ScreenShot
| Created | 2021.07.01 13:17 | Machine | s1_win7_x6402 |
| Filename | start.wll | ||
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 30 detected (AIDetect, malware1, malicious, high confidence, Artemis, Unsafe, Save, confidence, Attribute, HighConfidence, FileRepMetagen, ET#78%, RDMK, cmRtazo9JTq+YDSf9qVDYKqfvf7C, Generic PUA OI, Static AI, Malicious PE, ATRAPS, ai score=86, Azorult, score, ZedlaF, Ju4@a8e5YQmi, BScope, Occamy) | ||
| md5 | b913ed9e030cc8fff0633815b65bab5b | ||
| sha256 | fc326e9feb2d74f98c048172b778f04084be3d766f0d55c08886b4e22edec652 | ||
| ssdeep | 12288:/DudFfD68wjnjHPHQRG9ybJRYpLPPjN4vPBhBqD:0FsQRGgJRYRjUBhBqD | ||
| imphash | 5762922cfa7a1067c1b0a201372e7196 | ||
| impfuzzy | 24:V/2aDtPOLGS8OovnXlgJKzt5cQIlyvpLjMv5HOT4tBu2e:VHOLGSjut5cHKpQcck | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1001100c ExpandEnvironmentStringsA
0x10011010 GetModuleHandleA
0x10011014 GetProcAddress
0x10011018 GetSystemTimeAsFileTime
0x1001101c GetLastError
0x10011020 DeleteFileA
0x10011024 RaiseException
0x10011028 RtlUnwind
0x1001102c HeapAlloc
0x10011030 GetCurrentThreadId
0x10011034 DecodePointer
0x10011038 GetCommandLineA
0x1001103c HeapFree
0x10011040 IsProcessorFeaturePresent
0x10011044 EncodePointer
0x10011048 TlsAlloc
0x1001104c TlsGetValue
0x10011050 TlsSetValue
0x10011054 TlsFree
0x10011058 InterlockedIncrement
0x1001105c GetModuleHandleW
0x10011060 SetLastError
0x10011064 InterlockedDecrement
0x10011068 CloseHandle
0x1001106c UnhandledExceptionFilter
0x10011070 SetUnhandledExceptionFilter
0x10011074 IsDebuggerPresent
0x10011078 TerminateProcess
0x1001107c GetCurrentProcess
0x10011080 EnterCriticalSection
0x10011084 LeaveCriticalSection
0x10011088 SetHandleCount
0x1001108c GetStdHandle
0x10011090 InitializeCriticalSectionAndSpinCount
0x10011094 GetFileType
0x10011098 GetStartupInfoW
0x1001109c DeleteCriticalSection
0x100110a0 WriteFile
0x100110a4 WideCharToMultiByte
0x100110a8 GetConsoleCP
0x100110ac GetConsoleMode
0x100110b0 ExitProcess
0x100110b4 GetModuleFileNameW
0x100110b8 HeapCreate
0x100110bc HeapDestroy
0x100110c0 Sleep
0x100110c4 GetModuleFileNameA
0x100110c8 FreeEnvironmentStringsW
0x100110cc GetEnvironmentStringsW
0x100110d0 QueryPerformanceCounter
0x100110d4 GetTickCount
0x100110d8 GetCurrentProcessId
0x100110dc GetCPInfo
0x100110e0 GetACP
0x100110e4 GetOEMCP
0x100110e8 IsValidCodePage
0x100110ec SetStdHandle
0x100110f0 FlushFileBuffers
0x100110f4 CreateFileA
0x100110f8 HeapSize
0x100110fc SetFilePointer
0x10011100 WriteConsoleW
0x10011104 MultiByteToWideChar
0x10011108 LoadLibraryW
0x1001110c HeapReAlloc
0x10011110 LCMapStringW
0x10011114 GetStringTypeW
0x10011118 SetEndOfFile
0x1001111c GetProcessHeap
0x10011120 ReadFile
0x10011124 CreateFileW
0x10011128 GetFileAttributesA
ADVAPI32.dll
0x10011000 RegOpenKeyExA
0x10011004 RegCloseKey
EAT(Export Address Table) is none
KERNEL32.dll
0x1001100c ExpandEnvironmentStringsA
0x10011010 GetModuleHandleA
0x10011014 GetProcAddress
0x10011018 GetSystemTimeAsFileTime
0x1001101c GetLastError
0x10011020 DeleteFileA
0x10011024 RaiseException
0x10011028 RtlUnwind
0x1001102c HeapAlloc
0x10011030 GetCurrentThreadId
0x10011034 DecodePointer
0x10011038 GetCommandLineA
0x1001103c HeapFree
0x10011040 IsProcessorFeaturePresent
0x10011044 EncodePointer
0x10011048 TlsAlloc
0x1001104c TlsGetValue
0x10011050 TlsSetValue
0x10011054 TlsFree
0x10011058 InterlockedIncrement
0x1001105c GetModuleHandleW
0x10011060 SetLastError
0x10011064 InterlockedDecrement
0x10011068 CloseHandle
0x1001106c UnhandledExceptionFilter
0x10011070 SetUnhandledExceptionFilter
0x10011074 IsDebuggerPresent
0x10011078 TerminateProcess
0x1001107c GetCurrentProcess
0x10011080 EnterCriticalSection
0x10011084 LeaveCriticalSection
0x10011088 SetHandleCount
0x1001108c GetStdHandle
0x10011090 InitializeCriticalSectionAndSpinCount
0x10011094 GetFileType
0x10011098 GetStartupInfoW
0x1001109c DeleteCriticalSection
0x100110a0 WriteFile
0x100110a4 WideCharToMultiByte
0x100110a8 GetConsoleCP
0x100110ac GetConsoleMode
0x100110b0 ExitProcess
0x100110b4 GetModuleFileNameW
0x100110b8 HeapCreate
0x100110bc HeapDestroy
0x100110c0 Sleep
0x100110c4 GetModuleFileNameA
0x100110c8 FreeEnvironmentStringsW
0x100110cc GetEnvironmentStringsW
0x100110d0 QueryPerformanceCounter
0x100110d4 GetTickCount
0x100110d8 GetCurrentProcessId
0x100110dc GetCPInfo
0x100110e0 GetACP
0x100110e4 GetOEMCP
0x100110e8 IsValidCodePage
0x100110ec SetStdHandle
0x100110f0 FlushFileBuffers
0x100110f4 CreateFileA
0x100110f8 HeapSize
0x100110fc SetFilePointer
0x10011100 WriteConsoleW
0x10011104 MultiByteToWideChar
0x10011108 LoadLibraryW
0x1001110c HeapReAlloc
0x10011110 LCMapStringW
0x10011114 GetStringTypeW
0x10011118 SetEndOfFile
0x1001111c GetProcessHeap
0x10011120 ReadFile
0x10011124 CreateFileW
0x10011128 GetFileAttributesA
ADVAPI32.dll
0x10011000 RegOpenKeyExA
0x10011004 RegCloseKey
EAT(Export Address Table) is none