Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.08.09 11:28	Machine	s1_win7_x6402
Filename	360sd.dll
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
AI Score	4	Behavior Score	0.4
ZERO API	file : clean
VT API (file)	8 detected (AIDetect, malware1, HackTool, GameHack, EBE potentially unsafe, QB3KOV, R002H06GO21)
md5	6168ff8527adff76a81c1e8017aa6278
sha256	911b6d4ff2ec5c1084c681a932b43deabc66ee818baf527ab0b4be08c7ce54bb
ssdeep	1536:mo+/K1evKMGG1X4TI8qhPGLrcUdDDDL+pNVERbBMGwLP:ZeS5G1XmVLVDv+pNVERlrwb
imphash	c908bbc8d16008d6754c2e5ae10a2d15
impfuzzy	96:rXwi8vQLupYsZENlL+/saQZ5sWbeK2ziU4xhgzUayVatcOoIqsAs9Bv1zyOTRyK:LZJ7v20SyEulgV1zyi

Network IP location

Signature (1cnts)

Level	Description
notice	File has been identified by 8 AntiVirus engines on VirusTotal as malicious

Rules (5cnts)

Level	Name	Description	Collection
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x1000d028 OpenProcess
0x1000d02c CreateToolhelp32Snapshot
0x1000d030 Process32Next
0x1000d034 CloseHandle
0x1000d038 GetPrivateProfileIntA
0x1000d03c GetPrivateProfileStringA
0x1000d040 Module32Next
0x1000d044 InitializeSListHead
0x1000d048 GetSystemTimeAsFileTime
0x1000d04c GetCurrentThreadId
0x1000d050 GetCurrentProcessId
0x1000d054 QueryPerformanceCounter
0x1000d058 IsDebuggerPresent
0x1000d05c IsProcessorFeaturePresent
0x1000d060 TerminateProcess
0x1000d064 GetCurrentProcess
0x1000d068 SetUnhandledExceptionFilter
0x1000d06c UnhandledExceptionFilter
0x1000d070 GetProcAddress
0x1000d074 GetModuleHandleW
0x1000d078 CreateEventW
0x1000d07c DeleteCriticalSection
0x1000d080 InitializeCriticalSectionAndSpinCount
0x1000d084 SetConsoleCursorInfo
0x1000d088 GetConsoleCursorInfo
0x1000d08c GetStdHandle
0x1000d090 AllocConsole
0x1000d094 GetConsoleWindow
0x1000d098 Beep
0x1000d09c CreateThread
0x1000d0a0 DisableThreadLibraryCalls
0x1000d0a4 SetConsoleTitleA
0x1000d0a8 SetConsoleCursorPosition
0x1000d0ac GetModuleHandleA
0x1000d0b0 ReadProcessMemory
0x1000d0b4 Sleep
0x1000d0b8 WriteProcessMemory
USER32.dll
0x1000d194 GetDC
0x1000d198 IsWindowVisible
0x1000d19c GetWindowPlacement
0x1000d1a0 ShowWindow
0x1000d1a4 GetForegroundWindow
0x1000d1a8 MoveWindow
0x1000d1ac FindWindowA
0x1000d1b0 GetAsyncKeyState
0x1000d1b4 SetCursorPos
0x1000d1b8 mouse_event
0x1000d1bc GetWindowRect
GDI32.dll
0x1000d000 SetBkColor
0x1000d004 DeleteObject
0x1000d008 SetTextAlign
0x1000d00c GetPixel
0x1000d010 SetBkMode
0x1000d014 TextOutA
0x1000d018 SetTextColor
0x1000d01c SetPixel
0x1000d020 SelectObject
MSVCP140.dll
0x1000d0c0 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1000d0c4 ?uncaught_exception@std@@YA_NXZ
0x1000d0c8 ?_Xlength_error@std@@YAXPBD@Z
0x1000d0cc ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
0x1000d0d0 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
0x1000d0d4 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
0x1000d0d8 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
0x1000d0dc ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
0x1000d0e0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
0x1000d0e4 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x1000d0e8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
0x1000d0ec ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
0x1000d0f0 ?_Xout_of_range@std@@YAXPBD@Z
0x1000d0f4 _Cnd_signal
0x1000d0f8 ??1_Lockit@std@@QAE@XZ
0x1000d0fc ??0_Lockit@std@@QAE@H@Z
0x1000d100 ?_Throw_Cpp_error@std@@YAXH@Z
0x1000d104 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x1000d108 ?_Throw_C_error@std@@YAXH@Z
0x1000d10c ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x1000d110 ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
0x1000d114 _Mtx_lock
0x1000d118 _Cnd_do_broadcast_at_thread_exit
0x1000d11c _Cnd_destroy
0x1000d120 _Cnd_wait
0x1000d124 _Mtx_init
0x1000d128 _Thrd_start
0x1000d12c _Thrd_id
0x1000d130 _Mtx_destroy
0x1000d134 _Cnd_init
0x1000d138 _Thrd_join
0x1000d13c _Mtx_unlock
0x1000d140 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x1000d144 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
0x1000d148 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
0x1000d14c ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
0x1000d150 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x1000d154 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
0x1000d158 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x1000d15c ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x1000d160 ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x1000d164 ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x1000d168 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
0x1000d16c ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
0x1000d170 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
0x1000d174 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
0x1000d178 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
0x1000d17c ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x1000d180 ?always_noconv@codecvt_base@std@@QBE_NXZ
0x1000d184 ??Bid@locale@std@@QAEIXZ
0x1000d188 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
0x1000d18c ?_Xinvalid_argument@std@@YAXPBD@Z
WINMM.dll
0x1000d1f0 PlaySoundA
VCRUNTIME140.dll
0x1000d1c4 memcpy
0x1000d1c8 __CxxFrameHandler3
0x1000d1cc __std_terminate
0x1000d1d0 memmove
0x1000d1d4 __std_exception_destroy
0x1000d1d8 __std_exception_copy
0x1000d1dc _CxxThrowException
0x1000d1e0 __std_type_info_destroy_list
0x1000d1e4 memset
0x1000d1e8 _except_handler4_common
api-ms-win-crt-string-l1-1-0.dll
0x1000d2b4 toupper
api-ms-win-crt-runtime-l1-1-0.dll
0x1000d234 _initterm
0x1000d238 _initterm_e
0x1000d23c _invalid_parameter_noinfo_noreturn
0x1000d240 _errno
0x1000d244 _seh_filter_dll
0x1000d248 _crt_atexit
0x1000d24c _execute_onexit_table
0x1000d250 _cexit
0x1000d254 _register_onexit_function
0x1000d258 _initialize_onexit_table
0x1000d25c _initialize_narrow_environment
0x1000d260 _configure_narrow_argv
0x1000d264 terminate
api-ms-win-crt-stdio-l1-1-0.dll
0x1000d26c fputc
0x1000d270 _get_stream_buffer_pointers
0x1000d274 freopen_s
0x1000d278 _fseeki64
0x1000d27c fread
0x1000d280 fsetpos
0x1000d284 getchar
0x1000d288 ungetc
0x1000d28c setvbuf
0x1000d290 fgetpos
0x1000d294 fwrite
0x1000d298 __stdio_common_vsprintf
0x1000d29c __stdio_common_vfprintf
0x1000d2a0 fgetc
0x1000d2a4 fclose
0x1000d2a8 fflush
0x1000d2ac __acrt_iob_func
api-ms-win-crt-filesystem-l1-1-0.dll
0x1000d200 _unlock_file
0x1000d204 _lock_file
api-ms-win-crt-convert-l1-1-0.dll
0x1000d1f8 strtof
api-ms-win-crt-math-l1-1-0.dll
0x1000d21c remainderf
0x1000d220 _CIatan2
0x1000d224 _libm_sse2_exp_precise
0x1000d228 _fdtest
0x1000d22c _libm_sse2_sqrt_precise
api-ms-win-crt-heap-l1-1-0.dll
0x1000d20c _callnewh
0x1000d210 malloc
0x1000d214 free

EAT(Export Address Table) is none

Report - 360sd.dll

Signature (1cnts)

Rules (5cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure