ScreenShot
| Created | 2021.04.13 10:12 | Machine | s1_win7_x6401 |
| Filename | e0McR45Lmv | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 521384e6136f1715a75912116ce5edd4 | ||
| sha256 | 38fdfe396b83d071feda0bcba51eb7a2bc435aa118c2b0bfa33c59becb95ea55 | ||
| ssdeep | 3072:Ulpmktgw9IAMlZxSGg7ypZIQ404g51acpg0xZtCVxwVeXm7YP1cOPpiihEY:Ulo0gw4ZMypZp45g51aXotOxwVeXm7Ym | ||
| imphash | d20e8b584b1e294911b88a699c987910 | ||
| impfuzzy | 6:om16MlaxOiBJAMgArvX6lPLX0YBJAEnSnnS3yDw3QHqgXKUHXQr89PvrLP6In:omsM6VASvXyzkoAfnS3yCQ/XtAr2T | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable uses a known packer |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasModified_DOS_Message | DOS Message Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x40a000 RegLoadAppKeyW
0x40a004 CloseEncryptedFileRaw
KERNEL32.dll
0x40a014 GetSystemDefaultUILanguage
0x40a018 LoadLibraryExA
0x40a01c CloseHandle
0x40a020 OutputDebugStringA
0x40a024 GetPriorityClass
0x40a028 LoadLibraryA
0x40a02c GetModuleHandleW
GDI32.dll
0x40a00c OffsetClipRgn
USER32.dll
0x40a034 EnumDisplayDevicesW
0x40a038 GetMenuState
0x40a03c TranslateMessage
0x40a040 DragDetect
WINTRUST.dll
0x40a048 CryptCATAdminCalcHashFromFileHandle
EAT(Export Address Table) is none
ADVAPI32.dll
0x40a000 RegLoadAppKeyW
0x40a004 CloseEncryptedFileRaw
KERNEL32.dll
0x40a014 GetSystemDefaultUILanguage
0x40a018 LoadLibraryExA
0x40a01c CloseHandle
0x40a020 OutputDebugStringA
0x40a024 GetPriorityClass
0x40a028 LoadLibraryA
0x40a02c GetModuleHandleW
GDI32.dll
0x40a00c OffsetClipRgn
USER32.dll
0x40a034 EnumDisplayDevicesW
0x40a038 GetMenuState
0x40a03c TranslateMessage
0x40a040 DragDetect
WINTRUST.dll
0x40a048 CryptCATAdminCalcHashFromFileHandle
EAT(Export Address Table) is none