ScreenShot
| Created | 2021.09.16 10:05 | Machine | s1_win7_x6401 |
| Filename | 9_SensorsApi.dll.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (malicious, high confidence, score, Save, confidence, 100%, BankerX, R + Mal, EncPk, Artemis, Dridex, kcloud, Sabsik, Unsafe, PossibleThreat, ZedlaF, mu8@ayyAJKbi) | ||
| md5 | 0147d3e39ad4b2efb8e2dc2f860fe4ae | ||
| sha256 | 329b56a6c2f635f0d60c199dd0c1f940e36ea0494c671d54e8add3001e088ac2 | ||
| ssdeep | 3072:VxA6wx9/yukxdvNGC2A92BhU5iD8Rnkyi2WyJXy4acKGUtI30b28Nz/+tODbt:VxAH9HAh2TUA8RBjFzUZ28Z/l | ||
| imphash | 8e37a82cb80c378189f4fc318861c978 | ||
| impfuzzy | 24:XqqmQoA3CFcgpLaPM1//tCksSKCJ6m12s1/8JGwz4iq:XmQF3CeglXN1R1tJ6of/0Miq | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x100090f4 exit
0x100090f8 isspace
0x100090fc memset
CRYPT32.dll
0x10009038 CryptSIPRemoveSignedDataMsg
0x1000903c CertVerifyTimeValidity
USER32.dll
0x100090b8 GetKeyboardLayoutNameA
0x100090bc UnpackDDElParam
0x100090c0 GetPriorityClipboardFormat
0x100090c4 SetMessageExtraInfo
0x100090c8 CallNextHookEx
0x100090cc ShowOwnedPopups
COMCTL32.dll
0x10009028 ImageList_Add
WININET.dll
0x100090d4 FtpFindFirstFileA
OLEAUT32.dll
0x10009080 VarParseNumFromStr
0x10009084 VarR8FromUI4
WINMM.dll
0x100090dc midiInStart
0x100090e0 midiInUnprepareHeader
0x100090e4 waveOutGetErrorTextW
MPRAPI.dll
0x10009074 MprAdminTransportSetInfo
0x10009078 MprConfigInterfaceTransportRemove
RPCRT4.dll
0x1000908c I_RpcExceptionFilter
0x10009090 RpcMgmtIsServerListening
SHLWAPI.dll
0x100090ac PathIsUNCServerW
0x100090b0 PathAddBackslashW
IMM32.dll
0x10009044 ImmGetContext
0x10009048 ImmSetOpenStatus
KERNEL32.dll
0x10009050 IsValidLocale
0x10009054 SetEndOfFile
0x10009058 CreateJobObjectW
0x1000905c GlobalAddAtomA
0x10009060 CreateFileA
0x10009064 GetModuleFileNameW
0x10009068 GetModuleHandleA
0x1000906c IsValidCodePage
ole32.dll
0x10009104 OleCreate
0x10009108 CreateStreamOnHGlobal
0x1000910c CoTaskMemAlloc
COMDLG32.dll
0x10009030 ChooseColorW
WS2_32.dll
0x100090ec gethostname
ADVAPI32.dll
0x10009000 RegQueryValueA
0x10009004 InitializeSecurityDescriptor
0x10009008 TreeResetNamedSecurityInfoW
0x1000900c RegQueryValueW
0x10009010 NotifyChangeEventLog
0x10009014 SaferGetPolicyInformation
0x10009018 RegisterEventSourceA
0x1000901c RegLoadAppKeyA
0x10009020 ControlService
SETUPAPI.dll
0x10009098 SetupDiRegisterDeviceInfo
0x1000909c SetupGetFileQueueFlags
0x100090a0 SetupGetLineTextA
0x100090a4 SetupInitDefaultQueueCallbackEx
EAT(Export Address Table) Library
0x100290b6 frponghrpOletnfercrr
msvcrt.dll
0x100090f4 exit
0x100090f8 isspace
0x100090fc memset
CRYPT32.dll
0x10009038 CryptSIPRemoveSignedDataMsg
0x1000903c CertVerifyTimeValidity
USER32.dll
0x100090b8 GetKeyboardLayoutNameA
0x100090bc UnpackDDElParam
0x100090c0 GetPriorityClipboardFormat
0x100090c4 SetMessageExtraInfo
0x100090c8 CallNextHookEx
0x100090cc ShowOwnedPopups
COMCTL32.dll
0x10009028 ImageList_Add
WININET.dll
0x100090d4 FtpFindFirstFileA
OLEAUT32.dll
0x10009080 VarParseNumFromStr
0x10009084 VarR8FromUI4
WINMM.dll
0x100090dc midiInStart
0x100090e0 midiInUnprepareHeader
0x100090e4 waveOutGetErrorTextW
MPRAPI.dll
0x10009074 MprAdminTransportSetInfo
0x10009078 MprConfigInterfaceTransportRemove
RPCRT4.dll
0x1000908c I_RpcExceptionFilter
0x10009090 RpcMgmtIsServerListening
SHLWAPI.dll
0x100090ac PathIsUNCServerW
0x100090b0 PathAddBackslashW
IMM32.dll
0x10009044 ImmGetContext
0x10009048 ImmSetOpenStatus
KERNEL32.dll
0x10009050 IsValidLocale
0x10009054 SetEndOfFile
0x10009058 CreateJobObjectW
0x1000905c GlobalAddAtomA
0x10009060 CreateFileA
0x10009064 GetModuleFileNameW
0x10009068 GetModuleHandleA
0x1000906c IsValidCodePage
ole32.dll
0x10009104 OleCreate
0x10009108 CreateStreamOnHGlobal
0x1000910c CoTaskMemAlloc
COMDLG32.dll
0x10009030 ChooseColorW
WS2_32.dll
0x100090ec gethostname
ADVAPI32.dll
0x10009000 RegQueryValueA
0x10009004 InitializeSecurityDescriptor
0x10009008 TreeResetNamedSecurityInfoW
0x1000900c RegQueryValueW
0x10009010 NotifyChangeEventLog
0x10009014 SaferGetPolicyInformation
0x10009018 RegisterEventSourceA
0x1000901c RegLoadAppKeyA
0x10009020 ControlService
SETUPAPI.dll
0x10009098 SetupDiRegisterDeviceInfo
0x1000909c SetupGetFileQueueFlags
0x100090a0 SetupGetLineTextA
0x100090a4 SetupInitDefaultQueueCallbackEx
EAT(Export Address Table) Library
0x100290b6 frponghrpOletnfercrr