle
0x42e148 GetEnvironmentVariableA
0x42e14c GetVersionExA
0x42e150 HeapDestroy
0x42e154 HeapCreate
0x42e158 IsBadWritePtr
0x42e15c GetStringTypeA
0x42e160 GetStringTypeW
0x42e164 IsBadReadPtr
0x42e168 IsBadCodePtr
0x42e16c CompareStringA
0x42e170 CompareStringW
0x42e174 SetEnvironmentVariableA
0x42e178 LocalFileTimeToFileTime
0x42e17c GetOEMCP
0x42e180 GetCPInfo
0x42e184 TlsGetValue
0x42e188 LocalReAlloc
0x42e18c TlsSetValue
0x42e190 EnterCriticalSection
0x42e194 GlobalReAlloc
0x42e198 LeaveCriticalSection
0x42e19c TlsFree
0x42e1a0 GlobalHandle
0x42e1a4 DeleteCriticalSection
0x42e1a8 TlsAlloc
0x42e1ac InitializeCriticalSection
0x42e1b0 LocalAlloc
0x42e1b4 GlobalFlags
0x42e1b8 GetProcessVersion
0x42e1bc FindResourceExA
0x42e1c0 MulDiv
0x42e1c4 GetVolumeInformationA
0x42e1c8 FindClose
0x42e1cc DeleteFileA
0x42e1d0 MoveFileA
0x42e1d4 SetEndOfFile
0x42e1d8 UnlockFile
0x42e1dc LockFile
0x42e1e0 GetCurrentProcess
0x42e1e4 DuplicateHandle
0x42e1e8 CreateEventA
0x42e1ec SuspendThread
0x42e1f0 SetThreadPriority
0x42e1f4 GlobalAlloc
0x42e1f8 GetCurrentThread
0x42e1fc SetLastError
0x42e200 GetModuleFileNameA
0x42e204 FileTimeToLocalFileTime
0x42e208 GetDiskFreeSpaceA
0x42e20c SetFileTime
0x42e210 lstrcpynA
0x42e214 LocalFree
0x42e218 MultiByteToWideChar
0x42e21c WideCharToMultiByte
0x42e220 lstrlenA
0x42e224 InterlockedDecrement
0x42e228 InterlockedIncrement
0x42e22c GetVersion
0x42e230 lstrcatA
0x42e234 GetCurrentThreadId
0x42e238 GetFileAttributesA
0x42e23c GlobalGetAtomNameA
0x42e240 lstrcmpiA
0x42e244 GlobalAddAtomA
0x42e248 GlobalFindAtomA
0x42e24c GlobalDeleteAtom
0x42e250 GetModuleHandleA
0x42e254 GlobalLock
0x42e258 GlobalUnlock
0x42e25c FindResourceA
0x42e260 LoadResource
0x42e264 LockResource
0x42e268 GlobalFree
0x42e26c FileTimeToSystemTime
0x42e270 GetSystemTime
0x42e274 FlushFileBuffers
0x42e278 CreatePipe
0x42e27c CreateProcessA
0x42e280 WriteFile
0x42e284 WaitForMultipleObjects
0x42e288 GetLastError
0x42e28c GetTempPathA
0x42e290 GetTempFileNameA
0x42e294 ResetEvent
0x42e298 ResumeThread
0x42e29c lstrcmpA
0x42e2a0 FindFirstFileA
0x42e2a4 FindNextFileA
0x42e2a8 SetFilePointer
0x42e2ac CreateFileA
0x42e2b0 GetFileSize
0x42e2b4 GetFileTime
0x42e2b8 ReadFile
0x42e2bc GetExitCodeThread
0x42e2c0 SetEvent
0x42e2c4 WaitForSingleObject
0x42e2c8 CloseHandle
0x42e2cc lstrcpyA
0x42e2d0 CreateDirectoryA
0x42e2d4 FreeLibrary
0x42e2d8 VirtualFree
0x42e2dc VirtualAlloc
0x42e2e0 LoadLibraryA
0x42e2e4 GetProcAddress
0x42e2e8 GetFullPathNameA
0x42e2ec UnhandledExceptionFilter
USER32.dll
0x42e304 LoadStringA
0x42e308 PostQuitMessage
0x42e30c ShowOwnedPopups
0x42e310 SetCursor
0x42e314 ValidateRect
0x42e318 TranslateMessage
0x42e31c GetMessageA
0x42e320 CharUpperA
0x42e324 InvalidateRect
0x42e328 ReleaseDC
0x42e32c GetDC
0x42e330 DestroyMenu
0x42e334 SetRectEmpty
0x42e338 LoadAcceleratorsA
0x42e33c TranslateAcceleratorA
0x42e340 ReleaseCapture
0x42e344 GetDesktopWindow
0x42e348 SetMenu
0x42e34c ReuseDDElParam
0x42e350 UnpackDDElParam
0x42e354 BringWindowToTop
0x42e358 IsZoomed
0x42e35c LoadCursorA
0x42e360 GetSysColorBrush
0x42e364 ClientToScreen
0x42e368 GetWindowDC
0x42e36c BeginPaint
0x42e370 EndPaint
0x42e374 TabbedTextOutA
0x42e378 DrawTextA
0x42e37c GrayStringA
0x42e380 GetClassNameA
0x42e384 PtInRect
0x42e388 InflateRect
0x42e38c WindowFromPoint
0x42e390 SetRect
0x42e394 GetDCEx
0x42e398 LockWindowUpdate
0x42e39c SetCapture
0x42e3a0 SetParent
0x42e3a4 CheckMenuItem
0x42e3a8 EnableMenuItem
0x42e3ac SetWindowTextA
0x42e3b0 IsDialogMessageA
0x42e3b4 IsDlgButtonChecked
0x42e3b8 SetDlgItemTextA
0x42e3bc LoadIconA
0x42e3c0 UpdateWindow
0x42e3c4 SendDlgItemMessageA
0x42e3c8 MapWindowPoints
0x42e3cc GetSysColor
0x42e3d0 PeekMessageA
0x42e3d4 DispatchMessageA
0x42e3d8 AdjustWindowRectEx
0x42e3dc wvsprintfA
0x42e3e0 DeferWindowPos
0x42e3e4 GetClientRect
0x42e3e8 BeginDeferWindowPos
0x42e3ec CopyRect
0x42e3f0 EndDeferWindowPos
0x42e3f4 IsWindowVisible
0x42e3f8 GetTopWindow
0x42e3fc MessageBoxA
0x42e400 IsChild
0x42e404 WinHelpA
0x42e408 GetClassInfoA
0x42e40c RegisterClassA
0x42e410 GetMenu
0x42e414 GetMenuItemCount
0x42e418 GetMenuItemID
0x42e41c TrackPopupMenu
0x42e420 GetWindowTextLengthA
0x42e424 GetWindowTextA
0x42e428 GetDlgCtrlID
0x42e42c GetKeyState
0x42e430 CreateWindowExA
0x42e434 SetWindowsHookExA
0x42e438 CallNextHookEx
0x42e43c GetClassLongA
0x42e440 SetPropA
0x42e444 UnhookWindowsHookEx
0x42e448 GetPropA
0x42e44c CallWindowProcA
0x42e450 RemovePropA
0x42e454 DefWindowProcA
0x42e458 GetMessageTime
0x42e45c GetMessagePos
0x42e460 GetLastActivePopup
0x42e464 GetForegroundWindow
0x42e468 SetForegroundWindow
0x42e46c GetWindow
0x42e470 RegisterWindowMessageA
0x42e474 OffsetRect
0x42e478 IntersectRect
0x42e47c SystemParametersInfoA
0x42e480 IsIconic
0x42e484 GetWindowPlacement
0x42e488 GetNextDlgTabItem
0x42e48c EndDialog
0x42e490 IsWindow
0x42e494 GetSystemMetrics
0x42e498 CreateDialogIndirectParamA
0x42e49c DestroyWindow
0x42e4a0 GetWindowRect
0x42e4a4 MapDialogRect
0x42e4a8 SetWindowPos
0x42e4ac ShowWindow
0x42e4b0 GetCapture
0x42e4b4 GetActiveWindow
0x42e4b8 SetActiveWindow
0x42e4bc GetAsyncKeyState
0x42e4c0 GetFocus
0x42e4c4 SetFocus
0x42e4c8 GetDlgItem
0x42e4cc IsWindowEnabled
0x42e4d0 GetParent
0x42e4d4 PostMessageA
0x42e4d8 KillTimer
0x42e4dc SetTimer
0x42e4e0 ScreenToClient
0x42e4e4 LoadMenuA
0x42e4e8 GetSubMenu
0x42e4ec GetMenuCheckMarkDimensions
0x42e4f0 LoadBitmapA
0x42e4f4 GetMenuState
0x42e4f8 ModifyMenuA
0x42e4fc EqualRect
0x42e500 SetMenuItemBitmaps
0x42e504 GetCursorPos
0x42e508 wsprintfA
0x42e50c GetWindowLongA
0x42e510 SetWindowLongA
0x42e514 SendMessageA
0x42e518 EnableWindow
0x42e51c UnregisterClassA
GDI32.dll
0x42e03c SetMapMode
0x42e040 SetViewportOrgEx
0x42e044 OffsetViewportOrgEx
0x42e048 SetViewportExtEx
0x42e04c ScaleViewportExtEx
0x42e050 SetWindowExtEx
0x42e054 ScaleWindowExtEx
0x42e058 SelectClipRgn
0x42e05c ExcludeClipRect
0x42e060 IntersectClipRect
0x42e064 CreateRectRgn
0x42e068 CreatePatternBrush
0x42e06c PtVisible
0x42e070 RectVisible
0x42e074 TextOutA
0x42e078 ExtTextOutA
0x42e07c Escape
0x42e080 SetRectRgn
0x42e084 CombineRgn
0x42e088 RestoreDC
0x42e08c SaveDC
0x42e090 DeleteDC
0x42e094 EnumFontFamiliesExA
0x42e098 GetStockObject
0x42e09c GetDeviceCaps
0x42e0a0 CreateFontIndirectA
0x42e0a4 DeleteObject
0x42e0a8 GetTextMetricsA
0x42e0ac SelectObject
0x42e0b0 GetTextExtentPoint32A
0x42e0b4 CreateRectRgnIndirect
0x42e0b8 PatBlt
0x42e0bc CreateBitmap
0x42e0c0 GetObjectA
0x42e0c4 SetBkColor
0x42e0c8 SetTextColor
0x42e0cc GetClipBox
comdlg32.dll
0x42e58c GetFileTitleA
WINSPOOL.DRV
0x42e524 OpenPrinterA
0x42e528 DocumentPropertiesA
0x42e52c ClosePrinter
ADVAPI32.dll
0x42e000 RegSetValueExA
0x42e004 RegCloseKey
0x42e008 RegQueryValueExA
0x42e00c RegOpenKeyExA
0x42e010 SetFileSecurityA
0x42e014 GetFileSecurityA
0x42e018 RegCreateKeyExA
SHELL32.dll
0x42e2f4 DragFinish
0x42e2f8 ShellExecuteA
0x42e2fc DragQueryFileA
COMCTL32.dll
0x42e020 DestroyPropertySheetPage
0x42e024 CreatePropertySheetPageA
0x42e028 None
0x42e02c ImageList_Destroy
0x42e030 PropertySheetA
0x42e034 ImageList_LoadImageA
WSOCK32.dll
0x42e534 htons
0x42e538 WSAGetLastError
0x42e53c listen
0x42e540 shutdown
0x42e544 WSASetLastError
0x42e548 inet_addr
0x42e54c ntohs
0x42e550 getpeername
0x42e554 ioctlsocket
0x42e558 ind
0x42e55c accept
0x42e560 htonl
0x42e564 closesocket
0x42e568 recv
0x42e56c send
0x42e570 WSAAsyncSelect
0x42e574 inet_ntoa
0x42e578 socket
0x42e57c recvfrom
0x42e580 sendto
0x42e584 connect

EAT(Export Address Table) is none

Report - explores.exe

Signature (3cnts)

Rules (7cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure