ScreenShot
| Created | 2021.06.22 11:20 | Machine | s1_win7_x6401 |
| Filename | GT2pFbB.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 5 detected (Malicious, Reflo) | ||
| md5 | 4e5fc6111da7ec4512257864ded2f43b | ||
| sha256 | 9337cbb204dce3fea34177b596716d98f9af75e73c5e35f98254ee22a40383c5 | ||
| ssdeep | 12288:wn0L1zaGC6aKiUulRnRJRwesnWPyNCNnQ:w0LRFCmu3nGW6NanQ | ||
| imphash | b431941c337157e834b54d99a8a6e679 | ||
| impfuzzy | 3:swBJAEPwS9KTXzhAXwEQaxRGUCln:dBJAEHGDzyRkl | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x2e7d4b03c LoadLibraryA
0x2e7d4b044 GetProcAddress
0x2e7d4b04c VirtualProtect
msvcrt.dll
0x2e7d4b05c free
EAT(Export Address Table) Library
0x2e7c40660 StartW
0x2e7d3cb20 _cgo_dummy_export
0x2e7c40950 aekxcpamk
0x2e7c410d0 avugtzedva
0x2e7c40cc0 baszevtrfyzp
0x2e7c40ea0 btirtszhsdofa
0x2e7c413a0 cdjfyhjjvrs
0x2e7c41170 cffrihrojxkmw
0x2e7c40c20 cgxcrnhotwsaglpdx
0x2e7c406d0 cmfjrlthtv
0x2e7c41990 cpdiudkvxrelb
0x2e7c40c70 ctxreelcfjdezjefr
0x2e7c41df0 ddsvfvqn
0x2e7c415d0 dftkfwtqd
0x2e7c418a0 djqnbighatygzbyph
0x2e7c41d50 dkoolzw
0x2e7c414e0 elvqsrzdp
0x2e7c41940 fdedputeeqxudssod
0x2e7c41bc0 fgplhvdrjz
0x2e7c40fe0 fkoumwnmwimykbxho
0x2e7c41e90 flviyhl
0x2e7c40e50 gcjrqzhfi
0x2e7c40a90 gixtvbh
0x2e7c41080 gmueieigy
0x2e7c41030 gpixdoyeew
0x2e7c40f40 grpnpgrwzttkysi
0x2e7c41580 hlkjnzufnw
0x2e7c41cb0 hmubthrmzz
0x2e7c407c0 hvtxhlakvi
0x2e7c40720 iuytelpdilpqehp
0x2e7c40db0 izxobtig
0x2e7c41e40 jonkqxlonl
0x2e7c41b70 kbuulczjahek
0x2e7c41350 kdwnidb
0x2e7c40a40 kgknjas
0x2e7c40900 knfxydlhusmf
0x2e7c40d60 kqakfnjl
0x2e7c40b30 kylxdtj
0x2e7c41760 lbueqvfvz
0x2e7c416c0 lflbkeapyc
0x2e7c418f0 lfpqaqkxkegxxwpwr
0x2e7c40e00 lidbsisjybnrgjtkk
0x2e7c40f90 llpydhwbcbaomldym
0x2e7c41800 lyzgerjrvqhjb
0x2e7c41300 mqvhnafrvmo
0x2e7c41440 mwnaxnblaajnrhqts
0x2e7c40d10 nampkebwdggf
0x2e7c411c0 ofgbvvddun
0x2e7c409f0 okwtcsvetfefzqsp
0x2e7c41850 oydjhjeyydtgpxl
0x2e7c413f0 oyokgbqeqjtk
0x2e7c41260 pjodfqtkyzvzhqfw
0x2e7c419e0 ppscmrccuzylnh
0x2e7c40860 prlxglqdatwucmyxh
0x2e7c417b0 pupupatc
0x2e7c41120 qrvizuhylmxdk
0x2e7c41490 rodvcrhwrmzasg
0x2e7c409a0 ruutqdxl
0x2e7c41da0 rwdhplglkilknfvp
0x2e7c40ae0 sdysqiuo
0x2e7c40bd0 sqwmcucwoez
0x2e7c41ad0 tlxkqgrf
0x2e7c41b20 tnmrozaqm
0x2e7c41a80 tzqoerepgnr
0x2e7c41a30 uoqzdvihfcepsq
0x2e7c41c10 vbsnsxjgwhml
0x2e7c41d00 vhxtiovrha
0x2e7c408b0 vscbtycbrow
0x2e7c40b80 vynypsszqjxyle
0x2e7c412b0 wosivzctwsxaxnfm
0x2e7c40810 wpiowxx
0x2e7c40770 wqadekkq
0x2e7c41c60 xvwozmjipkpl
0x2e7c41210 xyegimmkl
0x2e7c41710 yanagsmsseor
0x2e7c40ef0 ycbrjhifxyhovie
0x2e7c41620 ydazjoruuwwgbq
0x2e7c41670 ypgotfngylypaaohq
0x2e7c41530 zhyiamorbu
KERNEL32.DLL
0x2e7d4b03c LoadLibraryA
0x2e7d4b044 GetProcAddress
0x2e7d4b04c VirtualProtect
msvcrt.dll
0x2e7d4b05c free
EAT(Export Address Table) Library
0x2e7c40660 StartW
0x2e7d3cb20 _cgo_dummy_export
0x2e7c40950 aekxcpamk
0x2e7c410d0 avugtzedva
0x2e7c40cc0 baszevtrfyzp
0x2e7c40ea0 btirtszhsdofa
0x2e7c413a0 cdjfyhjjvrs
0x2e7c41170 cffrihrojxkmw
0x2e7c40c20 cgxcrnhotwsaglpdx
0x2e7c406d0 cmfjrlthtv
0x2e7c41990 cpdiudkvxrelb
0x2e7c40c70 ctxreelcfjdezjefr
0x2e7c41df0 ddsvfvqn
0x2e7c415d0 dftkfwtqd
0x2e7c418a0 djqnbighatygzbyph
0x2e7c41d50 dkoolzw
0x2e7c414e0 elvqsrzdp
0x2e7c41940 fdedputeeqxudssod
0x2e7c41bc0 fgplhvdrjz
0x2e7c40fe0 fkoumwnmwimykbxho
0x2e7c41e90 flviyhl
0x2e7c40e50 gcjrqzhfi
0x2e7c40a90 gixtvbh
0x2e7c41080 gmueieigy
0x2e7c41030 gpixdoyeew
0x2e7c40f40 grpnpgrwzttkysi
0x2e7c41580 hlkjnzufnw
0x2e7c41cb0 hmubthrmzz
0x2e7c407c0 hvtxhlakvi
0x2e7c40720 iuytelpdilpqehp
0x2e7c40db0 izxobtig
0x2e7c41e40 jonkqxlonl
0x2e7c41b70 kbuulczjahek
0x2e7c41350 kdwnidb
0x2e7c40a40 kgknjas
0x2e7c40900 knfxydlhusmf
0x2e7c40d60 kqakfnjl
0x2e7c40b30 kylxdtj
0x2e7c41760 lbueqvfvz
0x2e7c416c0 lflbkeapyc
0x2e7c418f0 lfpqaqkxkegxxwpwr
0x2e7c40e00 lidbsisjybnrgjtkk
0x2e7c40f90 llpydhwbcbaomldym
0x2e7c41800 lyzgerjrvqhjb
0x2e7c41300 mqvhnafrvmo
0x2e7c41440 mwnaxnblaajnrhqts
0x2e7c40d10 nampkebwdggf
0x2e7c411c0 ofgbvvddun
0x2e7c409f0 okwtcsvetfefzqsp
0x2e7c41850 oydjhjeyydtgpxl
0x2e7c413f0 oyokgbqeqjtk
0x2e7c41260 pjodfqtkyzvzhqfw
0x2e7c419e0 ppscmrccuzylnh
0x2e7c40860 prlxglqdatwucmyxh
0x2e7c417b0 pupupatc
0x2e7c41120 qrvizuhylmxdk
0x2e7c41490 rodvcrhwrmzasg
0x2e7c409a0 ruutqdxl
0x2e7c41da0 rwdhplglkilknfvp
0x2e7c40ae0 sdysqiuo
0x2e7c40bd0 sqwmcucwoez
0x2e7c41ad0 tlxkqgrf
0x2e7c41b20 tnmrozaqm
0x2e7c41a80 tzqoerepgnr
0x2e7c41a30 uoqzdvihfcepsq
0x2e7c41c10 vbsnsxjgwhml
0x2e7c41d00 vhxtiovrha
0x2e7c408b0 vscbtycbrow
0x2e7c40b80 vynypsszqjxyle
0x2e7c412b0 wosivzctwsxaxnfm
0x2e7c40810 wpiowxx
0x2e7c40770 wqadekkq
0x2e7c41c60 xvwozmjipkpl
0x2e7c41210 xyegimmkl
0x2e7c41710 yanagsmsseor
0x2e7c40ef0 ycbrjhifxyhovie
0x2e7c41620 ydazjoruuwwgbq
0x2e7c41670 ypgotfngylypaaohq
0x2e7c41530 zhyiamorbu