ScreenShot
| Created | 2021.06.24 19:03 | Machine | s1_win7_x6402 |
| Filename | dll.rar | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 54 detected (AIDetectVM, malware1, malicious, high confidence, GenericKD, Unsafe, NoobyProtect, confidence, 100%, Generic PUA HN, Attribute, HighConfidence, Blackv, fomxft, msN0, Malware@#1575040vv5gta, AGEN, R007C0PFC20, HackTool, AGeneric, Vigua, score, ai score=99, Zpevdo, L suspicious, DlLP3814fGN, Malicious PE, susgen, ZedlaF, Oz5@auE2Led, Genetic) | ||
| md5 | 0ae26770b96b47165c58ed621143d439 | ||
| sha256 | 9cfe68bda9f84af57673caee7fcb737e6edbaef0b1385de2f1e5c9083a446351 | ||
| ssdeep | 49152:u73fDYyWgxfSX71z2dlqkfaHnV7i4NbYpvU:u7vc3gxqL1zjTnV7i4apvU | ||
| imphash | 0973b0f82004f79a5fac1a3de7f81696 | ||
| impfuzzy | 6:cyRz1bXhrVDA/w8qCA+IzO3U02WWZn2yILK36YbGeA:cUHpDMw8qCIW2P2hLKqXh | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1075722f VirtualProtect
USER32.dll
0x1075723b GetWindowThreadProcessId
GDI32.dll
0x10757247 TextOutA
ole32.dll
0x10757253 CoCreateGuid
WINMM.dll
0x1075725f timeGetTime
IMM32.dll
0x1075726b ImmGetCompositionStringA
MSVCRT.dll
0x10757277 strncpy
IPHLPAPI.DLL
0x10757283 GetInterfaceInfo
PSAPI.DLL
0x1075728f GetMappedFileNameW
ADVAPI32.dll
0x1075729b RegDeleteKeyA
SHELL32.dll
0x107572a7 SHGetFolderPathW
EAT(Export Address Table) Library
0x1000d6b3 start
KERNEL32.dll
0x1075722f VirtualProtect
USER32.dll
0x1075723b GetWindowThreadProcessId
GDI32.dll
0x10757247 TextOutA
ole32.dll
0x10757253 CoCreateGuid
WINMM.dll
0x1075725f timeGetTime
IMM32.dll
0x1075726b ImmGetCompositionStringA
MSVCRT.dll
0x10757277 strncpy
IPHLPAPI.DLL
0x10757283 GetInterfaceInfo
PSAPI.DLL
0x1075728f GetMappedFileNameW
ADVAPI32.dll
0x1075729b RegDeleteKeyA
SHELL32.dll
0x107572a7 SHGetFolderPathW
EAT(Export Address Table) Library
0x1000d6b3 start