ScreenShot
| Created | 2021.04.06 08:18 | Machine | s1_win7_x6402 |
| Filename | 0504.gif | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 19 detected (malicious, high confidence, Artemis, Unsafe, Save, Kryptik, HJZU, Graftor, ccmw, A + Mal, EncPk, Gamarue, score, BScope, RDMK, cmRtazrxx4p, WNInKcZKXPPcFSZ9, Static AI, Malicious PE, GenKryptik, FCLW, QVM40) | ||
| md5 | 937e2c551368757c5e3c3598c41ea7d9 | ||
| sha256 | cb73a2cf01aa499376231e1c5c14dbf0abfae7a2f2036c78bcfbc35b2284a5d5 | ||
| ssdeep | 1536:tm15JsYYm3GCVS7ZicTJzRVd620ZmB9RMli0msUdqZEACW4jySTLW:eLsacThRVd6pmBPM07vYZEA4/W | ||
| imphash | 3f728412058b62c418b1091768b74d7b | ||
| impfuzzy | 24:3hTbDzDoj1u92TaYdNfhi04Ds6IDgkWTl8zm0rWDVM1/mwHG:RTb65WGN5i04DsfgrTJ2/rm | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
user32.dll
0x1001f0c0 GetActiveWindow
0x1001f0c4 SetWindowsHookExA
0x1001f0c8 GetLayeredWindowAttributes
kernel32.dll
0x1001f050 GetProcAddress
0x1001f054 LoadLibraryA
0x1001f058 VirtualProtect
0x1001f05c VirtualAlloc
0x1001f060 lstrlenA
0x1001f064 lstrcatA
0x1001f068 lstrcmpA
0x1001f06c GetEnvironmentVariableW
ole32.dll
0x1001f080 OleInitialize
0x1001f084 OleQueryCreateFromData
0x1001f088 IIDFromString
0x1001f08c CLIPFORMAT_UserUnmarshal
0x1001f090 OleCreateEmbeddingHelper
0x1001f094 HDC_UserSize
msimg32.dll
0x1001f074 AlphaBlend
0x1001f078 TransparentBlt
comdlg32.dll
0x1001f02c PageSetupDlgA
0x1001f030 PrintDlgA
oledlg.dll
0x1001f0a8 OleUICanConvertOrActivateAs
0x1001f0ac OleUIChangeSourceW
0x1001f0b0 OleUIConvertA
comctl32.dll
0x1001f014 CreateStatusWindow
0x1001f018 LBItemFromPt
0x1001f01c DPA_Create
0x1001f020 FlatSB_ShowScrollBar
0x1001f024 ImageList_GetFlags
oleacc.dll
0x1001f09c IID_IAccessible
0x1001f0a0 LresultFromObject
version.dll
0x1001f0d0 VerFindFileW
0x1001f0d4 VerInstallFileA
0x1001f0d8 VerQueryValueA
0x1001f0dc VerQueryValueW
gdiplus.dll
0x1001f038 GdipEnumerateMetafileDestPointI
0x1001f03c GdipCreateBitmapFromHBITMAP
0x1001f040 GdipSetPenUnit
0x1001f044 GdipGetImageEncoders
0x1001f048 GdipGetPathPointsI
winspool.drv
0x1001f0e4 FindNextPrinterChangeNotification
0x1001f0e8 ConnectToPrinterDlg
0x1001f0ec SetPrinterDataW
0x1001f0f0 GetPrinterW
0x1001f0f4 DeletePrinterDataExW
shell32.dll
0x1001f0b8 SHGetSpecialFolderPathA
advapi32.dll
0x1001f000 GetKernelObjectSecurity
0x1001f004 CryptEnumProviderTypesA
0x1001f008 RegQueryValueExW
0x1001f00c RegisterIdleTask
EAT(Export Address Table) Library
0x1000447b DllServer
user32.dll
0x1001f0c0 GetActiveWindow
0x1001f0c4 SetWindowsHookExA
0x1001f0c8 GetLayeredWindowAttributes
kernel32.dll
0x1001f050 GetProcAddress
0x1001f054 LoadLibraryA
0x1001f058 VirtualProtect
0x1001f05c VirtualAlloc
0x1001f060 lstrlenA
0x1001f064 lstrcatA
0x1001f068 lstrcmpA
0x1001f06c GetEnvironmentVariableW
ole32.dll
0x1001f080 OleInitialize
0x1001f084 OleQueryCreateFromData
0x1001f088 IIDFromString
0x1001f08c CLIPFORMAT_UserUnmarshal
0x1001f090 OleCreateEmbeddingHelper
0x1001f094 HDC_UserSize
msimg32.dll
0x1001f074 AlphaBlend
0x1001f078 TransparentBlt
comdlg32.dll
0x1001f02c PageSetupDlgA
0x1001f030 PrintDlgA
oledlg.dll
0x1001f0a8 OleUICanConvertOrActivateAs
0x1001f0ac OleUIChangeSourceW
0x1001f0b0 OleUIConvertA
comctl32.dll
0x1001f014 CreateStatusWindow
0x1001f018 LBItemFromPt
0x1001f01c DPA_Create
0x1001f020 FlatSB_ShowScrollBar
0x1001f024 ImageList_GetFlags
oleacc.dll
0x1001f09c IID_IAccessible
0x1001f0a0 LresultFromObject
version.dll
0x1001f0d0 VerFindFileW
0x1001f0d4 VerInstallFileA
0x1001f0d8 VerQueryValueA
0x1001f0dc VerQueryValueW
gdiplus.dll
0x1001f038 GdipEnumerateMetafileDestPointI
0x1001f03c GdipCreateBitmapFromHBITMAP
0x1001f040 GdipSetPenUnit
0x1001f044 GdipGetImageEncoders
0x1001f048 GdipGetPathPointsI
winspool.drv
0x1001f0e4 FindNextPrinterChangeNotification
0x1001f0e8 ConnectToPrinterDlg
0x1001f0ec SetPrinterDataW
0x1001f0f0 GetPrinterW
0x1001f0f4 DeletePrinterDataExW
shell32.dll
0x1001f0b8 SHGetSpecialFolderPathA
advapi32.dll
0x1001f000 GetKernelObjectSecurity
0x1001f004 CryptEnumProviderTypesA
0x1001f008 RegQueryValueExW
0x1001f00c RegisterIdleTask
EAT(Export Address Table) Library
0x1000447b DllServer