ScreenShot
| Created | 2021.09.14 14:19 | Machine | s1_win7_x6402 |
| Filename | admin.php | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 15 detected (AIDetect, malware2, PsDownload, a variant of Generik, KNMGHYR, Artemis, skkoc, Malicious, score) | ||
| md5 | dcbcd8c4fcdd17079caa96f80be4dd04 | ||
| sha256 | 0bd512e81a4bf69155b9914b33aba5549cc61e3f5571da1810d99ceeda69b7ce | ||
| ssdeep | 768:lw5WvEXtn8qE2DmtylSJFEl4d/z/SbYZZRRMBe9TmzbXI20A:q5WvEdny2Dm8EJUchwzB1 | ||
| imphash | 32b1df407523bd5c4bab9e39f39c7353 | ||
| impfuzzy | 12:sUfHYZ8vhU43YPXJ1XJw2n2KW2f3WacaZaFafhaJ/a6haphaNDVdgn:sv8vaL+Ucg3WDIAihKZh8h4Tgn | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10002000 WinExec
0x10002004 IsDebuggerPresent
0x10002008 InitializeSListHead
0x1000200c GetSystemTimeAsFileTime
0x10002010 GetCurrentThreadId
0x10002014 GetCurrentProcessId
0x10002018 QueryPerformanceCounter
0x1000201c IsProcessorFeaturePresent
0x10002020 TerminateProcess
0x10002024 GetCurrentProcess
0x10002028 SetUnhandledExceptionFilter
0x1000202c UnhandledExceptionFilter
VCRUNTIME140.dll
0x10002034 memset
0x10002038 _except_handler4_common
0x1000203c __std_type_info_destroy_list
api-ms-win-crt-runtime-l1-1-0.dll
0x10002044 _cexit
0x10002048 _seh_filter_dll
0x1000204c _initterm_e
0x10002050 _initterm
0x10002054 _initialize_narrow_environment
0x10002058 _initialize_onexit_table
0x1000205c _execute_onexit_table
0x10002060 _configure_narrow_argv
EAT(Export Address Table) is none
KERNEL32.dll
0x10002000 WinExec
0x10002004 IsDebuggerPresent
0x10002008 InitializeSListHead
0x1000200c GetSystemTimeAsFileTime
0x10002010 GetCurrentThreadId
0x10002014 GetCurrentProcessId
0x10002018 QueryPerformanceCounter
0x1000201c IsProcessorFeaturePresent
0x10002020 TerminateProcess
0x10002024 GetCurrentProcess
0x10002028 SetUnhandledExceptionFilter
0x1000202c UnhandledExceptionFilter
VCRUNTIME140.dll
0x10002034 memset
0x10002038 _except_handler4_common
0x1000203c __std_type_info_destroy_list
api-ms-win-crt-runtime-l1-1-0.dll
0x10002044 _cexit
0x10002048 _seh_filter_dll
0x1000204c _initterm_e
0x10002050 _initterm
0x10002054 _initialize_narrow_environment
0x10002058 _initialize_onexit_table
0x1000205c _execute_onexit_table
0x10002060 _configure_narrow_argv
EAT(Export Address Table) is none