ScreenShot
| Created | 2021.07.29 12:30 | Machine | s1_win7_x6402 |
| Filename | button_nved5.png | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | d85acbbe7007a1fd45395f41ea1e8d17 | ||
| sha256 | bb4a151f638da83fe1a229954eb038e17f97be84d721dc491927ad3e689b33f7 | ||
| ssdeep | 3072:yol+RLWS5rOfQ326KRrXV2h2+lMNnTZuFw7Qz+Bf1QmeQmuvyK0N+VbU:dl+RLW1m27rXVs2+SNnTZrUz+B9vpMXN | ||
| imphash | de31dd75abe38332ca3d0df9db913835 | ||
| impfuzzy | 3:oTEKC9XXPQBADgKnqMXdTBWwDtXKtsAXwSxqEsPvXZElASx2ASn:om1XYBVK3KMtXKKdvX6lPSn | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x10007000 RegOverridePredefKey
OLEAUT32.dll
0x10007018 VarI2FromCy
msvcrt.dll
0x10007028 memset
USER32.dll
0x10007020 TranslateMessage
KERNEL32.dll
0x10007008 GetModuleFileNameA
0x1000700c OutputDebugStringA
0x10007010 GetModuleHandleW
EAT(Export Address Table) is none
ADVAPI32.dll
0x10007000 RegOverridePredefKey
OLEAUT32.dll
0x10007018 VarI2FromCy
msvcrt.dll
0x10007028 memset
USER32.dll
0x10007020 TranslateMessage
KERNEL32.dll
0x10007008 GetModuleFileNameA
0x1000700c OutputDebugStringA
0x10007010 GetModuleHandleW
EAT(Export Address Table) is none