ScreenShot
Created | 2021.08.11 10:26 | Machine | s1_win7_x6401 |
Filename | BBRhE9tEKq | ||
Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | |||
md5 | 87cbf4a86708b610efe3b537ddd5a5e0 | ||
sha256 | f209e7ee8cb14478b2dd8d311ffe26b0ea0c88ae54fed73386d729f00595a70f | ||
ssdeep | 3072:0DHMD9LnP1KxPqM8/1xYTCKJJ+xpm2s7E7jnR1VzGQiEFMFJsvQ:oMhP1cq7/16CT9jnR1Vz7ic | ||
imphash | 9a51ae24217a1bb6b4e51e037dca80bb | ||
impfuzzy | 3:DyWnKtoJhjqMXdTBWwzs6BJO7PvXZElAae0JSxq3T8M9C9XXPQBADE:ZKOJd3K0rArvX6lXNT8z1XYBD |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
watch | Tries to unhook Windows functions monitored by Cuckoo |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | One or more processes crashed |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
info | IsDLL | (no description) | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x10007024 TranslateMessage
OLEAUT32.dll
0x1000701c VarI2FromCy
msvcrt.dll
0x1000702c memset
KERNEL32.dll
0x10007008 CloseHandle
0x1000700c OutputDebugStringA
0x10007010 CreateFileW
0x10007014 GetModuleFileNameA
ADVAPI32.dll
0x10007000 RegOverridePredefKey
EAT(Export Address Table) Library
0x10025462 FnloderTrRppee
USER32.dll
0x10007024 TranslateMessage
OLEAUT32.dll
0x1000701c VarI2FromCy
msvcrt.dll
0x1000702c memset
KERNEL32.dll
0x10007008 CloseHandle
0x1000700c OutputDebugStringA
0x10007010 CreateFileW
0x10007014 GetModuleFileNameA
ADVAPI32.dll
0x10007000 RegOverridePredefKey
EAT(Export Address Table) Library
0x10025462 FnloderTrRppee