ScreenShot
| Created | 2021.08.03 16:48 | Machine | s1_win7_x6403 |
| Filename | MSVCR100.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (GenericKD, Artemis, Save, Agentb, malicious, confidence, ZedlaF, 6r4@aumPXlh, ADIN, kmks, ccmw, Alii, Malware@#3ggfsiuu6vd62, VSNTGT21, twqym, KVMH008, kcloud, Wacatac, score, OceanLotus, Static AI, Malicious PE, PossibleThreat, GdSda, HygBueAA) | ||
| md5 | ec44a1e0f5af1c4bd3f308ff1b3fc879 | ||
| sha256 | b87c090e422e96f332bcfac4ef3dc52840e399f8026ad79a99239eecc4fe1703 | ||
| ssdeep | 24576:S9P1vJ9p4RaUzWcrw18SIyYHTjA40DWNX9MkJT2pKt/Rw0aGGZktZr:S9P1vJ9p4mcrw18ShYzMc7Rw0aWtZr | ||
| imphash | ead2a2f29e03a40cf36e8cc535b05645 | ||
| impfuzzy | 24:0Y7YywWDCR8OovbjMMmulvg0WDQylUQLsbvoOXqhJUHYj9wxrEQD51ED:0Y7kQCJcmAijAbwO6gHbQDD | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates (office) documents on the filesystem |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10027000 AreFileApisANSI
0x10027004 CloseHandle
0x10027008 CopyFileW
0x1002700c CreateDirectoryW
0x10027010 CreateFileW
0x10027014 CreateThread
0x10027018 CreateToolhelp32Snapshot
0x1002701c DecodePointer
0x10027020 DeleteCriticalSection
0x10027024 EncodePointer
0x10027028 EnterCriticalSection
0x1002702c ExitProcess
0x10027030 FlushFileBuffers
0x10027034 FreeEnvironmentStringsW
0x10027038 GetACP
0x1002703c GetCommandLineA
0x10027040 GetConsoleCP
0x10027044 GetConsoleMode
0x10027048 GetCPInfo
0x1002704c GetCurrentProcess
0x10027050 GetCurrentProcessId
0x10027054 GetCurrentThread
0x10027058 GetCurrentThreadId
0x1002705c GetEnvironmentStringsW
0x10027060 GetFileType
0x10027064 GetLastError
0x10027068 GetModuleFileNameA
0x1002706c GetModuleFileNameW
0x10027070 GetModuleHandleExW
0x10027074 GetModuleHandleW
0x10027078 GetOEMCP
0x1002707c GetProcAddress
0x10027080 GetProcessHeap
0x10027084 GetStartupInfoW
0x10027088 GetStdHandle
0x1002708c GetStringTypeW
0x10027090 GetSystemTimeAsFileTime
0x10027094 HeapAlloc
0x10027098 HeapFree
0x1002709c HeapReAlloc
0x100270a0 HeapSize
0x100270a4 InitializeCriticalSectionAndSpinCount
0x100270a8 InterlockedDecrement
0x100270ac IsDebuggerPresent
0x100270b0 IsProcessorFeaturePresent
0x100270b4 IsValidCodePage
0x100270b8 LCMapStringW
0x100270bc LeaveCriticalSection
0x100270c0 LoadLibraryExW
0x100270c4 LocalFree
0x100270c8 Module32FirstW
0x100270cc Module32NextW
0x100270d0 MultiByteToWideChar
0x100270d4 OutputDebugStringW
0x100270d8 QueryPerformanceCounter
0x100270dc RaiseException
0x100270e0 ReadConsoleW
0x100270e4 ReadFile
0x100270e8 RtlUnwind
0x100270ec SetEndOfFile
0x100270f0 SetFileAttributesW
0x100270f4 SetFilePointerEx
0x100270f8 SetLastError
0x100270fc SetStdHandle
0x10027100 SetUnhandledExceptionFilter
0x10027104 Sleep
0x10027108 TerminateProcess
0x1002710c TlsAlloc
0x10027110 TlsFree
0x10027114 TlsGetValue
0x10027118 TlsSetValue
0x1002711c UnhandledExceptionFilter
0x10027120 WaitForSingleObject
0x10027124 WideCharToMultiByte
0x10027128 WriteConsoleW
0x1002712c WriteFile
ole32.dll
0x10027148 CoInitializeSecurity
0x1002714c CoInitializeEx
0x10027150 CoCreateInstance
0x10027154 CoUninitialize
OLEAUT32.dll
0x10027134 VariantClear
0x10027138 SysFreeString
0x1002713c SysAllocString
0x10027140 VariantInit
EAT(Export Address Table) Library
0x1000553c ?terminate@@YAXXZ
0x10005554 _XcptFilter
0x10005569 __dllonexit
0x10005582 __getmainargs
0x1000559d __set_app_type
0x100055b7 __setusermatherr
0x100055d0 _acmdln
0x100055e8 _amsg_exit
0x10005601 _cexit
0x10005617 _commode
0x10005633 _configthreadlocale
0x10005649 _controlfp_s
0x1000565f _crt_debugger_hook
0x10005675 _except_handler4_common
0x1000568f _exit
0x100056a9 _fmode
0x100056bf _initterm
0x10005505 _initterm_e
0x100056da _invoke_watson
0x100056f3 _ismbblead
0x1000570a _lock
0x10005722 _onexit
0x1000573d _unlock
0x10005757 exit
0x10005772 wcsncat_s
KERNEL32.dll
0x10027000 AreFileApisANSI
0x10027004 CloseHandle
0x10027008 CopyFileW
0x1002700c CreateDirectoryW
0x10027010 CreateFileW
0x10027014 CreateThread
0x10027018 CreateToolhelp32Snapshot
0x1002701c DecodePointer
0x10027020 DeleteCriticalSection
0x10027024 EncodePointer
0x10027028 EnterCriticalSection
0x1002702c ExitProcess
0x10027030 FlushFileBuffers
0x10027034 FreeEnvironmentStringsW
0x10027038 GetACP
0x1002703c GetCommandLineA
0x10027040 GetConsoleCP
0x10027044 GetConsoleMode
0x10027048 GetCPInfo
0x1002704c GetCurrentProcess
0x10027050 GetCurrentProcessId
0x10027054 GetCurrentThread
0x10027058 GetCurrentThreadId
0x1002705c GetEnvironmentStringsW
0x10027060 GetFileType
0x10027064 GetLastError
0x10027068 GetModuleFileNameA
0x1002706c GetModuleFileNameW
0x10027070 GetModuleHandleExW
0x10027074 GetModuleHandleW
0x10027078 GetOEMCP
0x1002707c GetProcAddress
0x10027080 GetProcessHeap
0x10027084 GetStartupInfoW
0x10027088 GetStdHandle
0x1002708c GetStringTypeW
0x10027090 GetSystemTimeAsFileTime
0x10027094 HeapAlloc
0x10027098 HeapFree
0x1002709c HeapReAlloc
0x100270a0 HeapSize
0x100270a4 InitializeCriticalSectionAndSpinCount
0x100270a8 InterlockedDecrement
0x100270ac IsDebuggerPresent
0x100270b0 IsProcessorFeaturePresent
0x100270b4 IsValidCodePage
0x100270b8 LCMapStringW
0x100270bc LeaveCriticalSection
0x100270c0 LoadLibraryExW
0x100270c4 LocalFree
0x100270c8 Module32FirstW
0x100270cc Module32NextW
0x100270d0 MultiByteToWideChar
0x100270d4 OutputDebugStringW
0x100270d8 QueryPerformanceCounter
0x100270dc RaiseException
0x100270e0 ReadConsoleW
0x100270e4 ReadFile
0x100270e8 RtlUnwind
0x100270ec SetEndOfFile
0x100270f0 SetFileAttributesW
0x100270f4 SetFilePointerEx
0x100270f8 SetLastError
0x100270fc SetStdHandle
0x10027100 SetUnhandledExceptionFilter
0x10027104 Sleep
0x10027108 TerminateProcess
0x1002710c TlsAlloc
0x10027110 TlsFree
0x10027114 TlsGetValue
0x10027118 TlsSetValue
0x1002711c UnhandledExceptionFilter
0x10027120 WaitForSingleObject
0x10027124 WideCharToMultiByte
0x10027128 WriteConsoleW
0x1002712c WriteFile
ole32.dll
0x10027148 CoInitializeSecurity
0x1002714c CoInitializeEx
0x10027150 CoCreateInstance
0x10027154 CoUninitialize
OLEAUT32.dll
0x10027134 VariantClear
0x10027138 SysFreeString
0x1002713c SysAllocString
0x10027140 VariantInit
EAT(Export Address Table) Library
0x1000553c ?terminate@@YAXXZ
0x10005554 _XcptFilter
0x10005569 __dllonexit
0x10005582 __getmainargs
0x1000559d __set_app_type
0x100055b7 __setusermatherr
0x100055d0 _acmdln
0x100055e8 _amsg_exit
0x10005601 _cexit
0x10005617 _commode
0x10005633 _configthreadlocale
0x10005649 _controlfp_s
0x1000565f _crt_debugger_hook
0x10005675 _except_handler4_common
0x1000568f _exit
0x100056a9 _fmode
0x100056bf _initterm
0x10005505 _initterm_e
0x100056da _invoke_watson
0x100056f3 _ismbblead
0x1000570a _lock
0x10005722 _onexit
0x1000573d _unlock
0x10005757 exit
0x10005772 wcsncat_s