Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.04.05 10:47	Machine	s1_win7_x6401
Filename	1.dll
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score	7	Behavior Score	1.6
ZERO API	file : malware
VT API (file)	37 detected (malicious, high confidence, DownLoader38, GenericKD, Wacatac, confidence, 100%, ZedlaF, eq4@aqnXp8d, Attribute, HighConfidence, a variant of Generik, IFNXACC, akup, Undefined, CLOUD, Malware@#3aghijb709ur4, GenericM, ncsiy, ai score=82, kcloud, score, Generik, GdSda, HygBWCcA)
md5	5512180f20e8279acc4d71abbfeb2433
sha256	b8b0a5451344e49b72f422d3fa16c49eb0e3864f2b6c58e539e2e9774cd60824
ssdeep	1536:DqFTghmBv//NxscRzNVSkTF9hqyNHgUZ:DNhW/MCqkTjhqk
imphash	409c7c1ba51d89659506cf4700331508
impfuzzy	3:sBaAXwGXWX1AVegpnZhXBE9mb2gCA7Sn:XyFA1upnZBxin

Network IP location

Signature (3cnts)

Level	Description
danger	File has been identified by 37 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
info	Checks if process is being debugged by a debugger

Rules (6cnts)

Level	Name	Description	Collection
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature Zero	binaries (upload)
info	HasDebugData	DebugData Check	binaries (upload)
info	HasRichSignature	Rich Signature Check	binaries (upload)
info	IsWindowsGUI	(no description)	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x10004000 lstrlenA
0x10004004 Sleep
USER32.dll
0x1000400c GetWindowDC
0x10004010 GetSysColor
0x10004014 SystemParametersInfoA
0x10004018 GetForegroundWindow

EAT(Export Address Table) Library

0x100017b3 DF 1

Report - 1.dll

Signature (3cnts)

Rules (6cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure