ScreenShot
| Created | 2024.10.21 13:48 | Machine | s1_win7_x6401 |
| Filename | main.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 3 detected (AIDetectMalware, Malicious) | ||
| md5 | 2e25791fd09060fec2d4650c9872056b | ||
| sha256 | 5e710e7f5f14a4e4fbc0b8a2d2845742f3272b38437d7789e53327ec34e7bd25 | ||
| ssdeep | 196608:sosFymvdsBcs4njQthsiHzy7kZCCQHZcuZeaTB3ukzVm8AbrHoOXLPmxrMiFenEd:EnvaBcNnKhs57R59sw3n48A4oLKMiFeg | ||
| imphash | ba5546933531fafa869b1f86a4e2a959 | ||
| impfuzzy | 48:CkD944teS1hEc+pIuCJcgTkOtVilymbU1M:lDS4teS1hEc+pIustki8TyM | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (22cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | ftp_command | ftp command | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsELF | Executable and Linking Format executable file (Linux/Unix) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14002a028 GetCommandLineW
0x14002a030 GetEnvironmentVariableW
0x14002a038 SetEnvironmentVariableW
0x14002a040 ExpandEnvironmentStringsW
0x14002a048 CreateDirectoryW
0x14002a050 GetTempPathW
0x14002a058 WaitForSingleObject
0x14002a060 Sleep
0x14002a068 GetExitCodeProcess
0x14002a070 CreateProcessW
0x14002a078 GetStartupInfoW
0x14002a080 LoadLibraryExW
0x14002a088 SetConsoleCtrlHandler
0x14002a090 FindClose
0x14002a098 FindFirstFileExW
0x14002a0a0 CloseHandle
0x14002a0a8 GetCurrentProcess
0x14002a0b0 LocalFree
0x14002a0b8 FormatMessageW
0x14002a0c0 MultiByteToWideChar
0x14002a0c8 WideCharToMultiByte
0x14002a0d0 WriteConsoleW
0x14002a0d8 GetProcAddress
0x14002a0e0 GetModuleFileNameW
0x14002a0e8 SetDllDirectoryW
0x14002a0f0 FreeLibrary
0x14002a0f8 GetLastError
0x14002a100 RtlCaptureContext
0x14002a108 RtlLookupFunctionEntry
0x14002a110 RtlVirtualUnwind
0x14002a118 UnhandledExceptionFilter
0x14002a120 SetUnhandledExceptionFilter
0x14002a128 TerminateProcess
0x14002a130 IsProcessorFeaturePresent
0x14002a138 QueryPerformanceCounter
0x14002a140 GetCurrentProcessId
0x14002a148 GetCurrentThreadId
0x14002a150 GetSystemTimeAsFileTime
0x14002a158 InitializeSListHead
0x14002a160 IsDebuggerPresent
0x14002a168 GetModuleHandleW
0x14002a170 RtlUnwindEx
0x14002a178 SetLastError
0x14002a180 EnterCriticalSection
0x14002a188 LeaveCriticalSection
0x14002a190 DeleteCriticalSection
0x14002a198 InitializeCriticalSectionAndSpinCount
0x14002a1a0 TlsAlloc
0x14002a1a8 TlsGetValue
0x14002a1b0 TlsSetValue
0x14002a1b8 TlsFree
0x14002a1c0 EncodePointer
0x14002a1c8 RaiseException
0x14002a1d0 RtlPcToFileHeader
0x14002a1d8 GetCommandLineA
0x14002a1e0 CreateFileW
0x14002a1e8 GetDriveTypeW
0x14002a1f0 GetFileInformationByHandle
0x14002a1f8 GetFileType
0x14002a200 PeekNamedPipe
0x14002a208 SystemTimeToTzSpecificLocalTime
0x14002a210 FileTimeToSystemTime
0x14002a218 GetFullPathNameW
0x14002a220 RemoveDirectoryW
0x14002a228 FindNextFileW
0x14002a230 SetStdHandle
0x14002a238 DeleteFileW
0x14002a240 ReadFile
0x14002a248 GetStdHandle
0x14002a250 WriteFile
0x14002a258 ExitProcess
0x14002a260 GetModuleHandleExW
0x14002a268 HeapFree
0x14002a270 GetConsoleMode
0x14002a278 ReadConsoleW
0x14002a280 SetFilePointerEx
0x14002a288 GetConsoleOutputCP
0x14002a290 GetFileSizeEx
0x14002a298 HeapAlloc
0x14002a2a0 FlsAlloc
0x14002a2a8 FlsGetValue
0x14002a2b0 FlsSetValue
0x14002a2b8 FlsFree
0x14002a2c0 CompareStringW
0x14002a2c8 LCMapStringW
0x14002a2d0 GetCurrentDirectoryW
0x14002a2d8 FlushFileBuffers
0x14002a2e0 HeapReAlloc
0x14002a2e8 GetFileAttributesExW
0x14002a2f0 GetStringTypeW
0x14002a2f8 IsValidCodePage
0x14002a300 GetACP
0x14002a308 GetOEMCP
0x14002a310 GetCPInfo
0x14002a318 GetEnvironmentStringsW
0x14002a320 FreeEnvironmentStringsW
0x14002a328 GetProcessHeap
0x14002a330 GetTimeZoneInformation
0x14002a338 HeapSize
0x14002a340 SetEndOfFile
ADVAPI32.dll
0x14002a000 ConvertSidToStringSidW
0x14002a008 GetTokenInformation
0x14002a010 OpenProcessToken
0x14002a018 ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none
KERNEL32.dll
0x14002a028 GetCommandLineW
0x14002a030 GetEnvironmentVariableW
0x14002a038 SetEnvironmentVariableW
0x14002a040 ExpandEnvironmentStringsW
0x14002a048 CreateDirectoryW
0x14002a050 GetTempPathW
0x14002a058 WaitForSingleObject
0x14002a060 Sleep
0x14002a068 GetExitCodeProcess
0x14002a070 CreateProcessW
0x14002a078 GetStartupInfoW
0x14002a080 LoadLibraryExW
0x14002a088 SetConsoleCtrlHandler
0x14002a090 FindClose
0x14002a098 FindFirstFileExW
0x14002a0a0 CloseHandle
0x14002a0a8 GetCurrentProcess
0x14002a0b0 LocalFree
0x14002a0b8 FormatMessageW
0x14002a0c0 MultiByteToWideChar
0x14002a0c8 WideCharToMultiByte
0x14002a0d0 WriteConsoleW
0x14002a0d8 GetProcAddress
0x14002a0e0 GetModuleFileNameW
0x14002a0e8 SetDllDirectoryW
0x14002a0f0 FreeLibrary
0x14002a0f8 GetLastError
0x14002a100 RtlCaptureContext
0x14002a108 RtlLookupFunctionEntry
0x14002a110 RtlVirtualUnwind
0x14002a118 UnhandledExceptionFilter
0x14002a120 SetUnhandledExceptionFilter
0x14002a128 TerminateProcess
0x14002a130 IsProcessorFeaturePresent
0x14002a138 QueryPerformanceCounter
0x14002a140 GetCurrentProcessId
0x14002a148 GetCurrentThreadId
0x14002a150 GetSystemTimeAsFileTime
0x14002a158 InitializeSListHead
0x14002a160 IsDebuggerPresent
0x14002a168 GetModuleHandleW
0x14002a170 RtlUnwindEx
0x14002a178 SetLastError
0x14002a180 EnterCriticalSection
0x14002a188 LeaveCriticalSection
0x14002a190 DeleteCriticalSection
0x14002a198 InitializeCriticalSectionAndSpinCount
0x14002a1a0 TlsAlloc
0x14002a1a8 TlsGetValue
0x14002a1b0 TlsSetValue
0x14002a1b8 TlsFree
0x14002a1c0 EncodePointer
0x14002a1c8 RaiseException
0x14002a1d0 RtlPcToFileHeader
0x14002a1d8 GetCommandLineA
0x14002a1e0 CreateFileW
0x14002a1e8 GetDriveTypeW
0x14002a1f0 GetFileInformationByHandle
0x14002a1f8 GetFileType
0x14002a200 PeekNamedPipe
0x14002a208 SystemTimeToTzSpecificLocalTime
0x14002a210 FileTimeToSystemTime
0x14002a218 GetFullPathNameW
0x14002a220 RemoveDirectoryW
0x14002a228 FindNextFileW
0x14002a230 SetStdHandle
0x14002a238 DeleteFileW
0x14002a240 ReadFile
0x14002a248 GetStdHandle
0x14002a250 WriteFile
0x14002a258 ExitProcess
0x14002a260 GetModuleHandleExW
0x14002a268 HeapFree
0x14002a270 GetConsoleMode
0x14002a278 ReadConsoleW
0x14002a280 SetFilePointerEx
0x14002a288 GetConsoleOutputCP
0x14002a290 GetFileSizeEx
0x14002a298 HeapAlloc
0x14002a2a0 FlsAlloc
0x14002a2a8 FlsGetValue
0x14002a2b0 FlsSetValue
0x14002a2b8 FlsFree
0x14002a2c0 CompareStringW
0x14002a2c8 LCMapStringW
0x14002a2d0 GetCurrentDirectoryW
0x14002a2d8 FlushFileBuffers
0x14002a2e0 HeapReAlloc
0x14002a2e8 GetFileAttributesExW
0x14002a2f0 GetStringTypeW
0x14002a2f8 IsValidCodePage
0x14002a300 GetACP
0x14002a308 GetOEMCP
0x14002a310 GetCPInfo
0x14002a318 GetEnvironmentStringsW
0x14002a320 FreeEnvironmentStringsW
0x14002a328 GetProcessHeap
0x14002a330 GetTimeZoneInformation
0x14002a338 HeapSize
0x14002a340 SetEndOfFile
ADVAPI32.dll
0x14002a000 ConvertSidToStringSidW
0x14002a008 GetTokenInformation
0x14002a010 OpenProcessToken
0x14002a018 ConvertStringSecurityDescriptorToSecurityDescriptorW
EAT(Export Address Table) is none