ScreenShot
| Created | 2021.09.29 16:28 | Machine | s1_win7_x6401 |
| Filename | 1.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 3 detected (Eldorado, Kryptik, HMQJ, Malicious, score) | ||
| md5 | 25492a4aa466acceafbff245d285951d | ||
| sha256 | 31f33078ee56172d1ea5994a50c488b4b4140be8519128a17f7b75ade4bee31a | ||
| ssdeep | 24576:eqgvGA6l5UfquF44Nc3Y/1/ChWsnVTpNEkEQ562Q7:rYGiC463G8H0b7 | ||
| imphash | 71c1d78d0157dd1322db01af5007279b | ||
| impfuzzy | 48:XcwUm15rUK43+YxurptWJlc+pNCGFjrzzaz/lnlD+c1RlamzGT0B/4cAJE5QB:X715rylIrptWJlc+pNCI310J8 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| notice | Terminates another process |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10114008 GetLogicalDrives
0x1011400c GetOEMCP
0x10114010 GetCommandLineW
0x10114014 GetCurrentProcess
0x10114018 GetThreadErrorMode
0x1011401c GetSystemDefaultUILanguage
0x10114020 GetThreadLocale
0x10114024 GetUserDefaultUILanguage
0x10114028 FlushProcessWriteBuffers
0x1011402c GetLargePageMinimum
0x10114030 GetCurrentThreadId
0x10114034 UnregisterApplicationRecoveryCallback
0x10114038 IsSystemResumeAutomatic
0x1011403c GetSystemDefaultLangID
0x10114040 GetACP
0x10114044 GetCommandLineA
0x10114048 GetTickCount64
0x1011404c GetLastError
0x10114050 GetThreadUILanguage
0x10114054 GetCurrentThread
0x10114058 TlsAlloc
0x1011405c SwitchToThread
0x10114060 GetCurrentProcessorNumber
0x10114064 GetErrorMode
0x10114068 UnregisterApplicationRestart
0x1011406c SetFileApisToOEM
0x10114070 GetTickCount
0x10114074 GetEnvironmentStringsW
0x10114078 AreFileApisANSI
0x1011407c WriteConsoleW
0x10114080 CloseHandle
0x10114084 CreateFileW
0x10114088 SetFilePointerEx
0x1011408c GetConsoleMode
0x10114090 GetConsoleOutputCP
0x10114094 WriteFile
0x10114098 FlushFileBuffers
0x1011409c SetStdHandle
0x101140a0 HeapReAlloc
0x101140a4 HeapSize
0x101140a8 GetStringTypeW
0x101140ac GetFileType
0x101140b0 GetStdHandle
0x101140b4 GetProcessHeap
0x101140b8 LCMapStringW
0x101140bc IsDebuggerPresent
0x101140c0 GetUserDefaultLangID
0x101140c4 FreeEnvironmentStringsW
0x101140c8 WideCharToMultiByte
0x101140cc MultiByteToWideChar
0x101140d0 GetCPInfo
0x101140d4 IsValidCodePage
0x101140d8 InitializeSListHead
0x101140dc UnhandledExceptionFilter
0x101140e0 SetUnhandledExceptionFilter
0x101140e4 GetStartupInfoW
0x101140e8 IsProcessorFeaturePresent
0x101140ec GetModuleHandleW
0x101140f0 TerminateProcess
0x101140f4 RaiseException
0x101140f8 InterlockedFlushSList
0x101140fc RtlUnwind
0x10114100 SetLastError
0x10114104 EnterCriticalSection
0x10114108 LeaveCriticalSection
0x1011410c DeleteCriticalSection
0x10114110 InitializeCriticalSectionAndSpinCount
0x10114114 TlsGetValue
0x10114118 TlsSetValue
0x1011411c TlsFree
0x10114120 FreeLibrary
0x10114124 GetProcAddress
0x10114128 LoadLibraryExW
0x1011412c EncodePointer
0x10114130 ExitProcess
0x10114134 GetModuleHandleExW
0x10114138 GetModuleFileNameW
0x1011413c HeapAlloc
0x10114140 HeapFree
0x10114144 FindClose
0x10114148 FindFirstFileExW
0x1011414c FindNextFileW
0x10114150 DecodePointer
USER32.dll
0x10114160 GetClipboardSequenceNumber
0x10114164 GetDesktopWindow
0x10114168 GetDialogBaseUnits
0x1011416c GetMessageExtraInfo
0x10114170 GetFocus
0x10114174 GetClipboardViewer
0x10114178 GetOpenClipboardWindow
0x1011417c GetCursor
0x10114180 GetShellWindow
0x10114184 GetActiveWindow
0x10114188 AnyPopup
0x1011418c InSendMessage
0x10114190 GetCapture
0x10114194 CloseClipboard
0x10114198 EmptyClipboard
0x1011419c CountClipboardFormats
0x101141a0 GetKBCodePage
0x101141a4 IsProcessDPIAware
0x101141a8 GetForegroundWindow
0x101141ac GetMessageTime
0x101141b0 IsWow64Message
0x101141b4 DestroyCaret
0x101141b8 SetProcessDPIAware
0x101141bc CreateMenu
0x101141c0 GetProcessWindowStation
0x101141c4 GetMenuCheckMarkDimensions
GDI32.dll
0x10114000 GdiFlush
SHELL32.dll
0x10114158 InitNetworkAddressControl
ole32.dll
0x101141cc CoUninitialize
0x101141d0 CoFreeUnusedLibraries
0x101141d4 OleUninitialize
EAT(Export Address Table) Library
0x1000e97f ?KmeHCeEZQd_fuPPcQKge@@YG_NXZ
0x1000e505 ?QOmviswgcN_vMdZtPEhyY@@YG_NXZ
0x1000e444 ?SIjqDZeqrX_EtrfJalMqMPWTrfPp@@YG_NXZ
0x1000eb1d ?VkjaEoQAJt_WeOvySCjxdWblaCoVYn@@YG_NXZ
0x1000e704 ?ZpEbgvlA_fyCRTxpEt@@YG_NXZ
0x1000eac7 ?aeWfWWxQRQ_OvOrhdkOslZrwghUkkckkEQFNa@@YG_NXZ
0x1000ed08 ?cHgWVBHFsc_ySRQxbJAYAYMfUtUXjcSflMrJZBzEP@@YG_NXZ
0x1000e5f8 ?fqxmUOBP_MNgUaVYxfiiSpKf@@YG_NXZ
0x1000e675 ?gKKtepXvfK_gBVMOWOtEnsbDEEtrXwHOyWZtxz@@YG_NXZ
0x1000e86e ?iMQjPeNjkH_hJBIoSAYmxolSMtTpxhqOaah@@YG_NXZ
0x1000ea48 ?pFgmxhSwZ_IoCnLUNdzhIKXOcZspkLGGxvdzL@@YG_NXZ
0x1000ec01 ?rnvHsfBUW_zleVawIYv@@YG_NXZ
0x1000ecdf ?sHxCGRcqY_uOicOniLtIVpm@@YG_NXZ
0x1000e8c8 ?sNRsOiOupb_NEQELXcYDqMwTUSq@@YG_NXZ
0x1000e955 ?taXuqcAxFN_VqLUzsGsAZBWjJhzCLZVya@@YG_NXZ
0x1000e844 ?ultGAAJBVf_sgKxdYNEAqjdOVFOwXlpFrXpralMhV@@YG_NXZ
0x1000e89e ?zdzgTFCHxd_hCiqpuSQApFEnvlRXbDqEkrbREsM@@YG_NXZ
0x1000e238 DllRegisterServer
0x1000e444 EtrfJalMqMPWTrfPp
0x1000ea48 IoCnLUNdzhIKXOcZspkLGGxvdzL
0x1000e5f8 MNgUaVYxfiiSpKf
0x1000e8c8 NEQELXcYDqMwTUSq
0x1000eac7 OvOrhdkOslZrwghUkkckkEQFNa
0x1000e955 VqLUzsGsAZBWjJhzCLZVya
0x1000eb1d WeOvySCjxdWblaCoVYn
0x1000e97f fuPPcQKge
0x1000e704 fyCRTxpEt
0x1000e675 gBVMOWOtEnsbDEEtrXwHOyWZtxz
0x1000e89e hCiqpuSQApFEnvlRXbDqEkrbREsM
0x1000e86e hJBIoSAYmxolSMtTpxhqOaah
0x1000e844 sgKxdYNEAqjdOVFOwXlpFrXpralMhV
0x1000ecdf uOicOniLtIVpm
0x1000e505 vMdZtPEhyY
0x1000ed08 ySRQxbJAYAYMfUtUXjcSflMrJZBzEP
0x1000ec01 zleVawIYv
KERNEL32.dll
0x10114008 GetLogicalDrives
0x1011400c GetOEMCP
0x10114010 GetCommandLineW
0x10114014 GetCurrentProcess
0x10114018 GetThreadErrorMode
0x1011401c GetSystemDefaultUILanguage
0x10114020 GetThreadLocale
0x10114024 GetUserDefaultUILanguage
0x10114028 FlushProcessWriteBuffers
0x1011402c GetLargePageMinimum
0x10114030 GetCurrentThreadId
0x10114034 UnregisterApplicationRecoveryCallback
0x10114038 IsSystemResumeAutomatic
0x1011403c GetSystemDefaultLangID
0x10114040 GetACP
0x10114044 GetCommandLineA
0x10114048 GetTickCount64
0x1011404c GetLastError
0x10114050 GetThreadUILanguage
0x10114054 GetCurrentThread
0x10114058 TlsAlloc
0x1011405c SwitchToThread
0x10114060 GetCurrentProcessorNumber
0x10114064 GetErrorMode
0x10114068 UnregisterApplicationRestart
0x1011406c SetFileApisToOEM
0x10114070 GetTickCount
0x10114074 GetEnvironmentStringsW
0x10114078 AreFileApisANSI
0x1011407c WriteConsoleW
0x10114080 CloseHandle
0x10114084 CreateFileW
0x10114088 SetFilePointerEx
0x1011408c GetConsoleMode
0x10114090 GetConsoleOutputCP
0x10114094 WriteFile
0x10114098 FlushFileBuffers
0x1011409c SetStdHandle
0x101140a0 HeapReAlloc
0x101140a4 HeapSize
0x101140a8 GetStringTypeW
0x101140ac GetFileType
0x101140b0 GetStdHandle
0x101140b4 GetProcessHeap
0x101140b8 LCMapStringW
0x101140bc IsDebuggerPresent
0x101140c0 GetUserDefaultLangID
0x101140c4 FreeEnvironmentStringsW
0x101140c8 WideCharToMultiByte
0x101140cc MultiByteToWideChar
0x101140d0 GetCPInfo
0x101140d4 IsValidCodePage
0x101140d8 InitializeSListHead
0x101140dc UnhandledExceptionFilter
0x101140e0 SetUnhandledExceptionFilter
0x101140e4 GetStartupInfoW
0x101140e8 IsProcessorFeaturePresent
0x101140ec GetModuleHandleW
0x101140f0 TerminateProcess
0x101140f4 RaiseException
0x101140f8 InterlockedFlushSList
0x101140fc RtlUnwind
0x10114100 SetLastError
0x10114104 EnterCriticalSection
0x10114108 LeaveCriticalSection
0x1011410c DeleteCriticalSection
0x10114110 InitializeCriticalSectionAndSpinCount
0x10114114 TlsGetValue
0x10114118 TlsSetValue
0x1011411c TlsFree
0x10114120 FreeLibrary
0x10114124 GetProcAddress
0x10114128 LoadLibraryExW
0x1011412c EncodePointer
0x10114130 ExitProcess
0x10114134 GetModuleHandleExW
0x10114138 GetModuleFileNameW
0x1011413c HeapAlloc
0x10114140 HeapFree
0x10114144 FindClose
0x10114148 FindFirstFileExW
0x1011414c FindNextFileW
0x10114150 DecodePointer
USER32.dll
0x10114160 GetClipboardSequenceNumber
0x10114164 GetDesktopWindow
0x10114168 GetDialogBaseUnits
0x1011416c GetMessageExtraInfo
0x10114170 GetFocus
0x10114174 GetClipboardViewer
0x10114178 GetOpenClipboardWindow
0x1011417c GetCursor
0x10114180 GetShellWindow
0x10114184 GetActiveWindow
0x10114188 AnyPopup
0x1011418c InSendMessage
0x10114190 GetCapture
0x10114194 CloseClipboard
0x10114198 EmptyClipboard
0x1011419c CountClipboardFormats
0x101141a0 GetKBCodePage
0x101141a4 IsProcessDPIAware
0x101141a8 GetForegroundWindow
0x101141ac GetMessageTime
0x101141b0 IsWow64Message
0x101141b4 DestroyCaret
0x101141b8 SetProcessDPIAware
0x101141bc CreateMenu
0x101141c0 GetProcessWindowStation
0x101141c4 GetMenuCheckMarkDimensions
GDI32.dll
0x10114000 GdiFlush
SHELL32.dll
0x10114158 InitNetworkAddressControl
ole32.dll
0x101141cc CoUninitialize
0x101141d0 CoFreeUnusedLibraries
0x101141d4 OleUninitialize
EAT(Export Address Table) Library
0x1000e97f ?KmeHCeEZQd_fuPPcQKge@@YG_NXZ
0x1000e505 ?QOmviswgcN_vMdZtPEhyY@@YG_NXZ
0x1000e444 ?SIjqDZeqrX_EtrfJalMqMPWTrfPp@@YG_NXZ
0x1000eb1d ?VkjaEoQAJt_WeOvySCjxdWblaCoVYn@@YG_NXZ
0x1000e704 ?ZpEbgvlA_fyCRTxpEt@@YG_NXZ
0x1000eac7 ?aeWfWWxQRQ_OvOrhdkOslZrwghUkkckkEQFNa@@YG_NXZ
0x1000ed08 ?cHgWVBHFsc_ySRQxbJAYAYMfUtUXjcSflMrJZBzEP@@YG_NXZ
0x1000e5f8 ?fqxmUOBP_MNgUaVYxfiiSpKf@@YG_NXZ
0x1000e675 ?gKKtepXvfK_gBVMOWOtEnsbDEEtrXwHOyWZtxz@@YG_NXZ
0x1000e86e ?iMQjPeNjkH_hJBIoSAYmxolSMtTpxhqOaah@@YG_NXZ
0x1000ea48 ?pFgmxhSwZ_IoCnLUNdzhIKXOcZspkLGGxvdzL@@YG_NXZ
0x1000ec01 ?rnvHsfBUW_zleVawIYv@@YG_NXZ
0x1000ecdf ?sHxCGRcqY_uOicOniLtIVpm@@YG_NXZ
0x1000e8c8 ?sNRsOiOupb_NEQELXcYDqMwTUSq@@YG_NXZ
0x1000e955 ?taXuqcAxFN_VqLUzsGsAZBWjJhzCLZVya@@YG_NXZ
0x1000e844 ?ultGAAJBVf_sgKxdYNEAqjdOVFOwXlpFrXpralMhV@@YG_NXZ
0x1000e89e ?zdzgTFCHxd_hCiqpuSQApFEnvlRXbDqEkrbREsM@@YG_NXZ
0x1000e238 DllRegisterServer
0x1000e444 EtrfJalMqMPWTrfPp
0x1000ea48 IoCnLUNdzhIKXOcZspkLGGxvdzL
0x1000e5f8 MNgUaVYxfiiSpKf
0x1000e8c8 NEQELXcYDqMwTUSq
0x1000eac7 OvOrhdkOslZrwghUkkckkEQFNa
0x1000e955 VqLUzsGsAZBWjJhzCLZVya
0x1000eb1d WeOvySCjxdWblaCoVYn
0x1000e97f fuPPcQKge
0x1000e704 fyCRTxpEt
0x1000e675 gBVMOWOtEnsbDEEtrXwHOyWZtxz
0x1000e89e hCiqpuSQApFEnvlRXbDqEkrbREsM
0x1000e86e hJBIoSAYmxolSMtTpxhqOaah
0x1000e844 sgKxdYNEAqjdOVFOwXlpFrXpralMhV
0x1000ecdf uOicOniLtIVpm
0x1000e505 vMdZtPEhyY
0x1000ed08 ySRQxbJAYAYMfUtUXjcSflMrJZBzEP
0x1000ec01 zleVawIYv