ScreenShot
| Created | 2021.04.05 10:50 | Machine | s1_win7_x6401 |
| Filename | qs73wd.rar | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (AIDetect, malware2, GenericKD, Wacatac, Attribute, HighConfidence, Kryptik, HKFQ, Malware@#2mx9uo1pq50dx, Dridex, Malicious, svrqf, ai score=82, score, Undefined, CLOUD, x4KXGVpiNjY, Generik, GMXBOUE, GdSda) | ||
| md5 | 6f3d820ee9c069a6710e743d53a9bb25 | ||
| sha256 | b78b0aee4e5c072ea24d4d9d8e89c8990076fbe96ef353950b7006ea50eabfac | ||
| ssdeep | 6144:x16vYH/guLTgQb1oFtIaJmGDtDplcJqiD4IU2fQ/TxH9ztrHayYm:j6vYouLTgQ5oFt/hRDfkL1U2Y/Txdztn | ||
| imphash | 02e581d639f814ba43d9c6c8be6f316e | ||
| impfuzzy | 48:RUKtMS17Mbc+ppXr36cLE6x9j/11t9oGAi:RVtMS17Mbc+ppXdxZ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1041000 MoveFileA
0x1041004 VirtualProtect
0x1041008 LocalAlloc
0x104100c GetCurrentDirectoryA
0x1041010 Sleep
0x1041014 GlobalAlloc
0x1041018 GlobalFree
0x104101c CreateThread
0x1041020 LocalFree
0x1041024 FindFirstChangeNotificationA
0x1041028 WriteConsoleW
0x104102c CloseHandle
0x1041030 CreateFileW
0x1041034 SetFilePointerEx
0x1041038 GetConsoleMode
0x104103c GetConsoleCP
0x1041040 WriteFile
0x1041044 UnhandledExceptionFilter
0x1041048 SetUnhandledExceptionFilter
0x104104c GetCurrentProcess
0x1041050 TerminateProcess
0x1041054 IsProcessorFeaturePresent
0x1041058 QueryPerformanceCounter
0x104105c GetCurrentProcessId
0x1041060 GetCurrentThreadId
0x1041064 GetSystemTimeAsFileTime
0x1041068 InitializeSListHead
0x104106c IsDebuggerPresent
0x1041070 GetStartupInfoW
0x1041074 GetModuleHandleW
0x1041078 RtlUnwind
0x104107c RaiseException
0x1041080 InterlockedFlushSList
0x1041084 GetLastError
0x1041088 SetLastError
0x104108c EncodePointer
0x1041090 EnterCriticalSection
0x1041094 LeaveCriticalSection
0x1041098 DeleteCriticalSection
0x104109c InitializeCriticalSectionAndSpinCount
0x10410a0 TlsAlloc
0x10410a4 TlsGetValue
0x10410a8 TlsSetValue
0x10410ac TlsFree
0x10410b0 FreeLibrary
0x10410b4 GetProcAddress
0x10410b8 LoadLibraryExW
0x10410bc ExitProcess
0x10410c0 GetModuleHandleExW
0x10410c4 GetModuleFileNameW
0x10410c8 HeapAlloc
0x10410cc HeapFree
0x10410d0 FindClose
0x10410d4 FindFirstFileExW
0x10410d8 FindNextFileW
0x10410dc IsValidCodePage
0x10410e0 GetACP
0x10410e4 GetOEMCP
0x10410e8 GetCPInfo
0x10410ec GetCommandLineA
0x10410f0 GetCommandLineW
0x10410f4 MultiByteToWideChar
0x10410f8 WideCharToMultiByte
0x10410fc GetEnvironmentStringsW
0x1041100 FreeEnvironmentStringsW
0x1041104 LCMapStringW
0x1041108 GetProcessHeap
0x104110c GetStdHandle
0x1041110 GetFileType
0x1041114 GetStringTypeW
0x1041118 HeapSize
0x104111c HeapReAlloc
0x1041120 SetStdHandle
0x1041124 FlushFileBuffers
0x1041128 DecodePointer
USER32.dll
0x1041130 GetWindowRect
0x1041134 CreatePopupMenu
0x1041138 DialogBoxIndirectParamA
0x104113c GetWindowThreadProcessId
0x1041140 DefWindowProcA
0x1041144 CreateDialogIndirectParamA
0x1041148 GetClientRect
0x104114c GetSysColorBrush
0x1041150 GetForegroundWindow
EAT(Export Address Table) Library
0x100e230 Columnspot 1
0x100e370 Groundhuman 2
0x100eb80 Hotelement 3
0x100e140 Wheredesert 4
KERNEL32.dll
0x1041000 MoveFileA
0x1041004 VirtualProtect
0x1041008 LocalAlloc
0x104100c GetCurrentDirectoryA
0x1041010 Sleep
0x1041014 GlobalAlloc
0x1041018 GlobalFree
0x104101c CreateThread
0x1041020 LocalFree
0x1041024 FindFirstChangeNotificationA
0x1041028 WriteConsoleW
0x104102c CloseHandle
0x1041030 CreateFileW
0x1041034 SetFilePointerEx
0x1041038 GetConsoleMode
0x104103c GetConsoleCP
0x1041040 WriteFile
0x1041044 UnhandledExceptionFilter
0x1041048 SetUnhandledExceptionFilter
0x104104c GetCurrentProcess
0x1041050 TerminateProcess
0x1041054 IsProcessorFeaturePresent
0x1041058 QueryPerformanceCounter
0x104105c GetCurrentProcessId
0x1041060 GetCurrentThreadId
0x1041064 GetSystemTimeAsFileTime
0x1041068 InitializeSListHead
0x104106c IsDebuggerPresent
0x1041070 GetStartupInfoW
0x1041074 GetModuleHandleW
0x1041078 RtlUnwind
0x104107c RaiseException
0x1041080 InterlockedFlushSList
0x1041084 GetLastError
0x1041088 SetLastError
0x104108c EncodePointer
0x1041090 EnterCriticalSection
0x1041094 LeaveCriticalSection
0x1041098 DeleteCriticalSection
0x104109c InitializeCriticalSectionAndSpinCount
0x10410a0 TlsAlloc
0x10410a4 TlsGetValue
0x10410a8 TlsSetValue
0x10410ac TlsFree
0x10410b0 FreeLibrary
0x10410b4 GetProcAddress
0x10410b8 LoadLibraryExW
0x10410bc ExitProcess
0x10410c0 GetModuleHandleExW
0x10410c4 GetModuleFileNameW
0x10410c8 HeapAlloc
0x10410cc HeapFree
0x10410d0 FindClose
0x10410d4 FindFirstFileExW
0x10410d8 FindNextFileW
0x10410dc IsValidCodePage
0x10410e0 GetACP
0x10410e4 GetOEMCP
0x10410e8 GetCPInfo
0x10410ec GetCommandLineA
0x10410f0 GetCommandLineW
0x10410f4 MultiByteToWideChar
0x10410f8 WideCharToMultiByte
0x10410fc GetEnvironmentStringsW
0x1041100 FreeEnvironmentStringsW
0x1041104 LCMapStringW
0x1041108 GetProcessHeap
0x104110c GetStdHandle
0x1041110 GetFileType
0x1041114 GetStringTypeW
0x1041118 HeapSize
0x104111c HeapReAlloc
0x1041120 SetStdHandle
0x1041124 FlushFileBuffers
0x1041128 DecodePointer
USER32.dll
0x1041130 GetWindowRect
0x1041134 CreatePopupMenu
0x1041138 DialogBoxIndirectParamA
0x104113c GetWindowThreadProcessId
0x1041140 DefWindowProcA
0x1041144 CreateDialogIndirectParamA
0x1041148 GetClientRect
0x104114c GetSysColorBrush
0x1041150 GetForegroundWindow
EAT(Export Address Table) Library
0x100e230 Columnspot 1
0x100e370 Groundhuman 2
0x100eb80 Hotelement 3
0x100e140 Wheredesert 4