ScreenShot
| Created | 2021.08.31 17:22 | Machine | s1_win7_x6401 |
| Filename | sqlite.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 14 detected (GenericKD, Artemis, ai score=80, kcloud, Wacatac, GenericRXAA) | ||
| md5 | 4a6cfe6c785e9cfa0c326d11ec9c5a88 | ||
| sha256 | 5c41a6b98890b743dd67caa3a186bf248b31eba525bec19896eb7e23666ed872 | ||
| ssdeep | 192:oOl4dcZjN0N5DcE6pNBkQ+ReOxhs35JPN47wdCozV6TlRAj3aQu:nmAE6jmJFxe3zPN4MdC/XUP | ||
| imphash | 2a1c828627f3c1c4d6975a60bc77230d | ||
| impfuzzy | 24:VmDS8vQLn+jM+cWI9g3uMc+YJCZhK8hIAihbD4Tgn:D8vQLZ+cT25Wync | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10003000 LoadLibraryW
0x10003004 GetProcAddress
0x10003008 CreateFileW
0x1000300c GetSystemTimeAsFileTime
0x10003010 GetCurrentThreadId
0x10003014 GetCurrentProcessId
0x10003018 QueryPerformanceCounter
0x1000301c IsDebuggerPresent
0x10003020 IsProcessorFeaturePresent
0x10003024 TerminateProcess
0x10003028 GetCurrentProcess
0x1000302c SetUnhandledExceptionFilter
0x10003030 UnhandledExceptionFilter
0x10003034 GetModuleHandleW
0x10003038 CreateEventW
0x1000303c WaitForSingleObjectEx
0x10003040 ResetEvent
0x10003044 SetEvent
0x10003048 DeleteCriticalSection
0x1000304c InitializeSListHead
0x10003050 CloseHandle
0x10003054 EnterCriticalSection
0x10003058 LeaveCriticalSection
VCRUNTIME140.dll
0x10003060 __vcrt_InitializeCriticalSectionEx
0x10003064 __std_type_info_destroy_list
0x10003068 _except_handler4_common
0x1000306c memset
api-ms-win-crt-runtime-l1-1-0.dll
0x10003074 _register_onexit_function
0x10003078 _initialize_onexit_table
0x1000307c _initialize_narrow_environment
0x10003080 _execute_onexit_table
0x10003084 _seh_filter_dll
0x10003088 _initterm_e
0x1000308c _initterm
0x10003090 _crt_atexit
0x10003094 _cexit
0x10003098 _configure_narrow_argv
EAT(Export Address Table) Library
0x10001355 close
0x1000134c global
0x10001355 open
KERNEL32.dll
0x10003000 LoadLibraryW
0x10003004 GetProcAddress
0x10003008 CreateFileW
0x1000300c GetSystemTimeAsFileTime
0x10003010 GetCurrentThreadId
0x10003014 GetCurrentProcessId
0x10003018 QueryPerformanceCounter
0x1000301c IsDebuggerPresent
0x10003020 IsProcessorFeaturePresent
0x10003024 TerminateProcess
0x10003028 GetCurrentProcess
0x1000302c SetUnhandledExceptionFilter
0x10003030 UnhandledExceptionFilter
0x10003034 GetModuleHandleW
0x10003038 CreateEventW
0x1000303c WaitForSingleObjectEx
0x10003040 ResetEvent
0x10003044 SetEvent
0x10003048 DeleteCriticalSection
0x1000304c InitializeSListHead
0x10003050 CloseHandle
0x10003054 EnterCriticalSection
0x10003058 LeaveCriticalSection
VCRUNTIME140.dll
0x10003060 __vcrt_InitializeCriticalSectionEx
0x10003064 __std_type_info_destroy_list
0x10003068 _except_handler4_common
0x1000306c memset
api-ms-win-crt-runtime-l1-1-0.dll
0x10003074 _register_onexit_function
0x10003078 _initialize_onexit_table
0x1000307c _initialize_narrow_environment
0x10003080 _execute_onexit_table
0x10003084 _seh_filter_dll
0x10003088 _initterm_e
0x1000308c _initterm
0x10003090 _crt_atexit
0x10003094 _cexit
0x10003098 _configure_narrow_argv
EAT(Export Address Table) Library
0x10001355 close
0x1000134c global
0x10001355 open