ScreenShot
| Created | 2021.06.14 23:48 | Machine | s1_win7_x6401 |
| Filename | 2.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 9 detected (Unsafe, BazarLoader, Malicious, score, antje, Behavior) | ||
| md5 | cdc6ef36562b097aa88cd1d4e7e839cb | ||
| sha256 | 4a782562d6e38ed2e6b26179616b49d6e6f6fefe184f13a311c5a15a40148faf | ||
| ssdeep | 3072:6+xxFkA4AmPfvDvrUCecYIcjNv7QwaNy8wgWMz8m8WvqHCfiUZE15:DkAAf7vhuMlJwgWMom8UE1 | ||
| imphash | 52eb5a278d7238ecd97eb76290b5b824 | ||
| impfuzzy | 24:XfCejtWOovbOGjMh1ulvgDWDQyl4LPOzJUsBmlfbKQg1AFb68H:XfCKx331AlCbO2s0fbKQgUb6K | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x23e7d974838 CloseHandle
0x23e7d974840 CreateFileW
0x23e7d974848 DeleteCriticalSection
0x23e7d974850 EnterCriticalSection
0x23e7d974858 ExitProcess
0x23e7d974860 FindClose
0x23e7d974868 FindFirstFileExW
0x23e7d974870 FindNextFileW
0x23e7d974878 FlushFileBuffers
0x23e7d974880 FreeEnvironmentStringsW
0x23e7d974888 FreeLibrary
0x23e7d974890 GetACP
0x23e7d974898 GetCPInfo
0x23e7d9748a0 GetCommandLineA
0x23e7d9748a8 GetCommandLineW
0x23e7d9748b0 GetConsoleCP
0x23e7d9748b8 GetConsoleMode
0x23e7d9748c0 GetCurrentProcess
0x23e7d9748c8 GetCurrentProcessId
0x23e7d9748d0 GetCurrentThreadId
0x23e7d9748d8 GetEnvironmentStringsW
0x23e7d9748e0 GetFileType
0x23e7d9748e8 GetLastError
0x23e7d9748f0 GetModuleFileNameW
0x23e7d9748f8 GetModuleHandleA
0x23e7d974900 GetModuleHandleExW
0x23e7d974908 GetModuleHandleW
0x23e7d974910 GetOEMCP
0x23e7d974918 GetProcAddress
0x23e7d974920 GetProcessHeap
0x23e7d974928 GetStartupInfoW
0x23e7d974930 GetStdHandle
0x23e7d974938 GetStringTypeW
0x23e7d974940 GetSystemTimeAsFileTime
0x23e7d974948 HeapAlloc
0x23e7d974950 HeapFree
0x23e7d974958 HeapReAlloc
0x23e7d974960 HeapSize
0x23e7d974968 InitializeCriticalSectionAndSpinCount
0x23e7d974970 InitializeSListHead
0x23e7d974978 InterlockedFlushSList
0x23e7d974980 IsDebuggerPresent
0x23e7d974988 IsProcessorFeaturePresent
0x23e7d974990 IsValidCodePage
0x23e7d974998 LCMapStringW
0x23e7d9749a0 LeaveCriticalSection
0x23e7d9749a8 LoadLibraryExW
0x23e7d9749b0 MultiByteToWideChar
0x23e7d9749b8 QueryPerformanceCounter
0x23e7d9749c0 RaiseException
0x23e7d9749c8 SetFilePointerEx
0x23e7d9749d0 SetLastError
0x23e7d9749d8 SetStdHandle
0x23e7d9749e0 SetUnhandledExceptionFilter
0x23e7d9749e8 TerminateProcess
0x23e7d9749f0 TlsAlloc
0x23e7d9749f8 TlsFree
0x23e7d974a00 TlsGetValue
0x23e7d974a08 TlsSetValue
0x23e7d974a10 UnhandledExceptionFilter
0x23e7d974a18 WideCharToMultiByte
0x23e7d974a20 WriteConsoleW
0x23e7d974a28 WriteFile
0x23e7d974a30 lstrcatA
0x23e7d974a38 lstrcatW
0x23e7d974a40 lstrcmpA
0x23e7d974a48 lstrcpyA
0x23e7d974a50 lstrcpyW
0x23e7d974a58 lstrlenA
0x23e7d974a60 lstrlenW
USER32.dll
0x23e7d974a70 wsprintfA
0x23e7d974a78 wsprintfW
SHLWAPI.dll
0x23e7d974a88 StrCSpnA
0x23e7d974a90 StrDupA
0x23e7d974a98 StrSpnA
ntdll.dll
0x23e7d974aa8 RtlCaptureContext
0x23e7d974ab0 RtlLookupFunctionEntry
0x23e7d974ab8 RtlPcToFileHeader
0x23e7d974ac0 RtlUnwindEx
0x23e7d974ac8 RtlVirtualUnwind
EAT(Export Address Table) Library
0x23e7d956720 StartW
KERNEL32.dll
0x23e7d974838 CloseHandle
0x23e7d974840 CreateFileW
0x23e7d974848 DeleteCriticalSection
0x23e7d974850 EnterCriticalSection
0x23e7d974858 ExitProcess
0x23e7d974860 FindClose
0x23e7d974868 FindFirstFileExW
0x23e7d974870 FindNextFileW
0x23e7d974878 FlushFileBuffers
0x23e7d974880 FreeEnvironmentStringsW
0x23e7d974888 FreeLibrary
0x23e7d974890 GetACP
0x23e7d974898 GetCPInfo
0x23e7d9748a0 GetCommandLineA
0x23e7d9748a8 GetCommandLineW
0x23e7d9748b0 GetConsoleCP
0x23e7d9748b8 GetConsoleMode
0x23e7d9748c0 GetCurrentProcess
0x23e7d9748c8 GetCurrentProcessId
0x23e7d9748d0 GetCurrentThreadId
0x23e7d9748d8 GetEnvironmentStringsW
0x23e7d9748e0 GetFileType
0x23e7d9748e8 GetLastError
0x23e7d9748f0 GetModuleFileNameW
0x23e7d9748f8 GetModuleHandleA
0x23e7d974900 GetModuleHandleExW
0x23e7d974908 GetModuleHandleW
0x23e7d974910 GetOEMCP
0x23e7d974918 GetProcAddress
0x23e7d974920 GetProcessHeap
0x23e7d974928 GetStartupInfoW
0x23e7d974930 GetStdHandle
0x23e7d974938 GetStringTypeW
0x23e7d974940 GetSystemTimeAsFileTime
0x23e7d974948 HeapAlloc
0x23e7d974950 HeapFree
0x23e7d974958 HeapReAlloc
0x23e7d974960 HeapSize
0x23e7d974968 InitializeCriticalSectionAndSpinCount
0x23e7d974970 InitializeSListHead
0x23e7d974978 InterlockedFlushSList
0x23e7d974980 IsDebuggerPresent
0x23e7d974988 IsProcessorFeaturePresent
0x23e7d974990 IsValidCodePage
0x23e7d974998 LCMapStringW
0x23e7d9749a0 LeaveCriticalSection
0x23e7d9749a8 LoadLibraryExW
0x23e7d9749b0 MultiByteToWideChar
0x23e7d9749b8 QueryPerformanceCounter
0x23e7d9749c0 RaiseException
0x23e7d9749c8 SetFilePointerEx
0x23e7d9749d0 SetLastError
0x23e7d9749d8 SetStdHandle
0x23e7d9749e0 SetUnhandledExceptionFilter
0x23e7d9749e8 TerminateProcess
0x23e7d9749f0 TlsAlloc
0x23e7d9749f8 TlsFree
0x23e7d974a00 TlsGetValue
0x23e7d974a08 TlsSetValue
0x23e7d974a10 UnhandledExceptionFilter
0x23e7d974a18 WideCharToMultiByte
0x23e7d974a20 WriteConsoleW
0x23e7d974a28 WriteFile
0x23e7d974a30 lstrcatA
0x23e7d974a38 lstrcatW
0x23e7d974a40 lstrcmpA
0x23e7d974a48 lstrcpyA
0x23e7d974a50 lstrcpyW
0x23e7d974a58 lstrlenA
0x23e7d974a60 lstrlenW
USER32.dll
0x23e7d974a70 wsprintfA
0x23e7d974a78 wsprintfW
SHLWAPI.dll
0x23e7d974a88 StrCSpnA
0x23e7d974a90 StrDupA
0x23e7d974a98 StrSpnA
ntdll.dll
0x23e7d974aa8 RtlCaptureContext
0x23e7d974ab0 RtlLookupFunctionEntry
0x23e7d974ab8 RtlPcToFileHeader
0x23e7d974ac0 RtlUnwindEx
0x23e7d974ac8 RtlVirtualUnwind
EAT(Export Address Table) Library
0x23e7d956720 StartW