ScreenShot
| Created | 2021.03.30 16:07 | Machine | s1_win7_x6402 |
| Filename | iexplore.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | c50eeb216ab9f7e9b375270426c4dfd6 | ||
| sha256 | 826d59b40d332b10c06c4acb34e41c60e5213e3a5049d14a250868d2075cfc65 | ||
| ssdeep | 24576:V4lGLbMMHMMMvMMZMMMKzb6XmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMMUMMVMMb:7MMHMMMvMMZMMMlmMMMiMMMYJMMHMMMg | ||
| imphash | bf1b4238fcdbb117edf39418ca0d205c | ||
| impfuzzy | 48:lpQ8+5yLuZXGxF/a97Vyl1bAE9LOx/b9yZTetG:IGxk97s10E9LU/bw9etG | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x1400062f0 GetWindowThreadProcessId
0x1400062f8 AllowSetForegroundWindow
0x140006300 SetProcessDpiAwarenessContext
0x140006308 FindWindowExW
0x140006310 SendMessageTimeoutW
0x140006318 IsWindowVisible
0x140006320 SetUserObjectInformationW
0x140006328 IsWindowEnabled
msvcrt.dll
0x1400063e8 exit
0x1400063f0 _exit
0x1400063f8 _cexit
0x140006400 rand_s
0x140006408 __setusermatherr
0x140006410 _initterm
0x140006418 __set_app_type
0x140006420 _wcmdln
0x140006428 _fmode
0x140006430 _commode
0x140006438 _lock
0x140006440 _unlock
0x140006448 __dllonexit
0x140006450 _onexit
0x140006458 ?terminate@@YAXXZ
0x140006460 __wgetmainargs
0x140006468 _amsg_exit
0x140006470 _XcptFilter
0x140006478 free
0x140006480 wcsncmp
0x140006488 iswspace
0x140006490 memcpy_s
0x140006498 _vsnwprintf
0x1400064a0 __C_specific_handler
0x1400064a8 memset
KERNEL32.dll
0x140006168 GetProcessHeap
0x140006170 GetCurrentProcessId
0x140006178 Sleep
0x140006180 GetStartupInfoW
0x140006188 RtlCaptureContext
0x140006190 RtlLookupFunctionEntry
0x140006198 GetModuleHandleW
0x1400061a0 InitOnceExecuteOnce
0x1400061a8 GetVersionExA
0x1400061b0 DelayLoadFailureHook
0x1400061b8 ResolveDelayLoadedAPI
0x1400061c0 VirtualAlloc
0x1400061c8 SetDllDirectoryW
0x1400061d0 DebugBreak
0x1400061d8 IsDebuggerPresent
0x1400061e0 CreateSemaphoreExW
0x1400061e8 DeleteCriticalSection
0x1400061f0 GetTickCount
0x1400061f8 GetSystemTimeAsFileTime
0x140006200 QueryPerformanceCounter
0x140006208 SetUnhandledExceptionFilter
0x140006210 UnhandledExceptionFilter
0x140006218 GetModuleFileNameA
0x140006220 RtlVirtualUnwind
0x140006228 HeapFree
0x140006230 SetLastError
0x140006238 GetCommandLineW
0x140006240 GetCurrentProcess
0x140006248 ReleaseSemaphore
0x140006250 GetModuleHandleExW
0x140006258 TerminateProcess
0x140006260 InitializeCriticalSection
0x140006268 SetErrorMode
0x140006270 WaitForSingleObject
0x140006278 LocalAlloc
0x140006280 GetCurrentThreadId
0x140006288 ReleaseMutex
0x140006290 FormatMessageW
0x140006298 GetLastError
0x1400062a0 OutputDebugStringW
0x1400062a8 WaitForSingleObjectEx
0x1400062b0 OpenSemaphoreW
0x1400062b8 CloseHandle
0x1400062c0 HeapSetInformation
0x1400062c8 HeapAlloc
0x1400062d0 GetProcAddress
0x1400062d8 CreateMutexExW
0x1400062e0 LocalFree
api-ms-win-downlevel-advapi32-l1-1-0.dll
0x140006338 RegGetValueW
0x140006340 EventUnregister
0x140006348 EventWriteTransfer
0x140006350 EventRegister
api-ms-win-downlevel-shell32-l1-1-0.dll
0x140006370 SetCurrentProcessExplicitAppUserModelID
ADVAPI32.dll
0x140006150 EventSetInformation
0x140006158 EventWriteEx
iertutil.dll
0x140006390 None
0x140006398 None
0x1400063a0 None
0x1400063a8 None
0x1400063b0 None
0x1400063b8 None
0x1400063c0 None
0x1400063c8 None
0x1400063d0 None
0x1400063d8 None
api-ms-win-downlevel-shlwapi-l1-1-0.dll
0x140006380 StrStrIW
api-ms-win-downlevel-ole32-l1-1-0.dll
0x140006360 CoCreateGuid
EAT(Export Address Table) is none
USER32.dll
0x1400062f0 GetWindowThreadProcessId
0x1400062f8 AllowSetForegroundWindow
0x140006300 SetProcessDpiAwarenessContext
0x140006308 FindWindowExW
0x140006310 SendMessageTimeoutW
0x140006318 IsWindowVisible
0x140006320 SetUserObjectInformationW
0x140006328 IsWindowEnabled
msvcrt.dll
0x1400063e8 exit
0x1400063f0 _exit
0x1400063f8 _cexit
0x140006400 rand_s
0x140006408 __setusermatherr
0x140006410 _initterm
0x140006418 __set_app_type
0x140006420 _wcmdln
0x140006428 _fmode
0x140006430 _commode
0x140006438 _lock
0x140006440 _unlock
0x140006448 __dllonexit
0x140006450 _onexit
0x140006458 ?terminate@@YAXXZ
0x140006460 __wgetmainargs
0x140006468 _amsg_exit
0x140006470 _XcptFilter
0x140006478 free
0x140006480 wcsncmp
0x140006488 iswspace
0x140006490 memcpy_s
0x140006498 _vsnwprintf
0x1400064a0 __C_specific_handler
0x1400064a8 memset
KERNEL32.dll
0x140006168 GetProcessHeap
0x140006170 GetCurrentProcessId
0x140006178 Sleep
0x140006180 GetStartupInfoW
0x140006188 RtlCaptureContext
0x140006190 RtlLookupFunctionEntry
0x140006198 GetModuleHandleW
0x1400061a0 InitOnceExecuteOnce
0x1400061a8 GetVersionExA
0x1400061b0 DelayLoadFailureHook
0x1400061b8 ResolveDelayLoadedAPI
0x1400061c0 VirtualAlloc
0x1400061c8 SetDllDirectoryW
0x1400061d0 DebugBreak
0x1400061d8 IsDebuggerPresent
0x1400061e0 CreateSemaphoreExW
0x1400061e8 DeleteCriticalSection
0x1400061f0 GetTickCount
0x1400061f8 GetSystemTimeAsFileTime
0x140006200 QueryPerformanceCounter
0x140006208 SetUnhandledExceptionFilter
0x140006210 UnhandledExceptionFilter
0x140006218 GetModuleFileNameA
0x140006220 RtlVirtualUnwind
0x140006228 HeapFree
0x140006230 SetLastError
0x140006238 GetCommandLineW
0x140006240 GetCurrentProcess
0x140006248 ReleaseSemaphore
0x140006250 GetModuleHandleExW
0x140006258 TerminateProcess
0x140006260 InitializeCriticalSection
0x140006268 SetErrorMode
0x140006270 WaitForSingleObject
0x140006278 LocalAlloc
0x140006280 GetCurrentThreadId
0x140006288 ReleaseMutex
0x140006290 FormatMessageW
0x140006298 GetLastError
0x1400062a0 OutputDebugStringW
0x1400062a8 WaitForSingleObjectEx
0x1400062b0 OpenSemaphoreW
0x1400062b8 CloseHandle
0x1400062c0 HeapSetInformation
0x1400062c8 HeapAlloc
0x1400062d0 GetProcAddress
0x1400062d8 CreateMutexExW
0x1400062e0 LocalFree
api-ms-win-downlevel-advapi32-l1-1-0.dll
0x140006338 RegGetValueW
0x140006340 EventUnregister
0x140006348 EventWriteTransfer
0x140006350 EventRegister
api-ms-win-downlevel-shell32-l1-1-0.dll
0x140006370 SetCurrentProcessExplicitAppUserModelID
ADVAPI32.dll
0x140006150 EventSetInformation
0x140006158 EventWriteEx
iertutil.dll
0x140006390 None
0x140006398 None
0x1400063a0 None
0x1400063a8 None
0x1400063b0 None
0x1400063b8 None
0x1400063c0 None
0x1400063c8 None
0x1400063d0 None
0x1400063d8 None
api-ms-win-downlevel-shlwapi-l1-1-0.dll
0x140006380 StrStrIW
api-ms-win-downlevel-ole32-l1-1-0.dll
0x140006360 CoCreateGuid
EAT(Export Address Table) is none