ScreenShot
| Created | 2021.05.10 12:21 | Machine | s1_win7_x6402 |
| Filename | scr.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (malicious, high confidence, Doina, Bobik, PasswordStealer, Delf, EmotetCrypt, confidence, PREC, Amadey, SMYAAA, TrojanX, Zusy, Plodor, iaklyz, CLASSIC, AGEN, ai score=100, ASMalwS, kcloud, score, GenericRXAA, TScope, Gencirc, susgen, GdSda) | ||
| md5 | 8fb5cc19a4b3784c602be19efe34555c | ||
| sha256 | 3a7809920592be114483fe7f764f4ce9c48f6c7bc1ed578f7b8a5f2130488810 | ||
| ssdeep | 6144:SJ+WK/pvT7arfwKFzDTsv5oaTh45CjBscX9TJLN:JJpb7Y7vf5i5X9TVN | ||
| imphash | ff5a8f4780f2dc45750b55ab89f4b357 | ||
| impfuzzy | 96:8cfpHYo3O5c/434Rqp9UtqXqy5yqcPfDwPOQ/p:P3OAEd8qcPcPOQ/p | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win_Amadey_Zero | Amadey bot | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | JPEG_Format_Zero | JPEG Format | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x435104 DeleteCriticalSection
0x435108 LeaveCriticalSection
0x43510c EnterCriticalSection
0x435110 InitializeCriticalSection
0x435114 VirtualFree
0x435118 VirtualAlloc
0x43511c LocalFree
0x435120 LocalAlloc
0x435124 GetVersion
0x435128 GetCurrentThreadId
0x43512c InterlockedDecrement
0x435130 InterlockedIncrement
0x435134 VirtualQuery
0x435138 WideCharToMultiByte
0x43513c MultiByteToWideChar
0x435140 lstrlenA
0x435144 lstrcpynA
0x435148 LoadLibraryExA
0x43514c GetThreadLocale
0x435150 GetStartupInfoA
0x435154 GetProcAddress
0x435158 GetModuleHandleA
0x43515c GetModuleFileNameA
0x435160 GetLocaleInfoA
0x435164 GetLastError
0x435168 GetCommandLineA
0x43516c FreeLibrary
0x435170 FindFirstFileA
0x435174 FindClose
0x435178 ExitProcess
0x43517c WriteFile
0x435180 UnhandledExceptionFilter
0x435184 SetFilePointer
0x435188 SetEndOfFile
0x43518c RtlUnwind
0x435190 ReadFile
0x435194 RaiseException
0x435198 GetStdHandle
0x43519c GetFileSize
0x4351a0 GetFileType
0x4351a4 CreateFileA
0x4351a8 CloseHandle
user32.dll
0x4351b0 GetKeyboardType
0x4351b4 LoadStringA
0x4351b8 MessageBoxA
0x4351bc CharNextA
advapi32.dll
0x4351c4 RegQueryValueExA
0x4351c8 RegOpenKeyExA
0x4351cc RegCloseKey
oleaut32.dll
0x4351d4 SysFreeString
0x4351d8 SysReAllocStringLen
0x4351dc SysAllocStringLen
kernel32.dll
0x4351e4 TlsSetValue
0x4351e8 TlsGetValue
0x4351ec TlsFree
0x4351f0 TlsAlloc
0x4351f4 LocalFree
0x4351f8 LocalAlloc
advapi32.dll
0x435200 OpenThreadToken
0x435204 OpenProcessToken
0x435208 IsValidSid
0x43520c GetTokenInformation
0x435210 GetSidSubAuthorityCount
0x435214 GetSidSubAuthority
0x435218 GetSidIdentifierAuthority
kernel32.dll
0x435220 WriteFile
0x435224 WaitForSingleObject
0x435228 VirtualQuery
0x43522c Sleep
0x435230 SetLastError
0x435234 SetFilePointer
0x435238 SetEvent
0x43523c SetEndOfFile
0x435240 ResetEvent
0x435244 ReadFile
0x435248 MulDiv
0x43524c LeaveCriticalSection
0x435250 InitializeCriticalSection
0x435254 HeapFree
0x435258 HeapAlloc
0x43525c GlobalUnlock
0x435260 GlobalReAlloc
0x435264 GlobalHandle
0x435268 GlobalLock
0x43526c GlobalFree
0x435270 GlobalAlloc
0x435274 GetVersionExA
0x435278 GetTickCount
0x43527c GetThreadLocale
0x435280 GetTempPathA
0x435284 GetSystemInfo
0x435288 GetStringTypeExA
0x43528c GetStdHandle
0x435290 GetProcessHeap
0x435294 GetProcAddress
0x435298 GetModuleHandleA
0x43529c GetModuleFileNameA
0x4352a0 GetLocaleInfoA
0x4352a4 GetLocalTime
0x4352a8 GetLastError
0x4352ac GetFullPathNameA
0x4352b0 GetDiskFreeSpaceA
0x4352b4 GetDateFormatA
0x4352b8 GetCurrentThreadId
0x4352bc GetCurrentThread
0x4352c0 GetCurrentProcess
0x4352c4 GetCPInfo
0x4352c8 GetACP
0x4352cc FormatMessageA
0x4352d0 FindFirstFileA
0x4352d4 FindClose
0x4352d8 FileTimeToLocalFileTime
0x4352dc FileTimeToDosDateTime
0x4352e0 EnumCalendarInfoA
0x4352e4 EnterCriticalSection
0x4352e8 DeleteFileA
0x4352ec DeleteCriticalSection
0x4352f0 CreateMutexA
0x4352f4 CreateFileA
0x4352f8 CreateEventA
0x4352fc CompareStringA
0x435300 CloseHandle
gdi32.dll
0x435308 UnrealizeObject
0x43530c StretchBlt
0x435310 SetWinMetaFileBits
0x435314 SetTextColor
0x435318 SetStretchBltMode
0x43531c SetROP2
0x435320 SetEnhMetaFileBits
0x435324 SetDIBColorTable
0x435328 SetBrushOrgEx
0x43532c SetBkMode
0x435330 SetBkColor
0x435334 SelectPalette
0x435338 SelectObject
0x43533c RealizePalette
0x435340 PlayEnhMetaFile
0x435344 PatBlt
0x435348 MoveToEx
0x43534c MaskBlt
0x435350 GetWinMetaFileBits
0x435354 GetTextMetricsA
0x435358 GetSystemPaletteEntries
0x43535c GetStockObject
0x435360 GetPixel
0x435364 GetPaletteEntries
0x435368 GetObjectA
0x43536c GetEnhMetaFilePaletteEntries
0x435370 GetEnhMetaFileHeader
0x435374 GetEnhMetaFileBits
0x435378 GetDeviceCaps
0x43537c GetDIBits
0x435380 GetDIBColorTable
0x435384 GetCurrentPositionEx
0x435388 GetBrushOrgEx
0x43538c GetBitmapBits
0x435390 GdiFlush
0x435394 DeleteObject
0x435398 DeleteEnhMetaFile
0x43539c DeleteDC
0x4353a0 CreatePenIndirect
0x4353a4 CreatePalette
0x4353a8 CreateHalftonePalette
0x4353ac CreateFontIndirectA
0x4353b0 CreateDIBitmap
0x4353b4 CreateDIBSection
0x4353b8 CreateCompatibleDC
0x4353bc CreateCompatibleBitmap
0x4353c0 CreateBrushIndirect
0x4353c4 CreateBitmap
0x4353c8 CopyEnhMetaFileA
0x4353cc BitBlt
user32.dll
0x4353d4 ReleaseDC
0x4353d8 MessageBoxA
0x4353dc LoadStringA
0x4353e0 LoadIconA
0x4353e4 GetSystemMetrics
0x4353e8 GetSysColor
0x4353ec GetIconInfo
0x4353f0 GetDC
0x4353f4 GetClipboardData
0x4353f8 FillRect
0x4353fc DrawIconEx
0x435400 DestroyIcon
0x435404 CreateIcon
0x435408 CharNextA
0x43540c CharLowerBuffA
0x435410 CharUpperBuffA
0x435414 CharToOemA
kernel32.dll
0x43541c Sleep
oleaut32.dll
0x435424 SafeArrayPtrOfIndex
0x435428 SafeArrayGetUBound
0x43542c SafeArrayGetLBound
0x435430 SafeArrayCreate
0x435434 VariantChangeType
0x435438 VariantCopy
0x43543c VariantClear
0x435440 VariantInit
wsock32.dll
0x435448 WSACleanup
0x43544c WSAStartup
0x435450 gethostbyname
0x435454 socket
0x435458 send
0x43545c recv
0x435460 inet_ntoa
0x435464 inet_addr
0x435468 htons
0x43546c connect
0x435470 closesocket
EAT(Export Address Table) Library
0x431660 Main
kernel32.dll
0x435104 DeleteCriticalSection
0x435108 LeaveCriticalSection
0x43510c EnterCriticalSection
0x435110 InitializeCriticalSection
0x435114 VirtualFree
0x435118 VirtualAlloc
0x43511c LocalFree
0x435120 LocalAlloc
0x435124 GetVersion
0x435128 GetCurrentThreadId
0x43512c InterlockedDecrement
0x435130 InterlockedIncrement
0x435134 VirtualQuery
0x435138 WideCharToMultiByte
0x43513c MultiByteToWideChar
0x435140 lstrlenA
0x435144 lstrcpynA
0x435148 LoadLibraryExA
0x43514c GetThreadLocale
0x435150 GetStartupInfoA
0x435154 GetProcAddress
0x435158 GetModuleHandleA
0x43515c GetModuleFileNameA
0x435160 GetLocaleInfoA
0x435164 GetLastError
0x435168 GetCommandLineA
0x43516c FreeLibrary
0x435170 FindFirstFileA
0x435174 FindClose
0x435178 ExitProcess
0x43517c WriteFile
0x435180 UnhandledExceptionFilter
0x435184 SetFilePointer
0x435188 SetEndOfFile
0x43518c RtlUnwind
0x435190 ReadFile
0x435194 RaiseException
0x435198 GetStdHandle
0x43519c GetFileSize
0x4351a0 GetFileType
0x4351a4 CreateFileA
0x4351a8 CloseHandle
user32.dll
0x4351b0 GetKeyboardType
0x4351b4 LoadStringA
0x4351b8 MessageBoxA
0x4351bc CharNextA
advapi32.dll
0x4351c4 RegQueryValueExA
0x4351c8 RegOpenKeyExA
0x4351cc RegCloseKey
oleaut32.dll
0x4351d4 SysFreeString
0x4351d8 SysReAllocStringLen
0x4351dc SysAllocStringLen
kernel32.dll
0x4351e4 TlsSetValue
0x4351e8 TlsGetValue
0x4351ec TlsFree
0x4351f0 TlsAlloc
0x4351f4 LocalFree
0x4351f8 LocalAlloc
advapi32.dll
0x435200 OpenThreadToken
0x435204 OpenProcessToken
0x435208 IsValidSid
0x43520c GetTokenInformation
0x435210 GetSidSubAuthorityCount
0x435214 GetSidSubAuthority
0x435218 GetSidIdentifierAuthority
kernel32.dll
0x435220 WriteFile
0x435224 WaitForSingleObject
0x435228 VirtualQuery
0x43522c Sleep
0x435230 SetLastError
0x435234 SetFilePointer
0x435238 SetEvent
0x43523c SetEndOfFile
0x435240 ResetEvent
0x435244 ReadFile
0x435248 MulDiv
0x43524c LeaveCriticalSection
0x435250 InitializeCriticalSection
0x435254 HeapFree
0x435258 HeapAlloc
0x43525c GlobalUnlock
0x435260 GlobalReAlloc
0x435264 GlobalHandle
0x435268 GlobalLock
0x43526c GlobalFree
0x435270 GlobalAlloc
0x435274 GetVersionExA
0x435278 GetTickCount
0x43527c GetThreadLocale
0x435280 GetTempPathA
0x435284 GetSystemInfo
0x435288 GetStringTypeExA
0x43528c GetStdHandle
0x435290 GetProcessHeap
0x435294 GetProcAddress
0x435298 GetModuleHandleA
0x43529c GetModuleFileNameA
0x4352a0 GetLocaleInfoA
0x4352a4 GetLocalTime
0x4352a8 GetLastError
0x4352ac GetFullPathNameA
0x4352b0 GetDiskFreeSpaceA
0x4352b4 GetDateFormatA
0x4352b8 GetCurrentThreadId
0x4352bc GetCurrentThread
0x4352c0 GetCurrentProcess
0x4352c4 GetCPInfo
0x4352c8 GetACP
0x4352cc FormatMessageA
0x4352d0 FindFirstFileA
0x4352d4 FindClose
0x4352d8 FileTimeToLocalFileTime
0x4352dc FileTimeToDosDateTime
0x4352e0 EnumCalendarInfoA
0x4352e4 EnterCriticalSection
0x4352e8 DeleteFileA
0x4352ec DeleteCriticalSection
0x4352f0 CreateMutexA
0x4352f4 CreateFileA
0x4352f8 CreateEventA
0x4352fc CompareStringA
0x435300 CloseHandle
gdi32.dll
0x435308 UnrealizeObject
0x43530c StretchBlt
0x435310 SetWinMetaFileBits
0x435314 SetTextColor
0x435318 SetStretchBltMode
0x43531c SetROP2
0x435320 SetEnhMetaFileBits
0x435324 SetDIBColorTable
0x435328 SetBrushOrgEx
0x43532c SetBkMode
0x435330 SetBkColor
0x435334 SelectPalette
0x435338 SelectObject
0x43533c RealizePalette
0x435340 PlayEnhMetaFile
0x435344 PatBlt
0x435348 MoveToEx
0x43534c MaskBlt
0x435350 GetWinMetaFileBits
0x435354 GetTextMetricsA
0x435358 GetSystemPaletteEntries
0x43535c GetStockObject
0x435360 GetPixel
0x435364 GetPaletteEntries
0x435368 GetObjectA
0x43536c GetEnhMetaFilePaletteEntries
0x435370 GetEnhMetaFileHeader
0x435374 GetEnhMetaFileBits
0x435378 GetDeviceCaps
0x43537c GetDIBits
0x435380 GetDIBColorTable
0x435384 GetCurrentPositionEx
0x435388 GetBrushOrgEx
0x43538c GetBitmapBits
0x435390 GdiFlush
0x435394 DeleteObject
0x435398 DeleteEnhMetaFile
0x43539c DeleteDC
0x4353a0 CreatePenIndirect
0x4353a4 CreatePalette
0x4353a8 CreateHalftonePalette
0x4353ac CreateFontIndirectA
0x4353b0 CreateDIBitmap
0x4353b4 CreateDIBSection
0x4353b8 CreateCompatibleDC
0x4353bc CreateCompatibleBitmap
0x4353c0 CreateBrushIndirect
0x4353c4 CreateBitmap
0x4353c8 CopyEnhMetaFileA
0x4353cc BitBlt
user32.dll
0x4353d4 ReleaseDC
0x4353d8 MessageBoxA
0x4353dc LoadStringA
0x4353e0 LoadIconA
0x4353e4 GetSystemMetrics
0x4353e8 GetSysColor
0x4353ec GetIconInfo
0x4353f0 GetDC
0x4353f4 GetClipboardData
0x4353f8 FillRect
0x4353fc DrawIconEx
0x435400 DestroyIcon
0x435404 CreateIcon
0x435408 CharNextA
0x43540c CharLowerBuffA
0x435410 CharUpperBuffA
0x435414 CharToOemA
kernel32.dll
0x43541c Sleep
oleaut32.dll
0x435424 SafeArrayPtrOfIndex
0x435428 SafeArrayGetUBound
0x43542c SafeArrayGetLBound
0x435430 SafeArrayCreate
0x435434 VariantChangeType
0x435438 VariantCopy
0x43543c VariantClear
0x435440 VariantInit
wsock32.dll
0x435448 WSACleanup
0x43544c WSAStartup
0x435450 gethostbyname
0x435454 socket
0x435458 send
0x43545c recv
0x435460 inet_ntoa
0x435464 inet_addr
0x435468 htons
0x43546c connect
0x435470 closesocket
EAT(Export Address Table) Library
0x431660 Main