ScreenShot
| Created | 2021.04.05 11:01 | Machine | s1_win7_x6401 |
| Filename | asse9e3x.rar | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 45 detected (malicious, high confidence, GenericKD, Dridex, HgkASR0A, Unsafe, Save, confidence, 100%, Kryptik, HKFC, Cridex, Malware@#3av8fpb98q77n, lnvio, ai score=88, kcloud, Ymacco, Wacapew, score, R375024, R057H0CD321, CLOUD, B+78QoR+gSw, Generik, MADPDDD, GdSda) | ||
| md5 | 3d0fffa0fe157c3bffb917e6a8d9da2e | ||
| sha256 | 03bb64d1d0d91623bd8d83e769e97d39cf8175584dce06bc07936a8050ee4e41 | ||
| ssdeep | 12288:ybHAqgIuNsQBUZGlXA21Sp3vykrYIotUfd+G+3kZ:aBCNrUo/CakrY4dZ+UZ | ||
| imphash | adeae1388ccab7d5ea2c08a636428844 | ||
| impfuzzy | 96:YnvHmVLMM5Gc+ZjjLLxZRrspr4vwSxmAw:YtjLtZRrsprEwS4Aw | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. |
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | Sends data using the HTTP POST Method |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | This executable has a PDB path |
| info | Tries to locate where the browsers are installed |
Rules (11cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Dridex_Gen_Zero | Win32 Trojan Dridex (Dll | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x466000 ExitProcess
0x466004 CreateProcessW
0x466008 LoadLibraryW
0x46600c Sleep
0x466010 GetModuleFileNameW
0x466014 GetTempPathW
0x466018 OpenMutexW
0x46601c VirtualProtectEx
0x466020 VirtualProtect
0x466024 GetFileTime
0x466028 CloseHandle
0x46602c CreateFileW
0x466030 FlushFileBuffers
0x466034 WriteConsoleW
0x466038 SetStdHandle
0x46603c SetFilePointerEx
0x466040 GetConsoleMode
0x466044 GetConsoleCP
0x466048 OutputDebugStringW
0x46604c LoadLibraryExW
0x466050 FreeEnvironmentStringsW
0x466054 GetEnvironmentStringsW
0x466058 GetSystemTimeAsFileTime
0x46605c GetCurrentProcessId
0x466060 QueryPerformanceCounter
0x466064 GetModuleFileNameA
0x466068 GetFileType
0x46606c HeapSize
0x466070 WriteFile
0x466074 GetStdHandle
0x466078 GetModuleHandleExW
0x46607c GetProcessHeap
0x466080 GetOEMCP
0x466084 GetACP
0x466088 IsValidCodePage
0x46608c IsDebuggerPresent
0x466090 EnumSystemLocalesW
0x466094 GetUserDefaultLCID
0x466098 IsValidLocale
0x46609c GetLocaleInfoW
0x4660a0 LCMapStringW
0x4660a4 CompareStringW
0x4660a8 GetProcAddress
0x4660ac GetModuleHandleW
0x4660b0 GetStartupInfoW
0x4660b4 TlsFree
0x4660b8 TlsSetValue
0x4660bc TlsGetValue
0x4660c0 TlsAlloc
0x4660c4 TerminateProcess
0x4660c8 GetCurrentProcess
0x4660cc InitializeCriticalSectionAndSpinCount
0x4660d0 SetLastError
0x4660d4 SetUnhandledExceptionFilter
0x4660d8 UnhandledExceptionFilter
0x4660dc IsProcessorFeaturePresent
0x4660e0 GetCPInfo
0x4660e4 RtlUnwind
0x4660e8 RaiseException
0x4660ec GetCurrentThreadId
0x4660f0 GetCommandLineA
0x4660f4 HeapReAlloc
0x4660f8 HeapAlloc
0x4660fc EncodePointer
0x466100 DecodePointer
0x466104 EnterCriticalSection
0x466108 LeaveCriticalSection
0x46610c DeleteCriticalSection
0x466110 WideCharToMultiByte
0x466114 MultiByteToWideChar
0x466118 GetStringTypeW
0x46611c GetLastError
0x466120 HeapFree
ole32.dll
0x466128 CoUninitialize
0x46612c CoTaskMemFree
0x466130 CoTaskMemAlloc
0x466134 CoInitialize
oledlg.dll
0x46613c OleUIChangeIconW
0x466140 OleUIAddVerbMenuW
pdh.dll
0x466148 PdhParseCounterPathW
0x46614c PdhSetCounterScaleFactor
0x466150 PdhGetDefaultPerfCounterW
0x466154 PdhVerifySQLDBW
0x466158 PdhBrowseCountersHW
0x46615c PdhEnumObjectItemsW
0x466160 PdhBrowseCountersW
0x466164 PdhComputeCounterStatistics
0x466168 PdhCollectQueryDataEx
0x46616c PdhSelectDataSourceW
0x466170 PdhGetDefaultPerfObjectHW
0x466174 PdhGetDefaultPerfObjectW
0x466178 PdhGetFormattedCounterArrayW
0x46617c PdhEnumObjectsW
0x466180 PdhExpandWildCardPathW
0x466184 PdhReadRawLogRecord
0x466188 PdhGetCounterTimeBase
0x46618c PdhBindInputDataSourceW
0x466190 PdhEnumLogSetNamesW
0x466194 PdhUpdateLogFileCatalog
0x466198 PdhEnumObjectsHW
0x46619c PdhGetCounterInfoW
0x4661a0 PdhExpandCounterPathW
0x4661a4 PdhMakeCounterPathW
0x4661a8 PdhCloseQuery
0x4661ac PdhGetRawCounterArrayW
0x4661b0 PdhGetDataSourceTimeRangeH
0x4661b4 PdhUpdateLogW
0x4661b8 PdhSetDefaultRealTimeDataSource
0x4661bc PdhOpenLogW
0x4661c0 PdhValidatePathW
0x4661c4 PdhGetRawCounterValue
0x4661c8 PdhEnumObjectItemsHW
0x4661cc PdhGetDefaultPerfCounterHW
0x4661d0 PdhAddCounterW
0x4661d4 PdhCreateSQLTablesW
0x4661d8 PdhSetLogSetRunID
0x4661dc PdhOpenQueryW
0x4661e0 PdhExpandWildCardPathHW
0x4661e4 PdhGetFormattedCounterValue
0x4661e8 PdhParseInstanceNameW
0x4661ec PdhSetQueryTimeRange
0x4661f0 PdhRemoveCounter
0x4661f4 PdhGetDataSourceTimeRangeW
0x4661f8 PdhCalculateCounterFromRawValue
0x4661fc PdhCloseLog
0x466200 PdhGetLogSetGUID
0x466204 PdhFormatFromRawValue
0x466208 PdhEnumMachinesW
0x46620c PdhLookupPerfIndexByNameW
0x466210 PdhLookupPerfNameByIndexW
0x466214 PdhGetDllVersion
0x466218 PdhGetLogFileSize
0x46621c PdhOpenQueryH
0x466220 PdhConnectMachineW
0x466224 PdhEnumMachinesHW
EAT(Export Address Table) Library
0x42e270 Completebegan
0x42fc00 DllRegisterServer
0x42e3f0 Moleculenext
0x42e6b0 Searchneighbor
0x430620 Southoccur
KERNEL32.dll
0x466000 ExitProcess
0x466004 CreateProcessW
0x466008 LoadLibraryW
0x46600c Sleep
0x466010 GetModuleFileNameW
0x466014 GetTempPathW
0x466018 OpenMutexW
0x46601c VirtualProtectEx
0x466020 VirtualProtect
0x466024 GetFileTime
0x466028 CloseHandle
0x46602c CreateFileW
0x466030 FlushFileBuffers
0x466034 WriteConsoleW
0x466038 SetStdHandle
0x46603c SetFilePointerEx
0x466040 GetConsoleMode
0x466044 GetConsoleCP
0x466048 OutputDebugStringW
0x46604c LoadLibraryExW
0x466050 FreeEnvironmentStringsW
0x466054 GetEnvironmentStringsW
0x466058 GetSystemTimeAsFileTime
0x46605c GetCurrentProcessId
0x466060 QueryPerformanceCounter
0x466064 GetModuleFileNameA
0x466068 GetFileType
0x46606c HeapSize
0x466070 WriteFile
0x466074 GetStdHandle
0x466078 GetModuleHandleExW
0x46607c GetProcessHeap
0x466080 GetOEMCP
0x466084 GetACP
0x466088 IsValidCodePage
0x46608c IsDebuggerPresent
0x466090 EnumSystemLocalesW
0x466094 GetUserDefaultLCID
0x466098 IsValidLocale
0x46609c GetLocaleInfoW
0x4660a0 LCMapStringW
0x4660a4 CompareStringW
0x4660a8 GetProcAddress
0x4660ac GetModuleHandleW
0x4660b0 GetStartupInfoW
0x4660b4 TlsFree
0x4660b8 TlsSetValue
0x4660bc TlsGetValue
0x4660c0 TlsAlloc
0x4660c4 TerminateProcess
0x4660c8 GetCurrentProcess
0x4660cc InitializeCriticalSectionAndSpinCount
0x4660d0 SetLastError
0x4660d4 SetUnhandledExceptionFilter
0x4660d8 UnhandledExceptionFilter
0x4660dc IsProcessorFeaturePresent
0x4660e0 GetCPInfo
0x4660e4 RtlUnwind
0x4660e8 RaiseException
0x4660ec GetCurrentThreadId
0x4660f0 GetCommandLineA
0x4660f4 HeapReAlloc
0x4660f8 HeapAlloc
0x4660fc EncodePointer
0x466100 DecodePointer
0x466104 EnterCriticalSection
0x466108 LeaveCriticalSection
0x46610c DeleteCriticalSection
0x466110 WideCharToMultiByte
0x466114 MultiByteToWideChar
0x466118 GetStringTypeW
0x46611c GetLastError
0x466120 HeapFree
ole32.dll
0x466128 CoUninitialize
0x46612c CoTaskMemFree
0x466130 CoTaskMemAlloc
0x466134 CoInitialize
oledlg.dll
0x46613c OleUIChangeIconW
0x466140 OleUIAddVerbMenuW
pdh.dll
0x466148 PdhParseCounterPathW
0x46614c PdhSetCounterScaleFactor
0x466150 PdhGetDefaultPerfCounterW
0x466154 PdhVerifySQLDBW
0x466158 PdhBrowseCountersHW
0x46615c PdhEnumObjectItemsW
0x466160 PdhBrowseCountersW
0x466164 PdhComputeCounterStatistics
0x466168 PdhCollectQueryDataEx
0x46616c PdhSelectDataSourceW
0x466170 PdhGetDefaultPerfObjectHW
0x466174 PdhGetDefaultPerfObjectW
0x466178 PdhGetFormattedCounterArrayW
0x46617c PdhEnumObjectsW
0x466180 PdhExpandWildCardPathW
0x466184 PdhReadRawLogRecord
0x466188 PdhGetCounterTimeBase
0x46618c PdhBindInputDataSourceW
0x466190 PdhEnumLogSetNamesW
0x466194 PdhUpdateLogFileCatalog
0x466198 PdhEnumObjectsHW
0x46619c PdhGetCounterInfoW
0x4661a0 PdhExpandCounterPathW
0x4661a4 PdhMakeCounterPathW
0x4661a8 PdhCloseQuery
0x4661ac PdhGetRawCounterArrayW
0x4661b0 PdhGetDataSourceTimeRangeH
0x4661b4 PdhUpdateLogW
0x4661b8 PdhSetDefaultRealTimeDataSource
0x4661bc PdhOpenLogW
0x4661c0 PdhValidatePathW
0x4661c4 PdhGetRawCounterValue
0x4661c8 PdhEnumObjectItemsHW
0x4661cc PdhGetDefaultPerfCounterHW
0x4661d0 PdhAddCounterW
0x4661d4 PdhCreateSQLTablesW
0x4661d8 PdhSetLogSetRunID
0x4661dc PdhOpenQueryW
0x4661e0 PdhExpandWildCardPathHW
0x4661e4 PdhGetFormattedCounterValue
0x4661e8 PdhParseInstanceNameW
0x4661ec PdhSetQueryTimeRange
0x4661f0 PdhRemoveCounter
0x4661f4 PdhGetDataSourceTimeRangeW
0x4661f8 PdhCalculateCounterFromRawValue
0x4661fc PdhCloseLog
0x466200 PdhGetLogSetGUID
0x466204 PdhFormatFromRawValue
0x466208 PdhEnumMachinesW
0x46620c PdhLookupPerfIndexByNameW
0x466210 PdhLookupPerfNameByIndexW
0x466214 PdhGetDllVersion
0x466218 PdhGetLogFileSize
0x46621c PdhOpenQueryH
0x466220 PdhConnectMachineW
0x466224 PdhEnumMachinesHW
EAT(Export Address Table) Library
0x42e270 Completebegan
0x42fc00 DllRegisterServer
0x42e3f0 Moleculenext
0x42e6b0 Searchneighbor
0x430620 Southoccur