ScreenShot
| Created | 2021.05.04 18:24 | Machine | s1_win7_x6401 |
| Filename | scr.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (malicious, high confidence, GenericKD, Unsafe, Save, confidence, 100%, Kryptik, ZedlaF, EG4@aafyjdci, EYIZ, Attribute, HighConfidence, HKQJ, GenKryptik, CLOUD, A + Mal, EncPk, Artemis, Static AI, Suspicious PE, GDLYU0, fzffo, ai score=100, Wacatac, score, R002C0RE221, Krypt, FEQK) | ||
| md5 | 31980c9b17f61c5f808cb882e41083af | ||
| sha256 | 505af1e265238f48bd732ff8f9c4c0cec133cbbde31fd618e45d6524b19aed73 | ||
| ssdeep | 6144:EcW6U27GIvgzJR+OikTEbuAEK9ZZMXvUTAAsQ:fP5uRik8uW9DMXMjsQ | ||
| imphash | e6becf7802a396786410aa1dfb3fcbe6 | ||
| impfuzzy | 12:VAPqqDSyvJOQRW5Uh3u6LMevKN/XzgHIWn3UIgJ4GxveTyWpR:VODSGJJRWeh3oevKNfzreUIqx0pR | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | JPEG_Format_Zero | JPEG Format | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x477028 LoadLibraryA
0x47702c VirtualAlloc
0x477030 VirtualProtect
0x477034 GetProcAddress
0x477038 lstrcmpA
0x47703c lstrlenA
0x477040 SetLastError
0x477044 lstrcatA
user32.dll
0x477084 CheckMenuItem
0x477088 CheckMenuRadioItem
0x47708c CheckDlgButton
0x477090 CheckRadioButton
ole32.dll
0x477054 CoQueryClientBlanket
msimg32.dll
0x47704c GradientFill
oledlg.dll
0x47706c OleUIPromptUserW
advapi32.dll
0x477000 LsaCreateTrustedDomainEx
shell32.dll
0x477074 SHGetDataFromIDListA
winspool.drv
0x4770a8 SetPrinterDataExA
gdiplus.dll
0x477020 GdipGetPropertyItemSize
gdi32.dll
0x477018 SelectClipRgn
shlwapi.dll
0x47707c UrlIsNoHistoryA
oleaut32.dll
0x477064 VarI1FromDate
winmm.dll
0x4770a0 mmTaskSignal
comdlg32.dll
0x477010 GetFileTitleW
comctl32.dll
0x477008 ImageList_ReplaceIcon
version.dll
0x477098 VerQueryValueA
oleacc.dll
0x47705c CreateStdAccessibleObject
EAT(Export Address Table) Library
0x41a1b4 Main
kernel32.dll
0x477028 LoadLibraryA
0x47702c VirtualAlloc
0x477030 VirtualProtect
0x477034 GetProcAddress
0x477038 lstrcmpA
0x47703c lstrlenA
0x477040 SetLastError
0x477044 lstrcatA
user32.dll
0x477084 CheckMenuItem
0x477088 CheckMenuRadioItem
0x47708c CheckDlgButton
0x477090 CheckRadioButton
ole32.dll
0x477054 CoQueryClientBlanket
msimg32.dll
0x47704c GradientFill
oledlg.dll
0x47706c OleUIPromptUserW
advapi32.dll
0x477000 LsaCreateTrustedDomainEx
shell32.dll
0x477074 SHGetDataFromIDListA
winspool.drv
0x4770a8 SetPrinterDataExA
gdiplus.dll
0x477020 GdipGetPropertyItemSize
gdi32.dll
0x477018 SelectClipRgn
shlwapi.dll
0x47707c UrlIsNoHistoryA
oleaut32.dll
0x477064 VarI1FromDate
winmm.dll
0x4770a0 mmTaskSignal
comdlg32.dll
0x477010 GetFileTitleW
comctl32.dll
0x477008 ImageList_ReplaceIcon
version.dll
0x477098 VerQueryValueA
oleacc.dll
0x47705c CreateStdAccessibleObject
EAT(Export Address Table) Library
0x41a1b4 Main