ScreenShot
| Created | 2021.08.14 09:53 | Machine | s1_win7_x6402 |
| Filename | update.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 23 detected (malicious, high confidence, Attribute, HighConfidence, Danabot, BankerX, Generic@ML, RDML, a9aUzdfJ8ivNcDTZGblg, Infected, AGEN, Sabsik, N7EEU0, score, R430712, Artemis, susgen, GdSda) | ||
| md5 | fef6b272e83c2db9338ad55ffb6e8f6e | ||
| sha256 | 90d3303cc9628d39013556750168afdcb0d3196d95ae004fd5a9642238636875 | ||
| ssdeep | 24576:2cFXB3P/KiY386VWysaBaotyaD8u9hZ0Bc0TU522c:tWzXko8awdc0Ty22c | ||
| imphash | 5f64f70cee34af5497ae02dd3fd387b7 | ||
| impfuzzy | 96:ocOvXVR0MYg2cfprt0hX11bFJecn1V+eKh1DwPOQ7:occFcvFdeA1sh2POQ7 | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| watch | One or more of the buffers contains an embedded PE file |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Queries for potentially installed applications |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | Tries to locate where the browsers are installed |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
oleaut32.dll
0x53652c SysFreeString
0x536530 SysReAllocStringLen
0x536534 SysAllocStringLen
advapi32.dll
0x53653c RegQueryValueExW
0x536540 RegOpenKeyExW
0x536544 RegCloseKey
user32.dll
0x53654c CharNextW
0x536550 LoadStringW
kernel32.dll
0x536558 Sleep
0x53655c VirtualFree
0x536560 VirtualAlloc
0x536564 lstrlenW
0x536568 VirtualQuery
0x53656c QueryPerformanceCounter
0x536570 GetTickCount
0x536574 GetSystemInfo
0x536578 GetVersion
0x53657c CompareStringW
0x536580 IsValidLocale
0x536584 SetThreadLocale
0x536588 GetSystemDefaultUILanguage
0x53658c GetUserDefaultUILanguage
0x536590 GetLocaleInfoW
0x536594 WideCharToMultiByte
0x536598 MultiByteToWideChar
0x53659c GetACP
0x5365a0 LoadLibraryExW
0x5365a4 GetStartupInfoW
0x5365a8 GetProcAddress
0x5365ac GetModuleHandleW
0x5365b0 GetModuleFileNameW
0x5365b4 GetCommandLineW
0x5365b8 FreeLibrary
0x5365bc GetLastError
0x5365c0 UnhandledExceptionFilter
0x5365c4 RtlUnwind
0x5365c8 RaiseException
0x5365cc ExitProcess
0x5365d0 ExitThread
0x5365d4 SwitchToThread
0x5365d8 GetCurrentThreadId
0x5365dc CreateThread
0x5365e0 DeleteCriticalSection
0x5365e4 LeaveCriticalSection
0x5365e8 EnterCriticalSection
0x5365ec InitializeCriticalSection
0x5365f0 FindFirstFileW
0x5365f4 FindClose
0x5365f8 WriteFile
0x5365fc GetStdHandle
0x536600 CloseHandle
kernel32.dll
0x536608 GetProcAddress
0x53660c RaiseException
0x536610 LoadLibraryA
0x536614 GetLastError
0x536618 TlsSetValue
0x53661c TlsGetValue
0x536620 TlsFree
0x536624 TlsAlloc
0x536628 LocalFree
0x53662c LocalAlloc
0x536630 FreeLibrary
user32.dll
0x536638 ReleaseDC
0x53663c PeekMessageW
0x536640 MsgWaitForMultipleObjects
0x536644 MessageBoxW
0x536648 LoadStringW
0x53664c LoadIconW
0x536650 GetSystemMetrics
0x536654 GetSysColor
0x536658 GetDC
0x53665c FrameRect
0x536660 FillRect
0x536664 DrawTextExW
0x536668 DrawFocusRect
0x53666c CharUpperBuffW
0x536670 CharUpperW
0x536674 CharLowerBuffW
gdi32.dll
0x53667c UnrealizeObject
0x536680 StretchBlt
0x536684 SetTextColor
0x536688 SetStretchBltMode
0x53668c SetROP2
0x536690 SetPixel
0x536694 SetDIBColorTable
0x536698 SetBrushOrgEx
0x53669c SetBkMode
0x5366a0 SetBkColor
0x5366a4 SelectPalette
0x5366a8 SelectObject
0x5366ac RoundRect
0x5366b0 Rectangle
0x5366b4 RealizePalette
0x5366b8 Polyline
0x5366bc Polygon
0x5366c0 PolyBezierTo
0x5366c4 PolyBezier
0x5366c8 Pie
0x5366cc PatBlt
0x5366d0 MoveToEx
0x5366d4 MaskBlt
0x5366d8 LineTo
0x5366dc GetWindowOrgEx
0x5366e0 GetTextMetricsW
0x5366e4 GetTextExtentPoint32W
0x5366e8 GetSystemPaletteEntries
0x5366ec GetStretchBltMode
0x5366f0 GetStockObject
0x5366f4 GetPixel
0x5366f8 GetPaletteEntries
0x5366fc GetObjectW
0x536700 GetDeviceCaps
0x536704 GetDIBits
0x536708 GetDIBColorTable
0x53670c GetCurrentPositionEx
0x536710 GetClipBox
0x536714 GetBrushOrgEx
0x536718 GdiFlush
0x53671c ExtTextOutW
0x536720 ExtFloodFill
0x536724 Ellipse
0x536728 DeleteObject
0x53672c DeleteDC
0x536730 CreatePenIndirect
0x536734 CreatePalette
0x536738 CreateHalftonePalette
0x53673c CreateFontIndirectW
0x536740 CreateDIBitmap
0x536744 CreateDIBSection
0x536748 CreateCompatibleDC
0x53674c CreateCompatibleBitmap
0x536750 CreateBrushIndirect
0x536754 CreateBitmap
0x536758 Chord
0x53675c BitBlt
0x536760 ArcTo
0x536764 Arc
0x536768 AngleArc
version.dll
0x536770 VerQueryValueW
0x536774 GetFileVersionInfoSizeW
0x536778 GetFileVersionInfoW
kernel32.dll
0x536780 WriteFile
0x536784 WideCharToMultiByte
0x536788 WaitForSingleObject
0x53678c VirtualQueryEx
0x536790 VirtualQuery
0x536794 VirtualProtect
0x536798 VirtualFree
0x53679c VerSetConditionMask
0x5367a0 VerifyVersionInfoW
0x5367a4 TerminateProcess
0x5367a8 SwitchToThread
0x5367ac SuspendThread
0x5367b0 Sleep
0x5367b4 SizeofResource
0x5367b8 SetThreadPriority
0x5367bc SetFilePointer
0x5367c0 SetEvent
0x5367c4 SetEndOfFile
0x5367c8 ResumeThread
0x5367cc ResetEvent
0x5367d0 ReadFile
0x5367d4 RaiseException
0x5367d8 IsDebuggerPresent
0x5367dc MulDiv
0x5367e0 LockResource
0x5367e4 LocalFree
0x5367e8 LoadResource
0x5367ec LoadLibraryW
0x5367f0 LeaveCriticalSection
0x5367f4 IsValidLocale
0x5367f8 InitializeCriticalSection
0x5367fc HeapSize
0x536800 HeapFree
0x536804 HeapDestroy
0x536808 HeapCreate
0x53680c HeapAlloc
0x536810 GetVersionExW
0x536814 GetTickCount
0x536818 GetThreadPriority
0x53681c GetThreadLocale
0x536820 GetStdHandle
0x536824 GetProcAddress
0x536828 GetModuleHandleW
0x53682c GetModuleFileNameW
0x536830 GetLocaleInfoW
0x536834 GetLocalTime
0x536838 GetLastError
0x53683c GetFullPathNameW
0x536840 GetFileAttributesW
0x536844 GetExitCodeThread
0x536848 GetDiskFreeSpaceW
0x53684c GetDateFormatW
0x536850 GetCurrentThreadId
0x536854 GetCurrentThread
0x536858 GetCurrentProcess
0x53685c GetCPInfoExW
0x536860 GetCPInfo
0x536864 GetACP
0x536868 FreeResource
0x53686c FreeLibrary
0x536870 FormatMessageW
0x536874 FindResourceW
0x536878 FindFirstFileW
0x53687c FindClose
0x536880 EnumSystemLocalesW
0x536884 EnumCalendarInfoW
0x536888 EnterCriticalSection
0x53688c DeleteCriticalSection
0x536890 CreateFileW
0x536894 CreateEventW
0x536898 CompareStringW
0x53689c CloseHandle
advapi32.dll
0x5368a4 RegUnLoadKeyW
0x5368a8 RegSetValueExW
0x5368ac RegSaveKeyW
0x5368b0 RegRestoreKeyW
0x5368b4 RegReplaceKeyW
0x5368b8 RegQueryValueExW
0x5368bc RegQueryInfoKeyW
0x5368c0 RegOpenKeyExW
0x5368c4 RegLoadKeyW
0x5368c8 RegFlushKey
0x5368cc RegEnumValueW
0x5368d0 RegEnumKeyExW
0x5368d4 RegDeleteValueW
0x5368d8 RegDeleteKeyW
0x5368dc RegCreateKeyExW
0x5368e0 RegConnectRegistryW
0x5368e4 RegCloseKey
kernel32.dll
0x5368ec Sleep
netapi32.dll
0x5368f4 NetApiBufferFree
0x5368f8 NetWkstaGetInfo
oleaut32.dll
0x536900 SafeArrayPtrOfIndex
0x536904 SafeArrayGetUBound
0x536908 SafeArrayGetLBound
0x53690c SafeArrayCreate
0x536910 VariantChangeType
0x536914 VariantCopy
0x536918 VariantClear
0x53691c VariantInit
msvcrt.dll
0x536924 memcpy
EAT(Export Address Table) Library
0x45fbbc TMethodImplementationIntercept
0x410488 __dbk_fcall_wrapper
0x533630 dbkFCallWrapperAddr
oleaut32.dll
0x53652c SysFreeString
0x536530 SysReAllocStringLen
0x536534 SysAllocStringLen
advapi32.dll
0x53653c RegQueryValueExW
0x536540 RegOpenKeyExW
0x536544 RegCloseKey
user32.dll
0x53654c CharNextW
0x536550 LoadStringW
kernel32.dll
0x536558 Sleep
0x53655c VirtualFree
0x536560 VirtualAlloc
0x536564 lstrlenW
0x536568 VirtualQuery
0x53656c QueryPerformanceCounter
0x536570 GetTickCount
0x536574 GetSystemInfo
0x536578 GetVersion
0x53657c CompareStringW
0x536580 IsValidLocale
0x536584 SetThreadLocale
0x536588 GetSystemDefaultUILanguage
0x53658c GetUserDefaultUILanguage
0x536590 GetLocaleInfoW
0x536594 WideCharToMultiByte
0x536598 MultiByteToWideChar
0x53659c GetACP
0x5365a0 LoadLibraryExW
0x5365a4 GetStartupInfoW
0x5365a8 GetProcAddress
0x5365ac GetModuleHandleW
0x5365b0 GetModuleFileNameW
0x5365b4 GetCommandLineW
0x5365b8 FreeLibrary
0x5365bc GetLastError
0x5365c0 UnhandledExceptionFilter
0x5365c4 RtlUnwind
0x5365c8 RaiseException
0x5365cc ExitProcess
0x5365d0 ExitThread
0x5365d4 SwitchToThread
0x5365d8 GetCurrentThreadId
0x5365dc CreateThread
0x5365e0 DeleteCriticalSection
0x5365e4 LeaveCriticalSection
0x5365e8 EnterCriticalSection
0x5365ec InitializeCriticalSection
0x5365f0 FindFirstFileW
0x5365f4 FindClose
0x5365f8 WriteFile
0x5365fc GetStdHandle
0x536600 CloseHandle
kernel32.dll
0x536608 GetProcAddress
0x53660c RaiseException
0x536610 LoadLibraryA
0x536614 GetLastError
0x536618 TlsSetValue
0x53661c TlsGetValue
0x536620 TlsFree
0x536624 TlsAlloc
0x536628 LocalFree
0x53662c LocalAlloc
0x536630 FreeLibrary
user32.dll
0x536638 ReleaseDC
0x53663c PeekMessageW
0x536640 MsgWaitForMultipleObjects
0x536644 MessageBoxW
0x536648 LoadStringW
0x53664c LoadIconW
0x536650 GetSystemMetrics
0x536654 GetSysColor
0x536658 GetDC
0x53665c FrameRect
0x536660 FillRect
0x536664 DrawTextExW
0x536668 DrawFocusRect
0x53666c CharUpperBuffW
0x536670 CharUpperW
0x536674 CharLowerBuffW
gdi32.dll
0x53667c UnrealizeObject
0x536680 StretchBlt
0x536684 SetTextColor
0x536688 SetStretchBltMode
0x53668c SetROP2
0x536690 SetPixel
0x536694 SetDIBColorTable
0x536698 SetBrushOrgEx
0x53669c SetBkMode
0x5366a0 SetBkColor
0x5366a4 SelectPalette
0x5366a8 SelectObject
0x5366ac RoundRect
0x5366b0 Rectangle
0x5366b4 RealizePalette
0x5366b8 Polyline
0x5366bc Polygon
0x5366c0 PolyBezierTo
0x5366c4 PolyBezier
0x5366c8 Pie
0x5366cc PatBlt
0x5366d0 MoveToEx
0x5366d4 MaskBlt
0x5366d8 LineTo
0x5366dc GetWindowOrgEx
0x5366e0 GetTextMetricsW
0x5366e4 GetTextExtentPoint32W
0x5366e8 GetSystemPaletteEntries
0x5366ec GetStretchBltMode
0x5366f0 GetStockObject
0x5366f4 GetPixel
0x5366f8 GetPaletteEntries
0x5366fc GetObjectW
0x536700 GetDeviceCaps
0x536704 GetDIBits
0x536708 GetDIBColorTable
0x53670c GetCurrentPositionEx
0x536710 GetClipBox
0x536714 GetBrushOrgEx
0x536718 GdiFlush
0x53671c ExtTextOutW
0x536720 ExtFloodFill
0x536724 Ellipse
0x536728 DeleteObject
0x53672c DeleteDC
0x536730 CreatePenIndirect
0x536734 CreatePalette
0x536738 CreateHalftonePalette
0x53673c CreateFontIndirectW
0x536740 CreateDIBitmap
0x536744 CreateDIBSection
0x536748 CreateCompatibleDC
0x53674c CreateCompatibleBitmap
0x536750 CreateBrushIndirect
0x536754 CreateBitmap
0x536758 Chord
0x53675c BitBlt
0x536760 ArcTo
0x536764 Arc
0x536768 AngleArc
version.dll
0x536770 VerQueryValueW
0x536774 GetFileVersionInfoSizeW
0x536778 GetFileVersionInfoW
kernel32.dll
0x536780 WriteFile
0x536784 WideCharToMultiByte
0x536788 WaitForSingleObject
0x53678c VirtualQueryEx
0x536790 VirtualQuery
0x536794 VirtualProtect
0x536798 VirtualFree
0x53679c VerSetConditionMask
0x5367a0 VerifyVersionInfoW
0x5367a4 TerminateProcess
0x5367a8 SwitchToThread
0x5367ac SuspendThread
0x5367b0 Sleep
0x5367b4 SizeofResource
0x5367b8 SetThreadPriority
0x5367bc SetFilePointer
0x5367c0 SetEvent
0x5367c4 SetEndOfFile
0x5367c8 ResumeThread
0x5367cc ResetEvent
0x5367d0 ReadFile
0x5367d4 RaiseException
0x5367d8 IsDebuggerPresent
0x5367dc MulDiv
0x5367e0 LockResource
0x5367e4 LocalFree
0x5367e8 LoadResource
0x5367ec LoadLibraryW
0x5367f0 LeaveCriticalSection
0x5367f4 IsValidLocale
0x5367f8 InitializeCriticalSection
0x5367fc HeapSize
0x536800 HeapFree
0x536804 HeapDestroy
0x536808 HeapCreate
0x53680c HeapAlloc
0x536810 GetVersionExW
0x536814 GetTickCount
0x536818 GetThreadPriority
0x53681c GetThreadLocale
0x536820 GetStdHandle
0x536824 GetProcAddress
0x536828 GetModuleHandleW
0x53682c GetModuleFileNameW
0x536830 GetLocaleInfoW
0x536834 GetLocalTime
0x536838 GetLastError
0x53683c GetFullPathNameW
0x536840 GetFileAttributesW
0x536844 GetExitCodeThread
0x536848 GetDiskFreeSpaceW
0x53684c GetDateFormatW
0x536850 GetCurrentThreadId
0x536854 GetCurrentThread
0x536858 GetCurrentProcess
0x53685c GetCPInfoExW
0x536860 GetCPInfo
0x536864 GetACP
0x536868 FreeResource
0x53686c FreeLibrary
0x536870 FormatMessageW
0x536874 FindResourceW
0x536878 FindFirstFileW
0x53687c FindClose
0x536880 EnumSystemLocalesW
0x536884 EnumCalendarInfoW
0x536888 EnterCriticalSection
0x53688c DeleteCriticalSection
0x536890 CreateFileW
0x536894 CreateEventW
0x536898 CompareStringW
0x53689c CloseHandle
advapi32.dll
0x5368a4 RegUnLoadKeyW
0x5368a8 RegSetValueExW
0x5368ac RegSaveKeyW
0x5368b0 RegRestoreKeyW
0x5368b4 RegReplaceKeyW
0x5368b8 RegQueryValueExW
0x5368bc RegQueryInfoKeyW
0x5368c0 RegOpenKeyExW
0x5368c4 RegLoadKeyW
0x5368c8 RegFlushKey
0x5368cc RegEnumValueW
0x5368d0 RegEnumKeyExW
0x5368d4 RegDeleteValueW
0x5368d8 RegDeleteKeyW
0x5368dc RegCreateKeyExW
0x5368e0 RegConnectRegistryW
0x5368e4 RegCloseKey
kernel32.dll
0x5368ec Sleep
netapi32.dll
0x5368f4 NetApiBufferFree
0x5368f8 NetWkstaGetInfo
oleaut32.dll
0x536900 SafeArrayPtrOfIndex
0x536904 SafeArrayGetUBound
0x536908 SafeArrayGetLBound
0x53690c SafeArrayCreate
0x536910 VariantChangeType
0x536914 VariantCopy
0x536918 VariantClear
0x53691c VariantInit
msvcrt.dll
0x536924 memcpy
EAT(Export Address Table) Library
0x45fbbc TMethodImplementationIntercept
0x410488 __dbk_fcall_wrapper
0x533630 dbkFCallWrapperAddr