ScreenShot
| Created | 2025.04.13 15:26 | Machine | s1_win7_x6401 |
| Filename | crypted.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (AIDetectMalware, Unsafe, Save, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, HIBD, MalwareX, Cryp, Vidar, ShellCodeLoader, CLASSIC, Krypt, Detected, GrayWare, Wacapew, Wacatac, PE04C9V) | ||
| md5 | b57543cb0009ec9e7b9ed36b317f4a68 | ||
| sha256 | 2873c654425d5c041b233ee04c2252589efb9ad7f5e5a2706d8487e7d8aadcee | ||
| ssdeep | 24576:LXfINFPFU9z/46aw5vHZnWHItRf4fYRE7BHlcADadfj/EIS6CwvhYt4zju+40jup:LXfINtFU9z/46aw5vHZnWHItRf4Qy7BR | ||
| imphash | a898adc0428740dd4fad8431feafaf7a | ||
| impfuzzy | 24:hWsWWDoelQtzOovbOGMUD1uUvgkWDpZW7UlnjBLPxQXRKT07GyiJUc8:hWhQo5y361PMZhJjBbxQrGyJc8 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400f76f0 AcquireSRWLockExclusive
0x1400f76f8 CloseHandle
0x1400f7700 CloseThreadpoolWork
0x1400f7708 CreateFileA
0x1400f7710 CreateFileW
0x1400f7718 CreateThreadpoolWork
0x1400f7720 DecodePointer
0x1400f7728 DeleteCriticalSection
0x1400f7730 EncodePointer
0x1400f7738 EnterCriticalSection
0x1400f7740 EnumSystemLocalesW
0x1400f7748 ExitProcess
0x1400f7750 FindClose
0x1400f7758 FindFirstFileExW
0x1400f7760 FindNextFileW
0x1400f7768 FlsAlloc
0x1400f7770 FlsFree
0x1400f7778 FlsGetValue
0x1400f7780 FlsSetValue
0x1400f7788 FlushFileBuffers
0x1400f7790 FreeEnvironmentStringsW
0x1400f7798 FreeLibrary
0x1400f77a0 FreeLibraryWhenCallbackReturns
0x1400f77a8 GetACP
0x1400f77b0 GetCPInfo
0x1400f77b8 GetCommandLineA
0x1400f77c0 GetCommandLineW
0x1400f77c8 GetConsoleMode
0x1400f77d0 GetConsoleOutputCP
0x1400f77d8 GetCurrentProcess
0x1400f77e0 GetCurrentProcessId
0x1400f77e8 GetCurrentThreadId
0x1400f77f0 GetEnvironmentStringsW
0x1400f77f8 GetFileSize
0x1400f7800 GetFileSizeEx
0x1400f7808 GetFileType
0x1400f7810 GetLastError
0x1400f7818 GetLocaleInfoW
0x1400f7820 GetModuleFileNameW
0x1400f7828 GetModuleHandleA
0x1400f7830 GetModuleHandleExW
0x1400f7838 GetModuleHandleW
0x1400f7840 GetOEMCP
0x1400f7848 GetProcAddress
0x1400f7850 GetProcessHeap
0x1400f7858 GetStartupInfoW
0x1400f7860 GetStdHandle
0x1400f7868 GetStringTypeW
0x1400f7870 GetSystemTimeAsFileTime
0x1400f7878 GetUserDefaultLCID
0x1400f7880 HeapAlloc
0x1400f7888 HeapFree
0x1400f7890 HeapReAlloc
0x1400f7898 HeapSize
0x1400f78a0 InitOnceBeginInitialize
0x1400f78a8 InitOnceComplete
0x1400f78b0 InitializeCriticalSectionAndSpinCount
0x1400f78b8 InitializeCriticalSectionEx
0x1400f78c0 InitializeSListHead
0x1400f78c8 IsDebuggerPresent
0x1400f78d0 IsProcessorFeaturePresent
0x1400f78d8 IsValidCodePage
0x1400f78e0 IsValidLocale
0x1400f78e8 LCMapStringEx
0x1400f78f0 LCMapStringW
0x1400f78f8 LeaveCriticalSection
0x1400f7900 LoadLibraryExW
0x1400f7908 MultiByteToWideChar
0x1400f7910 QueryPerformanceCounter
0x1400f7918 QueryPerformanceFrequency
0x1400f7920 RaiseException
0x1400f7928 ReadConsoleW
0x1400f7930 ReadFile
0x1400f7938 ReleaseSRWLockExclusive
0x1400f7940 RtlCaptureContext
0x1400f7948 RtlLookupFunctionEntry
0x1400f7950 RtlPcToFileHeader
0x1400f7958 RtlUnwind
0x1400f7960 RtlUnwindEx
0x1400f7968 RtlVirtualUnwind
0x1400f7970 SetFilePointerEx
0x1400f7978 SetLastError
0x1400f7980 SetStdHandle
0x1400f7988 SetUnhandledExceptionFilter
0x1400f7990 Sleep
0x1400f7998 SleepConditionVariableSRW
0x1400f79a0 SubmitThreadpoolWork
0x1400f79a8 TerminateProcess
0x1400f79b0 TlsAlloc
0x1400f79b8 TlsFree
0x1400f79c0 TlsGetValue
0x1400f79c8 TlsSetValue
0x1400f79d0 TryAcquireSRWLockExclusive
0x1400f79d8 UnhandledExceptionFilter
0x1400f79e0 WakeAllConditionVariable
0x1400f79e8 WideCharToMultiByte
0x1400f79f0 WriteConsoleW
0x1400f79f8 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x1400f76f0 AcquireSRWLockExclusive
0x1400f76f8 CloseHandle
0x1400f7700 CloseThreadpoolWork
0x1400f7708 CreateFileA
0x1400f7710 CreateFileW
0x1400f7718 CreateThreadpoolWork
0x1400f7720 DecodePointer
0x1400f7728 DeleteCriticalSection
0x1400f7730 EncodePointer
0x1400f7738 EnterCriticalSection
0x1400f7740 EnumSystemLocalesW
0x1400f7748 ExitProcess
0x1400f7750 FindClose
0x1400f7758 FindFirstFileExW
0x1400f7760 FindNextFileW
0x1400f7768 FlsAlloc
0x1400f7770 FlsFree
0x1400f7778 FlsGetValue
0x1400f7780 FlsSetValue
0x1400f7788 FlushFileBuffers
0x1400f7790 FreeEnvironmentStringsW
0x1400f7798 FreeLibrary
0x1400f77a0 FreeLibraryWhenCallbackReturns
0x1400f77a8 GetACP
0x1400f77b0 GetCPInfo
0x1400f77b8 GetCommandLineA
0x1400f77c0 GetCommandLineW
0x1400f77c8 GetConsoleMode
0x1400f77d0 GetConsoleOutputCP
0x1400f77d8 GetCurrentProcess
0x1400f77e0 GetCurrentProcessId
0x1400f77e8 GetCurrentThreadId
0x1400f77f0 GetEnvironmentStringsW
0x1400f77f8 GetFileSize
0x1400f7800 GetFileSizeEx
0x1400f7808 GetFileType
0x1400f7810 GetLastError
0x1400f7818 GetLocaleInfoW
0x1400f7820 GetModuleFileNameW
0x1400f7828 GetModuleHandleA
0x1400f7830 GetModuleHandleExW
0x1400f7838 GetModuleHandleW
0x1400f7840 GetOEMCP
0x1400f7848 GetProcAddress
0x1400f7850 GetProcessHeap
0x1400f7858 GetStartupInfoW
0x1400f7860 GetStdHandle
0x1400f7868 GetStringTypeW
0x1400f7870 GetSystemTimeAsFileTime
0x1400f7878 GetUserDefaultLCID
0x1400f7880 HeapAlloc
0x1400f7888 HeapFree
0x1400f7890 HeapReAlloc
0x1400f7898 HeapSize
0x1400f78a0 InitOnceBeginInitialize
0x1400f78a8 InitOnceComplete
0x1400f78b0 InitializeCriticalSectionAndSpinCount
0x1400f78b8 InitializeCriticalSectionEx
0x1400f78c0 InitializeSListHead
0x1400f78c8 IsDebuggerPresent
0x1400f78d0 IsProcessorFeaturePresent
0x1400f78d8 IsValidCodePage
0x1400f78e0 IsValidLocale
0x1400f78e8 LCMapStringEx
0x1400f78f0 LCMapStringW
0x1400f78f8 LeaveCriticalSection
0x1400f7900 LoadLibraryExW
0x1400f7908 MultiByteToWideChar
0x1400f7910 QueryPerformanceCounter
0x1400f7918 QueryPerformanceFrequency
0x1400f7920 RaiseException
0x1400f7928 ReadConsoleW
0x1400f7930 ReadFile
0x1400f7938 ReleaseSRWLockExclusive
0x1400f7940 RtlCaptureContext
0x1400f7948 RtlLookupFunctionEntry
0x1400f7950 RtlPcToFileHeader
0x1400f7958 RtlUnwind
0x1400f7960 RtlUnwindEx
0x1400f7968 RtlVirtualUnwind
0x1400f7970 SetFilePointerEx
0x1400f7978 SetLastError
0x1400f7980 SetStdHandle
0x1400f7988 SetUnhandledExceptionFilter
0x1400f7990 Sleep
0x1400f7998 SleepConditionVariableSRW
0x1400f79a0 SubmitThreadpoolWork
0x1400f79a8 TerminateProcess
0x1400f79b0 TlsAlloc
0x1400f79b8 TlsFree
0x1400f79c0 TlsGetValue
0x1400f79c8 TlsSetValue
0x1400f79d0 TryAcquireSRWLockExclusive
0x1400f79d8 UnhandledExceptionFilter
0x1400f79e0 WakeAllConditionVariable
0x1400f79e8 WideCharToMultiByte
0x1400f79f0 WriteConsoleW
0x1400f79f8 WriteFile
EAT(Export Address Table) is none