ScreenShot
| Created | 2021.08.04 09:45 | Machine | s1_win7_x6401 |
| Filename | dol.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 19 detected (AIDetect, malware2, QVM20, Unsafe, Save, Kryptik, Eldorado, Attribute, HighConfidence, HLXS, Malicious, PWSX, Generic ML PUA, Static AI, Suspicious PE, Wacapew, score, BScope, Vittalia, ZexaF, QuZ@aW0wlsoi, susgen) | ||
| md5 | 88c0c0351d382b0f70cc2fc739a69a2d | ||
| sha256 | 08321ed32c6805bb09065e8f43be2696404e74498c3ad3fb67a9c61d1bad13d4 | ||
| ssdeep | 12288:jyAkEAFDuXxqh+3VMbFE+Q4Fepf92Tbv+hf:OFEgD+qhUaE74Fe6Tbv+t | ||
| imphash | 457e32d3dd9c9bc4442beae8353acab7 | ||
| impfuzzy | 48:N9pBNCfcpVzS1jtbGnp0A/gQ4GJ4/KAnB1W09XKtuN+okijyF:NyfcpVzS1jtbGnpNQHbfxe | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Terminates another process |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42f000 FormatMessageW
0x42f004 VirtualProtect
0x42f008 CreateFileW
0x42f00c CloseHandle
0x42f010 GetConsoleMode
0x42f014 GetConsoleOutputCP
0x42f018 FlushFileBuffers
0x42f01c HeapSize
0x42f020 SetFilePointerEx
0x42f024 GetProcessHeap
0x42f028 SetStdHandle
0x42f02c FreeEnvironmentStringsW
0x42f030 GetEnvironmentStringsW
0x42f034 GetCommandLineW
0x42f038 GetCommandLineA
0x42f03c GetOEMCP
0x42f040 GetACP
0x42f044 IsValidCodePage
0x42f048 FindNextFileW
0x42f04c FindFirstFileExW
0x42f050 FindClose
0x42f054 HeapReAlloc
0x42f058 LCMapStringW
0x42f05c GetFileType
0x42f060 HeapAlloc
0x42f064 HeapFree
0x42f068 GetModuleHandleExW
0x42f06c ExitProcess
0x42f070 GetModuleFileNameW
0x42f074 WriteFile
0x42f078 GetStdHandle
0x42f07c WideCharToMultiByte
0x42f080 MultiByteToWideChar
0x42f084 GetStringTypeW
0x42f088 EnterCriticalSection
0x42f08c LeaveCriticalSection
0x42f090 InitializeCriticalSectionEx
0x42f094 DeleteCriticalSection
0x42f098 EncodePointer
0x42f09c DecodePointer
0x42f0a0 GetCPInfo
0x42f0a4 IsProcessorFeaturePresent
0x42f0a8 QueryPerformanceCounter
0x42f0ac GetCurrentProcessId
0x42f0b0 GetCurrentThreadId
0x42f0b4 GetSystemTimeAsFileTime
0x42f0b8 InitializeSListHead
0x42f0bc IsDebuggerPresent
0x42f0c0 UnhandledExceptionFilter
0x42f0c4 SetUnhandledExceptionFilter
0x42f0c8 GetStartupInfoW
0x42f0cc GetModuleHandleW
0x42f0d0 GetCurrentProcess
0x42f0d4 TerminateProcess
0x42f0d8 RaiseException
0x42f0dc RtlUnwind
0x42f0e0 GetLastError
0x42f0e4 SetLastError
0x42f0e8 InitializeCriticalSectionAndSpinCount
0x42f0ec TlsAlloc
0x42f0f0 TlsGetValue
0x42f0f4 TlsSetValue
0x42f0f8 TlsFree
0x42f0fc FreeLibrary
0x42f100 GetProcAddress
0x42f104 LoadLibraryExW
0x42f108 WriteConsoleW
USER32.dll
0x42f110 MessageBoxW
0x42f114 GrayStringA
0x42f118 GetDC
0x42f11c TranslateMessage
0x42f120 DispatchMessageW
0x42f124 PeekMessageW
0x42f128 DefWindowProcW
0x42f12c PostQuitMessage
0x42f130 UnregisterClassW
0x42f134 RegisterClassExW
0x42f138 CreateWindowExW
0x42f13c ShowWindow
0x42f140 SetCapture
0x42f144 ReleaseCapture
0x42f148 LoadImageW
0x42f14c LoadCursorW
0x42f150 SetWindowLongW
0x42f154 GetWindowLongW
0x42f158 AdjustWindowRect
0x42f15c UpdateWindow
d3d11.dll
0x42f164 D3D11CreateDeviceAndSwapChain
gdiplus.dll
0x42f16c GdiplusStartup
0x42f170 GdiplusShutdown
EAT(Export Address Table) is none
KERNEL32.dll
0x42f000 FormatMessageW
0x42f004 VirtualProtect
0x42f008 CreateFileW
0x42f00c CloseHandle
0x42f010 GetConsoleMode
0x42f014 GetConsoleOutputCP
0x42f018 FlushFileBuffers
0x42f01c HeapSize
0x42f020 SetFilePointerEx
0x42f024 GetProcessHeap
0x42f028 SetStdHandle
0x42f02c FreeEnvironmentStringsW
0x42f030 GetEnvironmentStringsW
0x42f034 GetCommandLineW
0x42f038 GetCommandLineA
0x42f03c GetOEMCP
0x42f040 GetACP
0x42f044 IsValidCodePage
0x42f048 FindNextFileW
0x42f04c FindFirstFileExW
0x42f050 FindClose
0x42f054 HeapReAlloc
0x42f058 LCMapStringW
0x42f05c GetFileType
0x42f060 HeapAlloc
0x42f064 HeapFree
0x42f068 GetModuleHandleExW
0x42f06c ExitProcess
0x42f070 GetModuleFileNameW
0x42f074 WriteFile
0x42f078 GetStdHandle
0x42f07c WideCharToMultiByte
0x42f080 MultiByteToWideChar
0x42f084 GetStringTypeW
0x42f088 EnterCriticalSection
0x42f08c LeaveCriticalSection
0x42f090 InitializeCriticalSectionEx
0x42f094 DeleteCriticalSection
0x42f098 EncodePointer
0x42f09c DecodePointer
0x42f0a0 GetCPInfo
0x42f0a4 IsProcessorFeaturePresent
0x42f0a8 QueryPerformanceCounter
0x42f0ac GetCurrentProcessId
0x42f0b0 GetCurrentThreadId
0x42f0b4 GetSystemTimeAsFileTime
0x42f0b8 InitializeSListHead
0x42f0bc IsDebuggerPresent
0x42f0c0 UnhandledExceptionFilter
0x42f0c4 SetUnhandledExceptionFilter
0x42f0c8 GetStartupInfoW
0x42f0cc GetModuleHandleW
0x42f0d0 GetCurrentProcess
0x42f0d4 TerminateProcess
0x42f0d8 RaiseException
0x42f0dc RtlUnwind
0x42f0e0 GetLastError
0x42f0e4 SetLastError
0x42f0e8 InitializeCriticalSectionAndSpinCount
0x42f0ec TlsAlloc
0x42f0f0 TlsGetValue
0x42f0f4 TlsSetValue
0x42f0f8 TlsFree
0x42f0fc FreeLibrary
0x42f100 GetProcAddress
0x42f104 LoadLibraryExW
0x42f108 WriteConsoleW
USER32.dll
0x42f110 MessageBoxW
0x42f114 GrayStringA
0x42f118 GetDC
0x42f11c TranslateMessage
0x42f120 DispatchMessageW
0x42f124 PeekMessageW
0x42f128 DefWindowProcW
0x42f12c PostQuitMessage
0x42f130 UnregisterClassW
0x42f134 RegisterClassExW
0x42f138 CreateWindowExW
0x42f13c ShowWindow
0x42f140 SetCapture
0x42f144 ReleaseCapture
0x42f148 LoadImageW
0x42f14c LoadCursorW
0x42f150 SetWindowLongW
0x42f154 GetWindowLongW
0x42f158 AdjustWindowRect
0x42f15c UpdateWindow
d3d11.dll
0x42f164 D3D11CreateDeviceAndSwapChain
gdiplus.dll
0x42f16c GdiplusStartup
0x42f170 GdiplusShutdown
EAT(Export Address Table) is none