Report - ComparePlus.dll

Lazarus Family UPX Malicious Library PE File OS Processor Check PE32 DLL
ScreenShot
Created 2021.07.20 09:47 Machine s1_win7_x6401
Filename ComparePlus.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
2
Behavior Score
1.8
ZERO API file : clean
VT API (file) 30 detected (GenericKD, Agentb, Unsafe, malicious, confidence, 100%, NukeSped, VSNTG521, eltin, Lazardoor, R422302, 475016L, ai score=100, susgen, HgkASX4A)
md5 b3a8c88297daecdb9b0ac54a3c107797
sha256 a881c9f40c1a5be3919cafb2ebe2bb5b19e29f0f7b28186ee1f4b554d692e776
ssdeep 12288:6wK18bRRnjb5/DvI4opt3FjOGAlQ1OT3bs/y7n:6wKObRRNDvIpdF/kQ1QbsaT
imphash 792f78fda7ec7161930d2b70a7dfd479
impfuzzy 96:E9Dsl2N/Sa9aXNys9X110x7GzSLSvftScpetw+FA7sUqr5:CscH9a9l9FSxbFwR7sUqr5
  Network IP location

Signature (4cnts)

Level Description
danger File has been identified by 30 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
info Checks if process is being debugged by a debugger
info One or more processes crashed

Rules (7cnts)

Level Name Description Collection
danger Lazarus_Zero Lazarus Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

SHLWAPI.dll
 0x10054270 PathFindFileNameW
 0x10054274 PathFindExtensionW
 0x10054278 PathFileExistsW
 0x1005427c PathCombineW
 0x10054280 PathIsDirectoryW
 0x10054284 PathIsRootW
 0x10054288 PathRemoveFileSpecA
 0x1005428c PathRemoveFileSpecW
 0x10054290 PathRemoveExtensionW
 0x10054294 PathAppendW
KERNEL32.dll
 0x10054060 GetTickCount
 0x10054064 GetTempPathW
 0x10054068 SetFileAttributesW
 0x1005406c DeleteFileW
 0x10054070 CopyFileW
 0x10054074 WaitForSingleObject
 0x10054078 LoadLibraryW
 0x1005407c GetModuleFileNameW
 0x10054080 Sleep
 0x10054084 MultiByteToWideChar
 0x10054088 WideCharToMultiByte
 0x1005408c LockResource
 0x10054090 GlobalAlloc
 0x10054094 GlobalLock
 0x10054098 GlobalFree
 0x1005409c GetLastError
 0x100540a0 LoadResource
 0x100540a4 SizeofResource
 0x100540a8 FindResourceW
 0x100540ac GetCurrentThreadId
 0x100540b0 SetEvent
 0x100540b4 ResetEvent
 0x100540b8 CloseHandle
 0x100540bc CreateEventW
 0x100540c0 GetModuleHandleExW
 0x100540c4 lstrlenA
 0x100540c8 GetModuleHandleA
 0x100540cc GetThreadTimes
 0x100540d0 UnregisterWait
 0x100540d4 RegisterWaitForSingleObject
 0x100540d8 SetThreadAffinityMask
 0x100540dc GetProcessAffinityMask
 0x100540e0 GetNumaHighestNodeNumber
 0x100540e4 DeleteTimerQueueTimer
 0x100540e8 ChangeTimerQueueTimer
 0x100540ec CreateTimerQueueTimer
 0x100540f0 GetLogicalProcessorInformation
 0x100540f4 GetThreadPriority
 0x100540f8 SetThreadPriority
 0x100540fc SignalObjectAndWait
 0x10054100 CreateTimerQueue
 0x10054104 CreateFileW
 0x10054108 DecodePointer
 0x1005410c WriteConsoleW
 0x10054110 SetFilePointerEx
 0x10054114 GetConsoleMode
 0x10054118 GetConsoleCP
 0x1005411c WriteFile
 0x10054120 FlushFileBuffers
 0x10054124 HeapSize
 0x10054128 SetStdHandle
 0x1005412c GetProcessHeap
 0x10054130 CreateThread
 0x10054134 GetEnvironmentStringsW
 0x10054138 GetCommandLineW
 0x1005413c GetCommandLineA
 0x10054140 GetCPInfo
 0x10054144 GetOEMCP
 0x10054148 IsValidCodePage
 0x1005414c FindNextFileA
 0x10054150 FindFirstFileExA
 0x10054154 FindClose
 0x10054158 LCMapStringW
 0x1005415c HeapReAlloc
 0x10054160 GetStringTypeW
 0x10054164 GetFileType
 0x10054168 GetStdHandle
 0x1005416c GetACP
 0x10054170 HeapAlloc
 0x10054174 HeapFree
 0x10054178 ExitThread
 0x1005417c GetModuleFileNameA
 0x10054180 ExitProcess
 0x10054184 LoadLibraryExW
 0x10054188 FreeLibrary
 0x1005418c EncodePointer
 0x10054190 InterlockedFlushSList
 0x10054194 InterlockedPushEntrySList
 0x10054198 RaiseException
 0x1005419c RtlUnwind
 0x100541a0 TlsFree
 0x100541a4 TlsSetValue
 0x100541a8 TlsGetValue
 0x100541ac TlsAlloc
 0x100541b0 SetLastError
 0x100541b4 TryEnterCriticalSection
 0x100541b8 GetNativeSystemInfo
 0x100541bc GetExitCodeThread
 0x100541c0 GetCurrentThread
 0x100541c4 SwitchToThread
 0x100541c8 DuplicateHandle
 0x100541cc InitializeSListHead
 0x100541d0 GetSystemTimeAsFileTime
 0x100541d4 CreateDirectoryW
 0x100541d8 WritePrivateProfileStringW
 0x100541dc GetPrivateProfileIntW
 0x100541e0 LocalFree
 0x100541e4 IsBadReadPtr
 0x100541e8 LocalAlloc
 0x100541ec LoadLibraryA
 0x100541f0 GetProcAddress
 0x100541f4 FreeLibraryAndExitThread
 0x100541f8 GetModuleHandleW
 0x100541fc GetVersionExW
 0x10054200 VirtualAlloc
 0x10054204 VirtualProtect
 0x10054208 VirtualFree
 0x1005420c ReleaseSemaphore
 0x10054210 InterlockedPopEntrySList
 0x10054214 MulDiv
 0x10054218 QueryDepthSList
 0x1005421c UnregisterWaitEx
 0x10054220 GetCurrentProcessId
 0x10054224 QueryPerformanceCounter
 0x10054228 GetStartupInfoW
 0x1005422c IsDebuggerPresent
 0x10054230 FreeEnvironmentStringsW
 0x10054234 UnhandledExceptionFilter
 0x10054238 SetUnhandledExceptionFilter
 0x1005423c GetCurrentProcess
 0x10054240 TerminateProcess
 0x10054244 IsProcessorFeaturePresent
 0x10054248 EnterCriticalSection
 0x1005424c LeaveCriticalSection
 0x10054250 InitializeCriticalSectionAndSpinCount
 0x10054254 DeleteCriticalSection
 0x10054258 WaitForSingleObjectEx
USER32.dll
 0x1005429c PostMessageW
 0x100542a0 DispatchMessageW
 0x100542a4 GetMessageW
 0x100542a8 SystemParametersInfoW
 0x100542ac GetParent
 0x100542b0 ClientToScreen
 0x100542b4 GetSystemMetrics
 0x100542b8 CreateDialogIndirectParamW
 0x100542bc GetClassNameW
 0x100542c0 EnumChildWindows
 0x100542c4 CharLowerW
 0x100542c8 SetScrollInfo
 0x100542cc DestroyIcon
 0x100542d0 GetSysColorBrush
 0x100542d4 ShowScrollBar
 0x100542d8 GetScrollPos
 0x100542dc SetScrollPos
 0x100542e0 SetCapture
 0x100542e4 CreateWindowExW
 0x100542e8 MessageBoxA
 0x100542ec IsCharAlphaNumericA
 0x100542f0 LoadImageW
 0x100542f4 DestroyCursor
 0x100542f8 GetDC
 0x100542fc EnableMenuItem
 0x10054300 DrawMenuBar
 0x10054304 GetMenuState
 0x10054308 ReleaseCapture
 0x1005430c GetCapture
 0x10054310 SetFocus
 0x10054314 FlashWindowEx
 0x10054318 MessageBoxW
 0x1005431c PostQuitMessage
 0x10054320 SetTimer
 0x10054324 GetDlgItemInt
 0x10054328 SetDlgItemInt
 0x1005432c FrameRect
 0x10054330 SendDlgItemMessageW
 0x10054334 CreateDialogParamW
 0x10054338 InflateRect
 0x1005433c FillRect
 0x10054340 DrawFocusRect
 0x10054344 GetWindowRect
 0x10054348 RedrawWindow
 0x1005434c ReleaseDC
 0x10054350 GetWindowDC
 0x10054354 GetFocus
 0x10054358 IsWindowVisible
 0x1005435c SetWindowPos
 0x10054360 MoveWindow
 0x10054364 ShowWindow
 0x10054368 DestroyWindow
 0x1005436c SendMessageW
 0x10054370 SetDlgItemTextW
 0x10054374 GetDlgItem
 0x10054378 EndDialog
 0x1005437c DialogBoxParamW
 0x10054380 CreateCursor
 0x10054384 SetWindowLongW
 0x10054388 GetWindowLongW
 0x1005438c GetSysColor
 0x10054390 SetCursor
 0x10054394 GetClientRect
 0x10054398 GetWindowTextW
 0x1005439c InvalidateRect
 0x100543a0 EndPaint
 0x100543a4 BeginPaint
 0x100543a8 UpdateWindow
 0x100543ac DrawTextW
 0x100543b0 CallWindowProcW
 0x100543b4 UnregisterClassW
 0x100543b8 DefWindowProcW
 0x100543bc RegisterClassExW
 0x100543c0 EnableWindow
 0x100543c4 SetForegroundWindow
 0x100543c8 AdjustWindowRectEx
 0x100543cc SetWindowsHookExW
 0x100543d0 UnhookWindowsHookEx
 0x100543d4 CallNextHookEx
 0x100543d8 LoadCursorW
 0x100543dc KillTimer
GDI32.dll
 0x10054010 StretchBlt
 0x10054014 SetPixel
 0x10054018 Rectangle
 0x1005401c DeleteDC
 0x10054020 CreateCompatibleDC
 0x10054024 CreateCompatibleBitmap
 0x10054028 GetDeviceCaps
 0x1005402c MoveToEx
 0x10054030 SetBkMode
 0x10054034 LineTo
 0x10054038 CreatePen
 0x1005403c DeleteObject
 0x10054040 CreateSolidBrush
 0x10054044 GetObjectW
 0x10054048 SetTextColor
 0x1005404c SetBkColor
 0x10054050 SelectObject
 0x10054054 CreateFontIndirectW
 0x10054058 GetStockObject
COMDLG32.dll
 0x10054008 ChooseColorW
SHELL32.dll
 0x10054268 ShellExecuteW
MSIMG32.dll
 0x10054260 AlphaBlend
COMCTL32.dll
 0x10054000 InitCommonControlsEx

EAT(Export Address Table) Library

0x10011930 beNotified
0x10011d10 getFuncsArray
0x10011d30 getName
0x10011d40 isUnicode
0x10011d50 messageProc
0x10011dd0 setInfo


Similarity measure (PE file only) - Checking for service failure