ScreenShot
Created | 2021.07.09 09:36 | Machine | s1_win7_x6402 |
Filename | crv.dll | ||
Type | PE32+ executable (DLL) (native) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 30 detected (IcedID, Unsafe, malicious, confidence, Stelega, score, DangerousSig, R + Troj, AGEN, 0NA104G721, Artemis, MalCert, GUABX6, kcloud, ai score=82, PasswordStealer, HggASX8A) | ||
md5 | 3ddeea156606b2e5d19c86cedf3dec30 | ||
sha256 | 33cc3816f98fa22354559711326a5ce1352d819c180be4328a72618d20a78632 | ||
ssdeep | 768:2qLODVjNPDZUEix9i3Mb/pvj5ZzbQJbTfHUdV8VTkj7DjpqZMRQ:2DDVjqx9RZjvbQJPfEA4/DEZMRQ | ||
imphash | 001d993cb52b06dd86f1aafa1c13bed8 | ||
impfuzzy | 3:sUrXAErLgc2SHXX0AXtJaDhBAtJZAORZstJMdAhJO7lBn:BXtLpUAG1Boj70ABBn |
Network IP location
Signature (10cnts)
Level | Description |
---|---|
danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
warning | Generates some ICMP traffic |
notice | A process attempted to delay the analysis task. |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
notice | One or more potentially interesting buffers were extracted |
notice | Performs some HTTP requests |
info | Checks amount of memory in system |
info | Checks if process is being debugged by a debugger |
info | Collects information to fingerprint the system (MachineGuid |
Rules (4cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
info | IsDLL | (no description) | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180005000 GetThreadPriority
0x180005008 GetCurrentThread
0x180005010 CreateThread
0x180005018 WaitForSingleObject
0x180005020 DuplicateHandle
0x180005028 ResumeThread
EAT(Export Address Table) Library
0x180001020 DfcidmAgqxxIybvoovbd
0x180001040 DllGetClassObject
0x1800011b0 DllRegisterServer
0x180001030 FbyouxodmaAmblxtzonyr
0x180001000 GhjrgreaggXyoydphfea
0x180001010 NrmqrpckejMlzraxTtfncwsvfmhs
0x180001120 PluginInit
KERNEL32.dll
0x180005000 GetThreadPriority
0x180005008 GetCurrentThread
0x180005010 CreateThread
0x180005018 WaitForSingleObject
0x180005020 DuplicateHandle
0x180005028 ResumeThread
EAT(Export Address Table) Library
0x180001020 DfcidmAgqxxIybvoovbd
0x180001040 DllGetClassObject
0x1800011b0 DllRegisterServer
0x180001030 FbyouxodmaAmblxtzonyr
0x180001000 GhjrgreaggXyoydphfea
0x180001010 NrmqrpckejMlzraxTtfncwsvfmhs
0x180001120 PluginInit