ScreenShot
| Created | 2021.06.10 09:34 | Machine | s1_win7_x6402 |
| Filename | getfile.php | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (Siggen13, GenericKD, Unsafe, Wacapew, malicious, confidence, Kryptik, bdack@0, Artemis, Generic PUA BC, score, BazarLoader, PossibleThreat) | ||
| md5 | 28193ba741232f91101849f606fa8419 | ||
| sha256 | 67e54b44dad909734a59df457950c05727b7ecf387f1f37c38c18cef5af579c2 | ||
| ssdeep | 3072:o7tbwam7niPOMFJjOknVCSd/3391UnrWoTmutZ/dyQCK+VBVmICKUizHz2/bf:StbwamK1jlnnV91UrWStFdjaVF2/b | ||
| imphash | 06caaa428de202a47169ed2c0c5053e1 | ||
| impfuzzy | 48:bD3SbA6tMS17FcppZI3oB1dDQWjqcChQxW:bD3w7tMS17FcppZrCcOMW | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x18001a028 HeapReAlloc
0x18001a030 HeapFree
0x18001a038 HeapSize
0x18001a040 CancelSynchronousIo
0x18001a048 FormatApplicationUserModelId
0x18001a050 WaitNamedPipeA
0x18001a058 VirtualAllocEx
0x18001a060 DeleteCriticalSection
0x18001a068 LoadLibraryA
0x18001a070 GetProcAddress
0x18001a078 HeapAlloc
0x18001a080 WriteConsoleW
0x18001a088 CreateFileW
0x18001a090 CloseHandle
0x18001a098 SetFilePointerEx
0x18001a0a0 GetConsoleMode
0x18001a0a8 GetConsoleCP
0x18001a0b0 FlushFileBuffers
0x18001a0b8 WriteFile
0x18001a0c0 GetProcessHeap
0x18001a0c8 VirtualAlloc
0x18001a0d0 VirtualFree
0x18001a0d8 VirtualProtect
0x18001a0e0 SetStdHandle
0x18001a0e8 GetStringTypeW
0x18001a0f0 GetFileType
0x18001a0f8 GetStdHandle
0x18001a100 RtlCaptureContext
0x18001a108 RtlLookupFunctionEntry
0x18001a110 RtlVirtualUnwind
0x18001a118 UnhandledExceptionFilter
0x18001a120 SetUnhandledExceptionFilter
0x18001a128 GetCurrentProcess
0x18001a130 TerminateProcess
0x18001a138 IsProcessorFeaturePresent
0x18001a140 QueryPerformanceCounter
0x18001a148 GetCurrentProcessId
0x18001a150 GetCurrentThreadId
0x18001a158 GetSystemTimeAsFileTime
0x18001a160 InitializeSListHead
0x18001a168 IsDebuggerPresent
0x18001a170 GetStartupInfoW
0x18001a178 GetModuleHandleW
0x18001a180 RtlUnwindEx
0x18001a188 InterlockedFlushSList
0x18001a190 GetLastError
0x18001a198 SetLastError
0x18001a1a0 EnterCriticalSection
0x18001a1a8 LeaveCriticalSection
0x18001a1b0 InitializeCriticalSectionAndSpinCount
0x18001a1b8 TlsAlloc
0x18001a1c0 TlsGetValue
0x18001a1c8 TlsSetValue
0x18001a1d0 TlsFree
0x18001a1d8 FreeLibrary
0x18001a1e0 LoadLibraryExW
0x18001a1e8 ExitProcess
0x18001a1f0 GetModuleHandleExW
0x18001a1f8 GetModuleFileNameA
0x18001a200 MultiByteToWideChar
0x18001a208 WideCharToMultiByte
0x18001a210 FindClose
0x18001a218 FindFirstFileExA
0x18001a220 FindNextFileA
0x18001a228 IsValidCodePage
0x18001a230 GetACP
0x18001a238 GetOEMCP
0x18001a240 GetCPInfo
0x18001a248 GetCommandLineA
0x18001a250 GetCommandLineW
0x18001a258 GetEnvironmentStringsW
0x18001a260 FreeEnvironmentStringsW
0x18001a268 LCMapStringW
0x18001a270 RaiseException
USER32.dll
0x18001a2b0 GetKeyboardLayoutNameW
ole32.dll
0x18001a2c0 CoReactivateObject
0x18001a2c8 NdrProxyForwardingFunction13
0x18001a2d0 NdrProxyForwardingFunction24
0x18001a2d8 HBRUSH_UserUnmarshal
0x18001a2e0 HMONITOR_UserMarshal
0x18001a2e8 HBRUSH_UserFree
0x18001a2f0 CoDosDateTimeToFileTime
GDI32.dll
0x18001a000 ScaleViewportExtEx
0x18001a008 FillPath
0x18001a010 SetMetaRgn
0x18001a018 CreatePenIndirect
SHELL32.dll
0x18001a280 SHGetSpecialFolderPathA
0x18001a288 SHCreateDataObject
0x18001a290 None
0x18001a298 DragQueryFileA
0x18001a2a0 ExtractIconEx
EAT(Export Address Table) Library
0x18000127a DllRegisterServer
KERNEL32.dll
0x18001a028 HeapReAlloc
0x18001a030 HeapFree
0x18001a038 HeapSize
0x18001a040 CancelSynchronousIo
0x18001a048 FormatApplicationUserModelId
0x18001a050 WaitNamedPipeA
0x18001a058 VirtualAllocEx
0x18001a060 DeleteCriticalSection
0x18001a068 LoadLibraryA
0x18001a070 GetProcAddress
0x18001a078 HeapAlloc
0x18001a080 WriteConsoleW
0x18001a088 CreateFileW
0x18001a090 CloseHandle
0x18001a098 SetFilePointerEx
0x18001a0a0 GetConsoleMode
0x18001a0a8 GetConsoleCP
0x18001a0b0 FlushFileBuffers
0x18001a0b8 WriteFile
0x18001a0c0 GetProcessHeap
0x18001a0c8 VirtualAlloc
0x18001a0d0 VirtualFree
0x18001a0d8 VirtualProtect
0x18001a0e0 SetStdHandle
0x18001a0e8 GetStringTypeW
0x18001a0f0 GetFileType
0x18001a0f8 GetStdHandle
0x18001a100 RtlCaptureContext
0x18001a108 RtlLookupFunctionEntry
0x18001a110 RtlVirtualUnwind
0x18001a118 UnhandledExceptionFilter
0x18001a120 SetUnhandledExceptionFilter
0x18001a128 GetCurrentProcess
0x18001a130 TerminateProcess
0x18001a138 IsProcessorFeaturePresent
0x18001a140 QueryPerformanceCounter
0x18001a148 GetCurrentProcessId
0x18001a150 GetCurrentThreadId
0x18001a158 GetSystemTimeAsFileTime
0x18001a160 InitializeSListHead
0x18001a168 IsDebuggerPresent
0x18001a170 GetStartupInfoW
0x18001a178 GetModuleHandleW
0x18001a180 RtlUnwindEx
0x18001a188 InterlockedFlushSList
0x18001a190 GetLastError
0x18001a198 SetLastError
0x18001a1a0 EnterCriticalSection
0x18001a1a8 LeaveCriticalSection
0x18001a1b0 InitializeCriticalSectionAndSpinCount
0x18001a1b8 TlsAlloc
0x18001a1c0 TlsGetValue
0x18001a1c8 TlsSetValue
0x18001a1d0 TlsFree
0x18001a1d8 FreeLibrary
0x18001a1e0 LoadLibraryExW
0x18001a1e8 ExitProcess
0x18001a1f0 GetModuleHandleExW
0x18001a1f8 GetModuleFileNameA
0x18001a200 MultiByteToWideChar
0x18001a208 WideCharToMultiByte
0x18001a210 FindClose
0x18001a218 FindFirstFileExA
0x18001a220 FindNextFileA
0x18001a228 IsValidCodePage
0x18001a230 GetACP
0x18001a238 GetOEMCP
0x18001a240 GetCPInfo
0x18001a248 GetCommandLineA
0x18001a250 GetCommandLineW
0x18001a258 GetEnvironmentStringsW
0x18001a260 FreeEnvironmentStringsW
0x18001a268 LCMapStringW
0x18001a270 RaiseException
USER32.dll
0x18001a2b0 GetKeyboardLayoutNameW
ole32.dll
0x18001a2c0 CoReactivateObject
0x18001a2c8 NdrProxyForwardingFunction13
0x18001a2d0 NdrProxyForwardingFunction24
0x18001a2d8 HBRUSH_UserUnmarshal
0x18001a2e0 HMONITOR_UserMarshal
0x18001a2e8 HBRUSH_UserFree
0x18001a2f0 CoDosDateTimeToFileTime
GDI32.dll
0x18001a000 ScaleViewportExtEx
0x18001a008 FillPath
0x18001a010 SetMetaRgn
0x18001a018 CreatePenIndirect
SHELL32.dll
0x18001a280 SHGetSpecialFolderPathA
0x18001a288 SHCreateDataObject
0x18001a290 None
0x18001a298 DragQueryFileA
0x18001a2a0 ExtractIconEx
EAT(Export Address Table) Library
0x18000127a DllRegisterServer