ScreenShot
| Created | 2021.08.15 12:45 | Machine | s1_win7_x6401 |
| Filename | wj1.png | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (malicious, high confidence, confidence, FJFH, Attribute, HighConfidence, BlackMoon, score, Presenoker, Generic PUA PC, Static AI, Suspicious PE, I6FKD5, debyj, Wacapew, Unsafe, R023H06G521, susgen, ZedlaF, eqSfa04jtDdb) | ||
| md5 | b3edf0682d10790927ec8cdf5f1f187e | ||
| sha256 | cb8e4b7147126e223411909a0134294d16cf20a8a3068136a55420b6fbe78084 | ||
| ssdeep | 1536:d7YVuIJuEDjROozZ5Na0aEDvg5wwxeQC2VOFUOr679069+GSi98nouy8Y:ddExzxa/Evg6wEQC5mO2JN9XSi2outY | ||
| imphash | 6e5d6f8cfeb03792ab4a971f2b52e520 | ||
| impfuzzy | 6:omRgsfOiBJAEHGDzyRFgn0JLtbK1/QW46PWTXqVqE:omRgWVA/DzygwWQNIeXu/ | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Executes one or more WMI queries |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1004e0f0 RegCloseKey
COMCTL32.dll
0x1004e0f8 None
GDI32.dll
0x1004e100 SaveDC
KERNEL32.DLL
0x1004e108 LoadLibraryA
0x1004e10c GetProcAddress
0x1004e110 VirtualProtect
ole32.dll
0x1004e118 OleRun
OLEAUT32.dll
0x1004e120 SysFreeString
oledlg.dll
0x1004e128 None
SHELL32.dll
0x1004e130 SHGetSpecialFolderPathA
USER32.dll
0x1004e138 GetDC
WININET.dll
0x1004e140 InternetOpenA
WINSPOOL.DRV
0x1004e148 OpenPrinterA
EAT(Export Address Table) Library
0x10006341 Init
0x10006322 Jmp
0x10006360 UnInit
ADVAPI32.dll
0x1004e0f0 RegCloseKey
COMCTL32.dll
0x1004e0f8 None
GDI32.dll
0x1004e100 SaveDC
KERNEL32.DLL
0x1004e108 LoadLibraryA
0x1004e10c GetProcAddress
0x1004e110 VirtualProtect
ole32.dll
0x1004e118 OleRun
OLEAUT32.dll
0x1004e120 SysFreeString
oledlg.dll
0x1004e128 None
SHELL32.dll
0x1004e130 SHGetSpecialFolderPathA
USER32.dll
0x1004e138 GetDC
WININET.dll
0x1004e140 InternetOpenA
WINSPOOL.DRV
0x1004e148 OpenPrinterA
EAT(Export Address Table) Library
0x10006341 Init
0x10006322 Jmp
0x10006360 UnInit