ScreenShot
| Created | 2021.07.13 14:36 | Machine | s1_win7_x6401 |
| Filename | V-aim.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 11 detected (Unsafe, Save, malicious, confidence, A + Mal, VMProtBad, Static AI, Suspicious PE, score, Artemis) | ||
| md5 | 68d7d6f7f4c22abe217d12cc42be689f | ||
| sha256 | 30b26f80ad084b294ef805529d030861976835a419ea1d6ce796a1af717dff1c | ||
| ssdeep | 196608:+FYa5CCvN0PA6BTPZbGlbVBHdOPgs+KhgmtuXvvccpKGG/r6m0k4HmgV:+j8CmA4PZ0B0WKVuMyKX6m/cmg | ||
| imphash | 04466488de51b27fbbdabb9704313cd1 | ||
| impfuzzy | 24:mDIgYuNFhd537yRKIYf6aQtXJHc9NDI5Q8:DwPhXoKJ6nXpcM5Q8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180f4c000 GetProcAddress
USER32.dll
0x180f4c010 ClientToScreen
ADVAPI32.dll
0x180f4c020 RegSetValueExW
MSVCP140.dll
0x180f4c030 ?_Xinvalid_argument@std@@YAXPEBD@Z
D3DCOMPILER_47.dll
0x180f4c040 D3DCompile
IMM32.dll
0x180f4c050 ImmSetCompositionWindow
WINHTTP.dll
0x180f4c060 WinHttpQueryDataAvailable
VCRUNTIME140_1.dll
0x180f4c070 __CxxFrameHandler4
VCRUNTIME140.dll
0x180f4c080 __std_exception_destroy
api-ms-win-crt-heap-l1-1-0.dll
0x180f4c090 _callnewh
api-ms-win-crt-runtime-l1-1-0.dll
0x180f4c0a0 _seh_filter_dll
api-ms-win-crt-convert-l1-1-0.dll
0x180f4c0b0 atof
api-ms-win-crt-stdio-l1-1-0.dll
0x180f4c0c0 __stdio_common_vsprintf_s
api-ms-win-crt-filesystem-l1-1-0.dll
0x180f4c0d0 _mkdir
api-ms-win-crt-environment-l1-1-0.dll
0x180f4c0e0 getenv
api-ms-win-crt-string-l1-1-0.dll
0x180f4c0f0 strcpy_s
api-ms-win-crt-time-l1-1-0.dll
0x180f4c100 clock
api-ms-win-crt-utility-l1-1-0.dll
0x180f4c110 srand
api-ms-win-crt-math-l1-1-0.dll
0x180f4c120 fmax
WTSAPI32.dll
0x180f4c130 WTSSendMessageW
KERNEL32.dll
0x180f4c140 GetSystemTimeAsFileTime
USER32.dll
0x180f4c150 GetUserObjectInformationW
KERNEL32.dll
0x180f4c160 LocalAlloc
0x180f4c168 LocalFree
0x180f4c170 GetModuleFileNameW
0x180f4c178 GetProcessAffinityMask
0x180f4c180 SetProcessAffinityMask
0x180f4c188 SetThreadAffinityMask
0x180f4c190 Sleep
0x180f4c198 ExitProcess
0x180f4c1a0 FreeLibrary
0x180f4c1a8 LoadLibraryA
0x180f4c1b0 GetModuleHandleA
0x180f4c1b8 GetProcAddress
USER32.dll
0x180f4c1c8 GetProcessWindowStation
0x180f4c1d0 GetUserObjectInformationW
EAT(Export Address Table) is none
KERNEL32.dll
0x180f4c000 GetProcAddress
USER32.dll
0x180f4c010 ClientToScreen
ADVAPI32.dll
0x180f4c020 RegSetValueExW
MSVCP140.dll
0x180f4c030 ?_Xinvalid_argument@std@@YAXPEBD@Z
D3DCOMPILER_47.dll
0x180f4c040 D3DCompile
IMM32.dll
0x180f4c050 ImmSetCompositionWindow
WINHTTP.dll
0x180f4c060 WinHttpQueryDataAvailable
VCRUNTIME140_1.dll
0x180f4c070 __CxxFrameHandler4
VCRUNTIME140.dll
0x180f4c080 __std_exception_destroy
api-ms-win-crt-heap-l1-1-0.dll
0x180f4c090 _callnewh
api-ms-win-crt-runtime-l1-1-0.dll
0x180f4c0a0 _seh_filter_dll
api-ms-win-crt-convert-l1-1-0.dll
0x180f4c0b0 atof
api-ms-win-crt-stdio-l1-1-0.dll
0x180f4c0c0 __stdio_common_vsprintf_s
api-ms-win-crt-filesystem-l1-1-0.dll
0x180f4c0d0 _mkdir
api-ms-win-crt-environment-l1-1-0.dll
0x180f4c0e0 getenv
api-ms-win-crt-string-l1-1-0.dll
0x180f4c0f0 strcpy_s
api-ms-win-crt-time-l1-1-0.dll
0x180f4c100 clock
api-ms-win-crt-utility-l1-1-0.dll
0x180f4c110 srand
api-ms-win-crt-math-l1-1-0.dll
0x180f4c120 fmax
WTSAPI32.dll
0x180f4c130 WTSSendMessageW
KERNEL32.dll
0x180f4c140 GetSystemTimeAsFileTime
USER32.dll
0x180f4c150 GetUserObjectInformationW
KERNEL32.dll
0x180f4c160 LocalAlloc
0x180f4c168 LocalFree
0x180f4c170 GetModuleFileNameW
0x180f4c178 GetProcessAffinityMask
0x180f4c180 SetProcessAffinityMask
0x180f4c188 SetThreadAffinityMask
0x180f4c190 Sleep
0x180f4c198 ExitProcess
0x180f4c1a0 FreeLibrary
0x180f4c1a8 LoadLibraryA
0x180f4c1b0 GetModuleHandleA
0x180f4c1b8 GetProcAddress
USER32.dll
0x180f4c1c8 GetProcessWindowStation
0x180f4c1d0 GetUserObjectInformationW
EAT(Export Address Table) is none