ScreenShot
| Created | 2021.06.25 09:41 | Machine | s1_win7_x6402 |
| Filename | read_dll32.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 8 detected (GenericRXOL, ZedlaF, eu4@aqLytBmj, Cerber, Malicious, score) | ||
| md5 | fce211eb34132eb6116b66c3e27eb2de | ||
| sha256 | 1192193a7489c7ac0d93c9142554dd84213a2f2872af136d789206733f3a628e | ||
| ssdeep | 1536:XXwpGMdgZeOQg8Z/K/AeSbQg0pXcTZfYsW1cd7qZUCc/4:X+UR8Z/aSbQg0gtd7qZUCc/4 | ||
| imphash | 351cd07c6db65a3abee61a8a9cd0bb60 | ||
| impfuzzy | 24:teDGxwOtMSibJnc+pl39TYodUSOovbO0ZsvwjMYVKRBmh1SSDBmudi:8OtMSilc+pp9Yr3liKR6/jE | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 8 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1000c034 GetTickCount
0x1000c038 GetProcAddress
0x1000c03c CloseHandle
0x1000c040 GetSystemDirectoryA
0x1000c044 CreateFileA
0x1000c048 GetLastError
0x1000c04c Wow64RevertWow64FsRedirection
0x1000c050 CopyFileA
0x1000c054 MultiByteToWideChar
0x1000c058 GetModuleHandleA
0x1000c05c GetCurrentThreadId
0x1000c060 DeviceIoControl
0x1000c064 WriteConsoleW
0x1000c068 Wow64DisableWow64FsRedirection
0x1000c06c UnhandledExceptionFilter
0x1000c070 SetUnhandledExceptionFilter
0x1000c074 GetCurrentProcess
0x1000c078 TerminateProcess
0x1000c07c IsProcessorFeaturePresent
0x1000c080 QueryPerformanceCounter
0x1000c084 GetCurrentProcessId
0x1000c088 GetSystemTimeAsFileTime
0x1000c08c InitializeSListHead
0x1000c090 IsDebuggerPresent
0x1000c094 GetStartupInfoW
0x1000c098 GetModuleHandleW
0x1000c09c InterlockedFlushSList
0x1000c0a0 RtlUnwind
0x1000c0a4 SetLastError
0x1000c0a8 EnterCriticalSection
0x1000c0ac LeaveCriticalSection
0x1000c0b0 DeleteCriticalSection
0x1000c0b4 InitializeCriticalSectionAndSpinCount
0x1000c0b8 TlsAlloc
0x1000c0bc TlsGetValue
0x1000c0c0 TlsSetValue
0x1000c0c4 TlsFree
0x1000c0c8 FreeLibrary
0x1000c0cc LoadLibraryExW
0x1000c0d0 RaiseException
0x1000c0d4 ExitProcess
0x1000c0d8 GetModuleHandleExW
0x1000c0dc GetModuleFileNameW
0x1000c0e0 HeapAlloc
0x1000c0e4 HeapFree
0x1000c0e8 FindClose
0x1000c0ec FindFirstFileExW
0x1000c0f0 FindNextFileW
0x1000c0f4 IsValidCodePage
0x1000c0f8 GetACP
0x1000c0fc GetOEMCP
0x1000c100 GetCPInfo
0x1000c104 GetCommandLineA
0x1000c108 GetCommandLineW
0x1000c10c WideCharToMultiByte
0x1000c110 GetEnvironmentStringsW
0x1000c114 FreeEnvironmentStringsW
0x1000c118 LCMapStringW
0x1000c11c GetProcessHeap
0x1000c120 GetStdHandle
0x1000c124 GetFileType
0x1000c128 GetStringTypeW
0x1000c12c HeapSize
0x1000c130 HeapReAlloc
0x1000c134 SetStdHandle
0x1000c138 FlushFileBuffers
0x1000c13c WriteFile
0x1000c140 GetConsoleCP
0x1000c144 GetConsoleMode
0x1000c148 SetFilePointerEx
0x1000c14c CreateFileW
0x1000c150 DecodePointer
ADVAPI32.dll
0x1000c000 RegCreateKeyA
0x1000c004 CreateServiceA
0x1000c008 RegCloseKey
0x1000c00c CloseServiceHandle
0x1000c010 RegQueryValueExA
0x1000c014 OpenSCManagerA
0x1000c018 DeleteService
0x1000c01c ControlService
0x1000c020 StartServiceA
0x1000c024 RegSetValueExA
0x1000c028 RegOpenKeyExA
0x1000c02c OpenServiceA
EAT(Export Address Table) Library
0x10001830 GetDev
0x100012f0 GetProcessModuleBase
0x10001a50 IDeleteFile
0x10001170 IVirtualAllocate
0x10001010 Read64ProcessMemory
0x10001450 StarDevice
0x100013a0 StopDevice
0x100010c0 Write64ProcessMemory
0x10001240 dVirtualProtect
KERNEL32.dll
0x1000c034 GetTickCount
0x1000c038 GetProcAddress
0x1000c03c CloseHandle
0x1000c040 GetSystemDirectoryA
0x1000c044 CreateFileA
0x1000c048 GetLastError
0x1000c04c Wow64RevertWow64FsRedirection
0x1000c050 CopyFileA
0x1000c054 MultiByteToWideChar
0x1000c058 GetModuleHandleA
0x1000c05c GetCurrentThreadId
0x1000c060 DeviceIoControl
0x1000c064 WriteConsoleW
0x1000c068 Wow64DisableWow64FsRedirection
0x1000c06c UnhandledExceptionFilter
0x1000c070 SetUnhandledExceptionFilter
0x1000c074 GetCurrentProcess
0x1000c078 TerminateProcess
0x1000c07c IsProcessorFeaturePresent
0x1000c080 QueryPerformanceCounter
0x1000c084 GetCurrentProcessId
0x1000c088 GetSystemTimeAsFileTime
0x1000c08c InitializeSListHead
0x1000c090 IsDebuggerPresent
0x1000c094 GetStartupInfoW
0x1000c098 GetModuleHandleW
0x1000c09c InterlockedFlushSList
0x1000c0a0 RtlUnwind
0x1000c0a4 SetLastError
0x1000c0a8 EnterCriticalSection
0x1000c0ac LeaveCriticalSection
0x1000c0b0 DeleteCriticalSection
0x1000c0b4 InitializeCriticalSectionAndSpinCount
0x1000c0b8 TlsAlloc
0x1000c0bc TlsGetValue
0x1000c0c0 TlsSetValue
0x1000c0c4 TlsFree
0x1000c0c8 FreeLibrary
0x1000c0cc LoadLibraryExW
0x1000c0d0 RaiseException
0x1000c0d4 ExitProcess
0x1000c0d8 GetModuleHandleExW
0x1000c0dc GetModuleFileNameW
0x1000c0e0 HeapAlloc
0x1000c0e4 HeapFree
0x1000c0e8 FindClose
0x1000c0ec FindFirstFileExW
0x1000c0f0 FindNextFileW
0x1000c0f4 IsValidCodePage
0x1000c0f8 GetACP
0x1000c0fc GetOEMCP
0x1000c100 GetCPInfo
0x1000c104 GetCommandLineA
0x1000c108 GetCommandLineW
0x1000c10c WideCharToMultiByte
0x1000c110 GetEnvironmentStringsW
0x1000c114 FreeEnvironmentStringsW
0x1000c118 LCMapStringW
0x1000c11c GetProcessHeap
0x1000c120 GetStdHandle
0x1000c124 GetFileType
0x1000c128 GetStringTypeW
0x1000c12c HeapSize
0x1000c130 HeapReAlloc
0x1000c134 SetStdHandle
0x1000c138 FlushFileBuffers
0x1000c13c WriteFile
0x1000c140 GetConsoleCP
0x1000c144 GetConsoleMode
0x1000c148 SetFilePointerEx
0x1000c14c CreateFileW
0x1000c150 DecodePointer
ADVAPI32.dll
0x1000c000 RegCreateKeyA
0x1000c004 CreateServiceA
0x1000c008 RegCloseKey
0x1000c00c CloseServiceHandle
0x1000c010 RegQueryValueExA
0x1000c014 OpenSCManagerA
0x1000c018 DeleteService
0x1000c01c ControlService
0x1000c020 StartServiceA
0x1000c024 RegSetValueExA
0x1000c028 RegOpenKeyExA
0x1000c02c OpenServiceA
EAT(Export Address Table) Library
0x10001830 GetDev
0x100012f0 GetProcessModuleBase
0x10001a50 IDeleteFile
0x10001170 IVirtualAllocate
0x10001010 Read64ProcessMemory
0x10001450 StarDevice
0x100013a0 StopDevice
0x100010c0 Write64ProcessMemory
0x10001240 dVirtualProtect