ScreenShot
| Created | 2021.08.17 14:44 | Machine | s1_win7_x6401 |
| Filename | 2.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 6 detected (malicious, high confidence, Save, Wacatac, score, Static AI, Suspicious PE) | ||
| md5 | 37e26534b70abd664cfed4961ad6ecbf | ||
| sha256 | 22068c7cbb40c3149b694b5fca1675d95e7e12509b36fa37350c194737c6c1f9 | ||
| ssdeep | 12288:T8F4fHXi7upUbuedoBYi5SG//xm6e2vJQbPzSzTu1XLxh2w:g4aCdsjmHxw2vJ8S2FX2 | ||
| imphash | 9330bf385780db42e73f6bd2f0835d5b | ||
| impfuzzy | 24:jXpOovivteJnc+eDo2Yu9E1B6vm0QTPX8yaBGMK2Cw3X9VLm:j8Bvt+c+K9Ev6vm0QTX8yEtKvum | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | BazarLoader_IN | BazarLoader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1008a02c GlobalAlloc
0x1008a030 GetFileSize
0x1008a034 ExitProcess
0x1008a038 HeapFree
0x1008a03c GetCommandLineA
0x1008a040 VirtualProtect
0x1008a044 VirtualAlloc
0x1008a048 RaiseException
0x1008a04c IsDebuggerPresent
0x1008a050 UnhandledExceptionFilter
0x1008a054 SetUnhandledExceptionFilter
0x1008a058 GetCurrentProcess
0x1008a05c TerminateProcess
0x1008a060 IsProcessorFeaturePresent
0x1008a064 SetLastError
0x1008a068 EnterCriticalSection
0x1008a06c LeaveCriticalSection
0x1008a070 TlsGetValue
0x1008a074 FreeLibrary
0x1008a078 GetProcAddress
0x1008a07c LoadLibraryExW
0x1008a080 LCMapStringW
0x1008a084 IsValidCodePage
0x1008a088 GetACP
0x1008a08c GetOEMCP
0x1008a090 GetCPInfo
0x1008a094 GetModuleHandleW
0x1008a098 GetModuleHandleExW
0x1008a09c GetStringTypeW
0x1008a0a0 MultiByteToWideChar
0x1008a0a4 WideCharToMultiByte
0x1008a0a8 WriteFile
0x1008a0ac GetSystemTime
0x1008a0b0 GetProcessHeap
0x1008a0b4 CreateFileA
0x1008a0b8 HeapAlloc
0x1008a0bc CloseHandle
0x1008a0c0 GetLastError
0x1008a0c4 TlsSetValue
0x1008a0c8 lstrcmpA
0x1008a0cc RtlUnwind
USER32.dll
0x1008a0d4 CreatePopupMenu
0x1008a0d8 DeleteMenu
0x1008a0dc GetMenu
0x1008a0e0 LoadMenuA
0x1008a0e4 SetMenu
0x1008a0e8 RegisterClassA
0x1008a0ec DrawMenuBar
0x1008a0f0 AppendMenuA
0x1008a0f4 EnableMenuItem
0x1008a0f8 GetMenuStringA
0x1008a0fc CreateMenu
0x1008a100 InsertMenuItemA
0x1008a104 ShowWindow
0x1008a108 FindWindowA
0x1008a10c MessageBoxA
0x1008a110 DestroyMenu
GDI32.dll
0x1008a010 SetBkMode
0x1008a014 CreateFontIndirectA
0x1008a018 SetBkColor
0x1008a01c DeleteObject
0x1008a020 SetTextColor
0x1008a024 GetTextExtentPoint32A
COMDLG32.dll
0x1008a000 GetSaveFileNameA
0x1008a004 FindTextA
0x1008a008 GetOpenFileNameA
EAT(Export Address Table) Library
0x10081e16 DllRegisterServer
KERNEL32.dll
0x1008a02c GlobalAlloc
0x1008a030 GetFileSize
0x1008a034 ExitProcess
0x1008a038 HeapFree
0x1008a03c GetCommandLineA
0x1008a040 VirtualProtect
0x1008a044 VirtualAlloc
0x1008a048 RaiseException
0x1008a04c IsDebuggerPresent
0x1008a050 UnhandledExceptionFilter
0x1008a054 SetUnhandledExceptionFilter
0x1008a058 GetCurrentProcess
0x1008a05c TerminateProcess
0x1008a060 IsProcessorFeaturePresent
0x1008a064 SetLastError
0x1008a068 EnterCriticalSection
0x1008a06c LeaveCriticalSection
0x1008a070 TlsGetValue
0x1008a074 FreeLibrary
0x1008a078 GetProcAddress
0x1008a07c LoadLibraryExW
0x1008a080 LCMapStringW
0x1008a084 IsValidCodePage
0x1008a088 GetACP
0x1008a08c GetOEMCP
0x1008a090 GetCPInfo
0x1008a094 GetModuleHandleW
0x1008a098 GetModuleHandleExW
0x1008a09c GetStringTypeW
0x1008a0a0 MultiByteToWideChar
0x1008a0a4 WideCharToMultiByte
0x1008a0a8 WriteFile
0x1008a0ac GetSystemTime
0x1008a0b0 GetProcessHeap
0x1008a0b4 CreateFileA
0x1008a0b8 HeapAlloc
0x1008a0bc CloseHandle
0x1008a0c0 GetLastError
0x1008a0c4 TlsSetValue
0x1008a0c8 lstrcmpA
0x1008a0cc RtlUnwind
USER32.dll
0x1008a0d4 CreatePopupMenu
0x1008a0d8 DeleteMenu
0x1008a0dc GetMenu
0x1008a0e0 LoadMenuA
0x1008a0e4 SetMenu
0x1008a0e8 RegisterClassA
0x1008a0ec DrawMenuBar
0x1008a0f0 AppendMenuA
0x1008a0f4 EnableMenuItem
0x1008a0f8 GetMenuStringA
0x1008a0fc CreateMenu
0x1008a100 InsertMenuItemA
0x1008a104 ShowWindow
0x1008a108 FindWindowA
0x1008a10c MessageBoxA
0x1008a110 DestroyMenu
GDI32.dll
0x1008a010 SetBkMode
0x1008a014 CreateFontIndirectA
0x1008a018 SetBkColor
0x1008a01c DeleteObject
0x1008a020 SetTextColor
0x1008a024 GetTextExtentPoint32A
COMDLG32.dll
0x1008a000 GetSaveFileNameA
0x1008a004 FindTextA
0x1008a008 GetOpenFileNameA
EAT(Export Address Table) Library
0x10081e16 DllRegisterServer