ScreenShot
Created | 2021.04.05 10:57 | Machine | s1_win7_x6401 |
Filename | 1.dll | ||
Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 37 detected (malicious, high confidence, DownLoader38, GenericKD, Wacatac, confidence, 100%, ZedlaF, eq4@aqnXp8d, Attribute, HighConfidence, a variant of Generik, IFNXACC, akup, Undefined, CLOUD, Malware@#3aghijb709ur4, GenericM, ncsiy, ai score=82, kcloud, score, Generik, GdSda, HygBWCcA) | ||
md5 | 5512180f20e8279acc4d71abbfeb2433 | ||
sha256 | b8b0a5451344e49b72f422d3fa16c49eb0e3864f2b6c58e539e2e9774cd60824 | ||
ssdeep | 1536:DqFTghmBv//NxscRzNVSkTF9hqyNHgUZ:DNhW/MCqkTjhqk | ||
imphash | 409c7c1ba51d89659506cf4700331508 | ||
impfuzzy | 3:sBaAXwGXWX1AVegpnZhXBE9mb2gCA7Sn:XyFA1upnZBxin |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
info | Checks if process is being debugged by a debugger |
Rules (6cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsDLL | (no description) | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
info | HasDebugData | DebugData Check | binaries (upload) |
info | HasRichSignature | Rich Signature Check | binaries (upload) |
info | IsWindowsGUI | (no description) | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10004000 lstrlenA
0x10004004 Sleep
USER32.dll
0x1000400c GetWindowDC
0x10004010 GetSysColor
0x10004014 SystemParametersInfoA
0x10004018 GetForegroundWindow
EAT(Export Address Table) Library
0x100017b3 DF
KERNEL32.dll
0x10004000 lstrlenA
0x10004004 Sleep
USER32.dll
0x1000400c GetWindowDC
0x10004010 GetSysColor
0x10004014 SystemParametersInfoA
0x10004018 GetForegroundWindow
EAT(Export Address Table) Library
0x100017b3 DF