ScreenShot
| Created | 2021.06.24 19:34 | Machine | s1_win7_x6402 |
| Filename | actXApiLib.dll | ||
| Type | MS-DOS executable | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 19 detected (malicious, high confidence, GenericKD, Artemis, Attribute, HighConfidence, GenKryptik, FGSC, R002H0CFL21, score, ai score=88, Krypt, Kryptik, HLFK) | ||
| md5 | 814775ead2e655aca8eccdfd4378fe00 | ||
| sha256 | 0842444e92ea8f92f450a73f1de12140c7d410f66e2031b785a7d7b8f47a3988 | ||
| ssdeep | 6144:mMhsf/mMTxJElpPl8lmPEYt2oxRh+ooRQvuQ488k:E/mM+pN8l/vooQvuQ4Vk | ||
| imphash | 05189fa06a243077feaa49c51243c638 | ||
| impfuzzy | 24:dEV4WvV4nV4WDV4Q2F4/cQtMqoTiqckDkCq2HLg0Ugx/rAbOAhwzx+f2JELwkg1P:dNKYbMhiqaCqULg0UglrAbzhax+oEL/Q | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
comctl32.dll
0x10032be8 CreatePropertySheetPageW
hnetmon.dll
0x10032bf0 InitHelperDll
iphlpapi.dll
0x10032bf8 IcmpParseReplies
kernel32.dll
0x10032c00 CreateSemaphoreW
0x10032c04 GetPrivateProfileStringW
0x10032c08 GetPrivateProfileSectionW
0x10032c0c WritePrivateProfileStringW
0x10032c10 GlobalUnlock
0x10032c14 lstrlenW
0x10032c18 GlobalLock
0x10032c1c lstrcmpiW
0x10032c20 lstrcmpW
0x10032c24 VirtualProtect
0x10032c28 WritePrivateProfileSectionW
0x10032c2c GetVersion
mpr.dll
0x10032c34 WNetGetUniversalNameW
msvcrt.dll
0x10032c3c _lock
0x10032c40 _onexit
0x10032c44 _vsnwprintf
0x10032c48 ?terminate@@YAXXZ
0x10032c4c _purecall
0x10032c50 _callnewh
0x10032c54 wcsstr
0x10032c58 wcsrchr
0x10032c5c __RTDynamicCast
0x10032c60 _wtoi
0x10032c64 _amsg_exit
0x10032c68 _unlock
0x10032c6c _wcsnicmp
0x10032c70 free
0x10032c74 _wcsicmp
0x10032c78 swscanf
0x10032c7c _XcptFilter
0x10032c80 wcschr
0x10032c84 memcpy
0x10032c88 _CxxThrowException
0x10032c8c _initterm
0x10032c90 __dllonexit
0x10032c94 malloc
0x10032c98 memset
ntdll.dll
0x10032ca0 RtlFreeUnicodeString
0x10032ca4 RtlConvertSidToUnicodeString
0x10032ca8 RtlAllocateAndInitializeSid
0x10032cac RtlUnicodeStringToInteger
ole32.dll
0x10032cb4 CoInitialize
0x10032cb8 ReleaseStgMedium
shell32.dll
0x10032cc0 SHBrowseForFolderW
0x10032cc4 SHGetPathFromIDListW
shlwapi.dll
0x10032ccc StrDupW
0x10032cd0 PathCompactPathW
0x10032cd4 PathIsUNCW
user32.dll
0x10032cdc IsWindowVisible
0x10032ce0 CallNextHookEx
0x10032ce4 RegisterClipboardFormatW
0x10032ce8 SendMessageW
0x10032cec UnhookWindowsHookEx
0x10032cf0 SetCursor
0x10032cf4 GetParent
0x10032cf8 MessageBeep
0x10032cfc LoadBitmapW
0x10032d00 LoadCursorW
0x10032d04 GetClientRect
0x10032d08 EnableWindow
0x10032d0c GetWindowRect
0x10032d10 MessageBoxW
0x10032d14 SetParent
0x10032d18 SetWindowsHookExW
0x10032d1c ScreenToClient
EAT(Export Address Table) Library
0x1000217c Tanguile
0x100026e1 Garnishry
0x10002741 Parastichy
0x100027ef DllUnregisterServer
0x100028ed Garrulity
0x100029a2 Spinnery
0x1000326f Horseboy
0x10003497 Cheesiness
0x1000359a Palmwood
0x100038bf Romanticist
0x1000443a Menisperm
0x10004d20 Prelect
0x10004dba DllRegisterServer
0x100052c2 Tortulous
0x10005566 Vetoistical
0x10005b60 Suggestum
0x10006269 Semidirect
0x1000697e Disappointingly
0x10006be7 Homographic
0x100072fb Chirologically
0x100073f3 Londonish
0x1000749c Drainer
0x10007735 Untwine
0x10007876 Neighborer
0x10007c15 Farrisite
0x10008b43 Pentameran
0x10008c2b Updeck
0x10008f81 Afterwisdom
0x100097a8 Babblesome
0x10009be1 Mesothet
0x1000a31c Assurant
0x1000ad16 Ramlike
0x1000ade7 Windball
0x1000b398 Astrotheology
0x1000c0a3 Shigella
0x1000c908 Unbolden
0x1000d0bb Pampilion
0x1000d489 Professoriate
0x1000d6e4 Achromatiaceae
0x1000dbcf Vassalship
0x1000dfd7 Humbuzz
0x1000ea8b Isobutyryl
0x1000f392 Pyrochemically
0x1000f820 Beltwise
comctl32.dll
0x10032be8 CreatePropertySheetPageW
hnetmon.dll
0x10032bf0 InitHelperDll
iphlpapi.dll
0x10032bf8 IcmpParseReplies
kernel32.dll
0x10032c00 CreateSemaphoreW
0x10032c04 GetPrivateProfileStringW
0x10032c08 GetPrivateProfileSectionW
0x10032c0c WritePrivateProfileStringW
0x10032c10 GlobalUnlock
0x10032c14 lstrlenW
0x10032c18 GlobalLock
0x10032c1c lstrcmpiW
0x10032c20 lstrcmpW
0x10032c24 VirtualProtect
0x10032c28 WritePrivateProfileSectionW
0x10032c2c GetVersion
mpr.dll
0x10032c34 WNetGetUniversalNameW
msvcrt.dll
0x10032c3c _lock
0x10032c40 _onexit
0x10032c44 _vsnwprintf
0x10032c48 ?terminate@@YAXXZ
0x10032c4c _purecall
0x10032c50 _callnewh
0x10032c54 wcsstr
0x10032c58 wcsrchr
0x10032c5c __RTDynamicCast
0x10032c60 _wtoi
0x10032c64 _amsg_exit
0x10032c68 _unlock
0x10032c6c _wcsnicmp
0x10032c70 free
0x10032c74 _wcsicmp
0x10032c78 swscanf
0x10032c7c _XcptFilter
0x10032c80 wcschr
0x10032c84 memcpy
0x10032c88 _CxxThrowException
0x10032c8c _initterm
0x10032c90 __dllonexit
0x10032c94 malloc
0x10032c98 memset
ntdll.dll
0x10032ca0 RtlFreeUnicodeString
0x10032ca4 RtlConvertSidToUnicodeString
0x10032ca8 RtlAllocateAndInitializeSid
0x10032cac RtlUnicodeStringToInteger
ole32.dll
0x10032cb4 CoInitialize
0x10032cb8 ReleaseStgMedium
shell32.dll
0x10032cc0 SHBrowseForFolderW
0x10032cc4 SHGetPathFromIDListW
shlwapi.dll
0x10032ccc StrDupW
0x10032cd0 PathCompactPathW
0x10032cd4 PathIsUNCW
user32.dll
0x10032cdc IsWindowVisible
0x10032ce0 CallNextHookEx
0x10032ce4 RegisterClipboardFormatW
0x10032ce8 SendMessageW
0x10032cec UnhookWindowsHookEx
0x10032cf0 SetCursor
0x10032cf4 GetParent
0x10032cf8 MessageBeep
0x10032cfc LoadBitmapW
0x10032d00 LoadCursorW
0x10032d04 GetClientRect
0x10032d08 EnableWindow
0x10032d0c GetWindowRect
0x10032d10 MessageBoxW
0x10032d14 SetParent
0x10032d18 SetWindowsHookExW
0x10032d1c ScreenToClient
EAT(Export Address Table) Library
0x1000217c Tanguile
0x100026e1 Garnishry
0x10002741 Parastichy
0x100027ef DllUnregisterServer
0x100028ed Garrulity
0x100029a2 Spinnery
0x1000326f Horseboy
0x10003497 Cheesiness
0x1000359a Palmwood
0x100038bf Romanticist
0x1000443a Menisperm
0x10004d20 Prelect
0x10004dba DllRegisterServer
0x100052c2 Tortulous
0x10005566 Vetoistical
0x10005b60 Suggestum
0x10006269 Semidirect
0x1000697e Disappointingly
0x10006be7 Homographic
0x100072fb Chirologically
0x100073f3 Londonish
0x1000749c Drainer
0x10007735 Untwine
0x10007876 Neighborer
0x10007c15 Farrisite
0x10008b43 Pentameran
0x10008c2b Updeck
0x10008f81 Afterwisdom
0x100097a8 Babblesome
0x10009be1 Mesothet
0x1000a31c Assurant
0x1000ad16 Ramlike
0x1000ade7 Windball
0x1000b398 Astrotheology
0x1000c0a3 Shigella
0x1000c908 Unbolden
0x1000d0bb Pampilion
0x1000d489 Professoriate
0x1000d6e4 Achromatiaceae
0x1000dbcf Vassalship
0x1000dfd7 Humbuzz
0x1000ea8b Isobutyryl
0x1000f392 Pyrochemically
0x1000f820 Beltwise