ScreenShot
| Created | 2021.08.05 10:44 | Machine | s1_win7_x6403 |
| Filename | 4913.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 11 detected (Cobalt, Artemis, kcloud, Vigorf, Malicious, score) | ||
| md5 | c00e0917372861f279731776738ce2f3 | ||
| sha256 | cf1043d00d87887f92a59e86296d1b7acaf37ccb33e9d2ce1f3c40d669de8ed5 | ||
| ssdeep | 12288:FPddKVO4kguV+5j5HJl05TKD58s6WwbWZS+QhLQXoiah6dCaBSPZC1XZIa0c:Jddbr0HJll58cKhcoh6IyXONc | ||
| imphash | 2869cb885758b15d003acb119f131468 | ||
| impfuzzy | 24:no614djMCuuMBqcDNbkaVZ+kLLqGSTydX8JOmc3bVja4liq9x91DvlxcqcBZy:nobFMCArZ+ktBdX8JOmL4l5x91Dvkqcq | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1d79702ac AddVectoredExceptionHandler
0x1d79702b4 CloseHandle
0x1d79702bc CreateEventA
0x1d79702c4 CreateIoCompletionPort
0x1d79702cc CreateThread
0x1d79702d4 CreateWaitableTimerExW
0x1d79702dc DeleteCriticalSection
0x1d79702e4 DuplicateHandle
0x1d79702ec EnterCriticalSection
0x1d79702f4 ExitProcess
0x1d79702fc FreeEnvironmentStringsW
0x1d7970304 GetConsoleMode
0x1d797030c GetEnvironmentStringsW
0x1d7970314 GetLastError
0x1d797031c GetProcAddress
0x1d7970324 GetProcessAffinityMask
0x1d797032c GetProcessHeap
0x1d7970334 GetQueuedCompletionStatusEx
0x1d797033c GetStdHandle
0x1d7970344 GetSystemDirectoryA
0x1d797034c GetSystemInfo
0x1d7970354 GetThreadContext
0x1d797035c HeapAlloc
0x1d7970364 InitializeCriticalSection
0x1d797036c IsDBCSLeadByteEx
0x1d7970374 LeaveCriticalSection
0x1d797037c LoadLibraryA
0x1d7970384 LoadLibraryW
0x1d797038c MultiByteToWideChar
0x1d7970394 PostQueuedCompletionStatus
0x1d797039c ReadProcessMemory
0x1d79703a4 ResumeThread
0x1d79703ac SetConsoleCtrlHandler
0x1d79703b4 SetErrorMode
0x1d79703bc SetEvent
0x1d79703c4 SetProcessPriorityBoost
0x1d79703cc SetThreadContext
0x1d79703d4 SetUnhandledExceptionFilter
0x1d79703dc SetWaitableTimer
0x1d79703e4 Sleep
0x1d79703ec SuspendThread
0x1d79703f4 SwitchToThread
0x1d79703fc TlsGetValue
0x1d7970404 VirtualAlloc
0x1d797040c VirtualFree
0x1d7970414 VirtualProtect
0x1d797041c VirtualQuery
0x1d7970424 WaitForMultipleObjects
0x1d797042c WaitForSingleObject
0x1d7970434 WideCharToMultiByte
0x1d797043c WriteConsoleW
0x1d7970444 WriteFile
msvcrt.dll
0x1d7970454 ___lc_codepage_func
0x1d797045c ___mb_cur_max_func
0x1d7970464 __iob_func
0x1d797046c _amsg_exit
0x1d7970474 _beginthread
0x1d797047c _errno
0x1d7970484 _initterm
0x1d797048c _lock
0x1d7970494 _unlock
0x1d797049c abort
0x1d79704a4 calloc
0x1d79704ac fputc
0x1d79704b4 free
0x1d79704bc fwrite
0x1d79704c4 localeconv
0x1d79704cc malloc
0x1d79704d4 memcpy
0x1d79704dc memset
0x1d79704e4 realloc
0x1d79704ec strerror
0x1d79704f4 strlen
0x1d79704fc strncmp
0x1d7970504 vfprintf
0x1d797050c wcslen
EAT(Export Address Table) Library
0x1d785fad0 DllRegisterServer
0x1d796db40 _cgo_dummy_export
KERNEL32.dll
0x1d79702ac AddVectoredExceptionHandler
0x1d79702b4 CloseHandle
0x1d79702bc CreateEventA
0x1d79702c4 CreateIoCompletionPort
0x1d79702cc CreateThread
0x1d79702d4 CreateWaitableTimerExW
0x1d79702dc DeleteCriticalSection
0x1d79702e4 DuplicateHandle
0x1d79702ec EnterCriticalSection
0x1d79702f4 ExitProcess
0x1d79702fc FreeEnvironmentStringsW
0x1d7970304 GetConsoleMode
0x1d797030c GetEnvironmentStringsW
0x1d7970314 GetLastError
0x1d797031c GetProcAddress
0x1d7970324 GetProcessAffinityMask
0x1d797032c GetProcessHeap
0x1d7970334 GetQueuedCompletionStatusEx
0x1d797033c GetStdHandle
0x1d7970344 GetSystemDirectoryA
0x1d797034c GetSystemInfo
0x1d7970354 GetThreadContext
0x1d797035c HeapAlloc
0x1d7970364 InitializeCriticalSection
0x1d797036c IsDBCSLeadByteEx
0x1d7970374 LeaveCriticalSection
0x1d797037c LoadLibraryA
0x1d7970384 LoadLibraryW
0x1d797038c MultiByteToWideChar
0x1d7970394 PostQueuedCompletionStatus
0x1d797039c ReadProcessMemory
0x1d79703a4 ResumeThread
0x1d79703ac SetConsoleCtrlHandler
0x1d79703b4 SetErrorMode
0x1d79703bc SetEvent
0x1d79703c4 SetProcessPriorityBoost
0x1d79703cc SetThreadContext
0x1d79703d4 SetUnhandledExceptionFilter
0x1d79703dc SetWaitableTimer
0x1d79703e4 Sleep
0x1d79703ec SuspendThread
0x1d79703f4 SwitchToThread
0x1d79703fc TlsGetValue
0x1d7970404 VirtualAlloc
0x1d797040c VirtualFree
0x1d7970414 VirtualProtect
0x1d797041c VirtualQuery
0x1d7970424 WaitForMultipleObjects
0x1d797042c WaitForSingleObject
0x1d7970434 WideCharToMultiByte
0x1d797043c WriteConsoleW
0x1d7970444 WriteFile
msvcrt.dll
0x1d7970454 ___lc_codepage_func
0x1d797045c ___mb_cur_max_func
0x1d7970464 __iob_func
0x1d797046c _amsg_exit
0x1d7970474 _beginthread
0x1d797047c _errno
0x1d7970484 _initterm
0x1d797048c _lock
0x1d7970494 _unlock
0x1d797049c abort
0x1d79704a4 calloc
0x1d79704ac fputc
0x1d79704b4 free
0x1d79704bc fwrite
0x1d79704c4 localeconv
0x1d79704cc malloc
0x1d79704d4 memcpy
0x1d79704dc memset
0x1d79704e4 realloc
0x1d79704ec strerror
0x1d79704f4 strlen
0x1d79704fc strncmp
0x1d7970504 vfprintf
0x1d797050c wcslen
EAT(Export Address Table) Library
0x1d785fad0 DllRegisterServer
0x1d796db40 _cgo_dummy_export