popup

Report - 13.dll

Dridex Generic Malware Malicious Library PE32 DLL PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.07.27 09:47 Machine s1_win7_x6401
Filename 13.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
1.2
ZERO API file : malware
VT API (file) 21 detected (AIDetect, malware2, malicious, high confidence, Graftor, Unsafe, confidence, Attribute, HighConfidence, ccmw, Generic@ML, RDML, 6E+bplt, J7OZ4b, 4yEDPnA, ai score=82, score, ZedlaF, ku8@aaopd)
md5 63922c2487337188b76e721d86ba1a4f
sha256 1718966d91a317e8d16a0015e8f24c295f8ce978af37acef7cdbc9d76934c100
ssdeep 3072:syY5bY8XE+kkqh84cKcv4FinaLzL2rVQLOmpvNbTAvDstOr18T:PRAkkk84e4wne2nmhFAvD4O
imphash 038ee71bd4ea63acaf586d3475ef17a1
impfuzzy 3:rTGMWwooM9C9XXPQBADgQWtXKtsAXwPvXZElASxqEs6BJKnqMX7:HgIz1XYBVBXKKrvX6lpEn3r
  Network IP location

Signature (2cnts)

Level Description
warning File has been identified by 21 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (6cnts)

Level Name Description Collection
danger Win32_Trojan_Dridex_Gene_Zero Win32 Trojan Dridex Gene binaries (upload)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

msvcrt.dll
 0x10007028 memset
ADVAPI32.dll
 0x10007000 RegOverridePredefKey
USER32.dll
 0x10007020 TranslateMessage
KERNEL32.dll
 0x10007008 OutputDebugStringA
 0x1000700c GetModuleFileNameA
 0x10007010 CloseHandle
OLEAUT32.dll
 0x10007018 VarI2FromCy

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure