ScreenShot
| Created | 2021.05.06 10:40 | Machine | s1_win7_x6401 |
| Filename | presentation.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (Johnnie, Wacatac, Unsafe, Babar, Kryptik, HKQP, CLOUD, Malware@#2dsuz8gddyd17, UrsnifDropper, cducx, ai score=80, Ursnif, Malicious, score, BScope, TrojanBanker, Gozi, R002H0CE321, PossibleThreat, susgen, GdSda) | ||
| md5 | c54784a2a5c1b33fd4e29b63d39f7f17 | ||
| sha256 | e1c53b0e0d02d22d90496aa67298086866f78fbe18ee00b17ce4fd1beb0f033c | ||
| ssdeep | 12288:32a/rAA8VjD83Mmzv5ALfcfvMJ4bXD9eQ4q0I2Z45NVsRso9gB2/j2vPTSy4jvt3:D0PsvIfc8abX14pW5NDQIPqjpqy0 | ||
| imphash | 2ae303c724781f4a3a0c5970569d9324 | ||
| impfuzzy | 48:uJ9TPXdZ+fcemUtHaEGjdepfo26Z0Z2Cc3m4CBzuojzt:uJFNZ+fcePt6EGjWgZZ02Cc3m5zPjB | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1092058 GetTempPathA
0x109205c GetCurrentProcessId
0x1092060 GetFileTime
0x1092064 VirtualProtect
0x1092068 GetModuleFileNameA
0x109206c CreatePipe
0x1092070 GetDiskFreeSpaceA
0x1092074 OpenMutexA
0x1092078 GlobalFree
0x109207c VirtualProtectEx
0x1092080 Sleep
0x1092084 GlobalAlloc
0x1092088 GetWindowsDirectoryA
0x109208c GetTimeFormatA
0x1092090 SetErrorMode
0x1092094 MoveFileExA
0x1092098 GetProcessHeap
0x109209c SetEnvironmentVariableA
0x10920a0 CreateFileA
0x10920a4 CloseHandle
0x10920a8 lstrlenA
0x10920ac GetLocaleInfoW
0x10920b0 InterlockedIncrement
0x10920b4 InterlockedDecrement
0x10920b8 WideCharToMultiByte
0x10920bc InterlockedExchange
0x10920c0 InitializeCriticalSection
0x10920c4 DeleteCriticalSection
0x10920c8 EnterCriticalSection
0x10920cc LeaveCriticalSection
0x10920d0 MultiByteToWideChar
0x10920d4 InterlockedCompareExchange
0x10920d8 GetLocaleInfoA
0x10920dc GetSystemTimeAsFileTime
0x10920e0 GetCurrentThreadId
0x10920e4 GetCommandLineA
0x10920e8 UnhandledExceptionFilter
0x10920ec SetUnhandledExceptionFilter
0x10920f0 GetModuleFileNameW
0x10920f4 HeapValidate
0x10920f8 IsBadReadPtr
0x10920fc RaiseException
0x1092100 RtlUnwind
0x1092104 TerminateProcess
0x1092108 GetCurrentProcess
0x109210c IsDebuggerPresent
0x1092110 GetCPInfo
0x1092114 GetDateFormatA
0x1092118 LCMapStringA
0x109211c GetLastError
0x1092120 LCMapStringW
0x1092124 GetStringTypeW
0x1092128 CompareStringW
0x109212c CompareStringA
0x1092130 GetProcAddress
0x1092134 TlsGetValue
0x1092138 GetModuleHandleW
0x109213c TlsAlloc
0x1092140 TlsSetValue
0x1092144 TlsFree
0x1092148 SetLastError
0x109214c GetCurrentThread
0x1092150 FatalAppExitA
0x1092154 GetTimeZoneInformation
0x1092158 ExitProcess
0x109215c SetHandleCount
0x1092160 GetStdHandle
0x1092164 GetFileType
0x1092168 GetStartupInfoA
0x109216c FreeEnvironmentStringsA
0x1092170 GetEnvironmentStrings
0x1092174 FreeEnvironmentStringsW
0x1092178 GetEnvironmentStringsW
0x109217c HeapDestroy
0x1092180 HeapCreate
0x1092184 HeapFree
0x1092188 VirtualFree
0x109218c QueryPerformanceCounter
0x1092190 GetTickCount
0x1092194 SetConsoleCtrlHandler
0x1092198 WriteFile
0x109219c FlushFileBuffers
0x10921a0 GetConsoleCP
0x10921a4 GetConsoleMode
0x10921a8 DebugBreak
0x10921ac OutputDebugStringA
0x10921b0 WriteConsoleW
0x10921b4 OutputDebugStringW
0x10921b8 LoadLibraryW
0x10921bc HeapAlloc
0x10921c0 HeapSize
0x10921c4 HeapReAlloc
0x10921c8 VirtualAlloc
0x10921cc GetACP
0x10921d0 GetOEMCP
0x10921d4 IsValidCodePage
0x10921d8 GetStringTypeA
0x10921dc IsValidLocale
0x10921e0 EnumSystemLocalesA
0x10921e4 GetUserDefaultLCID
0x10921e8 GetModuleHandleA
0x10921ec InitializeCriticalSectionAndSpinCount
0x10921f0 FreeLibrary
0x10921f4 LoadLibraryA
0x10921f8 SetStdHandle
0x10921fc WriteConsoleA
0x1092200 GetConsoleOutputCP
0x1092204 SetFilePointer
0x1092208 VirtualQuery
ADVAPI32.dll
0x1092000 StartServiceCtrlDispatcherA
0x1092004 RegCloseKey
0x1092008 AdjustTokenPrivileges
0x109200c RegEnumKeyW
0x1092010 ControlService
0x1092014 FreeSid
0x1092018 SetServiceStatus
0x109201c AllocateAndInitializeSid
0x1092020 RegOpenKeyExA
0x1092024 LookupPrivilegeValueA
0x1092028 SetSecurityDescriptorDacl
0x109202c InitializeSecurityDescriptor
0x1092030 CreateServiceA
0x1092034 RegQueryValueExA
0x1092038 RegisterServiceCtrlHandlerA
0x109203c RegSetValueExA
0x1092040 GetTokenInformation
0x1092044 CloseServiceHandle
0x1092048 OpenProcessToken
0x109204c DeleteService
0x1092050 SetEntriesInAclA
WINMM.dll
0x1092210 timeBeginPeriod
0x1092214 mciGetErrorStringA
0x1092218 timeEndPeriod
0x109221c PlaySoundA
0x1092220 mciSendCommandA
EAT(Export Address Table) Library
0x108cf70 Shopsay
KERNEL32.dll
0x1092058 GetTempPathA
0x109205c GetCurrentProcessId
0x1092060 GetFileTime
0x1092064 VirtualProtect
0x1092068 GetModuleFileNameA
0x109206c CreatePipe
0x1092070 GetDiskFreeSpaceA
0x1092074 OpenMutexA
0x1092078 GlobalFree
0x109207c VirtualProtectEx
0x1092080 Sleep
0x1092084 GlobalAlloc
0x1092088 GetWindowsDirectoryA
0x109208c GetTimeFormatA
0x1092090 SetErrorMode
0x1092094 MoveFileExA
0x1092098 GetProcessHeap
0x109209c SetEnvironmentVariableA
0x10920a0 CreateFileA
0x10920a4 CloseHandle
0x10920a8 lstrlenA
0x10920ac GetLocaleInfoW
0x10920b0 InterlockedIncrement
0x10920b4 InterlockedDecrement
0x10920b8 WideCharToMultiByte
0x10920bc InterlockedExchange
0x10920c0 InitializeCriticalSection
0x10920c4 DeleteCriticalSection
0x10920c8 EnterCriticalSection
0x10920cc LeaveCriticalSection
0x10920d0 MultiByteToWideChar
0x10920d4 InterlockedCompareExchange
0x10920d8 GetLocaleInfoA
0x10920dc GetSystemTimeAsFileTime
0x10920e0 GetCurrentThreadId
0x10920e4 GetCommandLineA
0x10920e8 UnhandledExceptionFilter
0x10920ec SetUnhandledExceptionFilter
0x10920f0 GetModuleFileNameW
0x10920f4 HeapValidate
0x10920f8 IsBadReadPtr
0x10920fc RaiseException
0x1092100 RtlUnwind
0x1092104 TerminateProcess
0x1092108 GetCurrentProcess
0x109210c IsDebuggerPresent
0x1092110 GetCPInfo
0x1092114 GetDateFormatA
0x1092118 LCMapStringA
0x109211c GetLastError
0x1092120 LCMapStringW
0x1092124 GetStringTypeW
0x1092128 CompareStringW
0x109212c CompareStringA
0x1092130 GetProcAddress
0x1092134 TlsGetValue
0x1092138 GetModuleHandleW
0x109213c TlsAlloc
0x1092140 TlsSetValue
0x1092144 TlsFree
0x1092148 SetLastError
0x109214c GetCurrentThread
0x1092150 FatalAppExitA
0x1092154 GetTimeZoneInformation
0x1092158 ExitProcess
0x109215c SetHandleCount
0x1092160 GetStdHandle
0x1092164 GetFileType
0x1092168 GetStartupInfoA
0x109216c FreeEnvironmentStringsA
0x1092170 GetEnvironmentStrings
0x1092174 FreeEnvironmentStringsW
0x1092178 GetEnvironmentStringsW
0x109217c HeapDestroy
0x1092180 HeapCreate
0x1092184 HeapFree
0x1092188 VirtualFree
0x109218c QueryPerformanceCounter
0x1092190 GetTickCount
0x1092194 SetConsoleCtrlHandler
0x1092198 WriteFile
0x109219c FlushFileBuffers
0x10921a0 GetConsoleCP
0x10921a4 GetConsoleMode
0x10921a8 DebugBreak
0x10921ac OutputDebugStringA
0x10921b0 WriteConsoleW
0x10921b4 OutputDebugStringW
0x10921b8 LoadLibraryW
0x10921bc HeapAlloc
0x10921c0 HeapSize
0x10921c4 HeapReAlloc
0x10921c8 VirtualAlloc
0x10921cc GetACP
0x10921d0 GetOEMCP
0x10921d4 IsValidCodePage
0x10921d8 GetStringTypeA
0x10921dc IsValidLocale
0x10921e0 EnumSystemLocalesA
0x10921e4 GetUserDefaultLCID
0x10921e8 GetModuleHandleA
0x10921ec InitializeCriticalSectionAndSpinCount
0x10921f0 FreeLibrary
0x10921f4 LoadLibraryA
0x10921f8 SetStdHandle
0x10921fc WriteConsoleA
0x1092200 GetConsoleOutputCP
0x1092204 SetFilePointer
0x1092208 VirtualQuery
ADVAPI32.dll
0x1092000 StartServiceCtrlDispatcherA
0x1092004 RegCloseKey
0x1092008 AdjustTokenPrivileges
0x109200c RegEnumKeyW
0x1092010 ControlService
0x1092014 FreeSid
0x1092018 SetServiceStatus
0x109201c AllocateAndInitializeSid
0x1092020 RegOpenKeyExA
0x1092024 LookupPrivilegeValueA
0x1092028 SetSecurityDescriptorDacl
0x109202c InitializeSecurityDescriptor
0x1092030 CreateServiceA
0x1092034 RegQueryValueExA
0x1092038 RegisterServiceCtrlHandlerA
0x109203c RegSetValueExA
0x1092040 GetTokenInformation
0x1092044 CloseServiceHandle
0x1092048 OpenProcessToken
0x109204c DeleteService
0x1092050 SetEntriesInAclA
WINMM.dll
0x1092210 timeBeginPeriod
0x1092214 mciGetErrorStringA
0x1092218 timeEndPeriod
0x109221c PlaySoundA
0x1092220 mciSendCommandA
EAT(Export Address Table) Library
0x108cf70 Shopsay