ScreenShot
| Created | 2024.08.17 22:14 | Machine | s1_win7_x6401 |
| Filename | zzzz1.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (AIDetectMalware, Malicious, score, Tedy, Save, Attribute, HighConfidence, high confidence, AGen, D suspicious, MalwareX, tvakw, AMADEY, YXEHLZ, Static AI, Malicious PE, ai score=87, Python, Nuitka, Wacatac, R660067, Artemis, Chgt, Dkjl, KCtEEMJh1xI, confidence, 100%) | ||
| md5 | a5c740eb48fafb9b25d06c22b6f4a7e9 | ||
| sha256 | 93429472073d0794c411a71f2f161aa8d7b8c51606ab497175cc5863fea7fba8 | ||
| ssdeep | 196608:2eoNf7uyka/QRjnlhJPPyEhQVM1LPg8TFhaF08ckcNy9i4KuZp2E8rK:27NFEj3pHhQVEPg8TFhN8eOPKuX2EV | ||
| imphash | ae21233514eb2e47a60a61ce2f15abb9 | ||
| impfuzzy | 48:p8XOst9nR3nZ+kNPlslEJGp6qJ8k3k1vkqqyesXh:eXdth9nZrNPlYEJGph6k3mkqqh2 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| watch | Drops a binary and executes it |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
Rules (16cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | wget_command | wget command | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140048378 CloseHandle
0x140048380 CopyFileW
0x140048388 CreateDirectoryW
0x140048390 CreateFileMappingW
0x140048398 CreateFileW
0x1400483a0 CreateProcessW
0x1400483a8 DeleteCriticalSection
0x1400483b0 DeleteFileW
0x1400483b8 EnterCriticalSection
0x1400483c0 FindResourceA
0x1400483c8 FormatMessageA
0x1400483d0 FreeLibrary
0x1400483d8 GenerateConsoleCtrlEvent
0x1400483e0 GetCommandLineW
0x1400483e8 GetCurrentProcessId
0x1400483f0 GetEnvironmentVariableW
0x1400483f8 GetExitCodeProcess
0x140048400 GetFileAttributesW
0x140048408 GetFileSize
0x140048410 GetLastError
0x140048418 GetModuleFileNameW
0x140048420 GetModuleHandleA
0x140048428 GetProcAddress
0x140048430 GetProcessId
0x140048438 GetStartupInfoW
0x140048440 GetStdHandle
0x140048448 GetSystemTimeAsFileTime
0x140048450 GetTempPathW
0x140048458 InitializeCriticalSection
0x140048460 IsDBCSLeadByteEx
0x140048468 LeaveCriticalSection
0x140048470 LoadLibraryA
0x140048478 LoadResource
0x140048480 LockResource
0x140048488 MapViewOfFile
0x140048490 MultiByteToWideChar
0x140048498 ReadFile
0x1400484a0 SetConsoleCtrlHandler
0x1400484a8 SetEnvironmentVariableW
0x1400484b0 SetUnhandledExceptionFilter
0x1400484b8 SizeofResource
0x1400484c0 Sleep
0x1400484c8 TerminateProcess
0x1400484d0 TlsGetValue
0x1400484d8 UnmapViewOfFile
0x1400484e0 VirtualProtect
0x1400484e8 VirtualQuery
0x1400484f0 WaitForSingleObject
0x1400484f8 WideCharToMultiByte
0x140048500 WriteFile
msvcrt.dll
0x140048510 __C_specific_handler
0x140048518 ___lc_codepage_func
0x140048520 ___mb_cur_max_func
0x140048528 __iob_func
0x140048530 __set_app_type
0x140048538 __setusermatherr
0x140048540 __wargv
0x140048548 __wgetmainargs
0x140048550 __winitenv
0x140048558 _amsg_exit
0x140048560 _cexit
0x140048568 _commode
0x140048570 _errno
0x140048578 _fmode
0x140048580 _initterm
0x140048588 _lock
0x140048590 _onexit
0x140048598 _unlock
0x1400485a0 _wcmdln
0x1400485a8 _wcsdup
0x1400485b0 _wcsicmp
0x1400485b8 _wrename
0x1400485c0 abort
0x1400485c8 calloc
0x1400485d0 exit
0x1400485d8 fprintf
0x1400485e0 fputc
0x1400485e8 free
0x1400485f0 fwrite
0x1400485f8 localeconv
0x140048600 malloc
0x140048608 mbstowcs
0x140048610 memcpy
0x140048618 memmove
0x140048620 memset
0x140048628 puts
0x140048630 signal
0x140048638 strerror
0x140048640 strlen
0x140048648 strncmp
0x140048650 vfprintf
0x140048658 wcschr
0x140048660 wcscmp
0x140048668 wcslen
0x140048670 wcsncmp
SHELL32.dll
0x140048680 CommandLineToArgvW
0x140048688 SHFileOperationW
0x140048690 SHGetFolderPathW
EAT(Export Address Table) is none
KERNEL32.dll
0x140048378 CloseHandle
0x140048380 CopyFileW
0x140048388 CreateDirectoryW
0x140048390 CreateFileMappingW
0x140048398 CreateFileW
0x1400483a0 CreateProcessW
0x1400483a8 DeleteCriticalSection
0x1400483b0 DeleteFileW
0x1400483b8 EnterCriticalSection
0x1400483c0 FindResourceA
0x1400483c8 FormatMessageA
0x1400483d0 FreeLibrary
0x1400483d8 GenerateConsoleCtrlEvent
0x1400483e0 GetCommandLineW
0x1400483e8 GetCurrentProcessId
0x1400483f0 GetEnvironmentVariableW
0x1400483f8 GetExitCodeProcess
0x140048400 GetFileAttributesW
0x140048408 GetFileSize
0x140048410 GetLastError
0x140048418 GetModuleFileNameW
0x140048420 GetModuleHandleA
0x140048428 GetProcAddress
0x140048430 GetProcessId
0x140048438 GetStartupInfoW
0x140048440 GetStdHandle
0x140048448 GetSystemTimeAsFileTime
0x140048450 GetTempPathW
0x140048458 InitializeCriticalSection
0x140048460 IsDBCSLeadByteEx
0x140048468 LeaveCriticalSection
0x140048470 LoadLibraryA
0x140048478 LoadResource
0x140048480 LockResource
0x140048488 MapViewOfFile
0x140048490 MultiByteToWideChar
0x140048498 ReadFile
0x1400484a0 SetConsoleCtrlHandler
0x1400484a8 SetEnvironmentVariableW
0x1400484b0 SetUnhandledExceptionFilter
0x1400484b8 SizeofResource
0x1400484c0 Sleep
0x1400484c8 TerminateProcess
0x1400484d0 TlsGetValue
0x1400484d8 UnmapViewOfFile
0x1400484e0 VirtualProtect
0x1400484e8 VirtualQuery
0x1400484f0 WaitForSingleObject
0x1400484f8 WideCharToMultiByte
0x140048500 WriteFile
msvcrt.dll
0x140048510 __C_specific_handler
0x140048518 ___lc_codepage_func
0x140048520 ___mb_cur_max_func
0x140048528 __iob_func
0x140048530 __set_app_type
0x140048538 __setusermatherr
0x140048540 __wargv
0x140048548 __wgetmainargs
0x140048550 __winitenv
0x140048558 _amsg_exit
0x140048560 _cexit
0x140048568 _commode
0x140048570 _errno
0x140048578 _fmode
0x140048580 _initterm
0x140048588 _lock
0x140048590 _onexit
0x140048598 _unlock
0x1400485a0 _wcmdln
0x1400485a8 _wcsdup
0x1400485b0 _wcsicmp
0x1400485b8 _wrename
0x1400485c0 abort
0x1400485c8 calloc
0x1400485d0 exit
0x1400485d8 fprintf
0x1400485e0 fputc
0x1400485e8 free
0x1400485f0 fwrite
0x1400485f8 localeconv
0x140048600 malloc
0x140048608 mbstowcs
0x140048610 memcpy
0x140048618 memmove
0x140048620 memset
0x140048628 puts
0x140048630 signal
0x140048638 strerror
0x140048640 strlen
0x140048648 strncmp
0x140048650 vfprintf
0x140048658 wcschr
0x140048660 wcscmp
0x140048668 wcslen
0x140048670 wcsncmp
SHELL32.dll
0x140048680 CommandLineToArgvW
0x140048688 SHFileOperationW
0x140048690 SHGetFolderPathW
EAT(Export Address Table) is none