ScreenShot
| Created | 2021.09.02 09:43 | Machine | s1_win7_x6402 |
| Filename | readytans.png | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 539614a94256046c940b95493fedb6ec | ||
| sha256 | c5fc478a5c1a2ba80ae3373ef9ae078247eabaf50ecda3762ecda6a54f47b6f4 | ||
| ssdeep | 6144:bsGb+3pcbr68feSS65+RH9IgOmUQdOfAZ3xirQAX57LIgbo:ov3pkrVfeS5+RtIxKWQA9jb | ||
| imphash | 9b1adb266f8f339c45ccfafdc830f22f | ||
| impfuzzy | 48:N9HK6jUtcclqqKp2cdKQ/grzlKo/ACA457Fp:NNK6Atcclqq+2ccgmtFp | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (3cnts) ?
Suricata ids
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1000d028 FormatMessageA
0x1000d02c LockResource
0x1000d030 SizeofResource
0x1000d034 LoadResource
0x1000d038 FindResourceA
0x1000d03c CreateThread
0x1000d040 Sleep
0x1000d044 VirtualAlloc
0x1000d048 GetProcAddress
0x1000d04c IsBadReadPtr
0x1000d050 VirtualProtect
0x1000d054 VirtualQuery
0x1000d058 GetCurrentProcess
0x1000d05c lstrlenA
0x1000d060 CloseHandle
0x1000d064 CreateFileW
0x1000d068 HeapSize
0x1000d06c FlushFileBuffers
0x1000d070 GetStringTypeW
0x1000d074 LCMapStringW
0x1000d078 WriteConsoleW
0x1000d07c SetStdHandle
0x1000d080 GetModuleFileNameW
0x1000d084 LocalAlloc
0x1000d088 LocalSize
0x1000d08c LocalFree
0x1000d090 GetStdHandle
0x1000d094 GetConsoleScreenBufferInfo
0x1000d098 SetConsoleTextAttribute
0x1000d09c MultiByteToWideChar
0x1000d0a0 GetLastError
0x1000d0a4 GetModuleHandleA
0x1000d0a8 GetSystemTimeAsFileTime
0x1000d0ac HeapFree
0x1000d0b0 GetCurrentThreadId
0x1000d0b4 DecodePointer
0x1000d0b8 GetCommandLineA
0x1000d0bc UnhandledExceptionFilter
0x1000d0c0 SetUnhandledExceptionFilter
0x1000d0c4 IsDebuggerPresent
0x1000d0c8 EncodePointer
0x1000d0cc TerminateProcess
0x1000d0d0 EnterCriticalSection
0x1000d0d4 LeaveCriticalSection
0x1000d0d8 HeapCreate
0x1000d0dc HeapDestroy
0x1000d0e0 IsProcessorFeaturePresent
0x1000d0e4 RtlUnwind
0x1000d0e8 TlsAlloc
0x1000d0ec TlsGetValue
0x1000d0f0 TlsSetValue
0x1000d0f4 TlsFree
0x1000d0f8 InterlockedIncrement
0x1000d0fc GetModuleHandleW
0x1000d100 SetLastError
0x1000d104 InterlockedDecrement
0x1000d108 ExitProcess
0x1000d10c SetHandleCount
0x1000d110 InitializeCriticalSectionAndSpinCount
0x1000d114 GetFileType
0x1000d118 GetStartupInfoW
0x1000d11c DeleteCriticalSection
0x1000d120 GetModuleFileNameA
0x1000d124 FreeEnvironmentStringsW
0x1000d128 WideCharToMultiByte
0x1000d12c GetEnvironmentStringsW
0x1000d130 QueryPerformanceCounter
0x1000d134 GetTickCount
0x1000d138 GetCurrentProcessId
0x1000d13c SetFilePointer
0x1000d140 WriteFile
0x1000d144 GetConsoleCP
0x1000d148 GetConsoleMode
0x1000d14c GetCPInfo
0x1000d150 GetACP
0x1000d154 GetOEMCP
0x1000d158 IsValidCodePage
0x1000d15c HeapAlloc
0x1000d160 HeapReAlloc
0x1000d164 LoadLibraryW
USER32.dll
0x1000d16c wsprintfA
0x1000d170 MessageBoxW
0x1000d174 GetDesktopWindow
0x1000d178 CreateWindowExA
0x1000d17c ShowWindow
0x1000d180 SetWindowRgn
0x1000d184 DestroyWindow
0x1000d188 SetWindowTextA
0x1000d18c GetWindowDC
0x1000d190 GetDC
0x1000d194 ReleaseDC
0x1000d198 MessageBoxIndirectA
GDI32.dll
0x1000d000 CreateICA
0x1000d004 CreateEllipticRgn
0x1000d008 Rectangle
0x1000d00c DeleteDC
0x1000d010 CreateDCA
IPHLPAPI.DLL
0x1000d018 IcmpSendEcho
0x1000d01c IcmpCloseHandle
0x1000d020 IcmpCreateFile
EAT(Export Address Table) Library
0x100015d0 Dpi400
0x10001350 Dpi800
0x100012f0 GetMouse
KERNEL32.dll
0x1000d028 FormatMessageA
0x1000d02c LockResource
0x1000d030 SizeofResource
0x1000d034 LoadResource
0x1000d038 FindResourceA
0x1000d03c CreateThread
0x1000d040 Sleep
0x1000d044 VirtualAlloc
0x1000d048 GetProcAddress
0x1000d04c IsBadReadPtr
0x1000d050 VirtualProtect
0x1000d054 VirtualQuery
0x1000d058 GetCurrentProcess
0x1000d05c lstrlenA
0x1000d060 CloseHandle
0x1000d064 CreateFileW
0x1000d068 HeapSize
0x1000d06c FlushFileBuffers
0x1000d070 GetStringTypeW
0x1000d074 LCMapStringW
0x1000d078 WriteConsoleW
0x1000d07c SetStdHandle
0x1000d080 GetModuleFileNameW
0x1000d084 LocalAlloc
0x1000d088 LocalSize
0x1000d08c LocalFree
0x1000d090 GetStdHandle
0x1000d094 GetConsoleScreenBufferInfo
0x1000d098 SetConsoleTextAttribute
0x1000d09c MultiByteToWideChar
0x1000d0a0 GetLastError
0x1000d0a4 GetModuleHandleA
0x1000d0a8 GetSystemTimeAsFileTime
0x1000d0ac HeapFree
0x1000d0b0 GetCurrentThreadId
0x1000d0b4 DecodePointer
0x1000d0b8 GetCommandLineA
0x1000d0bc UnhandledExceptionFilter
0x1000d0c0 SetUnhandledExceptionFilter
0x1000d0c4 IsDebuggerPresent
0x1000d0c8 EncodePointer
0x1000d0cc TerminateProcess
0x1000d0d0 EnterCriticalSection
0x1000d0d4 LeaveCriticalSection
0x1000d0d8 HeapCreate
0x1000d0dc HeapDestroy
0x1000d0e0 IsProcessorFeaturePresent
0x1000d0e4 RtlUnwind
0x1000d0e8 TlsAlloc
0x1000d0ec TlsGetValue
0x1000d0f0 TlsSetValue
0x1000d0f4 TlsFree
0x1000d0f8 InterlockedIncrement
0x1000d0fc GetModuleHandleW
0x1000d100 SetLastError
0x1000d104 InterlockedDecrement
0x1000d108 ExitProcess
0x1000d10c SetHandleCount
0x1000d110 InitializeCriticalSectionAndSpinCount
0x1000d114 GetFileType
0x1000d118 GetStartupInfoW
0x1000d11c DeleteCriticalSection
0x1000d120 GetModuleFileNameA
0x1000d124 FreeEnvironmentStringsW
0x1000d128 WideCharToMultiByte
0x1000d12c GetEnvironmentStringsW
0x1000d130 QueryPerformanceCounter
0x1000d134 GetTickCount
0x1000d138 GetCurrentProcessId
0x1000d13c SetFilePointer
0x1000d140 WriteFile
0x1000d144 GetConsoleCP
0x1000d148 GetConsoleMode
0x1000d14c GetCPInfo
0x1000d150 GetACP
0x1000d154 GetOEMCP
0x1000d158 IsValidCodePage
0x1000d15c HeapAlloc
0x1000d160 HeapReAlloc
0x1000d164 LoadLibraryW
USER32.dll
0x1000d16c wsprintfA
0x1000d170 MessageBoxW
0x1000d174 GetDesktopWindow
0x1000d178 CreateWindowExA
0x1000d17c ShowWindow
0x1000d180 SetWindowRgn
0x1000d184 DestroyWindow
0x1000d188 SetWindowTextA
0x1000d18c GetWindowDC
0x1000d190 GetDC
0x1000d194 ReleaseDC
0x1000d198 MessageBoxIndirectA
GDI32.dll
0x1000d000 CreateICA
0x1000d004 CreateEllipticRgn
0x1000d008 Rectangle
0x1000d00c DeleteDC
0x1000d010 CreateDCA
IPHLPAPI.DLL
0x1000d018 IcmpSendEcho
0x1000d01c IcmpCloseHandle
0x1000d020 IcmpCreateFile
EAT(Export Address Table) Library
0x100015d0 Dpi400
0x10001350 Dpi800
0x100012f0 GetMouse