ScreenShot
| Created | 2021.07.12 10:31 | Machine | s1_win7_x6401 |
| Filename | app.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (malicious, high confidence, GenericKD, Artemis, Unsafe, ZedlaF, Fq4@aeH3VMm, UrsnifDropper, wdbmm, ai score=82, Wacapew, Ursnif, 6U87J5, score, PossibleThreat) | ||
| md5 | 0bb29556ece1c51c751cb4e7c8752ddc | ||
| sha256 | af1b052362469a67fcd871558b24efa2be44a4b29f88112e5c2d2295a1dc4252 | ||
| ssdeep | 12288:pvlT2EsAw96epX+uHfa7Z5svN/RM2ZcV8TFITzhz3VFVUJcXH4nw7P1N:ZsN96cfKFVUJQu | ||
| imphash | df95180b6da9d16cb69b63ca8bb7f332 | ||
| impfuzzy | 48:dkOjBtc+8mWtMS1JGv4XErZEZX/hOpfln1K7ZGT:dk+c+8ntMS1JGvCIU8KgT | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1051014 GetEnvironmentVariableA
0x1051018 GetSystemDirectoryA
0x105101c GetTempPathA
0x1051020 GetWindowsDirectoryA
0x1051024 GetCurrentDirectoryA
0x1051028 DeleteFileA
0x105102c SetConsoleCP
0x1051030 GetStartupInfoA
0x1051034 WriteConsoleW
0x1051038 GetProcessHeap
0x105103c SetEnvironmentVariableA
0x1051040 FreeEnvironmentStringsW
0x1051044 GetEnvironmentStringsW
0x1051048 GetCommandLineW
0x105104c GetCommandLineA
0x1051050 GetOEMCP
0x1051054 IsValidCodePage
0x1051058 CreateProcessA
0x105105c GetTickCount
0x1051060 CloseHandle
0x1051064 HeapSize
0x1051068 VirtualProtect
0x105106c FindNextFileA
0x1051070 FindFirstFileExA
0x1051074 FindClose
0x1051078 HeapReAlloc
0x105107c WideCharToMultiByte
0x1051080 GetLastError
0x1051084 EnterCriticalSection
0x1051088 LeaveCriticalSection
0x105108c DeleteCriticalSection
0x1051090 MultiByteToWideChar
0x1051094 EncodePointer
0x1051098 DecodePointer
0x105109c SetLastError
0x10510a0 InitializeCriticalSectionAndSpinCount
0x10510a4 SwitchToThread
0x10510a8 TlsAlloc
0x10510ac TlsGetValue
0x10510b0 TlsSetValue
0x10510b4 TlsFree
0x10510b8 GetSystemTimeAsFileTime
0x10510bc GetModuleHandleW
0x10510c0 GetProcAddress
0x10510c4 CompareStringW
0x10510c8 LCMapStringW
0x10510cc GetLocaleInfoW
0x10510d0 GetStringTypeW
0x10510d4 GetCPInfo
0x10510d8 UnhandledExceptionFilter
0x10510dc SetUnhandledExceptionFilter
0x10510e0 GetCurrentProcess
0x10510e4 TerminateProcess
0x10510e8 IsProcessorFeaturePresent
0x10510ec QueryPerformanceCounter
0x10510f0 GetCurrentProcessId
0x10510f4 GetCurrentThreadId
0x10510f8 InitializeSListHead
0x10510fc IsDebuggerPresent
0x1051100 GetStartupInfoW
0x1051104 RaiseException
0x1051108 RtlUnwind
0x105110c InterlockedFlushSList
0x1051110 FreeLibrary
0x1051114 LoadLibraryExW
0x1051118 CreateFileW
0x105111c GetFileType
0x1051120 ExitProcess
0x1051124 GetModuleHandleExW
0x1051128 GetModuleFileNameA
0x105112c HeapAlloc
0x1051130 HeapFree
0x1051134 GetACP
0x1051138 GetStdHandle
0x105113c GetTimeZoneInformation
0x1051140 IsValidLocale
0x1051144 GetUserDefaultLCID
0x1051148 EnumSystemLocalesW
0x105114c SetStdHandle
0x1051150 WriteFile
0x1051154 GetConsoleCP
0x1051158 GetConsoleMode
0x105115c SetEndOfFile
0x1051160 ReadFile
0x1051164 ReadConsoleW
0x1051168 SetFilePointerEx
0x105116c FlushFileBuffers
USER32.dll
0x1051184 GetClipboardData
0x1051188 SendMessageA
0x105118c DestroyWindow
0x1051190 CheckRadioButton
0x1051194 SendDlgItemMessageW
0x1051198 SetClipboardData
0x105119c SetForegroundWindow
ole32.dll
0x10511b0 CoTaskMemFree
0x10511b4 CoInitialize
0x10511b8 CoTaskMemAlloc
0x10511bc CoUninitialize
ADVAPI32.dll
0x1051000 RegOpenKeyExA
0x1051004 RegCreateKeyA
0x1051008 RegCloseKey
0x105100c RegQueryValueExA
WTSAPI32.dll
0x10511a4 WTSCloseServer
0x10511a8 WTSOpenServerA
NETAPI32.dll
0x1051174 NetWkstaGetInfo
0x1051178 NetWkstaSetInfo
0x105117c NetApiBufferFree
EAT(Export Address Table) Library
0x1028480 Busysection
0x1028730 Dealthis
0x1028560 Sing
0x1027390 Teethshould
KERNEL32.dll
0x1051014 GetEnvironmentVariableA
0x1051018 GetSystemDirectoryA
0x105101c GetTempPathA
0x1051020 GetWindowsDirectoryA
0x1051024 GetCurrentDirectoryA
0x1051028 DeleteFileA
0x105102c SetConsoleCP
0x1051030 GetStartupInfoA
0x1051034 WriteConsoleW
0x1051038 GetProcessHeap
0x105103c SetEnvironmentVariableA
0x1051040 FreeEnvironmentStringsW
0x1051044 GetEnvironmentStringsW
0x1051048 GetCommandLineW
0x105104c GetCommandLineA
0x1051050 GetOEMCP
0x1051054 IsValidCodePage
0x1051058 CreateProcessA
0x105105c GetTickCount
0x1051060 CloseHandle
0x1051064 HeapSize
0x1051068 VirtualProtect
0x105106c FindNextFileA
0x1051070 FindFirstFileExA
0x1051074 FindClose
0x1051078 HeapReAlloc
0x105107c WideCharToMultiByte
0x1051080 GetLastError
0x1051084 EnterCriticalSection
0x1051088 LeaveCriticalSection
0x105108c DeleteCriticalSection
0x1051090 MultiByteToWideChar
0x1051094 EncodePointer
0x1051098 DecodePointer
0x105109c SetLastError
0x10510a0 InitializeCriticalSectionAndSpinCount
0x10510a4 SwitchToThread
0x10510a8 TlsAlloc
0x10510ac TlsGetValue
0x10510b0 TlsSetValue
0x10510b4 TlsFree
0x10510b8 GetSystemTimeAsFileTime
0x10510bc GetModuleHandleW
0x10510c0 GetProcAddress
0x10510c4 CompareStringW
0x10510c8 LCMapStringW
0x10510cc GetLocaleInfoW
0x10510d0 GetStringTypeW
0x10510d4 GetCPInfo
0x10510d8 UnhandledExceptionFilter
0x10510dc SetUnhandledExceptionFilter
0x10510e0 GetCurrentProcess
0x10510e4 TerminateProcess
0x10510e8 IsProcessorFeaturePresent
0x10510ec QueryPerformanceCounter
0x10510f0 GetCurrentProcessId
0x10510f4 GetCurrentThreadId
0x10510f8 InitializeSListHead
0x10510fc IsDebuggerPresent
0x1051100 GetStartupInfoW
0x1051104 RaiseException
0x1051108 RtlUnwind
0x105110c InterlockedFlushSList
0x1051110 FreeLibrary
0x1051114 LoadLibraryExW
0x1051118 CreateFileW
0x105111c GetFileType
0x1051120 ExitProcess
0x1051124 GetModuleHandleExW
0x1051128 GetModuleFileNameA
0x105112c HeapAlloc
0x1051130 HeapFree
0x1051134 GetACP
0x1051138 GetStdHandle
0x105113c GetTimeZoneInformation
0x1051140 IsValidLocale
0x1051144 GetUserDefaultLCID
0x1051148 EnumSystemLocalesW
0x105114c SetStdHandle
0x1051150 WriteFile
0x1051154 GetConsoleCP
0x1051158 GetConsoleMode
0x105115c SetEndOfFile
0x1051160 ReadFile
0x1051164 ReadConsoleW
0x1051168 SetFilePointerEx
0x105116c FlushFileBuffers
USER32.dll
0x1051184 GetClipboardData
0x1051188 SendMessageA
0x105118c DestroyWindow
0x1051190 CheckRadioButton
0x1051194 SendDlgItemMessageW
0x1051198 SetClipboardData
0x105119c SetForegroundWindow
ole32.dll
0x10511b0 CoTaskMemFree
0x10511b4 CoInitialize
0x10511b8 CoTaskMemAlloc
0x10511bc CoUninitialize
ADVAPI32.dll
0x1051000 RegOpenKeyExA
0x1051004 RegCreateKeyA
0x1051008 RegCloseKey
0x105100c RegQueryValueExA
WTSAPI32.dll
0x10511a4 WTSCloseServer
0x10511a8 WTSOpenServerA
NETAPI32.dll
0x1051174 NetWkstaGetInfo
0x1051178 NetWkstaSetInfo
0x105117c NetApiBufferFree
EAT(Export Address Table) Library
0x1028480 Busysection
0x1028730 Dealthis
0x1028560 Sing
0x1027390 Teethshould