ScreenShot
| Created | 2021.04.28 09:29 | Machine | s1_win7_x6402 |
| Filename | dl2.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 7 detected (Artemis, malicious, confidence, GenKryptik, FEGA) | ||
| md5 | c4539adb4566822ab8dfe45aa3d5ca63 | ||
| sha256 | 665d2cbbe026c961b1506f5d45205959c817c7b69af4106a40e74186cee6eb94 | ||
| ssdeep | 12288:E1czBBLUkiKyuQlgX9XfzI4JQnawQU3xHFNTDU8EBW:7yu6gX9X7IUwQUpFxA | ||
| imphash | e5d15e5539bc8bad0faadfeda5992100 | ||
| impfuzzy | 48:QystMS17kc+ppfk3a/BgNeS59ijDS8lS8:QNtMS17kc+ppfpXlS8 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14004a038 HeapSize
0x14004a040 ExpandEnvironmentStringsA
0x14004a048 GetConsoleAliasesW
0x14004a050 LoadLibraryA
0x14004a058 GetProcAddress
0x14004a060 VirtualProtect
0x14004a068 WriteConsoleW
0x14004a070 CreateFileW
0x14004a078 CloseHandle
0x14004a080 HeapFree
0x14004a088 GetConsoleMode
0x14004a090 GetConsoleCP
0x14004a098 FlushFileBuffers
0x14004a0a0 LCMapStringW
0x14004a0a8 HeapReAlloc
0x14004a0b0 HeapAlloc
0x14004a0b8 GetProcessHeap
0x14004a0c0 VirtualAlloc
0x14004a0c8 VirtualFree
0x14004a0d0 SetFilePointerEx
0x14004a0d8 GetStringTypeW
0x14004a0e0 RtlCaptureContext
0x14004a0e8 RtlLookupFunctionEntry
0x14004a0f0 RtlVirtualUnwind
0x14004a0f8 UnhandledExceptionFilter
0x14004a100 SetUnhandledExceptionFilter
0x14004a108 GetCurrentProcess
0x14004a110 TerminateProcess
0x14004a118 IsProcessorFeaturePresent
0x14004a120 QueryPerformanceCounter
0x14004a128 GetCurrentProcessId
0x14004a130 GetCurrentThreadId
0x14004a138 GetSystemTimeAsFileTime
0x14004a140 InitializeSListHead
0x14004a148 IsDebuggerPresent
0x14004a150 GetStartupInfoW
0x14004a158 GetModuleHandleW
0x14004a160 RtlUnwindEx
0x14004a168 GetLastError
0x14004a170 SetLastError
0x14004a178 EnterCriticalSection
0x14004a180 LeaveCriticalSection
0x14004a188 DeleteCriticalSection
0x14004a190 InitializeCriticalSectionAndSpinCount
0x14004a198 TlsAlloc
0x14004a1a0 TlsGetValue
0x14004a1a8 TlsSetValue
0x14004a1b0 TlsFree
0x14004a1b8 FreeLibrary
0x14004a1c0 LoadLibraryExW
0x14004a1c8 GetStdHandle
0x14004a1d0 WriteFile
0x14004a1d8 GetModuleFileNameW
0x14004a1e0 MultiByteToWideChar
0x14004a1e8 WideCharToMultiByte
0x14004a1f0 ExitProcess
0x14004a1f8 GetModuleHandleExW
0x14004a200 GetACP
0x14004a208 FindClose
0x14004a210 FindFirstFileExW
0x14004a218 FindNextFileW
0x14004a220 IsValidCodePage
0x14004a228 GetOEMCP
0x14004a230 GetCPInfo
0x14004a238 GetCommandLineA
0x14004a240 GetCommandLineW
0x14004a248 GetEnvironmentStringsW
0x14004a250 FreeEnvironmentStringsW
0x14004a258 SetStdHandle
0x14004a260 GetFileType
0x14004a268 RaiseException
USER32.dll
0x14004a290 PhysicalToLogicalPointForPerMonitorDPI
0x14004a298 EndPaint
0x14004a2a0 ChangeDisplaySettingsA
0x14004a2a8 AdjustWindowRect
0x14004a2b0 OemKeyScan
ole32.dll
0x14004a2c0 NdrProxyForwardingFunction28
0x14004a2c8 GetClassFile
0x14004a2d0 CreateDataAdviseHolder
0x14004a2d8 CoCreateGuid
0x14004a2e0 HWND_UserUnmarshal
0x14004a2e8 HWND_UserSize
0x14004a2f0 CoLoadLibrary
GDI32.dll
0x14004a000 SetDeviceGammaRamp
0x14004a008 D3DKMTOpenAdapterFromGdiDisplayName
0x14004a010 D3DKMTReclaimAllocations
0x14004a018 D3DKMTReleaseKeyedMutex
0x14004a020 PtVisible
0x14004a028 D3DKMTAcquireKeyedMutex2
SHELL32.dll
0x14004a278 SHEvaluateSystemCommandTemplate
0x14004a280 None
EAT(Export Address Table) Library
KERNEL32.dll
0x14004a038 HeapSize
0x14004a040 ExpandEnvironmentStringsA
0x14004a048 GetConsoleAliasesW
0x14004a050 LoadLibraryA
0x14004a058 GetProcAddress
0x14004a060 VirtualProtect
0x14004a068 WriteConsoleW
0x14004a070 CreateFileW
0x14004a078 CloseHandle
0x14004a080 HeapFree
0x14004a088 GetConsoleMode
0x14004a090 GetConsoleCP
0x14004a098 FlushFileBuffers
0x14004a0a0 LCMapStringW
0x14004a0a8 HeapReAlloc
0x14004a0b0 HeapAlloc
0x14004a0b8 GetProcessHeap
0x14004a0c0 VirtualAlloc
0x14004a0c8 VirtualFree
0x14004a0d0 SetFilePointerEx
0x14004a0d8 GetStringTypeW
0x14004a0e0 RtlCaptureContext
0x14004a0e8 RtlLookupFunctionEntry
0x14004a0f0 RtlVirtualUnwind
0x14004a0f8 UnhandledExceptionFilter
0x14004a100 SetUnhandledExceptionFilter
0x14004a108 GetCurrentProcess
0x14004a110 TerminateProcess
0x14004a118 IsProcessorFeaturePresent
0x14004a120 QueryPerformanceCounter
0x14004a128 GetCurrentProcessId
0x14004a130 GetCurrentThreadId
0x14004a138 GetSystemTimeAsFileTime
0x14004a140 InitializeSListHead
0x14004a148 IsDebuggerPresent
0x14004a150 GetStartupInfoW
0x14004a158 GetModuleHandleW
0x14004a160 RtlUnwindEx
0x14004a168 GetLastError
0x14004a170 SetLastError
0x14004a178 EnterCriticalSection
0x14004a180 LeaveCriticalSection
0x14004a188 DeleteCriticalSection
0x14004a190 InitializeCriticalSectionAndSpinCount
0x14004a198 TlsAlloc
0x14004a1a0 TlsGetValue
0x14004a1a8 TlsSetValue
0x14004a1b0 TlsFree
0x14004a1b8 FreeLibrary
0x14004a1c0 LoadLibraryExW
0x14004a1c8 GetStdHandle
0x14004a1d0 WriteFile
0x14004a1d8 GetModuleFileNameW
0x14004a1e0 MultiByteToWideChar
0x14004a1e8 WideCharToMultiByte
0x14004a1f0 ExitProcess
0x14004a1f8 GetModuleHandleExW
0x14004a200 GetACP
0x14004a208 FindClose
0x14004a210 FindFirstFileExW
0x14004a218 FindNextFileW
0x14004a220 IsValidCodePage
0x14004a228 GetOEMCP
0x14004a230 GetCPInfo
0x14004a238 GetCommandLineA
0x14004a240 GetCommandLineW
0x14004a248 GetEnvironmentStringsW
0x14004a250 FreeEnvironmentStringsW
0x14004a258 SetStdHandle
0x14004a260 GetFileType
0x14004a268 RaiseException
USER32.dll
0x14004a290 PhysicalToLogicalPointForPerMonitorDPI
0x14004a298 EndPaint
0x14004a2a0 ChangeDisplaySettingsA
0x14004a2a8 AdjustWindowRect
0x14004a2b0 OemKeyScan
ole32.dll
0x14004a2c0 NdrProxyForwardingFunction28
0x14004a2c8 GetClassFile
0x14004a2d0 CreateDataAdviseHolder
0x14004a2d8 CoCreateGuid
0x14004a2e0 HWND_UserUnmarshal
0x14004a2e8 HWND_UserSize
0x14004a2f0 CoLoadLibrary
GDI32.dll
0x14004a000 SetDeviceGammaRamp
0x14004a008 D3DKMTOpenAdapterFromGdiDisplayName
0x14004a010 D3DKMTReclaimAllocations
0x14004a018 D3DKMTReleaseKeyedMutex
0x14004a020 PtVisible
0x14004a028 D3DKMTAcquireKeyedMutex2
SHELL32.dll
0x14004a278 SHEvaluateSystemCommandTemplate
0x14004a280 None
EAT(Export Address Table) Library