ScreenShot
| Created | 2021.07.01 08:32 | Machine | s1_win7_x6402 |
| Filename | idu567.tmp | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 12 detected (malicious, high confidence, Artemis, Save, Carberp, xehvx, Wacapew, score, ET#78%, RDMK, cmRtazo91LiFut, IS3uhdUgZlraW, Static AI, Suspicious PE, TrojanPSW, Hx4CR9sA) | ||
| md5 | 18c3793f2df5ae48b55a9a1825b1c1fb | ||
| sha256 | 43e35aa1486b2cd51237520eb1b0b02fb46f0f3b135622e66b7438684429441c | ||
| ssdeep | 24576:L3G8qqDn4HT28T14a5EhXn6LLdHr/CLn+/nfwoeCOUgFqmRCka/2qp5e+l8U3h:iiYTtwaLdHryn+ZRg5rqJ3 | ||
| imphash | be0a2d959e20c7f06e996a3dfae0d06d | ||
| impfuzzy | 48:bho00+fcXM5mUtktZPjZiNbeACQL6x9EGA/101t92:b600+fcXM5PtknbZlUp | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1123000 QueryPerformanceCounter
0x1123004 CreateFileA
0x1123008 GetVolumeInformationA
0x112300c GetSystemTime
0x1123010 GetModuleHandleA
0x1123014 GetVersionExA
0x1123018 OpenProcess
0x112301c GetDateFormatA
0x1123020 FindResourceA
0x1123024 LoadResource
0x1123028 FindClose
0x112302c FindNextFileA
0x1123030 FindFirstFileA
0x1123034 TlsAlloc
0x1123038 TlsGetValue
0x112303c GetModuleFileNameA
0x1123040 VirtualProtect
0x1123044 GetSystemDirectoryA
0x1123048 GetWindowsDirectoryA
0x112304c GetCurrentDirectoryA
0x1123050 SetConsoleCP
0x1123054 SetConsoleOutputCP
0x1123058 GetTempPathA
0x112305c GetEnvironmentVariableA
0x1123060 SetStdHandle
0x1123064 WriteConsoleW
0x1123068 GetConsoleOutputCP
0x112306c WriteConsoleA
0x1123070 CloseHandle
0x1123074 SetFilePointer
0x1123078 FlushFileBuffers
0x112307c GetConsoleMode
0x1123080 GetConsoleCP
0x1123084 GetLocaleInfoW
0x1123088 LCMapStringW
0x112308c InterlockedIncrement
0x1123090 InterlockedDecrement
0x1123094 Sleep
0x1123098 InitializeCriticalSection
0x112309c DeleteCriticalSection
0x11230a0 EnterCriticalSection
0x11230a4 LeaveCriticalSection
0x11230a8 HeapAlloc
0x11230ac RtlUnwind
0x11230b0 RaiseException
0x11230b4 GetCurrentThreadId
0x11230b8 GetCommandLineA
0x11230bc UnhandledExceptionFilter
0x11230c0 SetUnhandledExceptionFilter
0x11230c4 GetLastError
0x11230c8 HeapFree
0x11230cc VirtualFree
0x11230d0 VirtualAlloc
0x11230d4 HeapReAlloc
0x11230d8 HeapCreate
0x11230dc HeapDestroy
0x11230e0 GetModuleHandleW
0x11230e4 GetProcAddress
0x11230e8 ExitProcess
0x11230ec WriteFile
0x11230f0 GetStdHandle
0x11230f4 GetCPInfo
0x11230f8 TerminateProcess
0x11230fc GetCurrentProcess
0x1123100 IsDebuggerPresent
0x1123104 TlsSetValue
0x1123108 TlsFree
0x112310c SetLastError
0x1123110 GetACP
0x1123114 GetOEMCP
0x1123118 IsValidCodePage
0x112311c GetUserDefaultLCID
0x1123120 GetLocaleInfoA
0x1123124 EnumSystemLocalesA
0x1123128 IsValidLocale
0x112312c GetStringTypeA
0x1123130 MultiByteToWideChar
0x1123134 GetStringTypeW
0x1123138 SetHandleCount
0x112313c GetFileType
0x1123140 GetStartupInfoA
0x1123144 FreeEnvironmentStringsA
0x1123148 GetEnvironmentStrings
0x112314c FreeEnvironmentStringsW
0x1123150 WideCharToMultiByte
0x1123154 GetEnvironmentStringsW
0x1123158 GetTickCount
0x112315c GetCurrentProcessId
0x1123160 GetSystemTimeAsFileTime
0x1123164 HeapSize
0x1123168 InitializeCriticalSectionAndSpinCount
0x112316c LoadLibraryA
0x1123170 LCMapStringA
USER32.dll
0x1123178 IsDialogMessageA
0x112317c LoadBitmapA
0x1123180 CheckDlgButton
0x1123184 SetWindowTextA
0x1123188 GetIconInfo
0x112318c GetWindowRect
0x1123190 DialogBoxIndirectParamA
0x1123194 CreatePopupMenu
0x1123198 GetSysColorBrush
0x112319c DefWindowProcA
0x11231a0 GetForegroundWindow
0x11231a4 CreateDialogIndirectParamA
0x11231a8 GetClientRect
EAT(Export Address Table) Library
0x1113090 Country
0x1111e40 Raildiffer
0x1112f60 Sleephappen
0x1113220 Whatgrand
KERNEL32.dll
0x1123000 QueryPerformanceCounter
0x1123004 CreateFileA
0x1123008 GetVolumeInformationA
0x112300c GetSystemTime
0x1123010 GetModuleHandleA
0x1123014 GetVersionExA
0x1123018 OpenProcess
0x112301c GetDateFormatA
0x1123020 FindResourceA
0x1123024 LoadResource
0x1123028 FindClose
0x112302c FindNextFileA
0x1123030 FindFirstFileA
0x1123034 TlsAlloc
0x1123038 TlsGetValue
0x112303c GetModuleFileNameA
0x1123040 VirtualProtect
0x1123044 GetSystemDirectoryA
0x1123048 GetWindowsDirectoryA
0x112304c GetCurrentDirectoryA
0x1123050 SetConsoleCP
0x1123054 SetConsoleOutputCP
0x1123058 GetTempPathA
0x112305c GetEnvironmentVariableA
0x1123060 SetStdHandle
0x1123064 WriteConsoleW
0x1123068 GetConsoleOutputCP
0x112306c WriteConsoleA
0x1123070 CloseHandle
0x1123074 SetFilePointer
0x1123078 FlushFileBuffers
0x112307c GetConsoleMode
0x1123080 GetConsoleCP
0x1123084 GetLocaleInfoW
0x1123088 LCMapStringW
0x112308c InterlockedIncrement
0x1123090 InterlockedDecrement
0x1123094 Sleep
0x1123098 InitializeCriticalSection
0x112309c DeleteCriticalSection
0x11230a0 EnterCriticalSection
0x11230a4 LeaveCriticalSection
0x11230a8 HeapAlloc
0x11230ac RtlUnwind
0x11230b0 RaiseException
0x11230b4 GetCurrentThreadId
0x11230b8 GetCommandLineA
0x11230bc UnhandledExceptionFilter
0x11230c0 SetUnhandledExceptionFilter
0x11230c4 GetLastError
0x11230c8 HeapFree
0x11230cc VirtualFree
0x11230d0 VirtualAlloc
0x11230d4 HeapReAlloc
0x11230d8 HeapCreate
0x11230dc HeapDestroy
0x11230e0 GetModuleHandleW
0x11230e4 GetProcAddress
0x11230e8 ExitProcess
0x11230ec WriteFile
0x11230f0 GetStdHandle
0x11230f4 GetCPInfo
0x11230f8 TerminateProcess
0x11230fc GetCurrentProcess
0x1123100 IsDebuggerPresent
0x1123104 TlsSetValue
0x1123108 TlsFree
0x112310c SetLastError
0x1123110 GetACP
0x1123114 GetOEMCP
0x1123118 IsValidCodePage
0x112311c GetUserDefaultLCID
0x1123120 GetLocaleInfoA
0x1123124 EnumSystemLocalesA
0x1123128 IsValidLocale
0x112312c GetStringTypeA
0x1123130 MultiByteToWideChar
0x1123134 GetStringTypeW
0x1123138 SetHandleCount
0x112313c GetFileType
0x1123140 GetStartupInfoA
0x1123144 FreeEnvironmentStringsA
0x1123148 GetEnvironmentStrings
0x112314c FreeEnvironmentStringsW
0x1123150 WideCharToMultiByte
0x1123154 GetEnvironmentStringsW
0x1123158 GetTickCount
0x112315c GetCurrentProcessId
0x1123160 GetSystemTimeAsFileTime
0x1123164 HeapSize
0x1123168 InitializeCriticalSectionAndSpinCount
0x112316c LoadLibraryA
0x1123170 LCMapStringA
USER32.dll
0x1123178 IsDialogMessageA
0x112317c LoadBitmapA
0x1123180 CheckDlgButton
0x1123184 SetWindowTextA
0x1123188 GetIconInfo
0x112318c GetWindowRect
0x1123190 DialogBoxIndirectParamA
0x1123194 CreatePopupMenu
0x1123198 GetSysColorBrush
0x112319c DefWindowProcA
0x11231a0 GetForegroundWindow
0x11231a4 CreateDialogIndirectParamA
0x11231a8 GetClientRect
EAT(Export Address Table) Library
0x1113090 Country
0x1111e40 Raildiffer
0x1112f60 Sleephappen
0x1113220 Whatgrand