ScreenShot
| Created | 2025.04.08 23:03 | Machine | s1_win7_x6401 |
| Filename | iexplore.exe.00_000c5e00.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 44c58df79e48e0460f692708558da2b0 | ||
| sha256 | 817ba727b9716e3262f00e892a423eebbf8bb90a1e1d4cb10cc7499de6d6b05e | ||
| ssdeep | 24576:UA/qlGLbMMHMMMvMMZMMMKzb6XmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMMUMMVG:UgMMHMMMvMMZMMMlmMMMiMMMYJMMHMMs | ||
| imphash | 3ffac8494bef084c0b7f5310359e375e | ||
| impfuzzy | 48:lp+5yLulBLa6XqxG3XGEpXKcqJ/9px/b9KrTsG:Wa6XqwnGIXKcqJ/97/bEHsG | ||
No network connection information
Signature (3cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x4090c8 GetWindowThreadProcessId
0x4090cc AllowSetForegroundWindow
0x4090d0 FindWindowExW
0x4090d4 SendMessageTimeoutW
0x4090d8 IsWindowVisible
0x4090dc SetUserObjectInformationW
0x4090e0 WaitForInputIdle
0x4090e4 IsWindowEnabled
msvcrt.dll
0x409140 _vsnwprintf
0x409144 iswspace
0x409148 ?terminate@@YAXXZ
0x40914c _onexit
0x409150 __dllonexit
0x409154 memset
0x409158 _unlock
0x40915c _lock
0x409160 _except_handler4_common
0x409164 _wcmdln
0x409168 wcsncmp
0x40916c free
0x409170 malloc
0x409174 _callnewh
0x409178 _XcptFilter
0x40917c __p__commode
0x409180 _amsg_exit
0x409184 __wgetmainargs
0x409188 __set_app_type
0x40918c exit
0x409190 _exit
0x409194 _cexit
0x409198 iswalpha
0x40919c wcspbrk
0x4091a0 wcschr
0x4091a4 __p__fmode
0x4091a8 __setusermatherr
0x4091ac _controlfp
0x4091b0 memcpy_s
0x4091b4 _initterm
KERNEL32.dll
0x409008 LocalFree
0x40900c CreateMutexExW
0x409010 GetProcAddress
0x409014 GetProcessHeap
0x409018 CreateProcessW
0x40901c GetModuleHandleW
0x409020 DebugBreak
0x409024 SetDllDirectoryW
0x409028 DelayLoadFailureHook
0x40902c DeleteCriticalSection
0x409030 SetProcessDEPPolicy
0x409034 ExpandEnvironmentStringsW
0x409038 IsWow64Process
0x40903c ResolveDelayLoadedAPI
0x409040 GetCurrentProcessId
0x409044 UnhandledExceptionFilter
0x409048 HeapAlloc
0x40904c HeapSetInformation
0x409050 GetTickCount
0x409054 GetSystemTimeAsFileTime
0x409058 QueryPerformanceCounter
0x40905c SetUnhandledExceptionFilter
0x409060 GetStartupInfoW
0x409064 Sleep
0x409068 GetModuleFileNameA
0x40906c CreateSemaphoreExW
0x409070 HeapFree
0x409074 SetLastError
0x409078 GetCommandLineW
0x40907c GetCurrentProcess
0x409080 ReleaseSemaphore
0x409084 GetModuleHandleExW
0x409088 TerminateProcess
0x40908c InitializeCriticalSection
0x409090 SetErrorMode
0x409094 WaitForSingleObject
0x409098 LocalAlloc
0x40909c GetCurrentThreadId
0x4090a0 ReleaseMutex
0x4090a4 FormatMessageW
0x4090a8 GetLastError
0x4090ac OutputDebugStringW
0x4090b0 WaitForSingleObjectEx
0x4090b4 OpenSemaphoreW
0x4090b8 CloseHandle
0x4090bc GetNativeSystemInfo
0x4090c0 IsDebuggerPresent
api-ms-win-downlevel-advapi32-l1-1-0.dll
0x4090ec EventWriteTransfer
0x4090f0 EventRegister
0x4090f4 RegGetValueW
0x4090f8 EventUnregister
0x4090fc EventWriteEx
ADVAPI32.dll
0x409000 EventSetInformation
iertutil.dll
0x409114 None
0x409118 None
0x40911c None
0x409120 None
0x409124 None
0x409128 None
0x40912c None
0x409130 None
0x409134 None
0x409138 None
api-ms-win-downlevel-shlwapi-l1-1-0.dll
0x40910c StrStrIW
api-ms-win-downlevel-ole32-l1-1-0.dll
0x409104 CoCreateGuid
EAT(Export Address Table) is none
USER32.dll
0x4090c8 GetWindowThreadProcessId
0x4090cc AllowSetForegroundWindow
0x4090d0 FindWindowExW
0x4090d4 SendMessageTimeoutW
0x4090d8 IsWindowVisible
0x4090dc SetUserObjectInformationW
0x4090e0 WaitForInputIdle
0x4090e4 IsWindowEnabled
msvcrt.dll
0x409140 _vsnwprintf
0x409144 iswspace
0x409148 ?terminate@@YAXXZ
0x40914c _onexit
0x409150 __dllonexit
0x409154 memset
0x409158 _unlock
0x40915c _lock
0x409160 _except_handler4_common
0x409164 _wcmdln
0x409168 wcsncmp
0x40916c free
0x409170 malloc
0x409174 _callnewh
0x409178 _XcptFilter
0x40917c __p__commode
0x409180 _amsg_exit
0x409184 __wgetmainargs
0x409188 __set_app_type
0x40918c exit
0x409190 _exit
0x409194 _cexit
0x409198 iswalpha
0x40919c wcspbrk
0x4091a0 wcschr
0x4091a4 __p__fmode
0x4091a8 __setusermatherr
0x4091ac _controlfp
0x4091b0 memcpy_s
0x4091b4 _initterm
KERNEL32.dll
0x409008 LocalFree
0x40900c CreateMutexExW
0x409010 GetProcAddress
0x409014 GetProcessHeap
0x409018 CreateProcessW
0x40901c GetModuleHandleW
0x409020 DebugBreak
0x409024 SetDllDirectoryW
0x409028 DelayLoadFailureHook
0x40902c DeleteCriticalSection
0x409030 SetProcessDEPPolicy
0x409034 ExpandEnvironmentStringsW
0x409038 IsWow64Process
0x40903c ResolveDelayLoadedAPI
0x409040 GetCurrentProcessId
0x409044 UnhandledExceptionFilter
0x409048 HeapAlloc
0x40904c HeapSetInformation
0x409050 GetTickCount
0x409054 GetSystemTimeAsFileTime
0x409058 QueryPerformanceCounter
0x40905c SetUnhandledExceptionFilter
0x409060 GetStartupInfoW
0x409064 Sleep
0x409068 GetModuleFileNameA
0x40906c CreateSemaphoreExW
0x409070 HeapFree
0x409074 SetLastError
0x409078 GetCommandLineW
0x40907c GetCurrentProcess
0x409080 ReleaseSemaphore
0x409084 GetModuleHandleExW
0x409088 TerminateProcess
0x40908c InitializeCriticalSection
0x409090 SetErrorMode
0x409094 WaitForSingleObject
0x409098 LocalAlloc
0x40909c GetCurrentThreadId
0x4090a0 ReleaseMutex
0x4090a4 FormatMessageW
0x4090a8 GetLastError
0x4090ac OutputDebugStringW
0x4090b0 WaitForSingleObjectEx
0x4090b4 OpenSemaphoreW
0x4090b8 CloseHandle
0x4090bc GetNativeSystemInfo
0x4090c0 IsDebuggerPresent
api-ms-win-downlevel-advapi32-l1-1-0.dll
0x4090ec EventWriteTransfer
0x4090f0 EventRegister
0x4090f4 RegGetValueW
0x4090f8 EventUnregister
0x4090fc EventWriteEx
ADVAPI32.dll
0x409000 EventSetInformation
iertutil.dll
0x409114 None
0x409118 None
0x40911c None
0x409120 None
0x409124 None
0x409128 None
0x40912c None
0x409130 None
0x409134 None
0x409138 None
api-ms-win-downlevel-shlwapi-l1-1-0.dll
0x40910c StrStrIW
api-ms-win-downlevel-ole32-l1-1-0.dll
0x409104 CoCreateGuid
EAT(Export Address Table) is none