ScreenShot
| Created | 2024.06.03 07:35 | Machine | s1_win7_x6403 |
| Filename | @DDRI2_2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 21 detected (AIDetectMalware, trqf, malicious, moderate confidence, Unsafe, Vj0s, Redcap, ltrvm, Wacatac, Python, Pytr, ZexaF, @B3@aSKES0di, PossibleThreat) | ||
| md5 | 1cfa70c1b2f1eb15d9f6b0d502095360 | ||
| sha256 | 139b21a0ba2e1d6e45cc7ce3494b25b57cb2d5405abe851c1086b24f7d7d2619 | ||
| ssdeep | 98304:7e+bdwNF5kcwoPllMWHubXkTZONq0d6NlPf9//KJ+PUxY7xFY5cjaNCSsxCfTL:C+K4oP1HOXfZ8bntw+KY7xFY5csCSsQ | ||
| imphash | e72c3bfcbb77a361abf35cfdb2b95db2 | ||
| impfuzzy | 24:SkgwXaDaODu9Wu9T/2Op9UOjntMS1hbJnc+pl3rOovbKlv/LTNUTlONoEqMo6iMp:VgLkj9ptMS1hlc+ppaRN/LT0ONfiQ71b | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (16cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x420180 MessageBoxW
0x420184 MessageBoxA
KERNEL32.dll
0x420008 GetLastError
0x42000c SetDllDirectoryW
0x420010 GetModuleFileNameW
0x420014 GetProcAddress
0x420018 GetCommandLineW
0x42001c GetEnvironmentVariableW
0x420020 SetEnvironmentVariableW
0x420024 ExpandEnvironmentStringsW
0x420028 GetTempPathW
0x42002c DecodePointer
0x420030 Sleep
0x420034 GetExitCodeProcess
0x420038 CreateProcessW
0x42003c GetStartupInfoW
0x420040 LoadLibraryExW
0x420044 CreateDirectoryW
0x420048 GetShortPathNameW
0x42004c FormatMessageW
0x420050 LoadLibraryA
0x420054 MultiByteToWideChar
0x420058 WideCharToMultiByte
0x42005c WaitForSingleObject
0x420060 CloseHandle
0x420064 SetEndOfFile
0x420068 HeapReAlloc
0x42006c UnhandledExceptionFilter
0x420070 SetUnhandledExceptionFilter
0x420074 GetCurrentProcess
0x420078 TerminateProcess
0x42007c IsProcessorFeaturePresent
0x420080 QueryPerformanceCounter
0x420084 GetCurrentProcessId
0x420088 GetCurrentThreadId
0x42008c GetSystemTimeAsFileTime
0x420090 InitializeSListHead
0x420094 IsDebuggerPresent
0x420098 GetModuleHandleW
0x42009c RtlUnwind
0x4200a0 SetLastError
0x4200a4 EnterCriticalSection
0x4200a8 LeaveCriticalSection
0x4200ac DeleteCriticalSection
0x4200b0 InitializeCriticalSectionAndSpinCount
0x4200b4 TlsAlloc
0x4200b8 TlsGetValue
0x4200bc TlsSetValue
0x4200c0 TlsFree
0x4200c4 FreeLibrary
0x4200c8 GetCommandLineA
0x4200cc ReadFile
0x4200d0 CreateFileW
0x4200d4 GetDriveTypeW
0x4200d8 GetFileType
0x4200dc RaiseException
0x4200e0 PeekNamedPipe
0x4200e4 SystemTimeToTzSpecificLocalTime
0x4200e8 FileTimeToSystemTime
0x4200ec GetFullPathNameW
0x4200f0 GetFullPathNameA
0x4200f4 RemoveDirectoryW
0x4200f8 FindClose
0x4200fc FindFirstFileExW
0x420100 FindNextFileW
0x420104 SetStdHandle
0x420108 SetConsoleCtrlHandler
0x42010c DeleteFileW
0x420110 GetStdHandle
0x420114 WriteFile
0x420118 ExitProcess
0x42011c GetModuleHandleExW
0x420120 GetACP
0x420124 HeapFree
0x420128 HeapAlloc
0x42012c GetConsoleMode
0x420130 ReadConsoleW
0x420134 SetFilePointerEx
0x420138 GetConsoleCP
0x42013c CompareStringW
0x420140 LCMapStringW
0x420144 GetCurrentDirectoryW
0x420148 FlushFileBuffers
0x42014c SetEnvironmentVariableA
0x420150 GetFileAttributesExW
0x420154 IsValidCodePage
0x420158 GetOEMCP
0x42015c GetCPInfo
0x420160 GetEnvironmentStringsW
0x420164 FreeEnvironmentStringsW
0x420168 GetStringTypeW
0x42016c GetProcessHeap
0x420170 WriteConsoleW
0x420174 GetTimeZoneInformation
0x420178 HeapSize
ADVAPI32.dll
0x420000 ConvertStringSecurityDescriptorToSecurityDescriptorW
WS2_32.dll
0x42018c ntohl
EAT(Export Address Table) is none
USER32.dll
0x420180 MessageBoxW
0x420184 MessageBoxA
KERNEL32.dll
0x420008 GetLastError
0x42000c SetDllDirectoryW
0x420010 GetModuleFileNameW
0x420014 GetProcAddress
0x420018 GetCommandLineW
0x42001c GetEnvironmentVariableW
0x420020 SetEnvironmentVariableW
0x420024 ExpandEnvironmentStringsW
0x420028 GetTempPathW
0x42002c DecodePointer
0x420030 Sleep
0x420034 GetExitCodeProcess
0x420038 CreateProcessW
0x42003c GetStartupInfoW
0x420040 LoadLibraryExW
0x420044 CreateDirectoryW
0x420048 GetShortPathNameW
0x42004c FormatMessageW
0x420050 LoadLibraryA
0x420054 MultiByteToWideChar
0x420058 WideCharToMultiByte
0x42005c WaitForSingleObject
0x420060 CloseHandle
0x420064 SetEndOfFile
0x420068 HeapReAlloc
0x42006c UnhandledExceptionFilter
0x420070 SetUnhandledExceptionFilter
0x420074 GetCurrentProcess
0x420078 TerminateProcess
0x42007c IsProcessorFeaturePresent
0x420080 QueryPerformanceCounter
0x420084 GetCurrentProcessId
0x420088 GetCurrentThreadId
0x42008c GetSystemTimeAsFileTime
0x420090 InitializeSListHead
0x420094 IsDebuggerPresent
0x420098 GetModuleHandleW
0x42009c RtlUnwind
0x4200a0 SetLastError
0x4200a4 EnterCriticalSection
0x4200a8 LeaveCriticalSection
0x4200ac DeleteCriticalSection
0x4200b0 InitializeCriticalSectionAndSpinCount
0x4200b4 TlsAlloc
0x4200b8 TlsGetValue
0x4200bc TlsSetValue
0x4200c0 TlsFree
0x4200c4 FreeLibrary
0x4200c8 GetCommandLineA
0x4200cc ReadFile
0x4200d0 CreateFileW
0x4200d4 GetDriveTypeW
0x4200d8 GetFileType
0x4200dc RaiseException
0x4200e0 PeekNamedPipe
0x4200e4 SystemTimeToTzSpecificLocalTime
0x4200e8 FileTimeToSystemTime
0x4200ec GetFullPathNameW
0x4200f0 GetFullPathNameA
0x4200f4 RemoveDirectoryW
0x4200f8 FindClose
0x4200fc FindFirstFileExW
0x420100 FindNextFileW
0x420104 SetStdHandle
0x420108 SetConsoleCtrlHandler
0x42010c DeleteFileW
0x420110 GetStdHandle
0x420114 WriteFile
0x420118 ExitProcess
0x42011c GetModuleHandleExW
0x420120 GetACP
0x420124 HeapFree
0x420128 HeapAlloc
0x42012c GetConsoleMode
0x420130 ReadConsoleW
0x420134 SetFilePointerEx
0x420138 GetConsoleCP
0x42013c CompareStringW
0x420140 LCMapStringW
0x420144 GetCurrentDirectoryW
0x420148 FlushFileBuffers
0x42014c SetEnvironmentVariableA
0x420150 GetFileAttributesExW
0x420154 IsValidCodePage
0x420158 GetOEMCP
0x42015c GetCPInfo
0x420160 GetEnvironmentStringsW
0x420164 FreeEnvironmentStringsW
0x420168 GetStringTypeW
0x42016c GetProcessHeap
0x420170 WriteConsoleW
0x420174 GetTimeZoneInformation
0x420178 HeapSize
ADVAPI32.dll
0x420000 ConvertStringSecurityDescriptorToSecurityDescriptorW
WS2_32.dll
0x42018c ntohl
EAT(Export Address Table) is none