ScreenShot
| Created | 2021.07.22 10:16 | Machine | s1_win7_x6401 |
| Filename | xpt9.png | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (AIDetect, malware2, malicious, high confidence, Artemis, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, ccmw, TrojanX, Generic@ML, RDML, SPdj8aarMjSQ4, sr1gkJgg, Drixed, Wacapew, score, ZedlaF, lu8@auJk8Spi, Static AI, Suspicious PE, Behavior) | ||
| md5 | 8b8ec117d4cc2eb8cb246433c1090dec | ||
| sha256 | ef08eafe517a3af06bb806865de42aac88231aac2e1462fa5b44b0db7231cf28 | ||
| ssdeep | 3072:UVadvfvemTEtQ9yoZPW/k/nklVtu77wBeZUCEQZRpcBDp57WQhdIif4:NDTyJWPd/nkdqw4/HcB77WQhdIu | ||
| imphash | 458d7355fbf070054838e3593829db8d | ||
| impfuzzy | 6:ZKUHXQ1bXhrV92VUI579ym1XYBVoXCwUcrMAdvX6n:ZtAHp92VT579ym1XY3D4rxvX6 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Dridex_Gene_Zero | Win32 Trojan Dridex Gene | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x10008030 TranslateMessage
0x10008034 GetWindowThreadProcessId
0x10008038 FindWindowExA
WS2_32.dll
0x10008040 accept
msvcrt.dll
0x10008048 memset
ADVAPI32.dll
0x10008000 AddUsersToEncryptedFile
0x10008004 RegOverridePredefKey
MPRAPI.dll
0x10008020 MprInfoDelete
SHLWAPI.dll
0x10008028 PathRemoveBlanksA
KERNEL32.dll
0x1000800c GlobalSize
0x10008010 CloseHandle
0x10008014 GetModuleFileNameA
0x10008018 OutputDebugStringA
EAT(Export Address Table) is none
USER32.dll
0x10008030 TranslateMessage
0x10008034 GetWindowThreadProcessId
0x10008038 FindWindowExA
WS2_32.dll
0x10008040 accept
msvcrt.dll
0x10008048 memset
ADVAPI32.dll
0x10008000 AddUsersToEncryptedFile
0x10008004 RegOverridePredefKey
MPRAPI.dll
0x10008020 MprInfoDelete
SHLWAPI.dll
0x10008028 PathRemoveBlanksA
KERNEL32.dll
0x1000800c GlobalSize
0x10008010 CloseHandle
0x10008014 GetModuleFileNameA
0x10008018 OutputDebugStringA
EAT(Export Address Table) is none