popup

Report - 00000000.exe

Gen1 Generic Malware Malicious Packer UPX PE File PE64 OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.10.21 17:05 Machine s1_win7_x6401
Filename 00000000.exe
Type PE32+ executable (console) x86-64, for MS Windows
AI Score
3
 Behavior Score
1.4
ZERO API file : malware
VT API (file) 53 detected (AIDetectMalware, Hacktool, GameHack, Malicious, score, Tedy, Unsafe, Vpgw, confidence, 100%, Attribute, HighConfidence, high confidence, Genkryptik, DriverLoader, Krypt, CLOUD, cgnuo, Tool, Kdmapper, Static AI, Malicious PE, Detected, SGeneric, Sabsik, Vigorf, Eldorado, R478274, Generic PUP, R002H0CJ624, Gencirc, YMzRusd+G4g, susgen)
md5 cd415bfdf24a89a41789a86b67d07bea
sha256 45223efdb6920807e0a7e2e28f6b917a4a135066322df39d0af69b1a5901b49d
ssdeep 3072:IQAfbv8/t/cS0Dfrkao9rUmJTQSaMm5/6fCpSi:Iq5cS0ITWlnpSi
imphash afc1f930b16856804326528e39e42dd5
impfuzzy 96:586brgL6cp5MF8poognAU/Imrz8FHkE7jLDpqqnbD0xUu2xUvn6ipwugCL0/7uof:Jxjz8FGwue/R04Ary2TG
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 53 AntiVirus engines on VirusTotal as malicious
info This executable has a PDB path

Rules (7cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (upload)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x140011030 GetCurrentThreadId
 0x140011038 GetModuleHandleA
 0x140011040 GetLastError
 0x140011048 CloseHandle
 0x140011050 CreateFileW
 0x140011058 GetProcAddress
 0x140011060 DeleteCriticalSection
 0x140011068 GetCurrentProcessId
 0x140011070 SetUnhandledExceptionFilter
 0x140011078 GetTempPathW
 0x140011080 FormatMessageA
 0x140011088 InitializeCriticalSectionEx
 0x140011090 VirtualAlloc
 0x140011098 DeviceIoControl
 0x1400110a0 VirtualFree
 0x1400110a8 GetFileAttributesExW
 0x1400110b0 AreFileApisANSI
 0x1400110b8 GetFileInformationByHandleEx
 0x1400110c0 WideCharToMultiByte
 0x1400110c8 IsDebuggerPresent
 0x1400110d0 OutputDebugStringW
 0x1400110d8 EnterCriticalSection
 0x1400110e0 LeaveCriticalSection
 0x1400110e8 InitializeCriticalSectionAndSpinCount
 0x1400110f0 SetEvent
 0x1400110f8 ResetEvent
 0x140011100 WaitForSingleObjectEx
 0x140011108 CreateEventW
 0x140011110 GetModuleHandleW
 0x140011118 RtlCaptureContext
 0x140011120 RtlLookupFunctionEntry
 0x140011128 RtlVirtualUnwind
 0x140011130 UnhandledExceptionFilter
 0x140011138 GetCurrentProcess
 0x140011140 TerminateProcess
 0x140011148 IsProcessorFeaturePresent
 0x140011150 QueryPerformanceCounter
 0x140011158 GetSystemTimeAsFileTime
 0x140011160 InitializeSListHead
 0x140011168 LocalFree
ADVAPI32.dll
 0x140011000 RegCloseKey
 0x140011008 RegDeleteKeyW
 0x140011010 RegCreateKeyW
 0x140011018 RegOpenKeyW
 0x140011020 RegSetKeyValueW
MSVCP140.dll
 0x140011178 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
 0x140011180 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
 0x140011188 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
 0x140011190 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
 0x140011198 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
 0x1400111a0 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
 0x1400111a8 ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
 0x1400111b0 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
 0x1400111b8 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
 0x1400111c0 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
 0x1400111c8 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
 0x1400111d0 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
 0x1400111d8 ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
 0x1400111e0 ?widen@?$ctype@_W@std@@QEBA_WD@Z
 0x1400111e8 ?always_noconv@codecvt_base@std@@QEBA_NXZ
 0x1400111f0 ??Bid@locale@std@@QEAA_KXZ
 0x1400111f8 ?_Winerror_map@std@@YAHH@Z
 0x140011200 ?_Syserror_map@std@@YAPEBDH@Z
 0x140011208 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
 0x140011210 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
 0x140011218 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
 0x140011220 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
 0x140011228 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
 0x140011230 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
 0x140011238 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
 0x140011240 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
 0x140011248 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
 0x140011250 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
 0x140011258 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
 0x140011260 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
 0x140011268 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
 0x140011270 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
 0x140011278 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
 0x140011280 ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
 0x140011288 ??1_Lockit@std@@QEAA@XZ
 0x140011290 ??0_Lockit@std@@QEAA@H@Z
 0x140011298 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
 0x1400112a0 ?uncaught_exception@std@@YA_NXZ
 0x1400112a8 ?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
 0x1400112b0 ?id@?$ctype@_W@std@@2V0locale@2@A
 0x1400112b8 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
 0x1400112c0 ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
 0x1400112c8 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
 0x1400112d0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
 0x1400112d8 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
 0x1400112e0 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
 0x1400112e8 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
 0x1400112f0 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
 0x1400112f8 ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
 0x140011300 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
 0x140011308 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
 0x140011310 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
 0x140011318 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
 0x140011320 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
 0x140011328 ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
 0x140011330 ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
 0x140011338 ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
 0x140011340 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
 0x140011348 ?_Xlength_error@std@@YAXPEBD@Z
ntdll.dll
 0x140011590 NtQuerySystemInformation
 0x140011598 RtlInitUnicodeString
VCRUNTIME140_1.dll
 0x1400113b8 __CxxFrameHandler4
VCRUNTIME140.dll
 0x140011358 __current_exception
 0x140011360 __C_specific_handler
 0x140011368 memset
 0x140011370 _CxxThrowException
 0x140011378 __std_terminate
 0x140011380 __std_exception_destroy
 0x140011388 memcpy
 0x140011390 memcmp
 0x140011398 __current_exception_context
 0x1400113a0 memmove
 0x1400113a8 __std_exception_copy
api-ms-win-crt-stdio-l1-1-0.dll
 0x1400114d8 _fseeki64
 0x1400114e0 fread
 0x1400114e8 fsetpos
 0x1400114f0 ungetc
 0x1400114f8 fputc
 0x140011500 fflush
 0x140011508 _set_fmode
 0x140011510 setvbuf
 0x140011518 fgetpos
 0x140011520 fwrite
 0x140011528 __p__commode
 0x140011530 _get_stream_buffer_pointers
 0x140011538 fgetc
 0x140011540 fclose
api-ms-win-crt-heap-l1-1-0.dll
 0x1400113e8 malloc
 0x1400113f0 _set_new_mode
 0x1400113f8 _callnewh
 0x140011400 free
api-ms-win-crt-utility-l1-1-0.dll
 0x140011578 rand
 0x140011580 srand
api-ms-win-crt-filesystem-l1-1-0.dll
 0x1400113c8 _lock_file
 0x1400113d0 _wremove
 0x1400113d8 _unlock_file
api-ms-win-crt-string-l1-1-0.dll
 0x140011550 _wcsicmp
 0x140011558 _stricmp
api-ms-win-crt-time-l1-1-0.dll
 0x140011568 _time64
api-ms-win-crt-runtime-l1-1-0.dll
 0x140011438 _initterm_e
 0x140011440 _get_initial_wide_environment
 0x140011448 _initialize_wide_environment
 0x140011450 _configure_wide_argv
 0x140011458 _initterm
 0x140011460 __p___wargv
 0x140011468 _set_app_type
 0x140011470 _seh_filter_exe
 0x140011478 _cexit
 0x140011480 _crt_atexit
 0x140011488 _register_onexit_function
 0x140011490 _initialize_onexit_table
 0x140011498 _c_exit
 0x1400114a0 exit
 0x1400114a8 _register_thread_local_exe_atexit_callback
 0x1400114b0 terminate
 0x1400114b8 _invalid_parameter_noinfo_noreturn
 0x1400114c0 _exit
 0x1400114c8 __p___argc
api-ms-win-crt-locale-l1-1-0.dll
 0x140011410 ___lc_codepage_func
 0x140011418 _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll
 0x140011428 __setusermatherr

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure