ScreenShot
| Created | 2021.04.23 11:01 | Machine | s1_win7_x6402 |
| Filename | netrun.dll | ||
| Type | PE32 executable (DLL) (native) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 13 detected (AIDetect, malware2, malicious, high confidence, Save, confidence, BankerX, Wacapew, TrickBot, HUQH4B, score, PossibleThreat, PALLAS) | ||
| md5 | ad71736a0833f599dc0f8cc1d6617746 | ||
| sha256 | bedc5de10401cf085dbcc630e5e90effcef8f91bc641814c26617dfe4068583e | ||
| ssdeep | 12288:IUD6rqv9FL3FPasBZjYRVxeiia5Cuym4G8rhC:HDFSpn0ix5Cuym5Ih | ||
| imphash | fe54aa4914f46efb2484d8839e21efc3 | ||
| impfuzzy | 3:Px+yw6BJO7aqs2dWtMB1JM/MDJt1AjTE:p+yfA2eg2J7P1aE | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | One or more potentially interesting buffers were extracted |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x1000f010 wnsprintfA
KERNEL32.dll
0x1000f000 CloseHandle
0x1000f004 CreateFileA
0x1000f008 WriteFile
USER32.dll
0x1000f018 GetClientRect
0x1000f01c GetClassNameA
0x1000f020 GetWindowTextA
EAT(Export Address Table) Library
0x10003bbd StartW
SHLWAPI.dll
0x1000f010 wnsprintfA
KERNEL32.dll
0x1000f000 CloseHandle
0x1000f004 CreateFileA
0x1000f008 WriteFile
USER32.dll
0x1000f018 GetClientRect
0x1000f01c GetClassNameA
0x1000f020 GetWindowTextA
EAT(Export Address Table) Library
0x10003bbd StartW