ScreenShot
| Created | 2021.10.05 07:52 | Machine | s1_win7_x6402 |
| Filename | logs.php | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 36e4ec009dc1470d8c45ae4bb9a9f70d | ||
| sha256 | 9ea1d4f45118799060594aed023411b2b14e42500e9aa40610f1c91caf685397 | ||
| ssdeep | 24576:oEZ6pjqiycCc0Ic7dYnG8896mYdB3g17yp/Xx3xShc1ZcQGcoCKVXUGGotVjYmM+:RY+ICc0t7iG88Rp7AfxBShc1ZcQGZlVh | ||
| imphash | 5804f371706c84b01e4fa0ae1261fd98 | ||
| impfuzzy | 24:Rzw9UAKtV1CMYlJeDc+pl3eDoroNavP0OovbOPZ5jMjMjOMo:hpAKtV1CMbc+ppXBD3QMw | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1004b000 SizeofResource
0x1004b004 GetTempPathW
0x1004b008 CreateFileW
0x1004b00c GetVersionExW
0x1004b010 GetSystemDirectoryW
0x1004b014 OpenProcess
0x1004b018 LockResource
0x1004b01c VirtualProtectEx
0x1004b020 GetWindowsDirectoryW
0x1004b024 GetModuleHandleW
0x1004b028 SetConsoleOutputCP
0x1004b02c GetSystemTime
0x1004b030 QueryPerformanceCounter
0x1004b034 GetDateFormatW
0x1004b038 OpenMutexW
0x1004b03c WriteConsoleW
0x1004b040 SetFilePointerEx
0x1004b044 CloseHandle
0x1004b048 HeapReAlloc
0x1004b04c HeapSize
0x1004b050 UnhandledExceptionFilter
0x1004b054 SetUnhandledExceptionFilter
0x1004b058 GetCurrentProcess
0x1004b05c TerminateProcess
0x1004b060 IsProcessorFeaturePresent
0x1004b064 IsDebuggerPresent
0x1004b068 GetStartupInfoW
0x1004b06c GetCurrentProcessId
0x1004b070 GetCurrentThreadId
0x1004b074 GetSystemTimeAsFileTime
0x1004b078 InitializeSListHead
0x1004b07c RtlUnwind
0x1004b080 RaiseException
0x1004b084 InterlockedFlushSList
0x1004b088 GetLastError
0x1004b08c SetLastError
0x1004b090 EncodePointer
0x1004b094 EnterCriticalSection
0x1004b098 LeaveCriticalSection
0x1004b09c DeleteCriticalSection
0x1004b0a0 InitializeCriticalSectionAndSpinCount
0x1004b0a4 TlsAlloc
0x1004b0a8 TlsGetValue
0x1004b0ac TlsSetValue
0x1004b0b0 TlsFree
0x1004b0b4 FreeLibrary
0x1004b0b8 GetProcAddress
0x1004b0bc LoadLibraryExW
0x1004b0c0 ExitProcess
0x1004b0c4 GetModuleHandleExW
0x1004b0c8 GetModuleFileNameA
0x1004b0cc MultiByteToWideChar
0x1004b0d0 WideCharToMultiByte
0x1004b0d4 HeapAlloc
0x1004b0d8 HeapFree
0x1004b0dc LCMapStringW
0x1004b0e0 GetStdHandle
0x1004b0e4 GetFileType
0x1004b0e8 GetACP
0x1004b0ec FindClose
0x1004b0f0 FindFirstFileExA
0x1004b0f4 FindNextFileA
0x1004b0f8 IsValidCodePage
0x1004b0fc GetOEMCP
0x1004b100 GetCPInfo
0x1004b104 GetCommandLineA
0x1004b108 GetCommandLineW
0x1004b10c GetEnvironmentStringsW
0x1004b110 FreeEnvironmentStringsW
0x1004b114 GetProcessHeap
0x1004b118 GetStringTypeW
0x1004b11c FlushFileBuffers
0x1004b120 WriteFile
0x1004b124 GetConsoleCP
0x1004b128 GetConsoleMode
0x1004b12c SetStdHandle
0x1004b130 DecodePointer
ole32.dll
0x1004b138 CoUninitialize
0x1004b13c CoInitialize
0x1004b140 StgCreateDocfile
0x1004b144 CoTaskMemFree
0x1004b148 OleCreate
0x1004b14c CoTaskMemAlloc
0x1004b150 CoSuspendClassObjects
EAT(Export Address Table) Library
0x10015990 Bitpretty
0x10015a50 CentMeat
0x10015970 Coastshore
0x10015920 Everlove
0x10015750 Milk
0x10015600 Workquiet
KERNEL32.dll
0x1004b000 SizeofResource
0x1004b004 GetTempPathW
0x1004b008 CreateFileW
0x1004b00c GetVersionExW
0x1004b010 GetSystemDirectoryW
0x1004b014 OpenProcess
0x1004b018 LockResource
0x1004b01c VirtualProtectEx
0x1004b020 GetWindowsDirectoryW
0x1004b024 GetModuleHandleW
0x1004b028 SetConsoleOutputCP
0x1004b02c GetSystemTime
0x1004b030 QueryPerformanceCounter
0x1004b034 GetDateFormatW
0x1004b038 OpenMutexW
0x1004b03c WriteConsoleW
0x1004b040 SetFilePointerEx
0x1004b044 CloseHandle
0x1004b048 HeapReAlloc
0x1004b04c HeapSize
0x1004b050 UnhandledExceptionFilter
0x1004b054 SetUnhandledExceptionFilter
0x1004b058 GetCurrentProcess
0x1004b05c TerminateProcess
0x1004b060 IsProcessorFeaturePresent
0x1004b064 IsDebuggerPresent
0x1004b068 GetStartupInfoW
0x1004b06c GetCurrentProcessId
0x1004b070 GetCurrentThreadId
0x1004b074 GetSystemTimeAsFileTime
0x1004b078 InitializeSListHead
0x1004b07c RtlUnwind
0x1004b080 RaiseException
0x1004b084 InterlockedFlushSList
0x1004b088 GetLastError
0x1004b08c SetLastError
0x1004b090 EncodePointer
0x1004b094 EnterCriticalSection
0x1004b098 LeaveCriticalSection
0x1004b09c DeleteCriticalSection
0x1004b0a0 InitializeCriticalSectionAndSpinCount
0x1004b0a4 TlsAlloc
0x1004b0a8 TlsGetValue
0x1004b0ac TlsSetValue
0x1004b0b0 TlsFree
0x1004b0b4 FreeLibrary
0x1004b0b8 GetProcAddress
0x1004b0bc LoadLibraryExW
0x1004b0c0 ExitProcess
0x1004b0c4 GetModuleHandleExW
0x1004b0c8 GetModuleFileNameA
0x1004b0cc MultiByteToWideChar
0x1004b0d0 WideCharToMultiByte
0x1004b0d4 HeapAlloc
0x1004b0d8 HeapFree
0x1004b0dc LCMapStringW
0x1004b0e0 GetStdHandle
0x1004b0e4 GetFileType
0x1004b0e8 GetACP
0x1004b0ec FindClose
0x1004b0f0 FindFirstFileExA
0x1004b0f4 FindNextFileA
0x1004b0f8 IsValidCodePage
0x1004b0fc GetOEMCP
0x1004b100 GetCPInfo
0x1004b104 GetCommandLineA
0x1004b108 GetCommandLineW
0x1004b10c GetEnvironmentStringsW
0x1004b110 FreeEnvironmentStringsW
0x1004b114 GetProcessHeap
0x1004b118 GetStringTypeW
0x1004b11c FlushFileBuffers
0x1004b120 WriteFile
0x1004b124 GetConsoleCP
0x1004b128 GetConsoleMode
0x1004b12c SetStdHandle
0x1004b130 DecodePointer
ole32.dll
0x1004b138 CoUninitialize
0x1004b13c CoInitialize
0x1004b140 StgCreateDocfile
0x1004b144 CoTaskMemFree
0x1004b148 OleCreate
0x1004b14c CoTaskMemAlloc
0x1004b150 CoSuspendClassObjects
EAT(Export Address Table) Library
0x10015990 Bitpretty
0x10015a50 CentMeat
0x10015970 Coastshore
0x10015920 Everlove
0x10015750 Milk
0x10015600 Workquiet