ScreenShot
| Created | 2021.07.03 09:39 | Machine | s1_win7_x6401 |
| Filename | DiIGFbP6W.php | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 16 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, ccmw, Static AI, Suspicious PE, score, ZedlaF, lu8@amybSnei, Dridex, QVM40) | ||
| md5 | ac34aeef6269a81bbf30358a50b4d8ea | ||
| sha256 | 1b9f7bc405caf49359189d0ff88232f318ba950b42b9aa480267adf3b14d8a84 | ||
| ssdeep | 3072:Tt1lNCvWNelQk0wvfKG+wiDYdgmoZQBmPjcicIPcXpzpx/ttr1A:Tt1/IcwdTiDYdgSUPQicIIpzpxFtr1 | ||
| imphash | 12e30a4970af4cc77d5c6e2437bc7800 | ||
| impfuzzy | 12:oMZUWdY7OQjrjvXF0t2hHp9XtA/Z1XY3b79f:9Davjit2hjdA/Zd6l | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
MPRAPI.dll
0x1000702c MprInfoDelete
0x10007030 MprAdminMIBServerDisconnect
KERNEL32.dll
0x10007014 GetModuleFileNameA
0x10007018 CloseHandle
0x1000701c BackupWrite
0x10007020 GlobalSize
0x10007024 OutputDebugStringA
SHLWAPI.dll
0x10007038 PathRemoveBlanksA
CRYPT32.dll
0x1000700c CryptStringToBinaryA
msvcrt.dll
0x1000705c memset
WS2_32.dll
0x10007054 accept
USER32.dll
0x10007040 FindWindowExA
0x10007044 GetWindowThreadProcessId
0x10007048 TranslateMessage
0x1000704c wsprintfA
ADVAPI32.dll
0x10007000 RegOverridePredefKey
0x10007004 AddUsersToEncryptedFile
EAT(Export Address Table) is none
MPRAPI.dll
0x1000702c MprInfoDelete
0x10007030 MprAdminMIBServerDisconnect
KERNEL32.dll
0x10007014 GetModuleFileNameA
0x10007018 CloseHandle
0x1000701c BackupWrite
0x10007020 GlobalSize
0x10007024 OutputDebugStringA
SHLWAPI.dll
0x10007038 PathRemoveBlanksA
CRYPT32.dll
0x1000700c CryptStringToBinaryA
msvcrt.dll
0x1000705c memset
WS2_32.dll
0x10007054 accept
USER32.dll
0x10007040 FindWindowExA
0x10007044 GetWindowThreadProcessId
0x10007048 TranslateMessage
0x1000704c wsprintfA
ADVAPI32.dll
0x10007000 RegOverridePredefKey
0x10007004 AddUsersToEncryptedFile
EAT(Export Address Table) is none