ScreenShot
| Created | 2021.04.23 17:22 | Machine | s1_win7_x6401 |
| Filename | presentation.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | abfdb78bc1d633f5ea9a84f9dd4e6aac | ||
| sha256 | 7fd6fb30fdeabe25a504b7e6faacdbe285c4eb46f94c8ba3aeb52612ac150f8b | ||
| ssdeep | 24576:HQfpzjXPgfh8CJV4X+IBIJ3cazaLwj1mCG9CpNiLi:IFDgVJV4OaIRj150CpNiLi | ||
| imphash | 7a79d10b1d4343a18a4f6e25e165b4ae | ||
| impfuzzy | 48:yfF6arVaC94+J86toS1rMvwZvyPZUvD0vzxG0ESGJ6XHBsgWDBrRcWK:mFVaCC+JxtoS1rMIZ2F8a+K | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | screenshot | Take screenshot | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x108a068 SetEnvironmentVariableA
0x108a06c FreeEnvironmentStringsW
0x108a070 GetEnvironmentStringsW
0x108a074 GetCommandLineW
0x108a078 GetProcessHeap
0x108a07c CreateFileW
0x108a080 SetStdHandle
0x108a084 ReadConsoleW
0x108a088 WriteConsoleW
0x108a08c HeapSize
0x108a090 SetEndOfFile
0x108a094 SetEnvironmentVariableW
0x108a098 GetOEMCP
0x108a09c IsValidCodePage
0x108a0a0 FindNextFileW
0x108a0a4 FindNextFileA
0x108a0a8 FindFirstFileExW
0x108a0ac FindFirstFileExA
0x108a0b0 FindClose
0x108a0b4 GetTimeZoneInformation
0x108a0b8 OutputDebugStringA
0x108a0bc OutputDebugStringW
0x108a0c0 WaitForSingleObjectEx
0x108a0c4 CreateSemaphoreA
0x108a0c8 GetSystemTimeAsFileTime
0x108a0cc TlsGetValue
0x108a0d0 VirtualProtectEx
0x108a0d4 TlsAlloc
0x108a0d8 GetSystemDirectoryA
0x108a0dc GetTempPathA
0x108a0e0 Sleep
0x108a0e4 GetCommandLineA
0x108a0e8 GetModuleHandleA
0x108a0ec InitializeCriticalSection
0x108a0f0 SetSystemPowerState
0x108a0f4 EnterCriticalSection
0x108a0f8 VirtualProtect
0x108a0fc GetModuleFileNameA
0x108a100 MultiByteToWideChar
0x108a104 GetLastError
0x108a108 FormatMessageW
0x108a10c WideCharToMultiByte
0x108a110 GetStringTypeW
0x108a114 LeaveCriticalSection
0x108a118 DeleteCriticalSection
0x108a11c SetLastError
0x108a120 InitializeCriticalSectionAndSpinCount
0x108a124 CreateEventW
0x108a128 SwitchToThread
0x108a12c TlsSetValue
0x108a130 TlsFree
0x108a134 GetTickCount
0x108a138 GetModuleHandleW
0x108a13c GetProcAddress
0x108a140 EncodePointer
0x108a144 DecodePointer
0x108a148 CompareStringW
0x108a14c LCMapStringW
0x108a150 GetLocaleInfoW
0x108a154 GetCPInfo
0x108a158 UnhandledExceptionFilter
0x108a15c SetUnhandledExceptionFilter
0x108a160 GetCurrentProcess
0x108a164 TerminateProcess
0x108a168 IsProcessorFeaturePresent
0x108a16c IsDebuggerPresent
0x108a170 GetStartupInfoW
0x108a174 QueryPerformanceCounter
0x108a178 GetCurrentProcessId
0x108a17c GetCurrentThreadId
0x108a180 InitializeSListHead
0x108a184 RtlUnwind
0x108a188 RaiseException
0x108a18c InterlockedPushEntrySList
0x108a190 InterlockedFlushSList
0x108a194 FreeLibrary
0x108a198 LoadLibraryExW
0x108a19c ExitProcess
0x108a1a0 GetModuleHandleExW
0x108a1a4 GetModuleFileNameW
0x108a1a8 HeapAlloc
0x108a1ac HeapFree
0x108a1b0 GetCurrentThread
0x108a1b4 GetACP
0x108a1b8 GetStdHandle
0x108a1bc GetFileType
0x108a1c0 CloseHandle
0x108a1c4 WaitForSingleObject
0x108a1c8 GetExitCodeProcess
0x108a1cc CreateProcessA
0x108a1d0 CreateProcessW
0x108a1d4 GetFileAttributesExW
0x108a1d8 WriteFile
0x108a1dc GetConsoleCP
0x108a1e0 GetConsoleMode
0x108a1e4 GetDateFormatW
0x108a1e8 GetTimeFormatW
0x108a1ec IsValidLocale
0x108a1f0 GetUserDefaultLCID
0x108a1f4 EnumSystemLocalesW
0x108a1f8 FlushFileBuffers
0x108a1fc ReadFile
0x108a200 SetFilePointerEx
0x108a204 HeapReAlloc
0x108a208 SetConsoleCtrlHandler
0x108a20c CreateThread
USER32.dll
0x108a224 SetFocus
0x108a228 GetCursorPos
0x108a22c RegisterClassExA
0x108a230 GetFocus
0x108a234 GetClassInfoExA
0x108a238 GetKeyNameTextA
0x108a23c GetWindowTextLengthA
0x108a240 CallWindowProcA
0x108a244 IsDlgButtonChecked
0x108a248 DestroyIcon
0x108a24c AppendMenuA
0x108a250 DrawIconEx
0x108a254 DrawEdge
GDI32.dll
0x108a048 BitBlt
0x108a04c DeleteDC
0x108a050 CreatePen
0x108a054 DeleteObject
0x108a058 CreateDCA
0x108a05c GetObjectA
0x108a060 DPtoLP
ole32.dll
0x108a25c OleUninitialize
0x108a260 OleSetContainedObject
0x108a264 OleInitialize
SHLWAPI.dll
0x108a214 PathFindFileNameA
0x108a218 PathAddBackslashW
0x108a21c PathStripToRootA
DCIMAN32.dll
0x108a000 DCICreatePrimary
0x108a004 DCIOpenProvider
0x108a008 GetDCRegionData
0x108a00c DCISetDestination
0x108a010 DCICloseProvider
0x108a014 DCICreateOverlay
0x108a018 GetWindowRegionData
0x108a01c DCIEndAccess
0x108a020 WinWatchDidStatusChange
0x108a024 DCICreateOffscreen
0x108a028 DCISetSrcDestClip
0x108a02c DCIDestroy
0x108a030 DCIDraw
0x108a034 DCISetClipList
0x108a038 DCIEnum
0x108a03c DCIBeginAccess
0x108a040 WinWatchClose
EAT(Export Address Table) Library
0x1021c64 Connectdark
0x1020de0 Mindlake
0x1021c2c Porthigh
0x1021bf8 Problemscale
0x1021b0a WingGrass
KERNEL32.dll
0x108a068 SetEnvironmentVariableA
0x108a06c FreeEnvironmentStringsW
0x108a070 GetEnvironmentStringsW
0x108a074 GetCommandLineW
0x108a078 GetProcessHeap
0x108a07c CreateFileW
0x108a080 SetStdHandle
0x108a084 ReadConsoleW
0x108a088 WriteConsoleW
0x108a08c HeapSize
0x108a090 SetEndOfFile
0x108a094 SetEnvironmentVariableW
0x108a098 GetOEMCP
0x108a09c IsValidCodePage
0x108a0a0 FindNextFileW
0x108a0a4 FindNextFileA
0x108a0a8 FindFirstFileExW
0x108a0ac FindFirstFileExA
0x108a0b0 FindClose
0x108a0b4 GetTimeZoneInformation
0x108a0b8 OutputDebugStringA
0x108a0bc OutputDebugStringW
0x108a0c0 WaitForSingleObjectEx
0x108a0c4 CreateSemaphoreA
0x108a0c8 GetSystemTimeAsFileTime
0x108a0cc TlsGetValue
0x108a0d0 VirtualProtectEx
0x108a0d4 TlsAlloc
0x108a0d8 GetSystemDirectoryA
0x108a0dc GetTempPathA
0x108a0e0 Sleep
0x108a0e4 GetCommandLineA
0x108a0e8 GetModuleHandleA
0x108a0ec InitializeCriticalSection
0x108a0f0 SetSystemPowerState
0x108a0f4 EnterCriticalSection
0x108a0f8 VirtualProtect
0x108a0fc GetModuleFileNameA
0x108a100 MultiByteToWideChar
0x108a104 GetLastError
0x108a108 FormatMessageW
0x108a10c WideCharToMultiByte
0x108a110 GetStringTypeW
0x108a114 LeaveCriticalSection
0x108a118 DeleteCriticalSection
0x108a11c SetLastError
0x108a120 InitializeCriticalSectionAndSpinCount
0x108a124 CreateEventW
0x108a128 SwitchToThread
0x108a12c TlsSetValue
0x108a130 TlsFree
0x108a134 GetTickCount
0x108a138 GetModuleHandleW
0x108a13c GetProcAddress
0x108a140 EncodePointer
0x108a144 DecodePointer
0x108a148 CompareStringW
0x108a14c LCMapStringW
0x108a150 GetLocaleInfoW
0x108a154 GetCPInfo
0x108a158 UnhandledExceptionFilter
0x108a15c SetUnhandledExceptionFilter
0x108a160 GetCurrentProcess
0x108a164 TerminateProcess
0x108a168 IsProcessorFeaturePresent
0x108a16c IsDebuggerPresent
0x108a170 GetStartupInfoW
0x108a174 QueryPerformanceCounter
0x108a178 GetCurrentProcessId
0x108a17c GetCurrentThreadId
0x108a180 InitializeSListHead
0x108a184 RtlUnwind
0x108a188 RaiseException
0x108a18c InterlockedPushEntrySList
0x108a190 InterlockedFlushSList
0x108a194 FreeLibrary
0x108a198 LoadLibraryExW
0x108a19c ExitProcess
0x108a1a0 GetModuleHandleExW
0x108a1a4 GetModuleFileNameW
0x108a1a8 HeapAlloc
0x108a1ac HeapFree
0x108a1b0 GetCurrentThread
0x108a1b4 GetACP
0x108a1b8 GetStdHandle
0x108a1bc GetFileType
0x108a1c0 CloseHandle
0x108a1c4 WaitForSingleObject
0x108a1c8 GetExitCodeProcess
0x108a1cc CreateProcessA
0x108a1d0 CreateProcessW
0x108a1d4 GetFileAttributesExW
0x108a1d8 WriteFile
0x108a1dc GetConsoleCP
0x108a1e0 GetConsoleMode
0x108a1e4 GetDateFormatW
0x108a1e8 GetTimeFormatW
0x108a1ec IsValidLocale
0x108a1f0 GetUserDefaultLCID
0x108a1f4 EnumSystemLocalesW
0x108a1f8 FlushFileBuffers
0x108a1fc ReadFile
0x108a200 SetFilePointerEx
0x108a204 HeapReAlloc
0x108a208 SetConsoleCtrlHandler
0x108a20c CreateThread
USER32.dll
0x108a224 SetFocus
0x108a228 GetCursorPos
0x108a22c RegisterClassExA
0x108a230 GetFocus
0x108a234 GetClassInfoExA
0x108a238 GetKeyNameTextA
0x108a23c GetWindowTextLengthA
0x108a240 CallWindowProcA
0x108a244 IsDlgButtonChecked
0x108a248 DestroyIcon
0x108a24c AppendMenuA
0x108a250 DrawIconEx
0x108a254 DrawEdge
GDI32.dll
0x108a048 BitBlt
0x108a04c DeleteDC
0x108a050 CreatePen
0x108a054 DeleteObject
0x108a058 CreateDCA
0x108a05c GetObjectA
0x108a060 DPtoLP
ole32.dll
0x108a25c OleUninitialize
0x108a260 OleSetContainedObject
0x108a264 OleInitialize
SHLWAPI.dll
0x108a214 PathFindFileNameA
0x108a218 PathAddBackslashW
0x108a21c PathStripToRootA
DCIMAN32.dll
0x108a000 DCICreatePrimary
0x108a004 DCIOpenProvider
0x108a008 GetDCRegionData
0x108a00c DCISetDestination
0x108a010 DCICloseProvider
0x108a014 DCICreateOverlay
0x108a018 GetWindowRegionData
0x108a01c DCIEndAccess
0x108a020 WinWatchDidStatusChange
0x108a024 DCICreateOffscreen
0x108a028 DCISetSrcDestClip
0x108a02c DCIDestroy
0x108a030 DCIDraw
0x108a034 DCISetClipList
0x108a038 DCIEnum
0x108a03c DCIBeginAccess
0x108a040 WinWatchClose
EAT(Export Address Table) Library
0x1021c64 Connectdark
0x1020de0 Mindlake
0x1021c2c Porthigh
0x1021bf8 Problemscale
0x1021b0a WingGrass