ScreenShot
Created | 2021.07.20 11:22 | Machine | s1_win7_x6401 |
Filename | ComparePlus.dll | ||
Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 30 detected (Agentb, GenericKD, 475016L, NukeSped, malicious, confidence, 100%, VSNTG521, eltin, ai score=100, Lazardoor, R422302, Unsafe, HgkASX4A) | ||
md5 | b3a8c88297daecdb9b0ac54a3c107797 | ||
sha256 | a881c9f40c1a5be3919cafb2ebe2bb5b19e29f0f7b28186ee1f4b554d692e776 | ||
ssdeep | 12288:6wK18bRRnjb5/DvI4opt3FjOGAlQ1OT3bs/y7n:6wKObRRNDvIpdF/kQ1QbsaT | ||
imphash | 792f78fda7ec7161930d2b70a7dfd479 | ||
impfuzzy | 96:E9Dsl2N/Sa9aXNys9X110x7GzSLSvftScpetw+FA7sUqr5:CscH9a9l9FSxbFwR7sUqr5 |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
info | Checks if process is being debugged by a debugger |
Rules (7cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Lazarus_Zero | Lazarus Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsDLL | (no description) | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x10054270 PathFindFileNameW
0x10054274 PathFindExtensionW
0x10054278 PathFileExistsW
0x1005427c PathCombineW
0x10054280 PathIsDirectoryW
0x10054284 PathIsRootW
0x10054288 PathRemoveFileSpecA
0x1005428c PathRemoveFileSpecW
0x10054290 PathRemoveExtensionW
0x10054294 PathAppendW
KERNEL32.dll
0x10054060 GetTickCount
0x10054064 GetTempPathW
0x10054068 SetFileAttributesW
0x1005406c DeleteFileW
0x10054070 CopyFileW
0x10054074 WaitForSingleObject
0x10054078 LoadLibraryW
0x1005407c GetModuleFileNameW
0x10054080 Sleep
0x10054084 MultiByteToWideChar
0x10054088 WideCharToMultiByte
0x1005408c LockResource
0x10054090 GlobalAlloc
0x10054094 GlobalLock
0x10054098 GlobalFree
0x1005409c GetLastError
0x100540a0 LoadResource
0x100540a4 SizeofResource
0x100540a8 FindResourceW
0x100540ac GetCurrentThreadId
0x100540b0 SetEvent
0x100540b4 ResetEvent
0x100540b8 CloseHandle
0x100540bc CreateEventW
0x100540c0 GetModuleHandleExW
0x100540c4 lstrlenA
0x100540c8 GetModuleHandleA
0x100540cc GetThreadTimes
0x100540d0 UnregisterWait
0x100540d4 RegisterWaitForSingleObject
0x100540d8 SetThreadAffinityMask
0x100540dc GetProcessAffinityMask
0x100540e0 GetNumaHighestNodeNumber
0x100540e4 DeleteTimerQueueTimer
0x100540e8 ChangeTimerQueueTimer
0x100540ec CreateTimerQueueTimer
0x100540f0 GetLogicalProcessorInformation
0x100540f4 GetThreadPriority
0x100540f8 SetThreadPriority
0x100540fc SignalObjectAndWait
0x10054100 CreateTimerQueue
0x10054104 CreateFileW
0x10054108 DecodePointer
0x1005410c WriteConsoleW
0x10054110 SetFilePointerEx
0x10054114 GetConsoleMode
0x10054118 GetConsoleCP
0x1005411c WriteFile
0x10054120 FlushFileBuffers
0x10054124 HeapSize
0x10054128 SetStdHandle
0x1005412c GetProcessHeap
0x10054130 CreateThread
0x10054134 GetEnvironmentStringsW
0x10054138 GetCommandLineW
0x1005413c GetCommandLineA
0x10054140 GetCPInfo
0x10054144 GetOEMCP
0x10054148 IsValidCodePage
0x1005414c FindNextFileA
0x10054150 FindFirstFileExA
0x10054154 FindClose
0x10054158 LCMapStringW
0x1005415c HeapReAlloc
0x10054160 GetStringTypeW
0x10054164 GetFileType
0x10054168 GetStdHandle
0x1005416c GetACP
0x10054170 HeapAlloc
0x10054174 HeapFree
0x10054178 ExitThread
0x1005417c GetModuleFileNameA
0x10054180 ExitProcess
0x10054184 LoadLibraryExW
0x10054188 FreeLibrary
0x1005418c EncodePointer
0x10054190 InterlockedFlushSList
0x10054194 InterlockedPushEntrySList
0x10054198 RaiseException
0x1005419c RtlUnwind
0x100541a0 TlsFree
0x100541a4 TlsSetValue
0x100541a8 TlsGetValue
0x100541ac TlsAlloc
0x100541b0 SetLastError
0x100541b4 TryEnterCriticalSection
0x100541b8 GetNativeSystemInfo
0x100541bc GetExitCodeThread
0x100541c0 GetCurrentThread
0x100541c4 SwitchToThread
0x100541c8 DuplicateHandle
0x100541cc InitializeSListHead
0x100541d0 GetSystemTimeAsFileTime
0x100541d4 CreateDirectoryW
0x100541d8 WritePrivateProfileStringW
0x100541dc GetPrivateProfileIntW
0x100541e0 LocalFree
0x100541e4 IsBadReadPtr
0x100541e8 LocalAlloc
0x100541ec LoadLibraryA
0x100541f0 GetProcAddress
0x100541f4 FreeLibraryAndExitThread
0x100541f8 GetModuleHandleW
0x100541fc GetVersionExW
0x10054200 VirtualAlloc
0x10054204 VirtualProtect
0x10054208 VirtualFree
0x1005420c ReleaseSemaphore
0x10054210 InterlockedPopEntrySList
0x10054214 MulDiv
0x10054218 QueryDepthSList
0x1005421c UnregisterWaitEx
0x10054220 GetCurrentProcessId
0x10054224 QueryPerformanceCounter
0x10054228 GetStartupInfoW
0x1005422c IsDebuggerPresent
0x10054230 FreeEnvironmentStringsW
0x10054234 UnhandledExceptionFilter
0x10054238 SetUnhandledExceptionFilter
0x1005423c GetCurrentProcess
0x10054240 TerminateProcess
0x10054244 IsProcessorFeaturePresent
0x10054248 EnterCriticalSection
0x1005424c LeaveCriticalSection
0x10054250 InitializeCriticalSectionAndSpinCount
0x10054254 DeleteCriticalSection
0x10054258 WaitForSingleObjectEx
USER32.dll
0x1005429c PostMessageW
0x100542a0 DispatchMessageW
0x100542a4 GetMessageW
0x100542a8 SystemParametersInfoW
0x100542ac GetParent
0x100542b0 ClientToScreen
0x100542b4 GetSystemMetrics
0x100542b8 CreateDialogIndirectParamW
0x100542bc GetClassNameW
0x100542c0 EnumChildWindows
0x100542c4 CharLowerW
0x100542c8 SetScrollInfo
0x100542cc DestroyIcon
0x100542d0 GetSysColorBrush
0x100542d4 ShowScrollBar
0x100542d8 GetScrollPos
0x100542dc SetScrollPos
0x100542e0 SetCapture
0x100542e4 CreateWindowExW
0x100542e8 MessageBoxA
0x100542ec IsCharAlphaNumericA
0x100542f0 LoadImageW
0x100542f4 DestroyCursor
0x100542f8 GetDC
0x100542fc EnableMenuItem
0x10054300 DrawMenuBar
0x10054304 GetMenuState
0x10054308 ReleaseCapture
0x1005430c GetCapture
0x10054310 SetFocus
0x10054314 FlashWindowEx
0x10054318 MessageBoxW
0x1005431c PostQuitMessage
0x10054320 SetTimer
0x10054324 GetDlgItemInt
0x10054328 SetDlgItemInt
0x1005432c FrameRect
0x10054330 SendDlgItemMessageW
0x10054334 CreateDialogParamW
0x10054338 InflateRect
0x1005433c FillRect
0x10054340 DrawFocusRect
0x10054344 GetWindowRect
0x10054348 RedrawWindow
0x1005434c ReleaseDC
0x10054350 GetWindowDC
0x10054354 GetFocus
0x10054358 IsWindowVisible
0x1005435c SetWindowPos
0x10054360 MoveWindow
0x10054364 ShowWindow
0x10054368 DestroyWindow
0x1005436c SendMessageW
0x10054370 SetDlgItemTextW
0x10054374 GetDlgItem
0x10054378 EndDialog
0x1005437c DialogBoxParamW
0x10054380 CreateCursor
0x10054384 SetWindowLongW
0x10054388 GetWindowLongW
0x1005438c GetSysColor
0x10054390 SetCursor
0x10054394 GetClientRect
0x10054398 GetWindowTextW
0x1005439c InvalidateRect
0x100543a0 EndPaint
0x100543a4 BeginPaint
0x100543a8 UpdateWindow
0x100543ac DrawTextW
0x100543b0 CallWindowProcW
0x100543b4 UnregisterClassW
0x100543b8 DefWindowProcW
0x100543bc RegisterClassExW
0x100543c0 EnableWindow
0x100543c4 SetForegroundWindow
0x100543c8 AdjustWindowRectEx
0x100543cc SetWindowsHookExW
0x100543d0 UnhookWindowsHookEx
0x100543d4 CallNextHookEx
0x100543d8 LoadCursorW
0x100543dc KillTimer
GDI32.dll
0x10054010 StretchBlt
0x10054014 SetPixel
0x10054018 Rectangle
0x1005401c DeleteDC
0x10054020 CreateCompatibleDC
0x10054024 CreateCompatibleBitmap
0x10054028 GetDeviceCaps
0x1005402c MoveToEx
0x10054030 SetBkMode
0x10054034 LineTo
0x10054038 CreatePen
0x1005403c DeleteObject
0x10054040 CreateSolidBrush
0x10054044 GetObjectW
0x10054048 SetTextColor
0x1005404c SetBkColor
0x10054050 SelectObject
0x10054054 CreateFontIndirectW
0x10054058 GetStockObject
COMDLG32.dll
0x10054008 ChooseColorW
SHELL32.dll
0x10054268 ShellExecuteW
MSIMG32.dll
0x10054260 AlphaBlend
COMCTL32.dll
0x10054000 InitCommonControlsEx
EAT(Export Address Table) Library
0x10011930 beNotified
0x10011d10 getFuncsArray
0x10011d30 getName
0x10011d40 isUnicode
0x10011d50 messageProc
0x10011dd0 setInfo
SHLWAPI.dll
0x10054270 PathFindFileNameW
0x10054274 PathFindExtensionW
0x10054278 PathFileExistsW
0x1005427c PathCombineW
0x10054280 PathIsDirectoryW
0x10054284 PathIsRootW
0x10054288 PathRemoveFileSpecA
0x1005428c PathRemoveFileSpecW
0x10054290 PathRemoveExtensionW
0x10054294 PathAppendW
KERNEL32.dll
0x10054060 GetTickCount
0x10054064 GetTempPathW
0x10054068 SetFileAttributesW
0x1005406c DeleteFileW
0x10054070 CopyFileW
0x10054074 WaitForSingleObject
0x10054078 LoadLibraryW
0x1005407c GetModuleFileNameW
0x10054080 Sleep
0x10054084 MultiByteToWideChar
0x10054088 WideCharToMultiByte
0x1005408c LockResource
0x10054090 GlobalAlloc
0x10054094 GlobalLock
0x10054098 GlobalFree
0x1005409c GetLastError
0x100540a0 LoadResource
0x100540a4 SizeofResource
0x100540a8 FindResourceW
0x100540ac GetCurrentThreadId
0x100540b0 SetEvent
0x100540b4 ResetEvent
0x100540b8 CloseHandle
0x100540bc CreateEventW
0x100540c0 GetModuleHandleExW
0x100540c4 lstrlenA
0x100540c8 GetModuleHandleA
0x100540cc GetThreadTimes
0x100540d0 UnregisterWait
0x100540d4 RegisterWaitForSingleObject
0x100540d8 SetThreadAffinityMask
0x100540dc GetProcessAffinityMask
0x100540e0 GetNumaHighestNodeNumber
0x100540e4 DeleteTimerQueueTimer
0x100540e8 ChangeTimerQueueTimer
0x100540ec CreateTimerQueueTimer
0x100540f0 GetLogicalProcessorInformation
0x100540f4 GetThreadPriority
0x100540f8 SetThreadPriority
0x100540fc SignalObjectAndWait
0x10054100 CreateTimerQueue
0x10054104 CreateFileW
0x10054108 DecodePointer
0x1005410c WriteConsoleW
0x10054110 SetFilePointerEx
0x10054114 GetConsoleMode
0x10054118 GetConsoleCP
0x1005411c WriteFile
0x10054120 FlushFileBuffers
0x10054124 HeapSize
0x10054128 SetStdHandle
0x1005412c GetProcessHeap
0x10054130 CreateThread
0x10054134 GetEnvironmentStringsW
0x10054138 GetCommandLineW
0x1005413c GetCommandLineA
0x10054140 GetCPInfo
0x10054144 GetOEMCP
0x10054148 IsValidCodePage
0x1005414c FindNextFileA
0x10054150 FindFirstFileExA
0x10054154 FindClose
0x10054158 LCMapStringW
0x1005415c HeapReAlloc
0x10054160 GetStringTypeW
0x10054164 GetFileType
0x10054168 GetStdHandle
0x1005416c GetACP
0x10054170 HeapAlloc
0x10054174 HeapFree
0x10054178 ExitThread
0x1005417c GetModuleFileNameA
0x10054180 ExitProcess
0x10054184 LoadLibraryExW
0x10054188 FreeLibrary
0x1005418c EncodePointer
0x10054190 InterlockedFlushSList
0x10054194 InterlockedPushEntrySList
0x10054198 RaiseException
0x1005419c RtlUnwind
0x100541a0 TlsFree
0x100541a4 TlsSetValue
0x100541a8 TlsGetValue
0x100541ac TlsAlloc
0x100541b0 SetLastError
0x100541b4 TryEnterCriticalSection
0x100541b8 GetNativeSystemInfo
0x100541bc GetExitCodeThread
0x100541c0 GetCurrentThread
0x100541c4 SwitchToThread
0x100541c8 DuplicateHandle
0x100541cc InitializeSListHead
0x100541d0 GetSystemTimeAsFileTime
0x100541d4 CreateDirectoryW
0x100541d8 WritePrivateProfileStringW
0x100541dc GetPrivateProfileIntW
0x100541e0 LocalFree
0x100541e4 IsBadReadPtr
0x100541e8 LocalAlloc
0x100541ec LoadLibraryA
0x100541f0 GetProcAddress
0x100541f4 FreeLibraryAndExitThread
0x100541f8 GetModuleHandleW
0x100541fc GetVersionExW
0x10054200 VirtualAlloc
0x10054204 VirtualProtect
0x10054208 VirtualFree
0x1005420c ReleaseSemaphore
0x10054210 InterlockedPopEntrySList
0x10054214 MulDiv
0x10054218 QueryDepthSList
0x1005421c UnregisterWaitEx
0x10054220 GetCurrentProcessId
0x10054224 QueryPerformanceCounter
0x10054228 GetStartupInfoW
0x1005422c IsDebuggerPresent
0x10054230 FreeEnvironmentStringsW
0x10054234 UnhandledExceptionFilter
0x10054238 SetUnhandledExceptionFilter
0x1005423c GetCurrentProcess
0x10054240 TerminateProcess
0x10054244 IsProcessorFeaturePresent
0x10054248 EnterCriticalSection
0x1005424c LeaveCriticalSection
0x10054250 InitializeCriticalSectionAndSpinCount
0x10054254 DeleteCriticalSection
0x10054258 WaitForSingleObjectEx
USER32.dll
0x1005429c PostMessageW
0x100542a0 DispatchMessageW
0x100542a4 GetMessageW
0x100542a8 SystemParametersInfoW
0x100542ac GetParent
0x100542b0 ClientToScreen
0x100542b4 GetSystemMetrics
0x100542b8 CreateDialogIndirectParamW
0x100542bc GetClassNameW
0x100542c0 EnumChildWindows
0x100542c4 CharLowerW
0x100542c8 SetScrollInfo
0x100542cc DestroyIcon
0x100542d0 GetSysColorBrush
0x100542d4 ShowScrollBar
0x100542d8 GetScrollPos
0x100542dc SetScrollPos
0x100542e0 SetCapture
0x100542e4 CreateWindowExW
0x100542e8 MessageBoxA
0x100542ec IsCharAlphaNumericA
0x100542f0 LoadImageW
0x100542f4 DestroyCursor
0x100542f8 GetDC
0x100542fc EnableMenuItem
0x10054300 DrawMenuBar
0x10054304 GetMenuState
0x10054308 ReleaseCapture
0x1005430c GetCapture
0x10054310 SetFocus
0x10054314 FlashWindowEx
0x10054318 MessageBoxW
0x1005431c PostQuitMessage
0x10054320 SetTimer
0x10054324 GetDlgItemInt
0x10054328 SetDlgItemInt
0x1005432c FrameRect
0x10054330 SendDlgItemMessageW
0x10054334 CreateDialogParamW
0x10054338 InflateRect
0x1005433c FillRect
0x10054340 DrawFocusRect
0x10054344 GetWindowRect
0x10054348 RedrawWindow
0x1005434c ReleaseDC
0x10054350 GetWindowDC
0x10054354 GetFocus
0x10054358 IsWindowVisible
0x1005435c SetWindowPos
0x10054360 MoveWindow
0x10054364 ShowWindow
0x10054368 DestroyWindow
0x1005436c SendMessageW
0x10054370 SetDlgItemTextW
0x10054374 GetDlgItem
0x10054378 EndDialog
0x1005437c DialogBoxParamW
0x10054380 CreateCursor
0x10054384 SetWindowLongW
0x10054388 GetWindowLongW
0x1005438c GetSysColor
0x10054390 SetCursor
0x10054394 GetClientRect
0x10054398 GetWindowTextW
0x1005439c InvalidateRect
0x100543a0 EndPaint
0x100543a4 BeginPaint
0x100543a8 UpdateWindow
0x100543ac DrawTextW
0x100543b0 CallWindowProcW
0x100543b4 UnregisterClassW
0x100543b8 DefWindowProcW
0x100543bc RegisterClassExW
0x100543c0 EnableWindow
0x100543c4 SetForegroundWindow
0x100543c8 AdjustWindowRectEx
0x100543cc SetWindowsHookExW
0x100543d0 UnhookWindowsHookEx
0x100543d4 CallNextHookEx
0x100543d8 LoadCursorW
0x100543dc KillTimer
GDI32.dll
0x10054010 StretchBlt
0x10054014 SetPixel
0x10054018 Rectangle
0x1005401c DeleteDC
0x10054020 CreateCompatibleDC
0x10054024 CreateCompatibleBitmap
0x10054028 GetDeviceCaps
0x1005402c MoveToEx
0x10054030 SetBkMode
0x10054034 LineTo
0x10054038 CreatePen
0x1005403c DeleteObject
0x10054040 CreateSolidBrush
0x10054044 GetObjectW
0x10054048 SetTextColor
0x1005404c SetBkColor
0x10054050 SelectObject
0x10054054 CreateFontIndirectW
0x10054058 GetStockObject
COMDLG32.dll
0x10054008 ChooseColorW
SHELL32.dll
0x10054268 ShellExecuteW
MSIMG32.dll
0x10054260 AlphaBlend
COMCTL32.dll
0x10054000 InitCommonControlsEx
EAT(Export Address Table) Library
0x10011930 beNotified
0x10011d10 getFuncsArray
0x10011d30 getName
0x10011d40 isUnicode
0x10011d50 messageProc
0x10011dd0 setInfo