ScreenShot
| Created | 2021.04.06 08:18 | Machine | s1_win7_x6401 |
| Filename | ALbaCTlU8DzMcA.php | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (AIDetect, malware1, malicious, high confidence, QVM40, Unsafe, Save, confidence, Dridex, Eldorado, Attribute, HighConfidence, Drixed, score, Artemis, CLASSIC, Static AI, Malicious PE, ZedlaF, mu8@aS1mr0oO) | ||
| md5 | 3be35148cc6c80994becbcd204d8c33e | ||
| sha256 | 266ddee85dd0eddb85d55bd9eb29f328d3052c8a46b6aa1e9b97232fe83f2c49 | ||
| ssdeep | 3072:tBHfDmTQoHJhc+1aImpJRxSmR7bVsSazalcBfc7Ivu5IMlZ:tBHLSc+wLJRHFVsSaGluUs25Iw | ||
| imphash | 2715a19d1d4a50604e0ace50d5e16153 | ||
| impfuzzy | 6:VnS3HqgyDw3QXKUHXQr89PvrLP6IKw16MlaxOUArvX6lFBJAEdBJAGvPLX0W:VnS3/yCQXtAr2+wsM6uvXyNAqAGrkW | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable uses a known packer |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Dridex_Gene_Zero | Win32 Trojan Dridex Gene | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasModified_DOS_Message | DOS Message Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x40b00c OffsetClipRgn
USER32.dll
0x40b030 GetMenuState
0x40b034 EnumDisplayDevicesW
0x40b038 TranslateMessage
0x40b03c DragDetect
WINTRUST.dll
0x40b044 CryptCATAdminCalcHashFromFileHandle
ADVAPI32.dll
0x40b000 RegLoadAppKeyW
0x40b004 CloseEncryptedFileRaw
KERNEL32.dll
0x40b014 GetSystemDefaultUILanguage
0x40b018 CloseHandle
0x40b01c OutputDebugStringA
0x40b020 LoadLibraryA
0x40b024 LoadLibraryW
0x40b028 GetPriorityClass
EAT(Export Address Table) is none
GDI32.dll
0x40b00c OffsetClipRgn
USER32.dll
0x40b030 GetMenuState
0x40b034 EnumDisplayDevicesW
0x40b038 TranslateMessage
0x40b03c DragDetect
WINTRUST.dll
0x40b044 CryptCATAdminCalcHashFromFileHandle
ADVAPI32.dll
0x40b000 RegLoadAppKeyW
0x40b004 CloseEncryptedFileRaw
KERNEL32.dll
0x40b014 GetSystemDefaultUILanguage
0x40b018 CloseHandle
0x40b01c OutputDebugStringA
0x40b020 LoadLibraryA
0x40b024 LoadLibraryW
0x40b028 GetPriorityClass
EAT(Export Address Table) is none