ScreenShot
| Created | 2024.07.03 18:46 | Machine | s1_win7_x6401 |
| Filename | client_win.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (AIDetectMalware, Suspicioustrojan, Lazy, Unsafe, Vfsx, Malicious, Artemis, ai score=85, Static AI, Suspicious PE, PossibleThreat) | ||
| md5 | 9f478308a636906db8c36e77ce68b4c2 | ||
| sha256 | 544095b7f34939172ea5bd6544be4c82357921f3153d17ac0e4b1b93dc363de4 | ||
| ssdeep | 98304:qigKs0WHiaVQWJuhswoYv5eOaVczo0Ahd6y0Naxxv8fqDDAxNer84qqfW42n:XgnrHiauWJysVYvsO5oyMxxvjDDAxRqk | ||
| imphash | 5bc16b5845145eb0edb88983820691b1 | ||
| impfuzzy | 48:lgUJOyc9OerSteXhE+pIuVgTQcSi3+mbU1M:DJtccerSteXhE+pIuSQ61yM | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Creates executable files on the filesystem |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
Rules (16cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x14002b370 GetWindowThreadProcessId
0x14002b378 ShowWindow
KERNEL32.dll
0x14002b028 GetModuleFileNameW
0x14002b030 SetDllDirectoryW
0x14002b038 CreateSymbolicLinkW
0x14002b040 GetProcAddress
0x14002b048 CreateDirectoryW
0x14002b050 GetCommandLineW
0x14002b058 GetEnvironmentVariableW
0x14002b060 ExpandEnvironmentStringsW
0x14002b068 DeleteFileW
0x14002b070 FindClose
0x14002b078 FindFirstFileW
0x14002b080 FindNextFileW
0x14002b088 GetDriveTypeW
0x14002b090 RemoveDirectoryW
0x14002b098 GetTempPathW
0x14002b0a0 CloseHandle
0x14002b0a8 FormatMessageW
0x14002b0b0 Sleep
0x14002b0b8 GetCurrentProcess
0x14002b0c0 GetCurrentProcessId
0x14002b0c8 GetExitCodeProcess
0x14002b0d0 CreateProcessW
0x14002b0d8 GetStartupInfoW
0x14002b0e0 FreeLibrary
0x14002b0e8 LoadLibraryExW
0x14002b0f0 LocalFree
0x14002b0f8 SetConsoleCtrlHandler
0x14002b100 GetConsoleWindow
0x14002b108 CreateFileW
0x14002b110 FindFirstFileExW
0x14002b118 GetFinalPathNameByHandleW
0x14002b120 MultiByteToWideChar
0x14002b128 WideCharToMultiByte
0x14002b130 HeapReAlloc
0x14002b138 GetLastError
0x14002b140 WriteConsoleW
0x14002b148 SetEndOfFile
0x14002b150 WaitForSingleObject
0x14002b158 LeaveCriticalSection
0x14002b160 RtlCaptureContext
0x14002b168 RtlLookupFunctionEntry
0x14002b170 RtlVirtualUnwind
0x14002b178 UnhandledExceptionFilter
0x14002b180 SetUnhandledExceptionFilter
0x14002b188 TerminateProcess
0x14002b190 IsProcessorFeaturePresent
0x14002b198 QueryPerformanceCounter
0x14002b1a0 GetCurrentThreadId
0x14002b1a8 GetSystemTimeAsFileTime
0x14002b1b0 InitializeSListHead
0x14002b1b8 IsDebuggerPresent
0x14002b1c0 GetModuleHandleW
0x14002b1c8 RtlUnwindEx
0x14002b1d0 SetLastError
0x14002b1d8 EnterCriticalSection
0x14002b1e0 DeleteCriticalSection
0x14002b1e8 InitializeCriticalSectionAndSpinCount
0x14002b1f0 TlsAlloc
0x14002b1f8 TlsGetValue
0x14002b200 TlsSetValue
0x14002b208 TlsFree
0x14002b210 EncodePointer
0x14002b218 RaiseException
0x14002b220 RtlPcToFileHeader
0x14002b228 GetFileInformationByHandle
0x14002b230 GetFileType
0x14002b238 PeekNamedPipe
0x14002b240 SystemTimeToTzSpecificLocalTime
0x14002b248 FileTimeToSystemTime
0x14002b250 ReadFile
0x14002b258 GetFullPathNameW
0x14002b260 SetStdHandle
0x14002b268 GetStdHandle
0x14002b270 WriteFile
0x14002b278 ExitProcess
0x14002b280 GetModuleHandleExW
0x14002b288 GetCommandLineA
0x14002b290 HeapFree
0x14002b298 GetConsoleMode
0x14002b2a0 ReadConsoleW
0x14002b2a8 SetFilePointerEx
0x14002b2b0 GetConsoleOutputCP
0x14002b2b8 GetFileSizeEx
0x14002b2c0 HeapAlloc
0x14002b2c8 FlsAlloc
0x14002b2d0 FlsGetValue
0x14002b2d8 FlsSetValue
0x14002b2e0 FlsFree
0x14002b2e8 CompareStringW
0x14002b2f0 LCMapStringW
0x14002b2f8 GetCurrentDirectoryW
0x14002b300 FlushFileBuffers
0x14002b308 SetEnvironmentVariableW
0x14002b310 GetFileAttributesExW
0x14002b318 GetStringTypeW
0x14002b320 IsValidCodePage
0x14002b328 GetACP
0x14002b330 GetOEMCP
0x14002b338 GetCPInfo
0x14002b340 GetEnvironmentStringsW
0x14002b348 FreeEnvironmentStringsW
0x14002b350 GetProcessHeap
0x14002b358 GetTimeZoneInformation
0x14002b360 HeapSize
ADVAPI32.dll
0x14002b000 ConvertSidToStringSidW
0x14002b008 GetTokenInformation
0x14002b010 OpenProcessToken
0x14002b018 ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none
USER32.dll
0x14002b370 GetWindowThreadProcessId
0x14002b378 ShowWindow
KERNEL32.dll
0x14002b028 GetModuleFileNameW
0x14002b030 SetDllDirectoryW
0x14002b038 CreateSymbolicLinkW
0x14002b040 GetProcAddress
0x14002b048 CreateDirectoryW
0x14002b050 GetCommandLineW
0x14002b058 GetEnvironmentVariableW
0x14002b060 ExpandEnvironmentStringsW
0x14002b068 DeleteFileW
0x14002b070 FindClose
0x14002b078 FindFirstFileW
0x14002b080 FindNextFileW
0x14002b088 GetDriveTypeW
0x14002b090 RemoveDirectoryW
0x14002b098 GetTempPathW
0x14002b0a0 CloseHandle
0x14002b0a8 FormatMessageW
0x14002b0b0 Sleep
0x14002b0b8 GetCurrentProcess
0x14002b0c0 GetCurrentProcessId
0x14002b0c8 GetExitCodeProcess
0x14002b0d0 CreateProcessW
0x14002b0d8 GetStartupInfoW
0x14002b0e0 FreeLibrary
0x14002b0e8 LoadLibraryExW
0x14002b0f0 LocalFree
0x14002b0f8 SetConsoleCtrlHandler
0x14002b100 GetConsoleWindow
0x14002b108 CreateFileW
0x14002b110 FindFirstFileExW
0x14002b118 GetFinalPathNameByHandleW
0x14002b120 MultiByteToWideChar
0x14002b128 WideCharToMultiByte
0x14002b130 HeapReAlloc
0x14002b138 GetLastError
0x14002b140 WriteConsoleW
0x14002b148 SetEndOfFile
0x14002b150 WaitForSingleObject
0x14002b158 LeaveCriticalSection
0x14002b160 RtlCaptureContext
0x14002b168 RtlLookupFunctionEntry
0x14002b170 RtlVirtualUnwind
0x14002b178 UnhandledExceptionFilter
0x14002b180 SetUnhandledExceptionFilter
0x14002b188 TerminateProcess
0x14002b190 IsProcessorFeaturePresent
0x14002b198 QueryPerformanceCounter
0x14002b1a0 GetCurrentThreadId
0x14002b1a8 GetSystemTimeAsFileTime
0x14002b1b0 InitializeSListHead
0x14002b1b8 IsDebuggerPresent
0x14002b1c0 GetModuleHandleW
0x14002b1c8 RtlUnwindEx
0x14002b1d0 SetLastError
0x14002b1d8 EnterCriticalSection
0x14002b1e0 DeleteCriticalSection
0x14002b1e8 InitializeCriticalSectionAndSpinCount
0x14002b1f0 TlsAlloc
0x14002b1f8 TlsGetValue
0x14002b200 TlsSetValue
0x14002b208 TlsFree
0x14002b210 EncodePointer
0x14002b218 RaiseException
0x14002b220 RtlPcToFileHeader
0x14002b228 GetFileInformationByHandle
0x14002b230 GetFileType
0x14002b238 PeekNamedPipe
0x14002b240 SystemTimeToTzSpecificLocalTime
0x14002b248 FileTimeToSystemTime
0x14002b250 ReadFile
0x14002b258 GetFullPathNameW
0x14002b260 SetStdHandle
0x14002b268 GetStdHandle
0x14002b270 WriteFile
0x14002b278 ExitProcess
0x14002b280 GetModuleHandleExW
0x14002b288 GetCommandLineA
0x14002b290 HeapFree
0x14002b298 GetConsoleMode
0x14002b2a0 ReadConsoleW
0x14002b2a8 SetFilePointerEx
0x14002b2b0 GetConsoleOutputCP
0x14002b2b8 GetFileSizeEx
0x14002b2c0 HeapAlloc
0x14002b2c8 FlsAlloc
0x14002b2d0 FlsGetValue
0x14002b2d8 FlsSetValue
0x14002b2e0 FlsFree
0x14002b2e8 CompareStringW
0x14002b2f0 LCMapStringW
0x14002b2f8 GetCurrentDirectoryW
0x14002b300 FlushFileBuffers
0x14002b308 SetEnvironmentVariableW
0x14002b310 GetFileAttributesExW
0x14002b318 GetStringTypeW
0x14002b320 IsValidCodePage
0x14002b328 GetACP
0x14002b330 GetOEMCP
0x14002b338 GetCPInfo
0x14002b340 GetEnvironmentStringsW
0x14002b348 FreeEnvironmentStringsW
0x14002b350 GetProcessHeap
0x14002b358 GetTimeZoneInformation
0x14002b360 HeapSize
ADVAPI32.dll
0x14002b000 ConvertSidToStringSidW
0x14002b008 GetTokenInformation
0x14002b010 OpenProcessToken
0x14002b018 ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none