popup

Report - empty_7wz0.png

Generic Malware Malicious Library PE32 DLL PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.07.29 09:58 Machine s1_win7_x6402
Filename empty_7wz0.png
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
1.2
ZERO API file : clean
VT API (file) 23 detected (AIDetect, malware2, malicious, high confidence, Graftor, Unsafe, confidence, Attribute, HighConfidence, Drixed, Static AI, Suspicious PE, score, ai score=87, Generic@ML, RDML, AEvphQ54OC8zZ4MVw0VtZw, ZedlaF, ku8@aKH4igai)
md5 25dbc4e228927bea3d145caae5a5d842
sha256 0eada128b45a683c41d6da28fe1aa1be6b8bce3e3934c95d98f75e1c33639eed
ssdeep 3072:qC4Oe6ths2hyT0DzJfN3ZKU3YkmN5Sw4Q2kUl59Pn9zbAAW0f3:qC4Oem/DzJhok45X4HPNb
imphash 9451e8b8b1259e622801dd0cdc59802c
impfuzzy 3:oQReqMXVtXKtqfXcWwzsPvXZElASxqEsSx2ASKX9C9XXPQBADE:oEe3XXKMfX0cvX6lNSH1XYBD
  Network IP location

Signature (2cnts)

Level Description
warning File has been identified by 23 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (5cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

OLEAUT32.dll
 0x10007018 VarI2FromCy
USER32.dll
 0x10007020 TranslateMessage
msvcrt.dll
 0x10007028 memset
KERNEL32.dll
 0x10007008 OutputDebugStringA
 0x1000700c GetModuleFileNameA
 0x10007010 GetModuleHandleW
ADVAPI32.dll
 0x10007000 RegOverridePredefKey

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure