ScreenShot
| Created | 2021.08.12 09:45 | Machine | s1_win7_x6402 |
| Filename | JavaE.dll | ||
| Type | MS-DOS executable, MZ for MS-DOS | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 17 detected (malicious, high confidence, score, Unsafe, Save, Attribute, HighConfidence, Kryptik, HMAC, Cridex, DangerousSig, SpyBot, MalCert, Wacatac, BScope, TrojanBanker, Danabot, GdSda) | ||
| md5 | 309661983ec46afb1868c9b8954d6b5e | ||
| sha256 | e6e972d93f6d8d1dbb56f41027614d7738bbe73d9a8cc65de8b06da666440ae5 | ||
| ssdeep | 12288:nioQBrcKxHPULy+QVo5XeT8zZlmVlC+Q2cjQ7CJXPcq9g8:n9Q9cKxHo55Og9lU4xH | ||
| imphash | 21032b08528b054e353a7a5a56440c82 | ||
| impfuzzy | 3:swBJAEPwSx2ASAy0JEQaxRnAASxqETo5IlGBJ8UGm8IxRDMJRaHtcfXRlmFUIUGO:dBJAEnSCyRn55GGBJqVIASYcfvqX | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x100c804b LoadLibraryA
0x100c804f GetModuleHandleW
0x100c8053 VirtualProtectEx
0x100c8057 GetModuleFileNameA
msvcrt.dll
0x100c805f _initterm
0x100c8063 malloc
0x100c8067 _amsg_exit
0x100c806b _XcptFilter
0x100c806f wcstoul
0x100c8073 free
0x100c8077 _wcsicmp
0x100c807b memcpy
0x100c807f memset
ntdll.dll
0x100c8087 RtlEqualSid
EAT(Export Address Table) Library
0x10052679 DllGetClassObject
0x10056b4c DllRegisterServer
0x10059d28 DllUnregisterServer
0x1005e8c8 DllCanUnloadNow
kernel32.dll
0x100c804b LoadLibraryA
0x100c804f GetModuleHandleW
0x100c8053 VirtualProtectEx
0x100c8057 GetModuleFileNameA
msvcrt.dll
0x100c805f _initterm
0x100c8063 malloc
0x100c8067 _amsg_exit
0x100c806b _XcptFilter
0x100c806f wcstoul
0x100c8073 free
0x100c8077 _wcsicmp
0x100c807b memcpy
0x100c807f memset
ntdll.dll
0x100c8087 RtlEqualSid
EAT(Export Address Table) Library
0x10052679 DllGetClassObject
0x10056b4c DllRegisterServer
0x10059d28 DllUnregisterServer
0x1005e8c8 DllCanUnloadNow