popup

Report - X9nWfTSb5W

Malicious Library DLL PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.11 10:35 Machine s1_win7_x6401
Filename X9nWfTSb5W
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
1.2
ZERO API file : malware
VT API (file)
md5 fb3d8688051c380c4c8ae678899c09c6
sha256 7d68be4fcc436133eb2553595ecb90d1c170fb63d6e8dbb471c475eb12d0e005
ssdeep 3072:yb51A6VG71Eq55xw1jgDlO1poE2rm4coM+cxJdfhRlGg5e:yb7tghEq3xw1j4kpP2rmLffxvfhRlGe
imphash 8742cdbb7107c49bd94093e149d7e0d4
impfuzzy 3:LRpAXQFMLAj/Ld9C9XXPQBADgEBT8M9CByz0JSx2ASAy0JSxqEsWBJAMgrdWwzmP:lYQ9jm1XYBVoT8zw7SpBJAMlfxBn
  Network IP location

Signature (3cnts)

Level Description
watch Tries to unhook Windows functions monitored by Cuckoo
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

GDI32.dll
 0x1000700c GetFontData
USER32.dll
 0x1000702c ShowOwnedPopups
ADVAPI32.dll
 0x10007000 RegOverridePredefKey
 0x10007004 RegisterEventSourceW
KERNEL32.dll
 0x10007014 GetModuleHandleW
 0x10007018 GetModuleFileNameA
 0x1000701c LoadLibraryExA
msvcrt.dll
 0x10007034 memset
OLEAUT32.dll
 0x10007024 VarBstrFromDec

EAT(Export Address Table) Library

0x100255c0 FWroeeWqoinnmw

Similarity measure (PE file only) - Checking for service failure