ScreenShot
| Created | 2025.05.06 21:44 | Machine | s1_win7_x6401 |
| Filename | e4318be9-2f87-40fb-8a93-222fd5267d6f | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (AIDetectMalware, Malicious, score, Trojanpws, Lumma, VirusWinExpiro, Artemis, Unsafe, Lazy, Save, confidence, 100%, GenusT, EWRV, high confidence, Kryptik, MalwareX, Cryp, uvQnZKLKhyR, iqrpv, Lummastealer, Detected, GrayWare, Wacapew, Egairtigado, ABApplication, RZNA, R703486, PE04C9Z, QQPass, QQRob, Oqil, susgen) | ||
| md5 | c5a3c0f2ca6797f8ab93a46b2d1c13a8 | ||
| sha256 | 4fcb1b64352ddfef474576f038e94791744220948d887e7de507a3594ed0b980 | ||
| ssdeep | 24576:OFEj4XVCJ/o92wLtcM1rVzmNiszwLtcM1rVzmNis:OFEj4XC/odcM1rVzlcM1rVz | ||
| imphash | 3e2a6ecfffc5d43a7565ef87874e92c4 | ||
| impfuzzy | 24:hWnkWDCQlQtyOovbOGMUD1ulvgDWDQyl3LPxQTRKT07GiJUlYjz:hWkQC3l3612lhbxQ/GJlC | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14004a188 AcquireSRWLockExclusive
0x14004a190 CloseHandle
0x14004a198 CreateFileA
0x14004a1a0 CreateFileW
0x14004a1a8 CreateThread
0x14004a1b0 DeleteCriticalSection
0x14004a1b8 EncodePointer
0x14004a1c0 EnterCriticalSection
0x14004a1c8 ExitProcess
0x14004a1d0 ExitThread
0x14004a1d8 FindClose
0x14004a1e0 FindFirstFileExW
0x14004a1e8 FindNextFileW
0x14004a1f0 FlsAlloc
0x14004a1f8 FlsFree
0x14004a200 FlsGetValue
0x14004a208 FlsSetValue
0x14004a210 FlushFileBuffers
0x14004a218 FreeEnvironmentStringsW
0x14004a220 FreeLibrary
0x14004a228 FreeLibraryAndExitThread
0x14004a230 GetACP
0x14004a238 GetCPInfo
0x14004a240 GetCommandLineA
0x14004a248 GetCommandLineW
0x14004a250 GetConsoleMode
0x14004a258 GetConsoleOutputCP
0x14004a260 GetCurrentProcess
0x14004a268 GetCurrentProcessId
0x14004a270 GetCurrentThreadId
0x14004a278 GetEnvironmentStringsW
0x14004a280 GetExitCodeThread
0x14004a288 GetFileSize
0x14004a290 GetFileSizeEx
0x14004a298 GetFileType
0x14004a2a0 GetLastError
0x14004a2a8 GetModuleFileNameW
0x14004a2b0 GetModuleHandleA
0x14004a2b8 GetModuleHandleExW
0x14004a2c0 GetModuleHandleW
0x14004a2c8 GetOEMCP
0x14004a2d0 GetProcAddress
0x14004a2d8 GetProcessHeap
0x14004a2e0 GetStartupInfoW
0x14004a2e8 GetStdHandle
0x14004a2f0 GetStringTypeW
0x14004a2f8 GetSystemTimeAsFileTime
0x14004a300 HeapAlloc
0x14004a308 HeapFree
0x14004a310 HeapReAlloc
0x14004a318 HeapSize
0x14004a320 InitializeCriticalSectionAndSpinCount
0x14004a328 InitializeSListHead
0x14004a330 IsDebuggerPresent
0x14004a338 IsProcessorFeaturePresent
0x14004a340 IsValidCodePage
0x14004a348 LCMapStringW
0x14004a350 LeaveCriticalSection
0x14004a358 LoadLibraryExW
0x14004a360 MultiByteToWideChar
0x14004a368 QueryPerformanceCounter
0x14004a370 QueryPerformanceFrequency
0x14004a378 RaiseException
0x14004a380 ReadFile
0x14004a388 ReleaseSRWLockExclusive
0x14004a390 RtlCaptureContext
0x14004a398 RtlLookupFunctionEntry
0x14004a3a0 RtlPcToFileHeader
0x14004a3a8 RtlUnwindEx
0x14004a3b0 RtlVirtualUnwind
0x14004a3b8 SetFilePointerEx
0x14004a3c0 SetLastError
0x14004a3c8 SetStdHandle
0x14004a3d0 SetUnhandledExceptionFilter
0x14004a3d8 Sleep
0x14004a3e0 TerminateProcess
0x14004a3e8 TlsAlloc
0x14004a3f0 TlsFree
0x14004a3f8 TlsGetValue
0x14004a400 TlsSetValue
0x14004a408 TryAcquireSRWLockExclusive
0x14004a410 UnhandledExceptionFilter
0x14004a418 WaitForSingleObjectEx
0x14004a420 WakeAllConditionVariable
0x14004a428 WideCharToMultiByte
0x14004a430 WriteConsoleW
0x14004a438 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x14004a188 AcquireSRWLockExclusive
0x14004a190 CloseHandle
0x14004a198 CreateFileA
0x14004a1a0 CreateFileW
0x14004a1a8 CreateThread
0x14004a1b0 DeleteCriticalSection
0x14004a1b8 EncodePointer
0x14004a1c0 EnterCriticalSection
0x14004a1c8 ExitProcess
0x14004a1d0 ExitThread
0x14004a1d8 FindClose
0x14004a1e0 FindFirstFileExW
0x14004a1e8 FindNextFileW
0x14004a1f0 FlsAlloc
0x14004a1f8 FlsFree
0x14004a200 FlsGetValue
0x14004a208 FlsSetValue
0x14004a210 FlushFileBuffers
0x14004a218 FreeEnvironmentStringsW
0x14004a220 FreeLibrary
0x14004a228 FreeLibraryAndExitThread
0x14004a230 GetACP
0x14004a238 GetCPInfo
0x14004a240 GetCommandLineA
0x14004a248 GetCommandLineW
0x14004a250 GetConsoleMode
0x14004a258 GetConsoleOutputCP
0x14004a260 GetCurrentProcess
0x14004a268 GetCurrentProcessId
0x14004a270 GetCurrentThreadId
0x14004a278 GetEnvironmentStringsW
0x14004a280 GetExitCodeThread
0x14004a288 GetFileSize
0x14004a290 GetFileSizeEx
0x14004a298 GetFileType
0x14004a2a0 GetLastError
0x14004a2a8 GetModuleFileNameW
0x14004a2b0 GetModuleHandleA
0x14004a2b8 GetModuleHandleExW
0x14004a2c0 GetModuleHandleW
0x14004a2c8 GetOEMCP
0x14004a2d0 GetProcAddress
0x14004a2d8 GetProcessHeap
0x14004a2e0 GetStartupInfoW
0x14004a2e8 GetStdHandle
0x14004a2f0 GetStringTypeW
0x14004a2f8 GetSystemTimeAsFileTime
0x14004a300 HeapAlloc
0x14004a308 HeapFree
0x14004a310 HeapReAlloc
0x14004a318 HeapSize
0x14004a320 InitializeCriticalSectionAndSpinCount
0x14004a328 InitializeSListHead
0x14004a330 IsDebuggerPresent
0x14004a338 IsProcessorFeaturePresent
0x14004a340 IsValidCodePage
0x14004a348 LCMapStringW
0x14004a350 LeaveCriticalSection
0x14004a358 LoadLibraryExW
0x14004a360 MultiByteToWideChar
0x14004a368 QueryPerformanceCounter
0x14004a370 QueryPerformanceFrequency
0x14004a378 RaiseException
0x14004a380 ReadFile
0x14004a388 ReleaseSRWLockExclusive
0x14004a390 RtlCaptureContext
0x14004a398 RtlLookupFunctionEntry
0x14004a3a0 RtlPcToFileHeader
0x14004a3a8 RtlUnwindEx
0x14004a3b0 RtlVirtualUnwind
0x14004a3b8 SetFilePointerEx
0x14004a3c0 SetLastError
0x14004a3c8 SetStdHandle
0x14004a3d0 SetUnhandledExceptionFilter
0x14004a3d8 Sleep
0x14004a3e0 TerminateProcess
0x14004a3e8 TlsAlloc
0x14004a3f0 TlsFree
0x14004a3f8 TlsGetValue
0x14004a400 TlsSetValue
0x14004a408 TryAcquireSRWLockExclusive
0x14004a410 UnhandledExceptionFilter
0x14004a418 WaitForSingleObjectEx
0x14004a420 WakeAllConditionVariable
0x14004a428 WideCharToMultiByte
0x14004a430 WriteConsoleW
0x14004a438 WriteFile
EAT(Export Address Table) is none