ScreenShot
| Created | 2024.08.14 11:02 | Machine | s1_win7_x6401 |
| Filename | networks_profile.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 4 detected (AIDetectMalware, Suspicioustrojan, Unsafe) | ||
| md5 | 7306abcf62c8ee10a1692a6a85af9297 | ||
| sha256 | 37c9a26faec0bb21171b3968d2e4254f6ae10ff7ae0d0b1493226685bc5d3b4b | ||
| ssdeep | 196608:p+TPoCsXDjDyf6L2WliXYrHW1LIiruQC:2PoCEDVL2ciIrHWRIiS | ||
| imphash | 2cdcfb3a828433ba76b5b41f45519bd9 | ||
| impfuzzy | 48:CkEn9XteS1hEc+pFCRcgT+ONai5bmbU1M:lEn5teS1hEc+pF8t+Cr+yM | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Creates executable files on the filesystem |
| notice | File has been identified by 4 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (16cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140025028 GetCommandLineW
0x140025030 GetEnvironmentVariableW
0x140025038 SetEnvironmentVariableW
0x140025040 ExpandEnvironmentStringsW
0x140025048 CreateDirectoryW
0x140025050 GetTempPathW
0x140025058 WaitForSingleObject
0x140025060 Sleep
0x140025068 GetExitCodeProcess
0x140025070 CreateProcessW
0x140025078 FreeLibrary
0x140025080 LoadLibraryExW
0x140025088 CloseHandle
0x140025090 GetCurrentProcess
0x140025098 LoadLibraryA
0x1400250a0 LocalFree
0x1400250a8 FormatMessageW
0x1400250b0 MultiByteToWideChar
0x1400250b8 WideCharToMultiByte
0x1400250c0 SetEndOfFile
0x1400250c8 GetProcAddress
0x1400250d0 GetModuleFileNameW
0x1400250d8 SetDllDirectoryW
0x1400250e0 GetStartupInfoW
0x1400250e8 GetLastError
0x1400250f0 RtlCaptureContext
0x1400250f8 RtlLookupFunctionEntry
0x140025100 RtlVirtualUnwind
0x140025108 UnhandledExceptionFilter
0x140025110 SetUnhandledExceptionFilter
0x140025118 TerminateProcess
0x140025120 IsProcessorFeaturePresent
0x140025128 QueryPerformanceCounter
0x140025130 GetCurrentProcessId
0x140025138 GetCurrentThreadId
0x140025140 GetSystemTimeAsFileTime
0x140025148 InitializeSListHead
0x140025150 IsDebuggerPresent
0x140025158 GetModuleHandleW
0x140025160 RtlUnwindEx
0x140025168 SetLastError
0x140025170 EnterCriticalSection
0x140025178 LeaveCriticalSection
0x140025180 DeleteCriticalSection
0x140025188 InitializeCriticalSectionAndSpinCount
0x140025190 TlsAlloc
0x140025198 TlsGetValue
0x1400251a0 TlsSetValue
0x1400251a8 TlsFree
0x1400251b0 RaiseException
0x1400251b8 GetCommandLineA
0x1400251c0 ReadFile
0x1400251c8 CreateFileW
0x1400251d0 GetDriveTypeW
0x1400251d8 GetFileInformationByHandle
0x1400251e0 GetFileType
0x1400251e8 PeekNamedPipe
0x1400251f0 SystemTimeToTzSpecificLocalTime
0x1400251f8 FileTimeToSystemTime
0x140025200 GetFullPathNameW
0x140025208 RemoveDirectoryW
0x140025210 FindClose
0x140025218 FindFirstFileExW
0x140025220 FindNextFileW
0x140025228 SetStdHandle
0x140025230 SetConsoleCtrlHandler
0x140025238 DeleteFileW
0x140025240 GetStdHandle
0x140025248 WriteFile
0x140025250 ExitProcess
0x140025258 GetModuleHandleExW
0x140025260 HeapFree
0x140025268 GetConsoleMode
0x140025270 ReadConsoleW
0x140025278 SetFilePointerEx
0x140025280 GetConsoleOutputCP
0x140025288 GetFileSizeEx
0x140025290 HeapAlloc
0x140025298 CompareStringW
0x1400252a0 LCMapStringW
0x1400252a8 GetCurrentDirectoryW
0x1400252b0 FlushFileBuffers
0x1400252b8 GetFileAttributesExW
0x1400252c0 IsValidCodePage
0x1400252c8 GetACP
0x1400252d0 GetOEMCP
0x1400252d8 GetCPInfo
0x1400252e0 GetEnvironmentStringsW
0x1400252e8 FreeEnvironmentStringsW
0x1400252f0 GetStringTypeW
0x1400252f8 GetProcessHeap
0x140025300 GetTimeZoneInformation
0x140025308 HeapSize
0x140025310 HeapReAlloc
0x140025318 WriteConsoleW
ADVAPI32.dll
0x140025000 ConvertSidToStringSidW
0x140025008 GetTokenInformation
0x140025010 OpenProcessToken
0x140025018 ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none
KERNEL32.dll
0x140025028 GetCommandLineW
0x140025030 GetEnvironmentVariableW
0x140025038 SetEnvironmentVariableW
0x140025040 ExpandEnvironmentStringsW
0x140025048 CreateDirectoryW
0x140025050 GetTempPathW
0x140025058 WaitForSingleObject
0x140025060 Sleep
0x140025068 GetExitCodeProcess
0x140025070 CreateProcessW
0x140025078 FreeLibrary
0x140025080 LoadLibraryExW
0x140025088 CloseHandle
0x140025090 GetCurrentProcess
0x140025098 LoadLibraryA
0x1400250a0 LocalFree
0x1400250a8 FormatMessageW
0x1400250b0 MultiByteToWideChar
0x1400250b8 WideCharToMultiByte
0x1400250c0 SetEndOfFile
0x1400250c8 GetProcAddress
0x1400250d0 GetModuleFileNameW
0x1400250d8 SetDllDirectoryW
0x1400250e0 GetStartupInfoW
0x1400250e8 GetLastError
0x1400250f0 RtlCaptureContext
0x1400250f8 RtlLookupFunctionEntry
0x140025100 RtlVirtualUnwind
0x140025108 UnhandledExceptionFilter
0x140025110 SetUnhandledExceptionFilter
0x140025118 TerminateProcess
0x140025120 IsProcessorFeaturePresent
0x140025128 QueryPerformanceCounter
0x140025130 GetCurrentProcessId
0x140025138 GetCurrentThreadId
0x140025140 GetSystemTimeAsFileTime
0x140025148 InitializeSListHead
0x140025150 IsDebuggerPresent
0x140025158 GetModuleHandleW
0x140025160 RtlUnwindEx
0x140025168 SetLastError
0x140025170 EnterCriticalSection
0x140025178 LeaveCriticalSection
0x140025180 DeleteCriticalSection
0x140025188 InitializeCriticalSectionAndSpinCount
0x140025190 TlsAlloc
0x140025198 TlsGetValue
0x1400251a0 TlsSetValue
0x1400251a8 TlsFree
0x1400251b0 RaiseException
0x1400251b8 GetCommandLineA
0x1400251c0 ReadFile
0x1400251c8 CreateFileW
0x1400251d0 GetDriveTypeW
0x1400251d8 GetFileInformationByHandle
0x1400251e0 GetFileType
0x1400251e8 PeekNamedPipe
0x1400251f0 SystemTimeToTzSpecificLocalTime
0x1400251f8 FileTimeToSystemTime
0x140025200 GetFullPathNameW
0x140025208 RemoveDirectoryW
0x140025210 FindClose
0x140025218 FindFirstFileExW
0x140025220 FindNextFileW
0x140025228 SetStdHandle
0x140025230 SetConsoleCtrlHandler
0x140025238 DeleteFileW
0x140025240 GetStdHandle
0x140025248 WriteFile
0x140025250 ExitProcess
0x140025258 GetModuleHandleExW
0x140025260 HeapFree
0x140025268 GetConsoleMode
0x140025270 ReadConsoleW
0x140025278 SetFilePointerEx
0x140025280 GetConsoleOutputCP
0x140025288 GetFileSizeEx
0x140025290 HeapAlloc
0x140025298 CompareStringW
0x1400252a0 LCMapStringW
0x1400252a8 GetCurrentDirectoryW
0x1400252b0 FlushFileBuffers
0x1400252b8 GetFileAttributesExW
0x1400252c0 IsValidCodePage
0x1400252c8 GetACP
0x1400252d0 GetOEMCP
0x1400252d8 GetCPInfo
0x1400252e0 GetEnvironmentStringsW
0x1400252e8 FreeEnvironmentStringsW
0x1400252f0 GetStringTypeW
0x1400252f8 GetProcessHeap
0x140025300 GetTimeZoneInformation
0x140025308 HeapSize
0x140025310 HeapReAlloc
0x140025318 WriteConsoleW
ADVAPI32.dll
0x140025000 ConvertSidToStringSidW
0x140025008 GetTokenInformation
0x140025010 OpenProcessToken
0x140025018 ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none