popup

Report - app.dll

Generic Malware DLL PE32 OS Processor Check PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.07.09 18:27 Machine s1_win7_x6401
Filename app.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
3.2
ZERO API file : clean
VT API (file) 14 detected (malicious, high confidence, Ursnif, GenericKD, score, Outbreak, PossibleThreat, ZedlaF, Bq4@a8prUll, Hx4CdcQA)
md5 f3be390b01c85970deeae124ca36ce2d
sha256 4eef8b6a5bcd808cd0ab0e33efcea2c2f9a36abe556e56556de8550383c9d3ce
ssdeep 12288:AmYDWUbdfyU+H93bJ3aBGQIuSR35F5VBpx:yBbdfJsJqBG5VB/
imphash 6507b1356328cc79bafe86c109deb6e0
impfuzzy 48:CDgZD9ktMS1wGPc+pp6XWZ/HXUn6gaFMEdK7CvE:0g5WtMS1wGPc+ppMe/0uKYE
  Network IP location

Signature (8cnts)

Level Description
warning Generates some ICMP traffic
watch File has been identified by 14 AntiVirus engines on VirusTotal as malicious
notice A process attempted to delay the analysis task.
notice Allocates read-write-execute memory (usually to unpack itself)
notice Performs some HTTP requests
info Collects information to fingerprint the system (MachineGuid
info Queries for the computername
info This executable has a PDB path

Rules (5cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (9cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://app.bighomegl.at/2xwPNaPWy1ZQiexiLbC6/VZ0GzYn7Pl8FGmoMK_2/F_2BmVt10PLNgWt6lgCkjZ/BQJaGkF5_2Bj2/WQk2vLCU/LVe9CiRaoW7DV4pZVQWpnOZ/v93d3I_2BO/snk70e4PO2P8yI7S3/FDNXnkjMgqfN/ssx_2BpUoFx/oWN5XIxgaRF3g6/7zZVvJTAYy9RIuxxE7_2F/E4_2BUZPu7ZpzK8K/KyosgQGgQ9Og
whois
Unknown 165.232.183.49 clean
http://gtr.antoinfer.com/84nY4wtJBmCucm9DepJToo/tGtvaSc2UVcDR/2zHlzO1F/bNkW36xdnhqYoRr7YBQcCNa/y93Q11QS9a/D8M_2ByJBHO9XlQca/n0ujUh20zcI9/JxJawuOL3k9/qfxd1yRLYOgD3c/1_2BR23dLn0o7lTOlQj6I/kUuwdswHQj7W4QHw/RX5E9sxU1Nf_2F_/2FCk0NWnZZALbW1qUN/3laNV7YkW/bzwdg6O
whois
Unknown 165.232.183.49 clean
http://gtr.antoinfer.com/x0jwbi_2BVmvEJ/YY788UXko9WdP0lwUg9z4/xlr6eiTfr0M5_2F_/2B0hv6DVnmCYhu9/xBeBELJQLY7LGafuS2/z2RiTrGJD/J7ilpXhwqBeUfihrroZj/75PMFlX8LLWp9_2FLuj/VP9Q9nczTM8JpiGHr_2Bsl/C0AUAdOLMj_2B/BOOsuxWQ/sGToIoAjZaqeTO1iS_2FD6Y/0lCNBNK1V2/4B6MXLmQ1
whois
Unknown 165.232.183.49 clean
http://app.bighomegl.at/k2XsNn4vNtbKN4bxM/cop2C8FLD9PQ/CIZDrhO4KbH/OEKMyhaO98VXTV/PdCUWIyDHFLKp_2BVqhyR/0oMHkaAYJpcU85cO/giOE9rYmV0qAJui/QzEO9VV5_2F5pR29Ko/Duva_2ByL/h3UWNQc1BSOW7Tv0hFEv/ozPQ_2BA8pr_2BwXOBQ/XMxOiuiw0_2BbxTN1C4C7T/U_2FU7vzVRo1y/3Opur3u_/2F
whois
Unknown 165.232.183.49 clean
http://app.bighomegl.at/6PHRJExJgv9F3f/RKCmZ5SZKe2U6BzdtHmIg/b2mAWCKN8AlBapky/mwvBC3HeM3_2F7H/v9jEttxUzMvPWSf413/oDSl46mjD/GXmTB73zEAxAZybtTx5Q/ujdPaxD7506Nju1VLqn/LkT3ohS0LepSgyWTtS99GU/_2BTVBhdt8fiG/jU9_2FHC/Ya_2FfttFjtqRe0PbxWVe4M/4CuA6rJL_2/BVrvg2P0Bc
whois
Unknown 165.232.183.49 clean
http://gtr.antoinfer.com/4mJue7_2FcPXhGPUkX1/rZFMwThbRasJYpzKNyzQzF/PSIg_2FXxk2wK/9Xz5OIly/Azc15kWESgqkvrg0YqgNbAB/ATDYoeq3xM/RBX01ZO_2BmeeEXMF/vj2wmHEa78z0/VHOqBBPXHyd/fS1ggK8erWH8nj/T0IfWVXaWZeufwtSbDUKQ/bMVoueTwDeGQ8L96/P1YqEr_2FPbvkPa/8PoIMYg_2BkG5mat
whois
Unknown 165.232.183.49 clean
gtr.antoinfer.com
whois
Unknown 165.232.183.49 clean
app.bighomegl.at
whois
Unknown 165.232.183.49 clean
165.232.183.49
whois
Unknown 165.232.183.49 clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x104c014 GetCommandLineA
 0x104c018 GetEnvironmentVariableA
 0x104c01c GetTempPathA
 0x104c020 GetWindowsDirectoryA
 0x104c024 GetCurrentDirectoryA
 0x104c028 SetFileAttributesA
 0x104c02c SetSystemPowerState
 0x104c030 SetConsoleCP
 0x104c034 WriteConsoleW
 0x104c038 HeapReAlloc
 0x104c03c CreateProcessA
 0x104c040 GetFileSizeEx
 0x104c044 GetStringTypeW
 0x104c048 FlushFileBuffers
 0x104c04c GetProcessHeap
 0x104c050 FreeEnvironmentStringsW
 0x104c054 GetEnvironmentStringsW
 0x104c058 WideCharToMultiByte
 0x104c05c GetCommandLineW
 0x104c060 GetCPInfo
 0x104c064 GetModuleFileNameA
 0x104c068 FormatMessageA
 0x104c06c GetSystemTimeAsFileTime
 0x104c070 HeapSize
 0x104c074 VirtualProtect
 0x104c078 GetOEMCP
 0x104c07c GetACP
 0x104c080 IsValidCodePage
 0x104c084 FindNextFileW
 0x104c088 FindFirstFileExW
 0x104c08c FindClose
 0x104c090 SetFilePointerEx
 0x104c094 SetEndOfFile
 0x104c098 MultiByteToWideChar
 0x104c09c GetConsoleCP
 0x104c0a0 UnhandledExceptionFilter
 0x104c0a4 SetUnhandledExceptionFilter
 0x104c0a8 GetCurrentProcess
 0x104c0ac TerminateProcess
 0x104c0b0 IsProcessorFeaturePresent
 0x104c0b4 QueryPerformanceCounter
 0x104c0b8 GetCurrentProcessId
 0x104c0bc GetCurrentThreadId
 0x104c0c0 InitializeSListHead
 0x104c0c4 IsDebuggerPresent
 0x104c0c8 GetStartupInfoW
 0x104c0cc GetModuleHandleW
 0x104c0d0 RaiseException
 0x104c0d4 RtlUnwind
 0x104c0d8 InterlockedFlushSList
 0x104c0dc GetLastError
 0x104c0e0 SetLastError
 0x104c0e4 EncodePointer
 0x104c0e8 EnterCriticalSection
 0x104c0ec LeaveCriticalSection
 0x104c0f0 DeleteCriticalSection
 0x104c0f4 InitializeCriticalSectionAndSpinCount
 0x104c0f8 TlsAlloc
 0x104c0fc TlsGetValue
 0x104c100 TlsSetValue
 0x104c104 TlsFree
 0x104c108 FreeLibrary
 0x104c10c GetProcAddress
 0x104c110 LoadLibraryExW
 0x104c114 CloseHandle
 0x104c118 CreateFileW
 0x104c11c GetFileType
 0x104c120 ExitProcess
 0x104c124 GetModuleHandleExW
 0x104c128 GetModuleFileNameW
 0x104c12c HeapAlloc
 0x104c130 HeapFree
 0x104c134 LCMapStringW
 0x104c138 GetLocaleInfoW
 0x104c13c IsValidLocale
 0x104c140 GetUserDefaultLCID
 0x104c144 EnumSystemLocalesW
 0x104c148 GetStdHandle
 0x104c14c ReadFile
 0x104c150 GetConsoleMode
 0x104c154 ReadConsoleW
 0x104c158 SetStdHandle
 0x104c15c WriteFile
 0x104c160 DecodePointer
USER32.dll
 0x104c168 ValidateRect
 0x104c16c MapWindowPoints
 0x104c170 PostMessageW
 0x104c174 EmptyClipboard
 0x104c178 GetSystemMetrics
 0x104c17c DestroyMenu
 0x104c180 BeginPaint
 0x104c184 InvalidateRect
ole32.dll
 0x104c1b4 CoTaskMemAlloc
 0x104c1b8 CoTaskMemFree
 0x104c1bc CoInitialize
 0x104c1c0 CoUninitialize
ADVAPI32.dll
 0x104c000 RegOpenKeyExA
 0x104c004 RegCreateKeyA
 0x104c008 RegCloseKey
 0x104c00c RegQueryValueExA
WS2_32.dll
 0x104c198 WSACloseEvent
 0x104c19c WSASocketA
 0x104c1a0 WSAConnect
 0x104c1a4 WSACleanup
 0x104c1a8 WSAStartup
 0x104c1ac WSAWaitForMultipleEvents
UxTheme.dll
 0x104c18c GetThemeFont
 0x104c190 CloseThemeData

EAT(Export Address Table) Library

0x102a030 Fatreply
0x1028d80 Periodwait
0x102a340 Seemprove
0x102a0f0 Which

Similarity measure (PE file only) - Checking for service failure