Malicious
Classifications
Downloader
Threat Names
Mal/HTMLGen-A Emotet Mal/Generic-S
Dynamic Analysis Report
Created on 2022-07-14T07:41:27+00:00
1e3d52ac790bad486f4ff7d24cc64f1612d653743b8ea9b373d3d3d9fb7cc212.exe.dll
Windows DLL (x86-64)
Remarks (2/3)
(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.
(0x0200000E): The overall sleep time of all monitored processes was truncated from "15 minutes, 38 seconds" to "20 seconds" to reveal dormant functionality.
Remarks
(0x0200004A): 24 dump(s) were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 762 MB.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\KEECFM~1\Desktop\1e3d52ac790bad486f4ff7d24cc64f1612d653743b8ea9b373d3d3d9fb7cc212.exe.dll | Sample File | Binary |
Malicious
|
...
|
»
| Also Known As |
C:\Users\kEecfMwgj\Desktop\1e3d52ac790bad486f4ff7d24cc64f1612d653743b8ea9b373d3d3d9fb7cc212.exe.dll (VM File, Sample File)
C:\Windows\system32\GfDgkJtEfmlIg\uHogZdLkVY.dll (Dropped File, Accessed File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 831.00 KB |
| MD5 |
1942a0372be08422662bbf487e606137
|
| SHA1 |
ed1c13a355e35aff9271ea0dac639c9b76447488
|
| SHA256 |
1e3d52ac790bad486f4ff7d24cc64f1612d653743b8ea9b373d3d3d9fb7cc212
|
| SSDeep |
12288:jRCGXj4KVB9abMfyzfqvHWnyPv+LVHT2+2JNdX712kBjtOBZObrGzifb97Vw+Uvf:kGXj3X7FjAZqrqiBVwDbu5nP2F
|
| ImpHash |
c2b03f92959f67ac494853faf0032582
|
File Reputation Information
»
| Verdict |
Malicious
|
| Names | Mal/Generic-S |
PE Information
»
| Image Base | 0x180000000 |
| Entry Point | 0x180002C54 |
| Size Of Code | 0x0005B600 |
| Size Of Initialized Data | 0x00075C00 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_AMD64 |
| Compile Timestamp | 2022-07-11 21:12 (UTC+2) |
Sections (7)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x180001000 | 0x0005B4C0 | 0x0005B600 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.5 |
| .rdata | 0x18005D000 | 0x00012DAE | 0x00012E00 | 0x0005BA00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.29 |
| .data | 0x180070000 | 0x00002740 | 0x00000E00 | 0x0006E800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.47 |
| .pdata | 0x180073000 | 0x00004638 | 0x00004800 | 0x0006F600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.7 |
| _RDATA | 0x180078000 | 0x000000F4 | 0x00000200 | 0x00073E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.99 |
| .rsrc | 0x180079000 | 0x0005B020 | 0x0005B200 | 0x00074000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.92 |
| .reloc | 0x1800D5000 | 0x0000080C | 0x00000A00 | 0x000CF200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 4.92 |
Imports (4)
»
KERNEL32.dll (92)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LockResource | - | 0x18005D028 | 0x0006F350 | 0x0006DD50 | 0x000003F4 |
| CreateFileW | - | 0x18005D030 | 0x0006F358 | 0x0006DD58 | 0x000000D3 |
| OutputDebugStringW | - | 0x18005D038 | 0x0006F360 | 0x0006DD60 | 0x00000430 |
| LoadResource | - | 0x18005D040 | 0x0006F368 | 0x0006DD68 | 0x000003E0 |
| GetModuleFileNameW | - | 0x18005D048 | 0x0006F370 | 0x0006DD70 | 0x00000288 |
| VirtualAllocExNuma | - | 0x18005D050 | 0x0006F378 | 0x0006DD78 | 0x000005F3 |
| WriteConsoleW | - | 0x18005D058 | 0x0006F380 | 0x0006DD80 | 0x0000063C |
| FindResourceA | - | 0x18005D060 | 0x0006F388 | 0x0006DD88 | 0x000001A5 |
| GetCurrentProcess | - | 0x18005D068 | 0x0006F390 | 0x0006DD90 | 0x0000022A |
| CloseHandle | - | 0x18005D070 | 0x0006F398 | 0x0006DD98 | 0x0000008E |
| ReadConsoleW | - | 0x18005D078 | 0x0006F3A0 | 0x0006DDA0 | 0x00000489 |
| ReadFile | - | 0x18005D080 | 0x0006F3A8 | 0x0006DDA8 | 0x0000048C |
| RtlCaptureContext | - | 0x18005D088 | 0x0006F3B0 | 0x0006DDB0 | 0x000004E9 |
| RtlLookupFunctionEntry | - | 0x18005D090 | 0x0006F3B8 | 0x0006DDB8 | 0x000004F1 |
| RtlVirtualUnwind | - | 0x18005D098 | 0x0006F3C0 | 0x0006DDC0 | 0x000004F8 |
| UnhandledExceptionFilter | - | 0x18005D0A0 | 0x0006F3C8 | 0x0006DDC8 | 0x000005D8 |
| SetUnhandledExceptionFilter | - | 0x18005D0A8 | 0x0006F3D0 | 0x0006DDD0 | 0x00000597 |
| TerminateProcess | - | 0x18005D0B0 | 0x0006F3D8 | 0x0006DDD8 | 0x000005B6 |
| IsProcessorFeaturePresent | - | 0x18005D0B8 | 0x0006F3E0 | 0x0006DDE0 | 0x0000039E |
| QueryPerformanceCounter | - | 0x18005D0C0 | 0x0006F3E8 | 0x0006DDE8 | 0x00000464 |
| GetCurrentProcessId | - | 0x18005D0C8 | 0x0006F3F0 | 0x0006DDF0 | 0x0000022B |
| GetCurrentThreadId | - | 0x18005D0D0 | 0x0006F3F8 | 0x0006DDF8 | 0x0000022F |
| GetSystemTimeAsFileTime | - | 0x18005D0D8 | 0x0006F400 | 0x0006DE00 | 0x00000301 |
| InitializeSListHead | - | 0x18005D0E0 | 0x0006F408 | 0x0006DE08 | 0x00000381 |
| IsDebuggerPresent | - | 0x18005D0E8 | 0x0006F410 | 0x0006DE10 | 0x00000397 |
| GetStartupInfoW | - | 0x18005D0F0 | 0x0006F418 | 0x0006DE18 | 0x000002E8 |
| GetModuleHandleW | - | 0x18005D0F8 | 0x0006F420 | 0x0006DE20 | 0x0000028C |
| RtlUnwindEx | - | 0x18005D100 | 0x0006F428 | 0x0006DE28 | 0x000004F7 |
| RtlPcToFileHeader | - | 0x18005D108 | 0x0006F430 | 0x0006DE30 | 0x000004F3 |
| RaiseException | - | 0x18005D110 | 0x0006F438 | 0x0006DE38 | 0x0000047B |
| InterlockedPushEntrySList | - | 0x18005D118 | 0x0006F440 | 0x0006DE40 | 0x00000387 |
| InterlockedFlushSList | - | 0x18005D120 | 0x0006F448 | 0x0006DE48 | 0x00000385 |
| GetLastError | - | 0x18005D128 | 0x0006F450 | 0x0006DE50 | 0x00000274 |
| SetLastError | - | 0x18005D130 | 0x0006F458 | 0x0006DE58 | 0x00000557 |
| EnterCriticalSection | - | 0x18005D138 | 0x0006F460 | 0x0006DE60 | 0x00000141 |
| LeaveCriticalSection | - | 0x18005D140 | 0x0006F468 | 0x0006DE68 | 0x000003D6 |
| DeleteCriticalSection | - | 0x18005D148 | 0x0006F470 | 0x0006DE70 | 0x0000011B |
| InitializeCriticalSectionAndSpinCount | - | 0x18005D150 | 0x0006F478 | 0x0006DE78 | 0x0000037D |
| TlsAlloc | - | 0x18005D158 | 0x0006F480 | 0x0006DE80 | 0x000005C8 |
| TlsGetValue | - | 0x18005D160 | 0x0006F488 | 0x0006DE88 | 0x000005CA |
| TlsSetValue | - | 0x18005D168 | 0x0006F490 | 0x0006DE90 | 0x000005CB |
| TlsFree | - | 0x18005D170 | 0x0006F498 | 0x0006DE98 | 0x000005C9 |
| FreeLibrary | - | 0x18005D178 | 0x0006F4A0 | 0x0006DEA0 | 0x000001BD |
| GetProcAddress | - | 0x18005D180 | 0x0006F4A8 | 0x0006DEA8 | 0x000002C4 |
| LoadLibraryExW | - | 0x18005D188 | 0x0006F4B0 | 0x0006DEB0 | 0x000003DC |
| EncodePointer | - | 0x18005D190 | 0x0006F4B8 | 0x0006DEB8 | 0x0000013D |
| ExitProcess | - | 0x18005D198 | 0x0006F4C0 | 0x0006DEC0 | 0x00000170 |
| GetModuleHandleExW | - | 0x18005D1A0 | 0x0006F4C8 | 0x0006DEC8 | 0x0000028B |
| GetCurrentThread | - | 0x18005D1A8 | 0x0006F4D0 | 0x0006DED0 | 0x0000022E |
| HeapFree | - | 0x18005D1B0 | 0x0006F4D8 | 0x0006DED8 | 0x00000367 |
| HeapAlloc | - | 0x18005D1B8 | 0x0006F4E0 | 0x0006DEE0 | 0x00000363 |
| GetStdHandle | - | 0x18005D1C0 | 0x0006F4E8 | 0x0006DEE8 | 0x000002EA |
| GetFileType | - | 0x18005D1C8 | 0x0006F4F0 | 0x0006DEF0 | 0x00000262 |
| FindClose | - | 0x18005D1D0 | 0x0006F4F8 | 0x0006DEF8 | 0x00000187 |
| FindFirstFileExW | - | 0x18005D1D8 | 0x0006F500 | 0x0006DF00 | 0x0000018D |
| FindNextFileW | - | 0x18005D1E0 | 0x0006F508 | 0x0006DF08 | 0x0000019E |
| IsValidCodePage | - | 0x18005D1E8 | 0x0006F510 | 0x0006DF10 | 0x000003A4 |
| GetACP | - | 0x18005D1F0 | 0x0006F518 | 0x0006DF18 | 0x000001C4 |
| GetOEMCP | - | 0x18005D1F8 | 0x0006F520 | 0x0006DF20 | 0x000002AD |
| GetCPInfo | - | 0x18005D200 | 0x0006F528 | 0x0006DF28 | 0x000001D3 |
| GetCommandLineA | - | 0x18005D208 | 0x0006F530 | 0x0006DF30 | 0x000001E8 |
| GetCommandLineW | - | 0x18005D210 | 0x0006F538 | 0x0006DF38 | 0x000001E9 |
| MultiByteToWideChar | - | 0x18005D218 | 0x0006F540 | 0x0006DF40 | 0x00000408 |
| WideCharToMultiByte | - | 0x18005D220 | 0x0006F548 | 0x0006DF48 | 0x00000629 |
| GetEnvironmentStringsW | - | 0x18005D228 | 0x0006F550 | 0x0006DF50 | 0x0000024B |
| FreeEnvironmentStringsW | - | 0x18005D230 | 0x0006F558 | 0x0006DF58 | 0x000001BC |
| SetEnvironmentVariableW | - | 0x18005D238 | 0x0006F560 | 0x0006DF60 | 0x0000053A |
| FlsAlloc | - | 0x18005D240 | 0x0006F568 | 0x0006DF68 | 0x000001AC |
| FlsGetValue | - | 0x18005D248 | 0x0006F570 | 0x0006DF70 | 0x000001AE |
| FlsSetValue | - | 0x18005D250 | 0x0006F578 | 0x0006DF78 | 0x000001AF |
| FlsFree | - | 0x18005D258 | 0x0006F580 | 0x0006DF80 | 0x000001AD |
| GetDateFormatW | - | 0x18005D260 | 0x0006F588 | 0x0006DF88 | 0x00000235 |
| GetTimeFormatW | - | 0x18005D268 | 0x0006F590 | 0x0006DF90 | 0x00000328 |
| CompareStringW | - | 0x18005D270 | 0x0006F598 | 0x0006DF98 | 0x000000A3 |
| LCMapStringW | - | 0x18005D278 | 0x0006F5A0 | 0x0006DFA0 | 0x000003CA |
| GetLocaleInfoW | - | 0x18005D280 | 0x0006F5A8 | 0x0006DFA8 | 0x00000278 |
| IsValidLocale | - | 0x18005D288 | 0x0006F5B0 | 0x0006DFB0 | 0x000003A6 |
| GetUserDefaultLCID | - | 0x18005D290 | 0x0006F5B8 | 0x0006DFB8 | 0x00000330 |
| EnumSystemLocalesW | - | 0x18005D298 | 0x0006F5C0 | 0x0006DFC0 | 0x00000165 |
| GetProcessHeap | - | 0x18005D2A0 | 0x0006F5C8 | 0x0006DFC8 | 0x000002CB |
| SetConsoleCtrlHandler | - | 0x18005D2A8 | 0x0006F5D0 | 0x0006DFD0 | 0x0000050F |
| GetStringTypeW | - | 0x18005D2B0 | 0x0006F5D8 | 0x0006DFD8 | 0x000002EF |
| GetFileSizeEx | - | 0x18005D2B8 | 0x0006F5E0 | 0x0006DFE0 | 0x00000260 |
| SetFilePointerEx | - | 0x18005D2C0 | 0x0006F5E8 | 0x0006DFE8 | 0x00000549 |
| SetStdHandle | - | 0x18005D2C8 | 0x0006F5F0 | 0x0006DFF0 | 0x00000572 |
| HeapSize | - | 0x18005D2D0 | 0x0006F5F8 | 0x0006DFF8 | 0x0000036C |
| HeapReAlloc | - | 0x18005D2D8 | 0x0006F600 | 0x0006E000 | 0x0000036A |
| FlushFileBuffers | - | 0x18005D2E0 | 0x0006F608 | 0x0006E008 | 0x000001B1 |
| WriteFile | - | 0x18005D2E8 | 0x0006F610 | 0x0006E010 | 0x0000063D |
| GetConsoleOutputCP | - | 0x18005D2F0 | 0x0006F618 | 0x0006E018 | 0x00000212 |
| GetConsoleMode | - | 0x18005D2F8 | 0x0006F620 | 0x0006E020 | 0x0000020E |
| RtlUnwind | - | 0x18005D300 | 0x0006F628 | 0x0006E028 | 0x000004F6 |
USER32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| LoadStringW | - | 0x18005D310 | 0x0006F638 | 0x0006E038 | 0x00000267 |
ADVAPI32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegDeleteKeyW | - | 0x18005D000 | 0x0006F328 | 0x0006DD28 | 0x00000279 |
| RegCreateKeyExW | - | 0x18005D008 | 0x0006F330 | 0x0006DD30 | 0x0000026E |
| RegCloseKey | - | 0x18005D010 | 0x0006F338 | 0x0006DD38 | 0x00000265 |
| RegSetValueExW | - | 0x18005D018 | 0x0006F340 | 0x0006DD40 | 0x000002B3 |
ole32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| StringFromCLSID | - | 0x18005D320 | 0x0006F648 | 0x0006E048 | 0x0000020C |
| CoTaskMemFree | - | 0x18005D328 | 0x0006F650 | 0x0006E050 | 0x0000008C |
Exports (37)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| AddStroke | 0x00001744 | 0x00000002 |
| AddWordsToWordList | 0x00001970 | 0x00000003 |
| AdviseInkChange | 0x00001978 | 0x00000004 |
| CloneContext | 0x0000197C | 0x00000005 |
| CreateContext | 0x00001984 | 0x00000006 |
| CreateRecognizer | 0x000019EC | 0x00000007 |
| DestroyAlternate | 0x00001A54 | 0x00000008 |
| DestroyContext | 0x00001A5C | 0x00000009 |
| DestroyRecognizer | 0x00001AC4 | 0x0000000A |
| DestroyWordList | 0x00001AE8 | 0x0000000B |
| DllRegisterServer | 0x00001E0C | 0x0000000C |
| DllUnregisterServer | 0x00001FC0 | 0x0000000D |
| GetBestResultString | 0x000010B8 | 0x00000001 |
| GetContextPreferenceFlags | 0x0000201C | 0x0000000E |
| GetContextPropertyList | 0x00002024 | 0x0000000F |
| GetContextPropertyValue | 0x0000202C | 0x00000010 |
| GetEnabledUnicodeRanges | 0x00002034 | 0x00000011 |
| GetGuide | 0x0000203C | 0x00000012 |
| GetLatticePtr | 0x00002080 | 0x00000013 |
| GetLeftSeparator | 0x000022A4 | 0x00000014 |
| GetPreferredPacketDescription | 0x000022AC | 0x00000015 |
| GetRecoAttributes | 0x00002328 | 0x00000016 |
| GetResultPropertyList | 0x00002340 | 0x00000017 |
| GetRightSeparator | 0x00002348 | 0x00000018 |
| GetUnicodeRanges | 0x00002350 | 0x00000019 |
| IsStringSupported | 0x00002358 | 0x0000001A |
| MakeWordList | 0x00002360 | 0x0000001B |
| Process | 0x00002368 | 0x0000001C |
| ResetContext | 0x00002688 | 0x0000001D |
| SetCACMode | 0x000026E0 | 0x0000001E |
| SetContextPropertyValue | 0x000026E8 | 0x0000001F |
| SetEnabledUnicodeRanges | 0x000026F0 | 0x00000020 |
| SetFactoid | 0x000026F8 | 0x00000021 |
| SetFlags | 0x000026FC | 0x00000022 |
| SetGuide | 0x00002700 | 0x00000023 |
| SetTextContext | 0x000027A8 | 0x00000024 |
| SetWordList | 0x000027B0 | 0x00000025 |
