ScreenShot
| Created | 2021.08.15 12:37 | Machine | s1_win7_x6402 |
| Filename | wj3.png | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 16 detected (malicious, high confidence, Artemis, Unsafe, Save, Blackmoon, Eldorado, Tiggre, Generic ML PUA, Graftor, ZedlaF, ku8@aiyBNafb) | ||
| md5 | 9dc3016597dfa1aa2980b346d16bebec | ||
| sha256 | c2ffe1c90985faa77498be75bb418791dec8966a610bdd5c81d3d3f6e4404701 | ||
| ssdeep | 3072:XRIHgpslVQSyEJxdB4t6ShtVNlCExwwg9fpyKMoutsmuQO:XRIHgpsVQShMtTEEepyKMoSs | ||
| imphash | ab7bb0aec29ba9417a97d14e98c6c245 | ||
| impfuzzy | 96:9jtn0F972kCQ4amJse92hBz12lbAaWcnc5d:97Asse92hBz1AbApcncH | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| info | Checks if process is being debugged by a debugger |
| info | The executable uses a known packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10012080 FlushFileBuffers
0x10012084 SetFilePointer
0x10012088 WriteFile
0x1001208c GetCurrentProcess
0x10012090 GetProcessVersion
0x10012094 GlobalGetAtomNameA
0x10012098 GlobalAddAtomA
0x1001209c GlobalFindAtomA
0x100120a0 GetLastError
0x100120a4 SetLastError
0x100120a8 MultiByteToWideChar
0x100120ac WideCharToMultiByte
0x100120b0 InterlockedIncrement
0x100120b4 WritePrivateProfileStringA
0x100120b8 GlobalFlags
0x100120bc GetVersion
0x100120c0 lstrlenA
0x100120c4 lstrcpynA
0x100120c8 lstrcpyA
0x100120cc SetErrorMode
0x100120d0 InterlockedDecrement
0x100120d4 TlsGetValue
0x100120d8 LocalReAlloc
0x100120dc TlsSetValue
0x100120e0 EnterCriticalSection
0x100120e4 GlobalReAlloc
0x100120e8 LeaveCriticalSection
0x100120ec TlsFree
0x100120f0 GlobalHandle
0x100120f4 GlobalUnlock
0x100120f8 GlobalFree
0x100120fc DeleteCriticalSection
0x10012100 TlsAlloc
0x10012104 InitializeCriticalSection
0x10012108 LocalFree
0x1001210c LocalAlloc
0x10012110 CloseHandle
0x10012114 GlobalLock
0x10012118 GlobalAlloc
0x1001211c GlobalDeleteAtom
0x10012120 lstrcmpA
0x10012124 lstrcmpiA
0x10012128 GetCurrentThread
0x1001212c GetCurrentThreadId
0x10012130 GetCPInfo
0x10012134 GetOEMCP
0x10012138 RtlUnwind
0x1001213c TerminateProcess
0x10012140 RaiseException
0x10012144 HeapSize
0x10012148 GetACP
0x1001214c SetHandleCount
0x10012150 GetStdHandle
0x10012154 GetFileType
0x10012158 GetStartupInfoA
0x1001215c FreeEnvironmentStringsA
0x10012160 FreeEnvironmentStringsW
0x10012164 GetEnvironmentStrings
0x10012168 GetEnvironmentStringsW
0x1001216c GetEnvironmentVariableA
0x10012170 GetVersionExA
0x10012174 HeapDestroy
0x10012178 RtlMoveMemory
0x1001217c HeapCreate
0x10012180 VirtualFree
0x10012184 VirtualAlloc
0x10012188 IsBadWritePtr
0x1001218c LCMapStringA
0x10012190 LCMapStringW
0x10012194 SetUnhandledExceptionFilter
0x10012198 GetStringTypeA
0x1001219c GetStringTypeW
0x100121a0 SetStdHandle
0x100121a4 IsBadCodePtr
0x100121a8 LoadLibraryA
0x100121ac GetProcAddress
0x100121b0 FreeLibrary
0x100121b4 GetModuleFileNameA
0x100121b8 GetCommandLineA
0x100121bc IsBadReadPtr
0x100121c0 HeapFree
0x100121c4 HeapReAlloc
0x100121c8 HeapAlloc
0x100121cc ExitProcess
0x100121d0 GetModuleHandleA
0x100121d4 GetProcessHeap
0x100121d8 lstrcatA
USER32.dll
0x100121e0 DispatchMessageA
0x100121e4 wsprintfA
0x100121e8 MessageBoxA
0x100121ec GetMessageA
0x100121f0 TranslateMessage
0x100121f4 DestroyMenu
0x100121f8 PeekMessageA
0x100121fc PostQuitMessage
0x10012200 PostMessageA
0x10012204 LoadStringA
0x10012208 GetSysColorBrush
0x1001220c LoadCursorA
0x10012210 LoadIconA
0x10012214 MapWindowPoints
0x10012218 GetSysColor
0x1001221c AdjustWindowRectEx
0x10012220 GetClientRect
0x10012224 CopyRect
0x10012228 GetTopWindow
0x1001222c GetCapture
0x10012230 WinHelpA
0x10012234 GetClassInfoA
0x10012238 RegisterClassA
0x1001223c GetMenu
0x10012240 GetSubMenu
0x10012244 GetMenuItemID
0x10012248 DestroyWindow
0x1001224c CreateWindowExA
0x10012250 GetClassLongA
0x10012254 SetPropA
0x10012258 GetPropA
0x1001225c CallWindowProcA
0x10012260 RemovePropA
0x10012264 DefWindowProcA
0x10012268 GetMessageTime
0x1001226c GetMessagePos
0x10012270 GetForegroundWindow
0x10012274 SetForegroundWindow
0x10012278 RegisterWindowMessageA
0x1001227c SystemParametersInfoA
0x10012280 IsIconic
0x10012284 GetWindowPlacement
0x10012288 GetSystemMetrics
0x1001228c SetFocus
0x10012290 ShowWindow
0x10012294 SetWindowPos
0x10012298 SetWindowLongA
0x1001229c GetDlgItem
0x100122a0 GrayStringA
0x100122a4 DrawTextA
0x100122a8 TabbedTextOutA
0x100122ac ReleaseDC
0x100122b0 GetDC
0x100122b4 GetMenuItemCount
0x100122b8 GetWindowTextA
0x100122bc SetWindowTextA
0x100122c0 ClientToScreen
0x100122c4 GetWindow
0x100122c8 GetDlgCtrlID
0x100122cc GetWindowRect
0x100122d0 PtInRect
0x100122d4 GetClassNameA
0x100122d8 UnregisterClassA
0x100122dc UnhookWindowsHookEx
0x100122e0 GetMenuCheckMarkDimensions
0x100122e4 LoadBitmapA
0x100122e8 GetMenuState
0x100122ec ModifyMenuA
0x100122f0 SetMenuItemBitmaps
0x100122f4 CheckMenuItem
0x100122f8 EnableMenuItem
0x100122fc GetFocus
0x10012300 GetNextDlgTabItem
0x10012304 GetActiveWindow
0x10012308 GetKeyState
0x1001230c CallNextHookEx
0x10012310 ValidateRect
0x10012314 IsWindowVisible
0x10012318 GetCursorPos
0x1001231c SetWindowsHookExA
0x10012320 GetParent
0x10012324 GetLastActivePopup
0x10012328 IsWindowEnabled
0x1001232c GetWindowLongA
0x10012330 EnableWindow
0x10012334 SetCursor
0x10012338 SendMessageA
GDI32.dll
0x1001201c ExtTextOutA
0x10012020 TextOutA
0x10012024 RectVisible
0x10012028 PtVisible
0x1001202c GetDeviceCaps
0x10012030 Escape
0x10012034 GetClipBox
0x10012038 ScaleWindowExtEx
0x1001203c SetWindowExtEx
0x10012040 ScaleViewportExtEx
0x10012044 SetViewportExtEx
0x10012048 OffsetViewportOrgEx
0x1001204c SetViewportOrgEx
0x10012050 SetMapMode
0x10012054 SetTextColor
0x10012058 SetBkColor
0x1001205c SelectObject
0x10012060 RestoreDC
0x10012064 SaveDC
0x10012068 DeleteDC
0x1001206c DeleteObject
0x10012070 CreateBitmap
0x10012074 GetStockObject
0x10012078 GetObjectA
WINSPOOL.DRV
0x10012340 OpenPrinterA
0x10012344 ClosePrinter
0x10012348 DocumentPropertiesA
ADVAPI32.dll
0x10012000 RegCreateKeyExA
0x10012004 RegCloseKey
0x10012008 RegOpenKeyExA
0x1001200c RegSetValueExA
COMCTL32.dll
0x10012014 None
EAT(Export Address Table) Library
0x100019c2 Init
0x100019f6 UnInit
KERNEL32.dll
0x10012080 FlushFileBuffers
0x10012084 SetFilePointer
0x10012088 WriteFile
0x1001208c GetCurrentProcess
0x10012090 GetProcessVersion
0x10012094 GlobalGetAtomNameA
0x10012098 GlobalAddAtomA
0x1001209c GlobalFindAtomA
0x100120a0 GetLastError
0x100120a4 SetLastError
0x100120a8 MultiByteToWideChar
0x100120ac WideCharToMultiByte
0x100120b0 InterlockedIncrement
0x100120b4 WritePrivateProfileStringA
0x100120b8 GlobalFlags
0x100120bc GetVersion
0x100120c0 lstrlenA
0x100120c4 lstrcpynA
0x100120c8 lstrcpyA
0x100120cc SetErrorMode
0x100120d0 InterlockedDecrement
0x100120d4 TlsGetValue
0x100120d8 LocalReAlloc
0x100120dc TlsSetValue
0x100120e0 EnterCriticalSection
0x100120e4 GlobalReAlloc
0x100120e8 LeaveCriticalSection
0x100120ec TlsFree
0x100120f0 GlobalHandle
0x100120f4 GlobalUnlock
0x100120f8 GlobalFree
0x100120fc DeleteCriticalSection
0x10012100 TlsAlloc
0x10012104 InitializeCriticalSection
0x10012108 LocalFree
0x1001210c LocalAlloc
0x10012110 CloseHandle
0x10012114 GlobalLock
0x10012118 GlobalAlloc
0x1001211c GlobalDeleteAtom
0x10012120 lstrcmpA
0x10012124 lstrcmpiA
0x10012128 GetCurrentThread
0x1001212c GetCurrentThreadId
0x10012130 GetCPInfo
0x10012134 GetOEMCP
0x10012138 RtlUnwind
0x1001213c TerminateProcess
0x10012140 RaiseException
0x10012144 HeapSize
0x10012148 GetACP
0x1001214c SetHandleCount
0x10012150 GetStdHandle
0x10012154 GetFileType
0x10012158 GetStartupInfoA
0x1001215c FreeEnvironmentStringsA
0x10012160 FreeEnvironmentStringsW
0x10012164 GetEnvironmentStrings
0x10012168 GetEnvironmentStringsW
0x1001216c GetEnvironmentVariableA
0x10012170 GetVersionExA
0x10012174 HeapDestroy
0x10012178 RtlMoveMemory
0x1001217c HeapCreate
0x10012180 VirtualFree
0x10012184 VirtualAlloc
0x10012188 IsBadWritePtr
0x1001218c LCMapStringA
0x10012190 LCMapStringW
0x10012194 SetUnhandledExceptionFilter
0x10012198 GetStringTypeA
0x1001219c GetStringTypeW
0x100121a0 SetStdHandle
0x100121a4 IsBadCodePtr
0x100121a8 LoadLibraryA
0x100121ac GetProcAddress
0x100121b0 FreeLibrary
0x100121b4 GetModuleFileNameA
0x100121b8 GetCommandLineA
0x100121bc IsBadReadPtr
0x100121c0 HeapFree
0x100121c4 HeapReAlloc
0x100121c8 HeapAlloc
0x100121cc ExitProcess
0x100121d0 GetModuleHandleA
0x100121d4 GetProcessHeap
0x100121d8 lstrcatA
USER32.dll
0x100121e0 DispatchMessageA
0x100121e4 wsprintfA
0x100121e8 MessageBoxA
0x100121ec GetMessageA
0x100121f0 TranslateMessage
0x100121f4 DestroyMenu
0x100121f8 PeekMessageA
0x100121fc PostQuitMessage
0x10012200 PostMessageA
0x10012204 LoadStringA
0x10012208 GetSysColorBrush
0x1001220c LoadCursorA
0x10012210 LoadIconA
0x10012214 MapWindowPoints
0x10012218 GetSysColor
0x1001221c AdjustWindowRectEx
0x10012220 GetClientRect
0x10012224 CopyRect
0x10012228 GetTopWindow
0x1001222c GetCapture
0x10012230 WinHelpA
0x10012234 GetClassInfoA
0x10012238 RegisterClassA
0x1001223c GetMenu
0x10012240 GetSubMenu
0x10012244 GetMenuItemID
0x10012248 DestroyWindow
0x1001224c CreateWindowExA
0x10012250 GetClassLongA
0x10012254 SetPropA
0x10012258 GetPropA
0x1001225c CallWindowProcA
0x10012260 RemovePropA
0x10012264 DefWindowProcA
0x10012268 GetMessageTime
0x1001226c GetMessagePos
0x10012270 GetForegroundWindow
0x10012274 SetForegroundWindow
0x10012278 RegisterWindowMessageA
0x1001227c SystemParametersInfoA
0x10012280 IsIconic
0x10012284 GetWindowPlacement
0x10012288 GetSystemMetrics
0x1001228c SetFocus
0x10012290 ShowWindow
0x10012294 SetWindowPos
0x10012298 SetWindowLongA
0x1001229c GetDlgItem
0x100122a0 GrayStringA
0x100122a4 DrawTextA
0x100122a8 TabbedTextOutA
0x100122ac ReleaseDC
0x100122b0 GetDC
0x100122b4 GetMenuItemCount
0x100122b8 GetWindowTextA
0x100122bc SetWindowTextA
0x100122c0 ClientToScreen
0x100122c4 GetWindow
0x100122c8 GetDlgCtrlID
0x100122cc GetWindowRect
0x100122d0 PtInRect
0x100122d4 GetClassNameA
0x100122d8 UnregisterClassA
0x100122dc UnhookWindowsHookEx
0x100122e0 GetMenuCheckMarkDimensions
0x100122e4 LoadBitmapA
0x100122e8 GetMenuState
0x100122ec ModifyMenuA
0x100122f0 SetMenuItemBitmaps
0x100122f4 CheckMenuItem
0x100122f8 EnableMenuItem
0x100122fc GetFocus
0x10012300 GetNextDlgTabItem
0x10012304 GetActiveWindow
0x10012308 GetKeyState
0x1001230c CallNextHookEx
0x10012310 ValidateRect
0x10012314 IsWindowVisible
0x10012318 GetCursorPos
0x1001231c SetWindowsHookExA
0x10012320 GetParent
0x10012324 GetLastActivePopup
0x10012328 IsWindowEnabled
0x1001232c GetWindowLongA
0x10012330 EnableWindow
0x10012334 SetCursor
0x10012338 SendMessageA
GDI32.dll
0x1001201c ExtTextOutA
0x10012020 TextOutA
0x10012024 RectVisible
0x10012028 PtVisible
0x1001202c GetDeviceCaps
0x10012030 Escape
0x10012034 GetClipBox
0x10012038 ScaleWindowExtEx
0x1001203c SetWindowExtEx
0x10012040 ScaleViewportExtEx
0x10012044 SetViewportExtEx
0x10012048 OffsetViewportOrgEx
0x1001204c SetViewportOrgEx
0x10012050 SetMapMode
0x10012054 SetTextColor
0x10012058 SetBkColor
0x1001205c SelectObject
0x10012060 RestoreDC
0x10012064 SaveDC
0x10012068 DeleteDC
0x1001206c DeleteObject
0x10012070 CreateBitmap
0x10012074 GetStockObject
0x10012078 GetObjectA
WINSPOOL.DRV
0x10012340 OpenPrinterA
0x10012344 ClosePrinter
0x10012348 DocumentPropertiesA
ADVAPI32.dll
0x10012000 RegCreateKeyExA
0x10012004 RegCloseKey
0x10012008 RegOpenKeyExA
0x1001200c RegSetValueExA
COMCTL32.dll
0x10012014 None
EAT(Export Address Table) Library
0x100019c2 Init
0x100019f6 UnInit