Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.07.22 10:20	Machine	s1_win7_x6402
Filename	1d6vP.png
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score	3	Behavior Score	0.4
ZERO API	file : clean
VT API (file)
md5	dc8803148639b547891db02a455575bb
sha256	537866a96449444a54002776f34eecf053c23122a554a79f4743df0749aa8005
ssdeep	3072:bVadvfvemTEtQ9yoZPW/k/nklVtu77wBeZUCEQZRp4BDp57WQhdIif4:gDTyJWPd/nkdqw4/H4B77WQhdIu
imphash	458d7355fbf070054838e3593829db8d
impfuzzy	6:ZKUHXQ1bXhrV92VUI579ym1XYBVoXCwUcrMAdvX6n:ZtAHp92VT579ym1XY3D4rxvX6

Network IP location

Signature (1cnts)

Level	Description
notice	The binary likely contains encrypted or compressed data indicative of a packer

Rules (4cnts)

Level	Name	Description	Collection
danger	Win32_Trojan_Dridex_Gene_Zero	Win32 Trojan Dridex Gene	binaries (upload)
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

USER32.dll
0x10008030 TranslateMessage
0x10008034 GetWindowThreadProcessId
0x10008038 FindWindowExA
WS2_32.dll
0x10008040 accept
msvcrt.dll
0x10008048 memset
ADVAPI32.dll
0x10008000 AddUsersToEncryptedFile
0x10008004 RegOverridePredefKey
MPRAPI.dll
0x10008020 MprInfoDelete
SHLWAPI.dll
0x10008028 PathRemoveBlanksA
KERNEL32.dll
0x1000800c GlobalSize
0x10008010 CloseHandle
0x10008014 GetModuleFileNameA
0x10008018 OutputDebugStringA

EAT(Export Address Table) is none

Report - 1d6vP.png

Signature (1cnts)

Rules (4cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure