Malicious
Classifications
Downloader
Threat Names
Mal/HTMLGen-A Emotet
Dynamic Analysis Report
Created on 2022-06-08T17:50:05+00:00
02aaf083124e0064c6d00f7e1d5228e7cd401a3c0f96020124fd17dcd36f49bc.exe.dll
Windows DLL (x86-64)
Remarks (2/4)
(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.
(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.
(0x0200000E): The overall sleep time of all monitored processes was truncated from "28 seconds" to "10 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\02aaf083124e0064c6d00f7e1d5228e7cd401a3c0f96020124fd17dcd36f49bc.exe.dll | Sample File | Binary |
Malicious
|
...
|
»
| Also Known As |
C:\Users\RDHJ0C~1\Desktop\02aaf083124e0064c6d00f7e1d5228e7cd401a3c0f96020124fd17dcd36f49bc.exe.dll (Accessed File)
C:\Windows\system32\UaSZbajYmxNkzHpd\TnsZbP.dll (Accessed File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 510.42 KB |
| MD5 |
d69df9a9602f03ae18525bac7651c1d8
|
| SHA1 |
6dc15da4eb78426b9d97747b6d33a53b763ca50a
|
| SHA256 |
02aaf083124e0064c6d00f7e1d5228e7cd401a3c0f96020124fd17dcd36f49bc
|
| SSDeep |
12288:9OT6sIypRSjjElCBQCRbpNdUzJwxDD2+UkoX8LlGf:9OT6zypRSfyHCRbyKVD2+UkoX8hGf
|
| ImpHash |
17a9db8a367c83d15112ca6763718dff
|
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x004011A0 |
| Size Of Code | 0x00030000 |
| Size Of Initialized Data | 0x00004000 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_AMD64 |
| Compile Timestamp | 2022-06-07 23:34 (UTC+2) |
Sections (10)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x0002F2D8 | 0x0002F400 | 0x00000800 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.25 |
| .rodata | 0x00431000 | 0x00003700 | 0x00003800 | 0x0002FC00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.83 |
| .data | 0x00435000 | 0x0001C4C0 | 0x0000A000 | 0x00033400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.94 |
| .tls | 0x00452000 | 0x00000590 | 0x00000600 | 0x0003D400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .pdata | 0x00453000 | 0x000034B0 | 0x00003600 | 0x0003DA00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.35 |
| .xdata | 0x00457000 | 0x00004BD0 | 0x00004C00 | 0x00041000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.75 |
| .idata | 0x0045C000 | 0x00000A38 | 0x00000C00 | 0x00045C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.72 |
| .edata | 0x0045D000 | 0x0000011D | 0x00000200 | 0x00046800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.42 |
| .rsrc | 0x0045E000 | 0x00028A00 | 0x00028A00 | 0x00046A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.77 |
| .reloc | 0x00487000 | 0x00000C3C | 0x00000E00 | 0x0006F400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ | 5.49 |
Imports (2)
»
KERNEL32 (71)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| AddVectoredExceptionHandler | - | 0x0045C27C | 0x0005C03C | 0x00045C3C | 0x00000000 |
| CloseHandle | - | 0x0045C284 | 0x0005C044 | 0x00045C44 | 0x00000000 |
| CreateDirectoryA | - | 0x0045C28C | 0x0005C04C | 0x00045C4C | 0x00000000 |
| CreateFileA | - | 0x0045C294 | 0x0005C054 | 0x00045C54 | 0x00000000 |
| CreateFileW | - | 0x0045C29C | 0x0005C05C | 0x00045C5C | 0x00000000 |
| DeleteFileA | - | 0x0045C2A4 | 0x0005C064 | 0x00045C64 | 0x00000000 |
| EnterCriticalSection | - | 0x0045C2AC | 0x0005C06C | 0x00045C6C | 0x00000000 |
| ExitProcess | - | 0x0045C2B4 | 0x0005C074 | 0x00045C74 | 0x00000000 |
| FreeEnvironmentStringsA | - | 0x0045C2BC | 0x0005C07C | 0x00045C7C | 0x00000000 |
| GetACP | - | 0x0045C2C4 | 0x0005C084 | 0x00045C84 | 0x00000000 |
| GetCPInfo | - | 0x0045C2CC | 0x0005C08C | 0x00045C8C | 0x00000000 |
| GetCurrentProcessId | - | 0x0045C2D4 | 0x0005C094 | 0x00045C94 | 0x00000000 |
| GetCurrentThreadId | - | 0x0045C2DC | 0x0005C09C | 0x00045C9C | 0x00000000 |
| GetEnvironmentStrings | - | 0x0045C2E4 | 0x0005C0A4 | 0x00045CA4 | 0x00000000 |
| GetFileAttributesA | - | 0x0045C2EC | 0x0005C0AC | 0x00045CAC | 0x00000000 |
| GetFileAttributesW | - | 0x0045C2F4 | 0x0005C0B4 | 0x00045CB4 | 0x00000000 |
| GetFileSize | - | 0x0045C2FC | 0x0005C0BC | 0x00045CBC | 0x00000000 |
| GetFileType | - | 0x0045C304 | 0x0005C0C4 | 0x00045CC4 | 0x00000000 |
| GetLastError | - | 0x0045C30C | 0x0005C0CC | 0x00045CCC | 0x00000000 |
| GetLocalTime | - | 0x0045C314 | 0x0005C0D4 | 0x00045CD4 | 0x00000000 |
| GetLocaleInfoA | - | 0x0045C31C | 0x0005C0DC | 0x00045CDC | 0x00000000 |
| GetModuleFileNameA | - | 0x0045C324 | 0x0005C0E4 | 0x00045CE4 | 0x00000000 |
| GetModuleHandleA | - | 0x0045C32C | 0x0005C0EC | 0x00045CEC | 0x00000000 |
| GetOEMCP | - | 0x0045C334 | 0x0005C0F4 | 0x00045CF4 | 0x00000000 |
| GetProcAddress | - | 0x0045C33C | 0x0005C0FC | 0x00045CFC | 0x00000000 |
| GetProcessHeap | - | 0x0045C344 | 0x0005C104 | 0x00045D04 | 0x00000000 |
| GetStartupInfoA | - | 0x0045C34C | 0x0005C10C | 0x00045D0C | 0x00000000 |
| GetStdHandle | - | 0x0045C354 | 0x0005C114 | 0x00045D14 | 0x00000000 |
| GetStringTypeA | - | 0x0045C35C | 0x0005C11C | 0x00045D1C | 0x00000000 |
| GetStringTypeW | - | 0x0045C364 | 0x0005C124 | 0x00045D24 | 0x00000000 |
| GetSystemDefaultLangID | - | 0x0045C36C | 0x0005C12C | 0x00045D2C | 0x00000000 |
| GetSystemInfo | - | 0x0045C374 | 0x0005C134 | 0x00045D34 | 0x00000000 |
| GetTickCount | - | 0x0045C37C | 0x0005C13C | 0x00045D3C | 0x00000000 |
| GetTimeZoneInformation | - | 0x0045C384 | 0x0005C144 | 0x00045D44 | 0x00000000 |
| GetUserDefaultLCID | - | 0x0045C38C | 0x0005C14C | 0x00045D4C | 0x00000000 |
| GetVersion | - | 0x0045C394 | 0x0005C154 | 0x00045D54 | 0x00000000 |
| HeapAlloc | - | 0x0045C39C | 0x0005C15C | 0x00045D5C | 0x00000000 |
| HeapFree | - | 0x0045C3A4 | 0x0005C164 | 0x00045D64 | 0x00000000 |
| IsDBCSLeadByteEx | - | 0x0045C3AC | 0x0005C16C | 0x00045D6C | 0x00000000 |
| IsDebuggerPresent | - | 0x0045C3B4 | 0x0005C174 | 0x00045D74 | 0x00000000 |
| IsValidLocale | - | 0x0045C3BC | 0x0005C17C | 0x00045D7C | 0x00000000 |
| LCMapStringA | - | 0x0045C3C4 | 0x0005C184 | 0x00045D84 | 0x00000000 |
| LeaveCriticalSection | - | 0x0045C3CC | 0x0005C18C | 0x00045D8C | 0x00000000 |
| LoadLibraryA | - | 0x0045C3D4 | 0x0005C194 | 0x00045D94 | 0x00000000 |
| LoadLibraryW | - | 0x0045C3DC | 0x0005C19C | 0x00045D9C | 0x00000000 |
| LocalFileTimeToFileTime | - | 0x0045C3E4 | 0x0005C1A4 | 0x00045DA4 | 0x00000000 |
| MultiByteToWideChar | - | 0x0045C3EC | 0x0005C1AC | 0x00045DAC | 0x00000000 |
| RaiseException | - | 0x0045C3F4 | 0x0005C1B4 | 0x00045DB4 | 0x00000000 |
| ReadFile | - | 0x0045C3FC | 0x0005C1BC | 0x00045DBC | 0x00000000 |
| RemoveDirectoryA | - | 0x0045C404 | 0x0005C1C4 | 0x00045DC4 | 0x00000000 |
| RemoveVectoredExceptionHandler | - | 0x0045C40C | 0x0005C1CC | 0x00045DCC | 0x00000000 |
| RtlCaptureContext | - | 0x0045C414 | 0x0005C1D4 | 0x00045DD4 | 0x00000000 |
| SetConsoleCtrlHandler | - | 0x0045C41C | 0x0005C1DC | 0x00045DDC | 0x00000000 |
| SetEndOfFile | - | 0x0045C424 | 0x0005C1E4 | 0x00045DE4 | 0x00000000 |
| SetFilePointer | - | 0x0045C42C | 0x0005C1EC | 0x00045DEC | 0x00000000 |
| SetFileTime | - | 0x0045C434 | 0x0005C1F4 | 0x00045DF4 | 0x00000000 |
| SetHandleCount | - | 0x0045C43C | 0x0005C1FC | 0x00045DFC | 0x00000000 |
| SetLastError | - | 0x0045C444 | 0x0005C204 | 0x00045E04 | 0x00000000 |
| SetThreadLocale | - | 0x0045C44C | 0x0005C20C | 0x00045E0C | 0x00000000 |
| SystemTimeToFileTime | - | 0x0045C454 | 0x0005C214 | 0x00045E14 | 0x00000000 |
| TlsAlloc | - | 0x0045C45C | 0x0005C21C | 0x00045E1C | 0x00000000 |
| TlsFree | - | 0x0045C464 | 0x0005C224 | 0x00045E24 | 0x00000000 |
| TlsGetValue | - | 0x0045C46C | 0x0005C22C | 0x00045E2C | 0x00000000 |
| TlsSetValue | - | 0x0045C474 | 0x0005C234 | 0x00045E34 | 0x00000000 |
| VirtualAlloc | - | 0x0045C47C | 0x0005C23C | 0x00045E3C | 0x00000000 |
| VirtualFree | - | 0x0045C484 | 0x0005C244 | 0x00045E44 | 0x00000000 |
| VirtualQuery | - | 0x0045C48C | 0x0005C24C | 0x00045E4C | 0x00000000 |
| WideCharToMultiByte | - | 0x0045C494 | 0x0005C254 | 0x00045E54 | 0x00000000 |
| WriteFile | - | 0x0045C49C | 0x0005C25C | 0x00045E5C | 0x00000000 |
| RtlRestoreContext | - | 0x0045C4A4 | 0x0005C264 | 0x00045E64 | 0x00000000 |
| RtlUnwindEx | - | 0x0045C4AC | 0x0005C26C | 0x00045E6C | 0x00000000 |
USER32 (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| EnumThreadWindows | - | 0x0045C4DC | 0x0005C4BC | 0x000460BC | 0x00000000 |
| MessageBoxA | - | 0x0045C4E4 | 0x0005C4C4 | 0x000460C4 | 0x00000000 |
| wsprintfA | - | 0x0045C4EC | 0x0005C4CC | 0x000460CC | 0x00000000 |
Exports (7)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| DllRegisterServer | 0x00001CD0 | 0x00000001 |
| __CPPdebugHook | 0x00051160 | 0x00000007 |
| __setRaiseListFuncAddr | 0x0002EBE0 | 0x00000006 |
| ggsfDDzxawqIIcvbGSFKKlvbFzsqwTAH | 0x00002290 | 0x00000004 |
| sfDDzxawqIIcvbGSF | 0x00002260 | 0x00000003 |
| sfDDzxawqIIcvbGSFKKlvbFzsqwTAH | 0x00002250 | 0x00000002 |
| shgghttdefDDzxawqIIcvbGSF | 0x000022A0 | 0x00000005 |
| c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat | Modified File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 128 Bytes |
| MD5 |
cc90851958032b8c8bbb7b24ec6271dd
|
| SHA1 |
e027ad2ea4049374a3b01af2e3626b667dc816bc
|
| SHA256 |
c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858
|
| SSDeep |
3:Fl:
|
| ImpHash | - |
