ScreenShot
| Created | 2025.05.04 16:46 | Machine | s1_win7_x6401 |
| Filename | 2708-b6c4ee2dbf451589.exe_ | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 307d30b4b02c9d2bae54d825a7117219 | ||
| sha256 | 6d02217f1cc0de64bcb6b4c3dd7311b227dc51e6af08bbd8e87045fb05536ffd | ||
| ssdeep | 12288:MU9G6DMzHMMHMMMyMMMZMMMVcR9bzOXmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMw:MMGLbMMHMMMvMMZMMMKzb6XmMMMiMMMJ | ||
| imphash | 1ef9fb38f852f07964d44af800f98c5a | ||
| impfuzzy | 48:hb/CTVKMCL3IprZPZNop7QdP1l9uIAjv5yj+pLnSbUFQBYhC/XG3yf6Dm0:BCTVKjL3edBNop7QdP1l9uybbBYhEG3b | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0xa36000 EventWrite
0xa36008 GetTraceEnableFlags
0xa36010 RegQueryValueExW
0xa36018 EventUnregister
0xa36020 GetTraceLoggerHandle
0xa36028 TraceEvent
0xa36030 UnregisterTraceGuids
0xa36038 RegOpenKeyExW
0xa36040 EventRegister
0xa36048 GetTraceEnableLevel
0xa36050 RegCloseKey
0xa36058 RegisterTraceGuidsW
KERNEL32.dll
0xa36068 TerminateProcess
0xa36070 CreateFileW
0xa36078 lstrlenW
0xa36080 VerifyVersionInfoW
0xa36088 GetProcAddress
0xa36090 LocalAlloc
0xa36098 IsWow64Process
0xa360a0 HeapSetInformation
0xa360a8 GetFileTime
0xa360b0 DeleteCriticalSection
0xa360b8 CloseHandle
0xa360c0 GetWindowsDirectoryW
0xa360c8 LocalFree
0xa360d0 InitializeCriticalSection
0xa360d8 LoadLibraryW
0xa360e0 GetModuleHandleW
0xa360e8 GetCurrentProcess
0xa360f0 VerSetConditionMask
0xa360f8 SetDllDirectoryW
0xa36100 CreateProcessW
0xa36108 SetErrorMode
0xa36110 GetCommandLineW
0xa36118 RaiseException
0xa36120 LoadLibraryA
0xa36128 VirtualAlloc
0xa36130 GetLastError
0xa36138 GetSystemDefaultLCID
0xa36140 GetUserDefaultLCID
0xa36148 EnterCriticalSection
0xa36150 GetModuleFileNameW
0xa36158 LeaveCriticalSection
0xa36160 InitializeCriticalSectionAndSpinCount
0xa36168 GetVersionExA
0xa36170 ExpandEnvironmentStringsW
0xa36178 FreeLibrary
0xa36180 UnhandledExceptionFilter
0xa36188 GetSystemTimeAsFileTime
0xa36190 GetCurrentProcessId
0xa36198 GetCurrentThreadId
0xa361a0 GetTickCount
0xa361a8 QueryPerformanceCounter
0xa361b0 SetUnhandledExceptionFilter
0xa361b8 GetStartupInfoW
0xa361c0 Sleep
0xa361c8 GetCurrentDirectoryW
USER32.dll
0xa361d8 IsWindowEnabled
0xa361e0 LoadStringW
0xa361e8 CharNextW
0xa361f0 SendMessageTimeoutW
0xa361f8 GetWindowThreadProcessId
0xa36200 FindWindowExW
0xa36208 AllowSetForegroundWindow
0xa36210 IsWindowVisible
0xa36218 MessageBoxW
msvcrt.dll
0xa36228 rand_s
0xa36230 memset
0xa36238 ??3@YAXPEAX@Z
0xa36240 ??2@YAPEAX_K@Z
0xa36248 wcschr
0xa36250 iswalpha
0xa36258 _vsnwprintf
0xa36260 iswspace
0xa36268 _onexit
0xa36270 _lock
0xa36278 __dllonexit
0xa36280 _unlock
0xa36288 ?terminate@@YAXXZ
0xa36290 __set_app_type
0xa36298 _fmode
0xa362a0 _commode
0xa362a8 __setusermatherr
0xa362b0 _amsg_exit
0xa362b8 _initterm
0xa362c0 _wcmdln
0xa362c8 exit
0xa362d0 _cexit
0xa362d8 _exit
0xa362e0 _XcptFilter
0xa362e8 __C_specific_handler
0xa362f0 __wgetmainargs
0xa362f8 wcsncmp
0xa36300 memcpy
ntdll.dll
0xa36310 RtlVirtualUnwind
0xa36318 RtlCaptureContext
0xa36320 RtlLookupFunctionEntry
SHLWAPI.dll
0xa36330 None
0xa36338 SHGetValueW
0xa36340 SHRegGetValueW
0xa36348 SHSetValueW
0xa36350 UrlApplySchemeW
0xa36358 PathIsURLW
0xa36360 UrlCanonicalizeW
0xa36368 StrStrW
0xa36370 None
0xa36378 PathFindFileNameW
0xa36380 UrlCreateFromPathW
SHELL32.dll
0xa36390 CommandLineToArgvW
ole32.dll
0xa363a0 CoUninitialize
0xa363a8 CoInitialize
urlmon.dll
0xa363b8 None
0xa363c0 None
iertutil.dll
0xa363d0 None
0xa363d8 None
0xa363e0 None
0xa363e8 None
0xa363f0 None
0xa363f8 None
0xa36400 None
0xa36408 None
0xa36410 None
EAT(Export Address Table) is none
ADVAPI32.dll
0xa36000 EventWrite
0xa36008 GetTraceEnableFlags
0xa36010 RegQueryValueExW
0xa36018 EventUnregister
0xa36020 GetTraceLoggerHandle
0xa36028 TraceEvent
0xa36030 UnregisterTraceGuids
0xa36038 RegOpenKeyExW
0xa36040 EventRegister
0xa36048 GetTraceEnableLevel
0xa36050 RegCloseKey
0xa36058 RegisterTraceGuidsW
KERNEL32.dll
0xa36068 TerminateProcess
0xa36070 CreateFileW
0xa36078 lstrlenW
0xa36080 VerifyVersionInfoW
0xa36088 GetProcAddress
0xa36090 LocalAlloc
0xa36098 IsWow64Process
0xa360a0 HeapSetInformation
0xa360a8 GetFileTime
0xa360b0 DeleteCriticalSection
0xa360b8 CloseHandle
0xa360c0 GetWindowsDirectoryW
0xa360c8 LocalFree
0xa360d0 InitializeCriticalSection
0xa360d8 LoadLibraryW
0xa360e0 GetModuleHandleW
0xa360e8 GetCurrentProcess
0xa360f0 VerSetConditionMask
0xa360f8 SetDllDirectoryW
0xa36100 CreateProcessW
0xa36108 SetErrorMode
0xa36110 GetCommandLineW
0xa36118 RaiseException
0xa36120 LoadLibraryA
0xa36128 VirtualAlloc
0xa36130 GetLastError
0xa36138 GetSystemDefaultLCID
0xa36140 GetUserDefaultLCID
0xa36148 EnterCriticalSection
0xa36150 GetModuleFileNameW
0xa36158 LeaveCriticalSection
0xa36160 InitializeCriticalSectionAndSpinCount
0xa36168 GetVersionExA
0xa36170 ExpandEnvironmentStringsW
0xa36178 FreeLibrary
0xa36180 UnhandledExceptionFilter
0xa36188 GetSystemTimeAsFileTime
0xa36190 GetCurrentProcessId
0xa36198 GetCurrentThreadId
0xa361a0 GetTickCount
0xa361a8 QueryPerformanceCounter
0xa361b0 SetUnhandledExceptionFilter
0xa361b8 GetStartupInfoW
0xa361c0 Sleep
0xa361c8 GetCurrentDirectoryW
USER32.dll
0xa361d8 IsWindowEnabled
0xa361e0 LoadStringW
0xa361e8 CharNextW
0xa361f0 SendMessageTimeoutW
0xa361f8 GetWindowThreadProcessId
0xa36200 FindWindowExW
0xa36208 AllowSetForegroundWindow
0xa36210 IsWindowVisible
0xa36218 MessageBoxW
msvcrt.dll
0xa36228 rand_s
0xa36230 memset
0xa36238 ??3@YAXPEAX@Z
0xa36240 ??2@YAPEAX_K@Z
0xa36248 wcschr
0xa36250 iswalpha
0xa36258 _vsnwprintf
0xa36260 iswspace
0xa36268 _onexit
0xa36270 _lock
0xa36278 __dllonexit
0xa36280 _unlock
0xa36288 ?terminate@@YAXXZ
0xa36290 __set_app_type
0xa36298 _fmode
0xa362a0 _commode
0xa362a8 __setusermatherr
0xa362b0 _amsg_exit
0xa362b8 _initterm
0xa362c0 _wcmdln
0xa362c8 exit
0xa362d0 _cexit
0xa362d8 _exit
0xa362e0 _XcptFilter
0xa362e8 __C_specific_handler
0xa362f0 __wgetmainargs
0xa362f8 wcsncmp
0xa36300 memcpy
ntdll.dll
0xa36310 RtlVirtualUnwind
0xa36318 RtlCaptureContext
0xa36320 RtlLookupFunctionEntry
SHLWAPI.dll
0xa36330 None
0xa36338 SHGetValueW
0xa36340 SHRegGetValueW
0xa36348 SHSetValueW
0xa36350 UrlApplySchemeW
0xa36358 PathIsURLW
0xa36360 UrlCanonicalizeW
0xa36368 StrStrW
0xa36370 None
0xa36378 PathFindFileNameW
0xa36380 UrlCreateFromPathW
SHELL32.dll
0xa36390 CommandLineToArgvW
ole32.dll
0xa363a0 CoUninitialize
0xa363a8 CoInitialize
urlmon.dll
0xa363b8 None
0xa363c0 None
iertutil.dll
0xa363d0 None
0xa363d8 None
0xa363e0 None
0xa363e8 None
0xa363f0 None
0xa363f8 None
0xa36400 None
0xa36408 None
0xa36410 None
EAT(Export Address Table) is none