ScreenShot
| Created | 2021.05.21 09:57 | Machine | s1_win7_x6402 |
| Filename | img.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 10 detected (ZedlaF, Hu4@aSig, Static AI, Suspicious PE, Wacatac, Malicious, score, BScope, TrojanBanker, Gozi, Unsafe) | ||
| md5 | d2fe28f11e61c88847055640d0d92b41 | ||
| sha256 | b706c4069b014fee3dc18079519e77c9f75e8fc2736264866119a4c0a7bc06c3 | ||
| ssdeep | 12288:n7jCgJ8TDXqANCvmA6vdot2lY4ieYHcftQ:nPFSDFNCvmAyot7/Hy | ||
| imphash | 06f93f21e442e4a78f913197fb155cfc | ||
| impfuzzy | 48:W8p3tQS18Gs+pp5XgZN3j51cJwFSU0TH2qV+:lp3tQS18Gs+ppZA0Y | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 10 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Performs some HTTP requests |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (12cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x103d038 RemoveDirectoryA
0x103d03c GetFileAttributesA
0x103d040 CopyFileA
0x103d044 SetConsoleCP
0x103d048 SetConsoleOutputCP
0x103d04c GetWindowsDirectoryA
0x103d050 HeapReAlloc
0x103d054 HeapSize
0x103d058 WriteConsoleW
0x103d05c FlushFileBuffers
0x103d060 GetProcessHeap
0x103d064 GetTempFileNameA
0x103d068 GetSystemDirectoryA
0x103d06c GetEnvironmentVariableA
0x103d070 GetModuleHandleA
0x103d074 OpenMutexA
0x103d078 WaitForMultipleObjects
0x103d07c EnterCriticalSection
0x103d080 InitializeCriticalSection
0x103d084 CreateThread
0x103d088 GetShortPathNameA
0x103d08c VirtualProtectEx
0x103d090 LocalFree
0x103d094 LocalAlloc
0x103d098 IsProcessorFeaturePresent
0x103d09c IsDebuggerPresent
0x103d0a0 UnhandledExceptionFilter
0x103d0a4 SetUnhandledExceptionFilter
0x103d0a8 GetStartupInfoW
0x103d0ac GetModuleHandleW
0x103d0b0 GetCurrentProcess
0x103d0b4 TerminateProcess
0x103d0b8 QueryPerformanceCounter
0x103d0bc GetCurrentProcessId
0x103d0c0 GetCurrentThreadId
0x103d0c4 GetSystemTimeAsFileTime
0x103d0c8 InitializeSListHead
0x103d0cc RaiseException
0x103d0d0 RtlUnwind
0x103d0d4 InterlockedFlushSList
0x103d0d8 GetLastError
0x103d0dc SetLastError
0x103d0e0 EncodePointer
0x103d0e4 LeaveCriticalSection
0x103d0e8 DeleteCriticalSection
0x103d0ec InitializeCriticalSectionAndSpinCount
0x103d0f0 TlsAlloc
0x103d0f4 TlsGetValue
0x103d0f8 TlsSetValue
0x103d0fc TlsFree
0x103d100 FreeLibrary
0x103d104 GetProcAddress
0x103d108 LoadLibraryExW
0x103d10c CloseHandle
0x103d110 DuplicateHandle
0x103d114 CreateFileW
0x103d118 GetFileType
0x103d11c ExitProcess
0x103d120 GetModuleHandleExW
0x103d124 GetModuleFileNameA
0x103d128 MultiByteToWideChar
0x103d12c WideCharToMultiByte
0x103d130 HeapAlloc
0x103d134 GetStringTypeW
0x103d138 GetACP
0x103d13c HeapFree
0x103d140 LCMapStringW
0x103d144 GetLocaleInfoW
0x103d148 IsValidLocale
0x103d14c GetUserDefaultLCID
0x103d150 EnumSystemLocalesW
0x103d154 GetStdHandle
0x103d158 SetStdHandle
0x103d15c WriteFile
0x103d160 GetConsoleCP
0x103d164 GetConsoleMode
0x103d168 SetEndOfFile
0x103d16c ReadFile
0x103d170 ReadConsoleW
0x103d174 SetFilePointerEx
0x103d178 FindClose
0x103d17c FindFirstFileExA
0x103d180 FindNextFileA
0x103d184 IsValidCodePage
0x103d188 GetOEMCP
0x103d18c GetCPInfo
0x103d190 GetCommandLineA
0x103d194 GetCommandLineW
0x103d198 GetEnvironmentStringsW
0x103d19c FreeEnvironmentStringsW
0x103d1a0 DecodePointer
USER32.dll
0x103d1a8 ExitWindowsEx
0x103d1ac GetDoubleClickTime
0x103d1b0 IntersectRect
0x103d1b4 InflateRect
0x103d1b8 EndDeferWindowPos
WININET.dll
0x103d1c0 InternetCloseHandle
0x103d1c4 InternetOpenA
COMCTL32.dll
0x103d000 CreateToolbarEx
0x103d004 None
0x103d008 ImageList_Destroy
0x103d00c ImageList_Add
0x103d010 ImageList_SetOverlayImage
0x103d014 None
0x103d018 DestroyPropertySheetPage
0x103d01c ImageList_LoadImageA
GPEDIT.DLL
0x103d024 DeleteGPOLink
0x103d028 BrowseForGPO
0x103d02c ImportRSoPData
0x103d030 CreateGPOLink
EAT(Export Address Table) Library
0x101cc00 DllRegisterServer
0x101d040 DllUnregisterServer
0x101d150 Doubleboy
0x101c900 Drivetube
KERNEL32.dll
0x103d038 RemoveDirectoryA
0x103d03c GetFileAttributesA
0x103d040 CopyFileA
0x103d044 SetConsoleCP
0x103d048 SetConsoleOutputCP
0x103d04c GetWindowsDirectoryA
0x103d050 HeapReAlloc
0x103d054 HeapSize
0x103d058 WriteConsoleW
0x103d05c FlushFileBuffers
0x103d060 GetProcessHeap
0x103d064 GetTempFileNameA
0x103d068 GetSystemDirectoryA
0x103d06c GetEnvironmentVariableA
0x103d070 GetModuleHandleA
0x103d074 OpenMutexA
0x103d078 WaitForMultipleObjects
0x103d07c EnterCriticalSection
0x103d080 InitializeCriticalSection
0x103d084 CreateThread
0x103d088 GetShortPathNameA
0x103d08c VirtualProtectEx
0x103d090 LocalFree
0x103d094 LocalAlloc
0x103d098 IsProcessorFeaturePresent
0x103d09c IsDebuggerPresent
0x103d0a0 UnhandledExceptionFilter
0x103d0a4 SetUnhandledExceptionFilter
0x103d0a8 GetStartupInfoW
0x103d0ac GetModuleHandleW
0x103d0b0 GetCurrentProcess
0x103d0b4 TerminateProcess
0x103d0b8 QueryPerformanceCounter
0x103d0bc GetCurrentProcessId
0x103d0c0 GetCurrentThreadId
0x103d0c4 GetSystemTimeAsFileTime
0x103d0c8 InitializeSListHead
0x103d0cc RaiseException
0x103d0d0 RtlUnwind
0x103d0d4 InterlockedFlushSList
0x103d0d8 GetLastError
0x103d0dc SetLastError
0x103d0e0 EncodePointer
0x103d0e4 LeaveCriticalSection
0x103d0e8 DeleteCriticalSection
0x103d0ec InitializeCriticalSectionAndSpinCount
0x103d0f0 TlsAlloc
0x103d0f4 TlsGetValue
0x103d0f8 TlsSetValue
0x103d0fc TlsFree
0x103d100 FreeLibrary
0x103d104 GetProcAddress
0x103d108 LoadLibraryExW
0x103d10c CloseHandle
0x103d110 DuplicateHandle
0x103d114 CreateFileW
0x103d118 GetFileType
0x103d11c ExitProcess
0x103d120 GetModuleHandleExW
0x103d124 GetModuleFileNameA
0x103d128 MultiByteToWideChar
0x103d12c WideCharToMultiByte
0x103d130 HeapAlloc
0x103d134 GetStringTypeW
0x103d138 GetACP
0x103d13c HeapFree
0x103d140 LCMapStringW
0x103d144 GetLocaleInfoW
0x103d148 IsValidLocale
0x103d14c GetUserDefaultLCID
0x103d150 EnumSystemLocalesW
0x103d154 GetStdHandle
0x103d158 SetStdHandle
0x103d15c WriteFile
0x103d160 GetConsoleCP
0x103d164 GetConsoleMode
0x103d168 SetEndOfFile
0x103d16c ReadFile
0x103d170 ReadConsoleW
0x103d174 SetFilePointerEx
0x103d178 FindClose
0x103d17c FindFirstFileExA
0x103d180 FindNextFileA
0x103d184 IsValidCodePage
0x103d188 GetOEMCP
0x103d18c GetCPInfo
0x103d190 GetCommandLineA
0x103d194 GetCommandLineW
0x103d198 GetEnvironmentStringsW
0x103d19c FreeEnvironmentStringsW
0x103d1a0 DecodePointer
USER32.dll
0x103d1a8 ExitWindowsEx
0x103d1ac GetDoubleClickTime
0x103d1b0 IntersectRect
0x103d1b4 InflateRect
0x103d1b8 EndDeferWindowPos
WININET.dll
0x103d1c0 InternetCloseHandle
0x103d1c4 InternetOpenA
COMCTL32.dll
0x103d000 CreateToolbarEx
0x103d004 None
0x103d008 ImageList_Destroy
0x103d00c ImageList_Add
0x103d010 ImageList_SetOverlayImage
0x103d014 None
0x103d018 DestroyPropertySheetPage
0x103d01c ImageList_LoadImageA
GPEDIT.DLL
0x103d024 DeleteGPOLink
0x103d028 BrowseForGPO
0x103d02c ImportRSoPData
0x103d030 CreateGPOLink
EAT(Export Address Table) Library
0x101cc00 DllRegisterServer
0x101d040 DllUnregisterServer
0x101d150 Doubleboy
0x101c900 Drivetube