Report - installPG.dll

Emotet Gen1 PhysicalDrive Generic Malware Malicious Library Malicious Packer UPX PE File DLL PE32 OS Processor Check

ScreenShot

Info
Location map


Created	2024.11.13 14:04	Machine	s1_win7_x6403
Filename	installPG.dll
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score	10	Behavior Score	1.8
ZERO API	file : clean
VT API (file)	40 detected (Common, ljqi, Malicious, score, Artemis, Unsafe, Fragtor, confidence, Attribute, HighConfidence, high confidence, BlackMoon, C suspicious, MalwareX, Convagent, HackTool, UPGDSED, CLASSIC, DM@6edgy4, Wacapew, 269QAD, R002H07GV24, Dinwod, frindll)
md5	5ae27c0cf40c4eb6450b99af10ce9750
sha256	6cefeb0900b06a47ddc8c2c5549ab9264caa795d9f60c21d92275011f344950f
ssdeep	24576:4vL4MFUEdpHVzXKWHoBpHEjVweSRHYU/L38dsh0Dt/oPf2Du4yOQ:4jRRpHNdInHdUU/z0Vlw
imphash	eba407ef349379f76ff31d9c85e614cf
impfuzzy	96:yb6be9JFfUUKY8Whx2PZ7N9Qz5/kqOIrZMcRcjlc:leHFf9Y7N9Qz5sqOIr+cRce

Network IP location

Signature (3cnts)

Level	Description
danger	File has been identified by 40 AntiVirus engines on VirusTotal as malicious
notice	Foreign language identified in PE resource
info	The executable uses a known packer

Rules (11cnts)

Level	Name	Description	Collection
danger	Win32_Trojan_Emotet_1_Zero	Win32 Trojan Emotet	binaries (upload)
danger	Win32_Trojan_Gen_1_0904B0_Zero	Win32 Trojan Emotet	binaries (upload)
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
warning	PhysicalDrive_20181001	(no description)	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	Malicious_Packer_Zero	Malicious Packer	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure