popup

Report - Kbf2P.png

Dridex PE32 DLL PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.07.22 11:07 Machine s1_win7_x6401
Filename Kbf2P.png
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
1.0
ZERO API file : clean
VT API (file) 16 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, ccmw, Generic@ML, RDML, BaGwa6+GgK44c0ERRlhYRw, Score, Static AI, Suspicious PE, ZedlaF, ku8@aqjVTdpi)
md5 45d9d9c13a4b2f77a5635a64cd58bd03
sha256 e26c7e7c111e41d766ab313e1c4c0f17cbc9710aee23248b017735caf97f2a0e
ssdeep 3072:Zb35eJIBwzBgXbJ26juQdZHT5K4PrsF2ATdwNBJUiG7NNNNNNNNNNNNNNNuetbX4:ZNe2Gzm1dZtK4Puhha87NNNNNNNNNNNI
imphash 44b0dcdef59120fe964e77dc09a5f1e7
impfuzzy 6:1wUjz1XYBVoT8579dgMtXKUHXQ1bXhrV928rMArvX6n:1z1XY3b79dXXtAHp928rnvX6
  Network IP location

Signature (2cnts)

Level Description
watch File has been identified by 16 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (4cnts)

Level Name Description Collection
danger Win32_Trojan_Dridex_Gene_Zero Win32 Trojan Dridex Gene binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

WS2_32.dll
 0x10007040 accept
MPRAPI.dll
 0x10007020 MprInfoDelete
SHLWAPI.dll
 0x10007028 PathRemoveBlanksA
ADVAPI32.dll
 0x10007000 RegOverridePredefKey
 0x10007004 AddUsersToEncryptedFile
msvcrt.dll
 0x10007048 memset
USER32.dll
 0x10007030 TranslateMessage
 0x10007034 GetWindowThreadProcessId
 0x10007038 FindWindowExA
KERNEL32.dll
 0x1000700c GetModuleFileNameA
 0x10007010 GlobalSize
 0x10007014 CloseHandle
 0x10007018 OutputDebugStringA

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure