ScreenShot
| Created | 2025.05.03 16:40 | Machine | s1_win7_x6401 |
| Filename | random.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 3bf1ee3e77b56b3d3af2910d9a82cc68 | ||
| sha256 | 5a6fb6e1c274ef34a58bbc5d4f6e54b746ce71ca97e3fc8b1d4b10e2dff03348 | ||
| ssdeep | 12288:o6bdumjqGHM1ey+1HnLBmIPNsGG8vTcrm1bfX/IHO0ODBmIPNsGG8vTcrm1bfX/r:o6bdumjqkXXO88UXZzXO88UXZ | ||
| imphash | b23510932b3d0f63aae2b8be70a1f033 | ||
| impfuzzy | 24:/kWDCelQtWOovbOGMUD1uUvgDWDQyl3LPxQTw07GiJUHYjk:cQC5x361PlhbxQNGJH5 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140042de0 CloseHandle
0x140042de8 CreateFileA
0x140042df0 CreateFileW
0x140042df8 CreateThread
0x140042e00 DeleteCriticalSection
0x140042e08 EncodePointer
0x140042e10 EnterCriticalSection
0x140042e18 ExitProcess
0x140042e20 FindClose
0x140042e28 FindFirstFileExW
0x140042e30 FindNextFileW
0x140042e38 FlsAlloc
0x140042e40 FlsFree
0x140042e48 FlsGetValue
0x140042e50 FlsSetValue
0x140042e58 FlushFileBuffers
0x140042e60 FreeEnvironmentStringsW
0x140042e68 FreeLibrary
0x140042e70 GetACP
0x140042e78 GetCPInfo
0x140042e80 GetCommandLineA
0x140042e88 GetCommandLineW
0x140042e90 GetConsoleMode
0x140042e98 GetConsoleOutputCP
0x140042ea0 GetCurrentProcess
0x140042ea8 GetCurrentProcessId
0x140042eb0 GetCurrentThreadId
0x140042eb8 GetEnvironmentStringsW
0x140042ec0 GetFileSize
0x140042ec8 GetFileSizeEx
0x140042ed0 GetFileType
0x140042ed8 GetLastError
0x140042ee0 GetModuleFileNameW
0x140042ee8 GetModuleHandleA
0x140042ef0 GetModuleHandleExW
0x140042ef8 GetModuleHandleW
0x140042f00 GetOEMCP
0x140042f08 GetProcAddress
0x140042f10 GetProcessHeap
0x140042f18 GetStartupInfoW
0x140042f20 GetStdHandle
0x140042f28 GetStringTypeW
0x140042f30 GetSystemTimeAsFileTime
0x140042f38 HeapAlloc
0x140042f40 HeapFree
0x140042f48 HeapReAlloc
0x140042f50 HeapSize
0x140042f58 InitializeCriticalSectionAndSpinCount
0x140042f60 InitializeSListHead
0x140042f68 IsDebuggerPresent
0x140042f70 IsProcessorFeaturePresent
0x140042f78 IsValidCodePage
0x140042f80 LCMapStringW
0x140042f88 LeaveCriticalSection
0x140042f90 LoadLibraryExW
0x140042f98 MultiByteToWideChar
0x140042fa0 QueryPerformanceCounter
0x140042fa8 QueryPerformanceFrequency
0x140042fb0 RaiseException
0x140042fb8 ReadFile
0x140042fc0 RtlCaptureContext
0x140042fc8 RtlLookupFunctionEntry
0x140042fd0 RtlPcToFileHeader
0x140042fd8 RtlUnwindEx
0x140042fe0 RtlVirtualUnwind
0x140042fe8 SetFilePointerEx
0x140042ff0 SetLastError
0x140042ff8 SetStdHandle
0x140043000 SetUnhandledExceptionFilter
0x140043008 Sleep
0x140043010 TerminateProcess
0x140043018 TlsAlloc
0x140043020 TlsFree
0x140043028 TlsGetValue
0x140043030 TlsSetValue
0x140043038 UnhandledExceptionFilter
0x140043040 WaitForSingleObject
0x140043048 WideCharToMultiByte
0x140043050 WriteConsoleW
0x140043058 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x140042de0 CloseHandle
0x140042de8 CreateFileA
0x140042df0 CreateFileW
0x140042df8 CreateThread
0x140042e00 DeleteCriticalSection
0x140042e08 EncodePointer
0x140042e10 EnterCriticalSection
0x140042e18 ExitProcess
0x140042e20 FindClose
0x140042e28 FindFirstFileExW
0x140042e30 FindNextFileW
0x140042e38 FlsAlloc
0x140042e40 FlsFree
0x140042e48 FlsGetValue
0x140042e50 FlsSetValue
0x140042e58 FlushFileBuffers
0x140042e60 FreeEnvironmentStringsW
0x140042e68 FreeLibrary
0x140042e70 GetACP
0x140042e78 GetCPInfo
0x140042e80 GetCommandLineA
0x140042e88 GetCommandLineW
0x140042e90 GetConsoleMode
0x140042e98 GetConsoleOutputCP
0x140042ea0 GetCurrentProcess
0x140042ea8 GetCurrentProcessId
0x140042eb0 GetCurrentThreadId
0x140042eb8 GetEnvironmentStringsW
0x140042ec0 GetFileSize
0x140042ec8 GetFileSizeEx
0x140042ed0 GetFileType
0x140042ed8 GetLastError
0x140042ee0 GetModuleFileNameW
0x140042ee8 GetModuleHandleA
0x140042ef0 GetModuleHandleExW
0x140042ef8 GetModuleHandleW
0x140042f00 GetOEMCP
0x140042f08 GetProcAddress
0x140042f10 GetProcessHeap
0x140042f18 GetStartupInfoW
0x140042f20 GetStdHandle
0x140042f28 GetStringTypeW
0x140042f30 GetSystemTimeAsFileTime
0x140042f38 HeapAlloc
0x140042f40 HeapFree
0x140042f48 HeapReAlloc
0x140042f50 HeapSize
0x140042f58 InitializeCriticalSectionAndSpinCount
0x140042f60 InitializeSListHead
0x140042f68 IsDebuggerPresent
0x140042f70 IsProcessorFeaturePresent
0x140042f78 IsValidCodePage
0x140042f80 LCMapStringW
0x140042f88 LeaveCriticalSection
0x140042f90 LoadLibraryExW
0x140042f98 MultiByteToWideChar
0x140042fa0 QueryPerformanceCounter
0x140042fa8 QueryPerformanceFrequency
0x140042fb0 RaiseException
0x140042fb8 ReadFile
0x140042fc0 RtlCaptureContext
0x140042fc8 RtlLookupFunctionEntry
0x140042fd0 RtlPcToFileHeader
0x140042fd8 RtlUnwindEx
0x140042fe0 RtlVirtualUnwind
0x140042fe8 SetFilePointerEx
0x140042ff0 SetLastError
0x140042ff8 SetStdHandle
0x140043000 SetUnhandledExceptionFilter
0x140043008 Sleep
0x140043010 TerminateProcess
0x140043018 TlsAlloc
0x140043020 TlsFree
0x140043028 TlsGetValue
0x140043030 TlsSetValue
0x140043038 UnhandledExceptionFilter
0x140043040 WaitForSingleObject
0x140043048 WideCharToMultiByte
0x140043050 WriteConsoleW
0x140043058 WriteFile
EAT(Export Address Table) is none