ScreenShot
| Created | 2021.08.13 20:33 | Machine | s1_win7_x6402 |
| Filename | update.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (Danabot, malicious, high confidence, score, GenericRXAA, Unsafe, ONMW, Attribute, HighConfidence, BankerX, Stjx, AGEN, Siggen14, Infected, CK4OC3, susgen, kcloud, R430712, R002H0CHC21, GdSda, TrojanPSW, HgkASaQA) | ||
| md5 | c00d207efb855910154389b48404e550 | ||
| sha256 | 716e5a3d29ff525aed30c18061daff4b496f3f828ba2ac763efd857062a42e96 | ||
| ssdeep | 24576:qcFPyLyEv4NeAXD+Rk+p736lDEU4KgTfp:RQa+lKlDJgT | ||
| imphash | 5f64f70cee34af5497ae02dd3fd387b7 | ||
| impfuzzy | 96:ocOvXVR0MYg2cfprt0hX11bFJecn1V+eKh1DwPOQ7:occFcvFdeA1sh2POQ7 | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Queries for potentially installed applications |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | Tries to locate where the browsers are installed |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x53852c SysFreeString
0x538530 SysReAllocStringLen
0x538534 SysAllocStringLen
advapi32.dll
0x53853c RegQueryValueExW
0x538540 RegOpenKeyExW
0x538544 RegCloseKey
user32.dll
0x53854c CharNextW
0x538550 LoadStringW
kernel32.dll
0x538558 Sleep
0x53855c VirtualFree
0x538560 VirtualAlloc
0x538564 lstrlenW
0x538568 VirtualQuery
0x53856c QueryPerformanceCounter
0x538570 GetTickCount
0x538574 GetSystemInfo
0x538578 GetVersion
0x53857c CompareStringW
0x538580 IsValidLocale
0x538584 SetThreadLocale
0x538588 GetSystemDefaultUILanguage
0x53858c GetUserDefaultUILanguage
0x538590 GetLocaleInfoW
0x538594 WideCharToMultiByte
0x538598 MultiByteToWideChar
0x53859c GetACP
0x5385a0 LoadLibraryExW
0x5385a4 GetStartupInfoW
0x5385a8 GetProcAddress
0x5385ac GetModuleHandleW
0x5385b0 GetModuleFileNameW
0x5385b4 GetCommandLineW
0x5385b8 FreeLibrary
0x5385bc GetLastError
0x5385c0 UnhandledExceptionFilter
0x5385c4 RtlUnwind
0x5385c8 RaiseException
0x5385cc ExitProcess
0x5385d0 ExitThread
0x5385d4 SwitchToThread
0x5385d8 GetCurrentThreadId
0x5385dc CreateThread
0x5385e0 DeleteCriticalSection
0x5385e4 LeaveCriticalSection
0x5385e8 EnterCriticalSection
0x5385ec InitializeCriticalSection
0x5385f0 FindFirstFileW
0x5385f4 FindClose
0x5385f8 WriteFile
0x5385fc GetStdHandle
0x538600 CloseHandle
kernel32.dll
0x538608 GetProcAddress
0x53860c RaiseException
0x538610 LoadLibraryA
0x538614 GetLastError
0x538618 TlsSetValue
0x53861c TlsGetValue
0x538620 TlsFree
0x538624 TlsAlloc
0x538628 LocalFree
0x53862c LocalAlloc
0x538630 FreeLibrary
user32.dll
0x538638 ReleaseDC
0x53863c PeekMessageW
0x538640 MsgWaitForMultipleObjects
0x538644 MessageBoxW
0x538648 LoadStringW
0x53864c LoadIconW
0x538650 GetSystemMetrics
0x538654 GetSysColor
0x538658 GetDC
0x53865c FrameRect
0x538660 FillRect
0x538664 DrawTextExW
0x538668 DrawFocusRect
0x53866c CharUpperBuffW
0x538670 CharUpperW
0x538674 CharLowerBuffW
gdi32.dll
0x53867c UnrealizeObject
0x538680 StretchBlt
0x538684 SetTextColor
0x538688 SetStretchBltMode
0x53868c SetROP2
0x538690 SetPixel
0x538694 SetDIBColorTable
0x538698 SetBrushOrgEx
0x53869c SetBkMode
0x5386a0 SetBkColor
0x5386a4 SelectPalette
0x5386a8 SelectObject
0x5386ac RoundRect
0x5386b0 Rectangle
0x5386b4 RealizePalette
0x5386b8 Polyline
0x5386bc Polygon
0x5386c0 PolyBezierTo
0x5386c4 PolyBezier
0x5386c8 Pie
0x5386cc PatBlt
0x5386d0 MoveToEx
0x5386d4 MaskBlt
0x5386d8 LineTo
0x5386dc GetWindowOrgEx
0x5386e0 GetTextMetricsW
0x5386e4 GetTextExtentPoint32W
0x5386e8 GetSystemPaletteEntries
0x5386ec GetStretchBltMode
0x5386f0 GetStockObject
0x5386f4 GetPixel
0x5386f8 GetPaletteEntries
0x5386fc GetObjectW
0x538700 GetDeviceCaps
0x538704 GetDIBits
0x538708 GetDIBColorTable
0x53870c GetCurrentPositionEx
0x538710 GetClipBox
0x538714 GetBrushOrgEx
0x538718 GdiFlush
0x53871c ExtTextOutW
0x538720 ExtFloodFill
0x538724 Ellipse
0x538728 DeleteObject
0x53872c DeleteDC
0x538730 CreatePenIndirect
0x538734 CreatePalette
0x538738 CreateHalftonePalette
0x53873c CreateFontIndirectW
0x538740 CreateDIBitmap
0x538744 CreateDIBSection
0x538748 CreateCompatibleDC
0x53874c CreateCompatibleBitmap
0x538750 CreateBrushIndirect
0x538754 CreateBitmap
0x538758 Chord
0x53875c BitBlt
0x538760 ArcTo
0x538764 Arc
0x538768 AngleArc
version.dll
0x538770 VerQueryValueW
0x538774 GetFileVersionInfoSizeW
0x538778 GetFileVersionInfoW
kernel32.dll
0x538780 WriteFile
0x538784 WideCharToMultiByte
0x538788 WaitForSingleObject
0x53878c VirtualQueryEx
0x538790 VirtualQuery
0x538794 VirtualProtect
0x538798 VirtualFree
0x53879c VerSetConditionMask
0x5387a0 VerifyVersionInfoW
0x5387a4 TerminateProcess
0x5387a8 SwitchToThread
0x5387ac SuspendThread
0x5387b0 Sleep
0x5387b4 SizeofResource
0x5387b8 SetThreadPriority
0x5387bc SetFilePointer
0x5387c0 SetEvent
0x5387c4 SetEndOfFile
0x5387c8 ResumeThread
0x5387cc ResetEvent
0x5387d0 ReadFile
0x5387d4 RaiseException
0x5387d8 IsDebuggerPresent
0x5387dc MulDiv
0x5387e0 LockResource
0x5387e4 LocalFree
0x5387e8 LoadResource
0x5387ec LoadLibraryW
0x5387f0 LeaveCriticalSection
0x5387f4 IsValidLocale
0x5387f8 InitializeCriticalSection
0x5387fc HeapSize
0x538800 HeapFree
0x538804 HeapDestroy
0x538808 HeapCreate
0x53880c HeapAlloc
0x538810 GetVersionExW
0x538814 GetTickCount
0x538818 GetThreadPriority
0x53881c GetThreadLocale
0x538820 GetStdHandle
0x538824 GetProcAddress
0x538828 GetModuleHandleW
0x53882c GetModuleFileNameW
0x538830 GetLocaleInfoW
0x538834 GetLocalTime
0x538838 GetLastError
0x53883c GetFullPathNameW
0x538840 GetFileAttributesW
0x538844 GetExitCodeThread
0x538848 GetDiskFreeSpaceW
0x53884c GetDateFormatW
0x538850 GetCurrentThreadId
0x538854 GetCurrentThread
0x538858 GetCurrentProcess
0x53885c GetCPInfoExW
0x538860 GetCPInfo
0x538864 GetACP
0x538868 FreeResource
0x53886c FreeLibrary
0x538870 FormatMessageW
0x538874 FindResourceW
0x538878 FindFirstFileW
0x53887c FindClose
0x538880 EnumSystemLocalesW
0x538884 EnumCalendarInfoW
0x538888 EnterCriticalSection
0x53888c DeleteCriticalSection
0x538890 CreateFileW
0x538894 CreateEventW
0x538898 CompareStringW
0x53889c CloseHandle
advapi32.dll
0x5388a4 RegUnLoadKeyW
0x5388a8 RegSetValueExW
0x5388ac RegSaveKeyW
0x5388b0 RegRestoreKeyW
0x5388b4 RegReplaceKeyW
0x5388b8 RegQueryValueExW
0x5388bc RegQueryInfoKeyW
0x5388c0 RegOpenKeyExW
0x5388c4 RegLoadKeyW
0x5388c8 RegFlushKey
0x5388cc RegEnumValueW
0x5388d0 RegEnumKeyExW
0x5388d4 RegDeleteValueW
0x5388d8 RegDeleteKeyW
0x5388dc RegCreateKeyExW
0x5388e0 RegConnectRegistryW
0x5388e4 RegCloseKey
kernel32.dll
0x5388ec Sleep
netapi32.dll
0x5388f4 NetApiBufferFree
0x5388f8 NetWkstaGetInfo
oleaut32.dll
0x538900 SafeArrayPtrOfIndex
0x538904 SafeArrayGetUBound
0x538908 SafeArrayGetLBound
0x53890c SafeArrayCreate
0x538910 VariantChangeType
0x538914 VariantCopy
0x538918 VariantClear
0x53891c VariantInit
msvcrt.dll
0x538924 memcpy
EAT(Export Address Table) Library
0x45f4e0 TMethodImplementationIntercept
0x410488 __dbk_fcall_wrapper
0x535630 dbkFCallWrapperAddr
oleaut32.dll
0x53852c SysFreeString
0x538530 SysReAllocStringLen
0x538534 SysAllocStringLen
advapi32.dll
0x53853c RegQueryValueExW
0x538540 RegOpenKeyExW
0x538544 RegCloseKey
user32.dll
0x53854c CharNextW
0x538550 LoadStringW
kernel32.dll
0x538558 Sleep
0x53855c VirtualFree
0x538560 VirtualAlloc
0x538564 lstrlenW
0x538568 VirtualQuery
0x53856c QueryPerformanceCounter
0x538570 GetTickCount
0x538574 GetSystemInfo
0x538578 GetVersion
0x53857c CompareStringW
0x538580 IsValidLocale
0x538584 SetThreadLocale
0x538588 GetSystemDefaultUILanguage
0x53858c GetUserDefaultUILanguage
0x538590 GetLocaleInfoW
0x538594 WideCharToMultiByte
0x538598 MultiByteToWideChar
0x53859c GetACP
0x5385a0 LoadLibraryExW
0x5385a4 GetStartupInfoW
0x5385a8 GetProcAddress
0x5385ac GetModuleHandleW
0x5385b0 GetModuleFileNameW
0x5385b4 GetCommandLineW
0x5385b8 FreeLibrary
0x5385bc GetLastError
0x5385c0 UnhandledExceptionFilter
0x5385c4 RtlUnwind
0x5385c8 RaiseException
0x5385cc ExitProcess
0x5385d0 ExitThread
0x5385d4 SwitchToThread
0x5385d8 GetCurrentThreadId
0x5385dc CreateThread
0x5385e0 DeleteCriticalSection
0x5385e4 LeaveCriticalSection
0x5385e8 EnterCriticalSection
0x5385ec InitializeCriticalSection
0x5385f0 FindFirstFileW
0x5385f4 FindClose
0x5385f8 WriteFile
0x5385fc GetStdHandle
0x538600 CloseHandle
kernel32.dll
0x538608 GetProcAddress
0x53860c RaiseException
0x538610 LoadLibraryA
0x538614 GetLastError
0x538618 TlsSetValue
0x53861c TlsGetValue
0x538620 TlsFree
0x538624 TlsAlloc
0x538628 LocalFree
0x53862c LocalAlloc
0x538630 FreeLibrary
user32.dll
0x538638 ReleaseDC
0x53863c PeekMessageW
0x538640 MsgWaitForMultipleObjects
0x538644 MessageBoxW
0x538648 LoadStringW
0x53864c LoadIconW
0x538650 GetSystemMetrics
0x538654 GetSysColor
0x538658 GetDC
0x53865c FrameRect
0x538660 FillRect
0x538664 DrawTextExW
0x538668 DrawFocusRect
0x53866c CharUpperBuffW
0x538670 CharUpperW
0x538674 CharLowerBuffW
gdi32.dll
0x53867c UnrealizeObject
0x538680 StretchBlt
0x538684 SetTextColor
0x538688 SetStretchBltMode
0x53868c SetROP2
0x538690 SetPixel
0x538694 SetDIBColorTable
0x538698 SetBrushOrgEx
0x53869c SetBkMode
0x5386a0 SetBkColor
0x5386a4 SelectPalette
0x5386a8 SelectObject
0x5386ac RoundRect
0x5386b0 Rectangle
0x5386b4 RealizePalette
0x5386b8 Polyline
0x5386bc Polygon
0x5386c0 PolyBezierTo
0x5386c4 PolyBezier
0x5386c8 Pie
0x5386cc PatBlt
0x5386d0 MoveToEx
0x5386d4 MaskBlt
0x5386d8 LineTo
0x5386dc GetWindowOrgEx
0x5386e0 GetTextMetricsW
0x5386e4 GetTextExtentPoint32W
0x5386e8 GetSystemPaletteEntries
0x5386ec GetStretchBltMode
0x5386f0 GetStockObject
0x5386f4 GetPixel
0x5386f8 GetPaletteEntries
0x5386fc GetObjectW
0x538700 GetDeviceCaps
0x538704 GetDIBits
0x538708 GetDIBColorTable
0x53870c GetCurrentPositionEx
0x538710 GetClipBox
0x538714 GetBrushOrgEx
0x538718 GdiFlush
0x53871c ExtTextOutW
0x538720 ExtFloodFill
0x538724 Ellipse
0x538728 DeleteObject
0x53872c DeleteDC
0x538730 CreatePenIndirect
0x538734 CreatePalette
0x538738 CreateHalftonePalette
0x53873c CreateFontIndirectW
0x538740 CreateDIBitmap
0x538744 CreateDIBSection
0x538748 CreateCompatibleDC
0x53874c CreateCompatibleBitmap
0x538750 CreateBrushIndirect
0x538754 CreateBitmap
0x538758 Chord
0x53875c BitBlt
0x538760 ArcTo
0x538764 Arc
0x538768 AngleArc
version.dll
0x538770 VerQueryValueW
0x538774 GetFileVersionInfoSizeW
0x538778 GetFileVersionInfoW
kernel32.dll
0x538780 WriteFile
0x538784 WideCharToMultiByte
0x538788 WaitForSingleObject
0x53878c VirtualQueryEx
0x538790 VirtualQuery
0x538794 VirtualProtect
0x538798 VirtualFree
0x53879c VerSetConditionMask
0x5387a0 VerifyVersionInfoW
0x5387a4 TerminateProcess
0x5387a8 SwitchToThread
0x5387ac SuspendThread
0x5387b0 Sleep
0x5387b4 SizeofResource
0x5387b8 SetThreadPriority
0x5387bc SetFilePointer
0x5387c0 SetEvent
0x5387c4 SetEndOfFile
0x5387c8 ResumeThread
0x5387cc ResetEvent
0x5387d0 ReadFile
0x5387d4 RaiseException
0x5387d8 IsDebuggerPresent
0x5387dc MulDiv
0x5387e0 LockResource
0x5387e4 LocalFree
0x5387e8 LoadResource
0x5387ec LoadLibraryW
0x5387f0 LeaveCriticalSection
0x5387f4 IsValidLocale
0x5387f8 InitializeCriticalSection
0x5387fc HeapSize
0x538800 HeapFree
0x538804 HeapDestroy
0x538808 HeapCreate
0x53880c HeapAlloc
0x538810 GetVersionExW
0x538814 GetTickCount
0x538818 GetThreadPriority
0x53881c GetThreadLocale
0x538820 GetStdHandle
0x538824 GetProcAddress
0x538828 GetModuleHandleW
0x53882c GetModuleFileNameW
0x538830 GetLocaleInfoW
0x538834 GetLocalTime
0x538838 GetLastError
0x53883c GetFullPathNameW
0x538840 GetFileAttributesW
0x538844 GetExitCodeThread
0x538848 GetDiskFreeSpaceW
0x53884c GetDateFormatW
0x538850 GetCurrentThreadId
0x538854 GetCurrentThread
0x538858 GetCurrentProcess
0x53885c GetCPInfoExW
0x538860 GetCPInfo
0x538864 GetACP
0x538868 FreeResource
0x53886c FreeLibrary
0x538870 FormatMessageW
0x538874 FindResourceW
0x538878 FindFirstFileW
0x53887c FindClose
0x538880 EnumSystemLocalesW
0x538884 EnumCalendarInfoW
0x538888 EnterCriticalSection
0x53888c DeleteCriticalSection
0x538890 CreateFileW
0x538894 CreateEventW
0x538898 CompareStringW
0x53889c CloseHandle
advapi32.dll
0x5388a4 RegUnLoadKeyW
0x5388a8 RegSetValueExW
0x5388ac RegSaveKeyW
0x5388b0 RegRestoreKeyW
0x5388b4 RegReplaceKeyW
0x5388b8 RegQueryValueExW
0x5388bc RegQueryInfoKeyW
0x5388c0 RegOpenKeyExW
0x5388c4 RegLoadKeyW
0x5388c8 RegFlushKey
0x5388cc RegEnumValueW
0x5388d0 RegEnumKeyExW
0x5388d4 RegDeleteValueW
0x5388d8 RegDeleteKeyW
0x5388dc RegCreateKeyExW
0x5388e0 RegConnectRegistryW
0x5388e4 RegCloseKey
kernel32.dll
0x5388ec Sleep
netapi32.dll
0x5388f4 NetApiBufferFree
0x5388f8 NetWkstaGetInfo
oleaut32.dll
0x538900 SafeArrayPtrOfIndex
0x538904 SafeArrayGetUBound
0x538908 SafeArrayGetLBound
0x53890c SafeArrayCreate
0x538910 VariantChangeType
0x538914 VariantCopy
0x538918 VariantClear
0x53891c VariantInit
msvcrt.dll
0x538924 memcpy
EAT(Export Address Table) Library
0x45f4e0 TMethodImplementationIntercept
0x410488 __dbk_fcall_wrapper
0x535630 dbkFCallWrapperAddr