ScreenShot
| Created | 2021.05.25 09:55 | Machine | s1_win7_x6401 |
| Filename | doc.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (GenericKD, Artemis, Attribute, HighConfidence, a variant of Generik, MYUZYCZ, R002C0REO21, Malware@#1zuq7lx0aenhb, Gozi, S + Troj, Dridex, ai score=88, kcloud, Wacatac, Malicious, score, Undefined, CLOUD, GenKryptik, FFPZ) | ||
| md5 | 8b0aa7b2df531503ebb39aa142b004a8 | ||
| sha256 | f09569b61b068a70e2570e2df7bd6ee6c288f8ccc4bd03ceabdf3fb6893261d1 | ||
| ssdeep | 12288:XrH3MGVMH0t75f2dVlVk3BhvunYUB/hq44JS15yE4TeCVCP:bXMGVMH0tdaLkft2 | ||
| imphash | d4b06b16b61e31badd075bc25c28ffaa | ||
| impfuzzy | 24:JduJfdtQS18G0lJeDc+pl3eDorodDZXvRSOovbO9Z1jM3:JGtQS18GPc+ppXWZ/j3I | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x103e000 VirtualProtectEx
0x103e004 OpenMutexA
0x103e008 GetEnvironmentVariableA
0x103e00c SetConsoleCP
0x103e010 SetConsoleOutputCP
0x103e014 IsProcessorFeaturePresent
0x103e018 IsDebuggerPresent
0x103e01c UnhandledExceptionFilter
0x103e020 SetUnhandledExceptionFilter
0x103e024 GetStartupInfoW
0x103e028 GetModuleHandleW
0x103e02c GetCurrentProcess
0x103e030 TerminateProcess
0x103e034 QueryPerformanceCounter
0x103e038 GetCurrentProcessId
0x103e03c GetCurrentThreadId
0x103e040 GetSystemTimeAsFileTime
0x103e044 InitializeSListHead
0x103e048 RaiseException
0x103e04c RtlUnwind
0x103e050 InterlockedFlushSList
0x103e054 GetLastError
0x103e058 SetLastError
0x103e05c EncodePointer
0x103e060 EnterCriticalSection
0x103e064 LeaveCriticalSection
0x103e068 DeleteCriticalSection
0x103e06c InitializeCriticalSectionAndSpinCount
0x103e070 TlsAlloc
0x103e074 TlsGetValue
0x103e078 TlsSetValue
0x103e07c TlsFree
0x103e080 FreeLibrary
0x103e084 GetProcAddress
0x103e088 LoadLibraryExW
0x103e08c ExitProcess
0x103e090 GetModuleHandleExW
0x103e094 GetModuleFileNameW
0x103e098 HeapAlloc
0x103e09c HeapFree
0x103e0a0 LCMapStringW
0x103e0a4 GetLocaleInfoW
0x103e0a8 IsValidLocale
0x103e0ac GetUserDefaultLCID
0x103e0b0 EnumSystemLocalesW
0x103e0b4 GetStdHandle
0x103e0b8 GetFileType
0x103e0bc FindClose
0x103e0c0 FindFirstFileExW
0x103e0c4 FindNextFileW
0x103e0c8 IsValidCodePage
0x103e0cc GetACP
0x103e0d0 GetOEMCP
0x103e0d4 GetCPInfo
0x103e0d8 GetCommandLineA
0x103e0dc GetCommandLineW
0x103e0e0 MultiByteToWideChar
0x103e0e4 WideCharToMultiByte
0x103e0e8 GetEnvironmentStringsW
0x103e0ec FreeEnvironmentStringsW
0x103e0f0 GetProcessHeap
0x103e0f4 FlushFileBuffers
0x103e0f8 WriteFile
0x103e0fc GetConsoleCP
0x103e100 GetConsoleMode
0x103e104 SetStdHandle
0x103e108 GetFileSizeEx
0x103e10c SetFilePointerEx
0x103e110 GetStringTypeW
0x103e114 HeapSize
0x103e118 HeapReAlloc
0x103e11c CloseHandle
0x103e120 CreateFileW
0x103e124 WriteConsoleW
0x103e128 DecodePointer
EAT(Export Address Table) Library
0x101d570 Areaexample
0x101ca30 DllRegisterServer
0x101d260 DllUnregisterServer
0x101c750 Drinkenerg1
KERNEL32.dll
0x103e000 VirtualProtectEx
0x103e004 OpenMutexA
0x103e008 GetEnvironmentVariableA
0x103e00c SetConsoleCP
0x103e010 SetConsoleOutputCP
0x103e014 IsProcessorFeaturePresent
0x103e018 IsDebuggerPresent
0x103e01c UnhandledExceptionFilter
0x103e020 SetUnhandledExceptionFilter
0x103e024 GetStartupInfoW
0x103e028 GetModuleHandleW
0x103e02c GetCurrentProcess
0x103e030 TerminateProcess
0x103e034 QueryPerformanceCounter
0x103e038 GetCurrentProcessId
0x103e03c GetCurrentThreadId
0x103e040 GetSystemTimeAsFileTime
0x103e044 InitializeSListHead
0x103e048 RaiseException
0x103e04c RtlUnwind
0x103e050 InterlockedFlushSList
0x103e054 GetLastError
0x103e058 SetLastError
0x103e05c EncodePointer
0x103e060 EnterCriticalSection
0x103e064 LeaveCriticalSection
0x103e068 DeleteCriticalSection
0x103e06c InitializeCriticalSectionAndSpinCount
0x103e070 TlsAlloc
0x103e074 TlsGetValue
0x103e078 TlsSetValue
0x103e07c TlsFree
0x103e080 FreeLibrary
0x103e084 GetProcAddress
0x103e088 LoadLibraryExW
0x103e08c ExitProcess
0x103e090 GetModuleHandleExW
0x103e094 GetModuleFileNameW
0x103e098 HeapAlloc
0x103e09c HeapFree
0x103e0a0 LCMapStringW
0x103e0a4 GetLocaleInfoW
0x103e0a8 IsValidLocale
0x103e0ac GetUserDefaultLCID
0x103e0b0 EnumSystemLocalesW
0x103e0b4 GetStdHandle
0x103e0b8 GetFileType
0x103e0bc FindClose
0x103e0c0 FindFirstFileExW
0x103e0c4 FindNextFileW
0x103e0c8 IsValidCodePage
0x103e0cc GetACP
0x103e0d0 GetOEMCP
0x103e0d4 GetCPInfo
0x103e0d8 GetCommandLineA
0x103e0dc GetCommandLineW
0x103e0e0 MultiByteToWideChar
0x103e0e4 WideCharToMultiByte
0x103e0e8 GetEnvironmentStringsW
0x103e0ec FreeEnvironmentStringsW
0x103e0f0 GetProcessHeap
0x103e0f4 FlushFileBuffers
0x103e0f8 WriteFile
0x103e0fc GetConsoleCP
0x103e100 GetConsoleMode
0x103e104 SetStdHandle
0x103e108 GetFileSizeEx
0x103e10c SetFilePointerEx
0x103e110 GetStringTypeW
0x103e114 HeapSize
0x103e118 HeapReAlloc
0x103e11c CloseHandle
0x103e120 CreateFileW
0x103e124 WriteConsoleW
0x103e128 DecodePointer
EAT(Export Address Table) Library
0x101d570 Areaexample
0x101ca30 DllRegisterServer
0x101d260 DllUnregisterServer
0x101c750 Drinkenerg1