ScreenShot
| Created | 2025.01.13 16:40 | Machine | s1_win7_x6401 |
| Filename | random.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 12 detected (AIDetectMalware, Vupy, malicious, confidence, moderate confidence, FileRepMalware, Misc, MulDrop28, GenAsa, HScGwhH0ubc, AutoIT, PossibleThreat, PALLAS) | ||
| md5 | 89841d2045725c18c80011b9ce901b4e | ||
| sha256 | e064eeab25a47fd1d9b0bf40c8a82254e5f3a5ebb332129f6b91f7e7b6d60a91 | ||
| ssdeep | 24576:YLA96z4S/zCtTFL/qcF8UReLbpPEwpA0jg8Zg:mA6/EFO+8selrpm | ||
| imphash | ce226b868ae2c11cdb5383c13163070c | ||
| impfuzzy | 96:d0f6tHHcDhwks4+ysPVkXp546Onkw+bcqqC/i9FaeXXAGSmo:Sf6tHkiCZynkw+bcZC/ifXXNJo | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| watch | Drops a binary and executes it |
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x14001c020 None
SHELL32.dll
0x14001c3c0 SHGetMalloc
0x14001c3c8 SHGetSpecialFolderPathW
0x14001c3d0 ShellExecuteExW
0x14001c3d8 SHBrowseForFolderW
0x14001c3e0 SHGetFileInfoW
0x14001c3e8 ShellExecuteW
0x14001c3f0 SHGetPathFromIDListW
GDI32.dll
0x14001c030 CreateCompatibleDC
0x14001c038 CreateFontIndirectW
0x14001c040 DeleteObject
0x14001c048 DeleteDC
0x14001c050 GetCurrentObject
0x14001c058 StretchBlt
0x14001c060 GetDeviceCaps
0x14001c068 CreateCompatibleBitmap
0x14001c070 SelectObject
0x14001c078 SetStretchBltMode
0x14001c080 GetObjectW
ADVAPI32.dll
0x14001c000 FreeSid
0x14001c008 AllocateAndInitializeSid
0x14001c010 CheckTokenMembership
USER32.dll
0x14001c400 IsWindow
0x14001c408 EnableWindow
0x14001c410 MessageBeep
0x14001c418 LoadIconW
0x14001c420 LoadImageW
0x14001c428 SetWindowsHookExW
0x14001c430 PtInRect
0x14001c438 CallNextHookEx
0x14001c440 DefWindowProcW
0x14001c448 CallWindowProcW
0x14001c450 DrawIconEx
0x14001c458 DialogBoxIndirectParamW
0x14001c460 GetWindow
0x14001c468 ClientToScreen
0x14001c470 GetDC
0x14001c478 DrawTextW
0x14001c480 ShowWindow
0x14001c488 SystemParametersInfoW
0x14001c490 GetSystemMetrics
0x14001c498 SetFocus
0x14001c4a0 UnhookWindowsHookEx
0x14001c4a8 GetWindowLongPtrW
0x14001c4b0 SetWindowLongPtrW
0x14001c4b8 GetClientRect
0x14001c4c0 EnableMenuItem
0x14001c4c8 GetKeyState
0x14001c4d0 MessageBoxA
0x14001c4d8 SetWindowTextW
0x14001c4e0 wsprintfA
0x14001c4e8 GetSysColor
0x14001c4f0 GetWindowTextLengthW
0x14001c4f8 GetWindowTextW
0x14001c500 GetClassNameA
0x14001c508 GetWindowLongW
0x14001c510 GetMenu
0x14001c518 SetWindowPos
0x14001c520 GetWindowDC
0x14001c528 ReleaseDC
0x14001c530 CopyImage
0x14001c538 GetParent
0x14001c540 GetWindowRect
0x14001c548 ScreenToClient
0x14001c550 CreateWindowExW
0x14001c558 GetSystemMenu
0x14001c560 GetMessageW
0x14001c568 DispatchMessageW
0x14001c570 SetTimer
0x14001c578 DestroyWindow
0x14001c580 CharUpperW
0x14001c588 EndDialog
0x14001c590 SendMessageW
0x14001c598 wsprintfW
0x14001c5a0 wvsprintfW
0x14001c5a8 GetDlgItem
0x14001c5b0 KillTimer
ole32.dll
0x14001c6f0 CreateStreamOnHGlobal
0x14001c6f8 CoInitialize
0x14001c700 CoCreateInstance
OLEAUT32.dll
0x14001c3a0 SysAllocString
0x14001c3a8 VariantClear
0x14001c3b0 OleLoadPicture
KERNEL32.dll
0x14001c090 EnterCriticalSection
0x14001c098 LeaveCriticalSection
0x14001c0a0 WaitForMultipleObjects
0x14001c0a8 SetUnhandledExceptionFilter
0x14001c0b0 QueryPerformanceCounter
0x14001c0b8 GetTickCount
0x14001c0c0 DeleteCriticalSection
0x14001c0c8 SetEndOfFile
0x14001c0d0 SetFileTime
0x14001c0d8 ReadFile
0x14001c0e0 SetFilePointer
0x14001c0e8 GetFileSize
0x14001c0f0 FormatMessageW
0x14001c0f8 lstrcpyW
0x14001c100 LocalFree
0x14001c108 IsBadReadPtr
0x14001c110 GetSystemDirectoryW
0x14001c118 GetCurrentThreadId
0x14001c120 SuspendThread
0x14001c128 TerminateThread
0x14001c130 InitializeCriticalSection
0x14001c138 ResetEvent
0x14001c140 SetEvent
0x14001c148 CreateEventW
0x14001c150 GetVersionExW
0x14001c158 GetModuleFileNameW
0x14001c160 GetCurrentProcess
0x14001c168 SetProcessWorkingSetSize
0x14001c170 SetCurrentDirectoryW
0x14001c178 SetEnvironmentVariableW
0x14001c180 GetDriveTypeW
0x14001c188 CreateFileW
0x14001c190 GetCommandLineW
0x14001c198 GetStartupInfoW
0x14001c1a0 CreateProcessW
0x14001c1a8 CreateJobObjectW
0x14001c1b0 AssignProcessToJobObject
0x14001c1b8 CreateIoCompletionPort
0x14001c1c0 SetInformationJobObject
0x14001c1c8 ResumeThread
0x14001c1d0 GetQueuedCompletionStatus
0x14001c1d8 GetExitCodeProcess
0x14001c1e0 CloseHandle
0x14001c1e8 GetTempPathW
0x14001c1f0 GetSystemTimeAsFileTime
0x14001c1f8 lstrlenW
0x14001c200 CompareFileTime
0x14001c208 SetThreadLocale
0x14001c210 FindFirstFileW
0x14001c218 DeleteFileW
0x14001c220 FindNextFileW
0x14001c228 FindClose
0x14001c230 RemoveDirectoryW
0x14001c238 lstrcmpW
0x14001c240 ExpandEnvironmentStringsW
0x14001c248 WideCharToMultiByte
0x14001c250 VirtualAlloc
0x14001c258 GlobalMemoryStatusEx
0x14001c260 GetEnvironmentVariableW
0x14001c268 lstrcmpiW
0x14001c270 lstrlenA
0x14001c278 GetLocaleInfoW
0x14001c280 MultiByteToWideChar
0x14001c288 GetUserDefaultUILanguage
0x14001c290 GetSystemDefaultUILanguage
0x14001c298 GetSystemDefaultLCID
0x14001c2a0 lstrcmpiA
0x14001c2a8 GlobalAlloc
0x14001c2b0 GlobalFree
0x14001c2b8 MulDiv
0x14001c2c0 FindResourceExA
0x14001c2c8 ExitProcess
0x14001c2d0 lstrcatW
0x14001c2d8 AddVectoredExceptionHandler
0x14001c2e0 RemoveVectoredExceptionHandler
0x14001c2e8 GetDiskFreeSpaceExW
0x14001c2f0 SetFileAttributesW
0x14001c2f8 SetLastError
0x14001c300 Sleep
0x14001c308 GetExitCodeThread
0x14001c310 WaitForSingleObject
0x14001c318 CreateThread
0x14001c320 GetLastError
0x14001c328 SystemTimeToFileTime
0x14001c330 GetLocalTime
0x14001c338 GetFileAttributesW
0x14001c340 CreateDirectoryW
0x14001c348 WriteFile
0x14001c350 GetStdHandle
0x14001c358 VirtualFree
0x14001c360 GetModuleHandleW
0x14001c368 GetProcAddress
0x14001c370 LoadLibraryA
0x14001c378 LockResource
0x14001c380 LoadResource
0x14001c388 SizeofResource
0x14001c390 GetCurrentProcessId
msvcrt.dll
0x14001c5c0 ??3@YAXPEAX@Z
0x14001c5c8 ??2@YAPEAX_K@Z
0x14001c5d0 _purecall
0x14001c5d8 memcmp
0x14001c5e0 free
0x14001c5e8 memcpy
0x14001c5f0 _wtol
0x14001c5f8 memmove
0x14001c600 malloc
0x14001c608 wcsncmp
0x14001c610 strncmp
0x14001c618 _wcsnicmp
0x14001c620 memset
0x14001c628 ?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
0x14001c630 __CxxFrameHandler3
0x14001c638 _beginthreadex
0x14001c640 _CxxThrowException
0x14001c648 __C_specific_handler
0x14001c650 _unlock
0x14001c658 __dllonexit
0x14001c660 _lock
0x14001c668 _onexit
0x14001c670 ??1type_info@@UEAA@XZ
0x14001c678 __getmainargs
0x14001c680 _XcptFilter
0x14001c688 _exit
0x14001c690 _ismbblead
0x14001c698 _cexit
0x14001c6a0 exit
0x14001c6a8 _acmdln
0x14001c6b0 _initterm
0x14001c6b8 _amsg_exit
0x14001c6c0 __setusermatherr
0x14001c6c8 _commode
0x14001c6d0 _fmode
0x14001c6d8 __set_app_type
0x14001c6e0 ?terminate@@YAXXZ
EAT(Export Address Table) is none
COMCTL32.dll
0x14001c020 None
SHELL32.dll
0x14001c3c0 SHGetMalloc
0x14001c3c8 SHGetSpecialFolderPathW
0x14001c3d0 ShellExecuteExW
0x14001c3d8 SHBrowseForFolderW
0x14001c3e0 SHGetFileInfoW
0x14001c3e8 ShellExecuteW
0x14001c3f0 SHGetPathFromIDListW
GDI32.dll
0x14001c030 CreateCompatibleDC
0x14001c038 CreateFontIndirectW
0x14001c040 DeleteObject
0x14001c048 DeleteDC
0x14001c050 GetCurrentObject
0x14001c058 StretchBlt
0x14001c060 GetDeviceCaps
0x14001c068 CreateCompatibleBitmap
0x14001c070 SelectObject
0x14001c078 SetStretchBltMode
0x14001c080 GetObjectW
ADVAPI32.dll
0x14001c000 FreeSid
0x14001c008 AllocateAndInitializeSid
0x14001c010 CheckTokenMembership
USER32.dll
0x14001c400 IsWindow
0x14001c408 EnableWindow
0x14001c410 MessageBeep
0x14001c418 LoadIconW
0x14001c420 LoadImageW
0x14001c428 SetWindowsHookExW
0x14001c430 PtInRect
0x14001c438 CallNextHookEx
0x14001c440 DefWindowProcW
0x14001c448 CallWindowProcW
0x14001c450 DrawIconEx
0x14001c458 DialogBoxIndirectParamW
0x14001c460 GetWindow
0x14001c468 ClientToScreen
0x14001c470 GetDC
0x14001c478 DrawTextW
0x14001c480 ShowWindow
0x14001c488 SystemParametersInfoW
0x14001c490 GetSystemMetrics
0x14001c498 SetFocus
0x14001c4a0 UnhookWindowsHookEx
0x14001c4a8 GetWindowLongPtrW
0x14001c4b0 SetWindowLongPtrW
0x14001c4b8 GetClientRect
0x14001c4c0 EnableMenuItem
0x14001c4c8 GetKeyState
0x14001c4d0 MessageBoxA
0x14001c4d8 SetWindowTextW
0x14001c4e0 wsprintfA
0x14001c4e8 GetSysColor
0x14001c4f0 GetWindowTextLengthW
0x14001c4f8 GetWindowTextW
0x14001c500 GetClassNameA
0x14001c508 GetWindowLongW
0x14001c510 GetMenu
0x14001c518 SetWindowPos
0x14001c520 GetWindowDC
0x14001c528 ReleaseDC
0x14001c530 CopyImage
0x14001c538 GetParent
0x14001c540 GetWindowRect
0x14001c548 ScreenToClient
0x14001c550 CreateWindowExW
0x14001c558 GetSystemMenu
0x14001c560 GetMessageW
0x14001c568 DispatchMessageW
0x14001c570 SetTimer
0x14001c578 DestroyWindow
0x14001c580 CharUpperW
0x14001c588 EndDialog
0x14001c590 SendMessageW
0x14001c598 wsprintfW
0x14001c5a0 wvsprintfW
0x14001c5a8 GetDlgItem
0x14001c5b0 KillTimer
ole32.dll
0x14001c6f0 CreateStreamOnHGlobal
0x14001c6f8 CoInitialize
0x14001c700 CoCreateInstance
OLEAUT32.dll
0x14001c3a0 SysAllocString
0x14001c3a8 VariantClear
0x14001c3b0 OleLoadPicture
KERNEL32.dll
0x14001c090 EnterCriticalSection
0x14001c098 LeaveCriticalSection
0x14001c0a0 WaitForMultipleObjects
0x14001c0a8 SetUnhandledExceptionFilter
0x14001c0b0 QueryPerformanceCounter
0x14001c0b8 GetTickCount
0x14001c0c0 DeleteCriticalSection
0x14001c0c8 SetEndOfFile
0x14001c0d0 SetFileTime
0x14001c0d8 ReadFile
0x14001c0e0 SetFilePointer
0x14001c0e8 GetFileSize
0x14001c0f0 FormatMessageW
0x14001c0f8 lstrcpyW
0x14001c100 LocalFree
0x14001c108 IsBadReadPtr
0x14001c110 GetSystemDirectoryW
0x14001c118 GetCurrentThreadId
0x14001c120 SuspendThread
0x14001c128 TerminateThread
0x14001c130 InitializeCriticalSection
0x14001c138 ResetEvent
0x14001c140 SetEvent
0x14001c148 CreateEventW
0x14001c150 GetVersionExW
0x14001c158 GetModuleFileNameW
0x14001c160 GetCurrentProcess
0x14001c168 SetProcessWorkingSetSize
0x14001c170 SetCurrentDirectoryW
0x14001c178 SetEnvironmentVariableW
0x14001c180 GetDriveTypeW
0x14001c188 CreateFileW
0x14001c190 GetCommandLineW
0x14001c198 GetStartupInfoW
0x14001c1a0 CreateProcessW
0x14001c1a8 CreateJobObjectW
0x14001c1b0 AssignProcessToJobObject
0x14001c1b8 CreateIoCompletionPort
0x14001c1c0 SetInformationJobObject
0x14001c1c8 ResumeThread
0x14001c1d0 GetQueuedCompletionStatus
0x14001c1d8 GetExitCodeProcess
0x14001c1e0 CloseHandle
0x14001c1e8 GetTempPathW
0x14001c1f0 GetSystemTimeAsFileTime
0x14001c1f8 lstrlenW
0x14001c200 CompareFileTime
0x14001c208 SetThreadLocale
0x14001c210 FindFirstFileW
0x14001c218 DeleteFileW
0x14001c220 FindNextFileW
0x14001c228 FindClose
0x14001c230 RemoveDirectoryW
0x14001c238 lstrcmpW
0x14001c240 ExpandEnvironmentStringsW
0x14001c248 WideCharToMultiByte
0x14001c250 VirtualAlloc
0x14001c258 GlobalMemoryStatusEx
0x14001c260 GetEnvironmentVariableW
0x14001c268 lstrcmpiW
0x14001c270 lstrlenA
0x14001c278 GetLocaleInfoW
0x14001c280 MultiByteToWideChar
0x14001c288 GetUserDefaultUILanguage
0x14001c290 GetSystemDefaultUILanguage
0x14001c298 GetSystemDefaultLCID
0x14001c2a0 lstrcmpiA
0x14001c2a8 GlobalAlloc
0x14001c2b0 GlobalFree
0x14001c2b8 MulDiv
0x14001c2c0 FindResourceExA
0x14001c2c8 ExitProcess
0x14001c2d0 lstrcatW
0x14001c2d8 AddVectoredExceptionHandler
0x14001c2e0 RemoveVectoredExceptionHandler
0x14001c2e8 GetDiskFreeSpaceExW
0x14001c2f0 SetFileAttributesW
0x14001c2f8 SetLastError
0x14001c300 Sleep
0x14001c308 GetExitCodeThread
0x14001c310 WaitForSingleObject
0x14001c318 CreateThread
0x14001c320 GetLastError
0x14001c328 SystemTimeToFileTime
0x14001c330 GetLocalTime
0x14001c338 GetFileAttributesW
0x14001c340 CreateDirectoryW
0x14001c348 WriteFile
0x14001c350 GetStdHandle
0x14001c358 VirtualFree
0x14001c360 GetModuleHandleW
0x14001c368 GetProcAddress
0x14001c370 LoadLibraryA
0x14001c378 LockResource
0x14001c380 LoadResource
0x14001c388 SizeofResource
0x14001c390 GetCurrentProcessId
msvcrt.dll
0x14001c5c0 ??3@YAXPEAX@Z
0x14001c5c8 ??2@YAPEAX_K@Z
0x14001c5d0 _purecall
0x14001c5d8 memcmp
0x14001c5e0 free
0x14001c5e8 memcpy
0x14001c5f0 _wtol
0x14001c5f8 memmove
0x14001c600 malloc
0x14001c608 wcsncmp
0x14001c610 strncmp
0x14001c618 _wcsnicmp
0x14001c620 memset
0x14001c628 ?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
0x14001c630 __CxxFrameHandler3
0x14001c638 _beginthreadex
0x14001c640 _CxxThrowException
0x14001c648 __C_specific_handler
0x14001c650 _unlock
0x14001c658 __dllonexit
0x14001c660 _lock
0x14001c668 _onexit
0x14001c670 ??1type_info@@UEAA@XZ
0x14001c678 __getmainargs
0x14001c680 _XcptFilter
0x14001c688 _exit
0x14001c690 _ismbblead
0x14001c698 _cexit
0x14001c6a0 exit
0x14001c6a8 _acmdln
0x14001c6b0 _initterm
0x14001c6b8 _amsg_exit
0x14001c6c0 __setusermatherr
0x14001c6c8 _commode
0x14001c6d0 _fmode
0x14001c6d8 __set_app_type
0x14001c6e0 ?terminate@@YAXXZ
EAT(Export Address Table) is none