ScreenShot
Created | 2021.07.22 10:44 | Machine | s1_win7_x6403 |
Filename | h8f6.png | ||
Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 26 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, confidence, ZedlaF, ku8@aSVjwvdi, Attribute, HighConfidence, GenericML, xnet, ccmw, TrojanX, Drixed, Score, Emotet, Artemis, Generic@ML, RDML, DCYDhOjRhjwu1ekhHOC+2g, Static AI, Suspicious PE, Dridex) | ||
md5 | 65638d179046f7caec06dc03e508b040 | ||
sha256 | 1a560adb810b924e65f91e34664166be2c2adac10f7f28c075d902e4adb1112c | ||
ssdeep | 3072:jbweJIBwzBgXbJ26juQdZHT5K4PrsF2ATdwNBJUiG7NNNNNNNNNNNNNNNuMtbXkl:jse2Gzm1dZtK4Puhha87NNNNNNNNNNNi | ||
imphash | 44b0dcdef59120fe964e77dc09a5f1e7 | ||
impfuzzy | 6:1wUjz1XYBVoT8579dgMtXKUHXQ1bXhrV928rMArvX6n:1z1XY3b79dXXtAHp928rnvX6 |
Network IP location
Signature (2cnts)
Level | Description |
---|---|
warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (4cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Dridex_Gene_Zero | Win32 Trojan Dridex Gene | binaries (upload) |
info | IsDLL | (no description) | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x10007040 accept
MPRAPI.dll
0x10007020 MprInfoDelete
SHLWAPI.dll
0x10007028 PathRemoveBlanksA
ADVAPI32.dll
0x10007000 RegOverridePredefKey
0x10007004 AddUsersToEncryptedFile
msvcrt.dll
0x10007048 memset
USER32.dll
0x10007030 TranslateMessage
0x10007034 GetWindowThreadProcessId
0x10007038 FindWindowExA
KERNEL32.dll
0x1000700c GetModuleFileNameA
0x10007010 GlobalSize
0x10007014 CloseHandle
0x10007018 OutputDebugStringA
EAT(Export Address Table) is none
WS2_32.dll
0x10007040 accept
MPRAPI.dll
0x10007020 MprInfoDelete
SHLWAPI.dll
0x10007028 PathRemoveBlanksA
ADVAPI32.dll
0x10007000 RegOverridePredefKey
0x10007004 AddUsersToEncryptedFile
msvcrt.dll
0x10007048 memset
USER32.dll
0x10007030 TranslateMessage
0x10007034 GetWindowThreadProcessId
0x10007038 FindWindowExA
KERNEL32.dll
0x1000700c GetModuleFileNameA
0x10007010 GlobalSize
0x10007014 CloseHandle
0x10007018 OutputDebugStringA
EAT(Export Address Table) is none