ScreenShot
| Created | 2021.07.07 09:34 | Machine | s1_win7_x6401 |
| Filename | dllmar.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (malicious, high confidence, score, Unsafe, Tracur, Save, EmotetedCryptc, confidence, 100%, Attribute, HighConfidence, ccmw, GenericKD, FileRepMalware, Drixed, kcloud, Dridex, ai score=88, Generic@ML, RDML, 3PF5Qj0DKvFIOulPeawmOw, Static AI, Suspicious PE, ZedlaF, lu8@aCHJXOii) | ||
| md5 | c2b80fa119a1f182a24569df973f6b44 | ||
| sha256 | 7c80c1cbca689063977ae3ea76bf38553e02819ecb28b48ec2b1c7d4633e6052 | ||
| ssdeep | 3072:3JWgjeWy6Qn2EjqWHBFtvLSmZIMr1ckoXYZK1+5RUQ3cg5NwrSl+2wxvvVDqwl+a:30gdy6I29sSqD15oXYZTBMYwrSl+2wxU | ||
| imphash | f978d36888801e6e304b48aa9b0d79ca | ||
| impfuzzy | 6:HgpcrMArvX6lTXKUHXQ1bXhrV92fz1XYBVoT8579Ky+:ZrnvXyTXtAHp92fz1XY3b79Ky+ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Dridex_Gene_Zero | Win32 Trojan Dridex Gene | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x10007048 memset
SHLWAPI.dll
0x10007028 PathRemoveBlanksA
KERNEL32.dll
0x1000700c GlobalSize
0x10007010 CloseHandle
0x10007014 OutputDebugStringA
0x10007018 GetModuleFileNameA
USER32.dll
0x10007030 TranslateMessage
0x10007034 GetWindowThreadProcessId
0x10007038 FindWindowExA
WS2_32.dll
0x10007040 accept
ADVAPI32.dll
0x10007000 RegOverridePredefKey
0x10007004 AddUsersToEncryptedFile
MPRAPI.dll
0x10007020 MprInfoDelete
EAT(Export Address Table) is none
msvcrt.dll
0x10007048 memset
SHLWAPI.dll
0x10007028 PathRemoveBlanksA
KERNEL32.dll
0x1000700c GlobalSize
0x10007010 CloseHandle
0x10007014 OutputDebugStringA
0x10007018 GetModuleFileNameA
USER32.dll
0x10007030 TranslateMessage
0x10007034 GetWindowThreadProcessId
0x10007038 FindWindowExA
WS2_32.dll
0x10007040 accept
ADVAPI32.dll
0x10007000 RegOverridePredefKey
0x10007004 AddUsersToEncryptedFile
MPRAPI.dll
0x10007020 MprInfoDelete
EAT(Export Address Table) is none