Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.08.28 17:48	Machine	s1_win7_x6402
Filename	44.dll
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
AI Score	3	Behavior Score	2.0
ZERO API	file : malware
VT API (file)	19 detected (malicious, high confidence, Razy, Unsafe, BazarLoader, FileRepMalware, ai score=81, score, IcedID)
md5	6a124d95c5c5038daf38b7d0d8719996
sha256	8a47b898b7c8aa16abef0d692c9c7bc123cee04c37027ac109df1c6d1fbd6f00
ssdeep	12288:BpmGo6NcFaOrWsrTrABM5iSFV5GfJLYNDBqkpg8D:BAGo6NcBtXrABM5imGfJLYpBqL8D
imphash	b211bec2627ea9b5322d60ef3ed97e1a
impfuzzy	3:sUrXAErLgc2UARItAZAORZsSHXX0AXtJWBJAEPwS9KTXzhAXwEBJJ67EGV2Sbos:BXtLxtOj7VUASBJAEHGDymVPL

Network IP location

Signature (5cnts)

Level	Description
watch	File has been identified by 19 AntiVirus engines on VirusTotal as malicious
notice	A process attempted to delay the analysis task.
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Uses Windows utilities for basic Windows functionality
info	Checks amount of memory in system

Rules (3cnts)

Level	Name	Description	Collection
info	IsDLL	(no description)	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x18000e000 GetThreadPriority
0x18000e008 TlsGetValue
0x18000e010 WaitForSingleObject
0x18000e018 GetCurrentThread
0x18000e020 LoadLibraryA
0x18000e028 GetProcAddress
0x18000e030 VirtualAlloc
0x18000e038 VirtualFree
0x18000e040 GetSystemTime

EAT(Export Address Table) Library

0x18000107e CvvuibpxxnejxroDsqhgxyzcujno
0x180001084 JfvrwqpngZxcdineOxnuutznn
0x180001078 MzqvvwcgmfEvubknxjygklx
0x18000102a StartW
0x180001044 fgrererere
0x18000105e qwwwwww

Report - 44.dll

Signature (5cnts)

Rules (3cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure