ScreenShot
| Created | 2021.10.06 13:37 | Machine | s1_win7_x6401 |
| Filename | zadyx2 | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | b432169dc62064aa3385131ea315d914 | ||
| sha256 | 594a8c77d3eadaa15d1b2773bcce6e9e6ffa6824a2853822aad0ae1c9328e4b4 | ||
| ssdeep | 12288:pZE+MlbUtn38H+bNdPEIaZc661kd+D/fbx+9Klll:bEKNb/aZl6KdSrs+l | ||
| imphash | f34a0f23e05f2c2a829565c932b87430 | ||
| impfuzzy | 96:DzCtwh8ao14tUyN3CHYAuWvW8/GH+rW3Bkcnci9heQPD:r8EN3obuWvW8/GHD3CcncrQPD | ||
Network IP location
Signature (15cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Foreign language identified in PE resource |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (5cnts) ?
Suricata ids
ET POLICY Signed TLS Certificate with md5WithRSAEncryption
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1002608c HeapAlloc
0x10026090 HeapFree
0x10026094 RtlUnwind
0x10026098 HeapReAlloc
0x1002609c VirtualProtect
0x100260a0 VirtualAlloc
0x100260a4 GetSystemInfo
0x100260a8 VirtualQuery
0x100260ac GetCommandLineA
0x100260b0 GetProcessHeap
0x100260b4 RaiseException
0x100260b8 HeapSize
0x100260bc VirtualFree
0x100260c0 HeapDestroy
0x100260c4 HeapCreate
0x100260c8 GetStdHandle
0x100260cc TerminateProcess
0x100260d0 UnhandledExceptionFilter
0x100260d4 SetUnhandledExceptionFilter
0x100260d8 IsDebuggerPresent
0x100260dc Sleep
0x100260e0 SetHandleCount
0x100260e4 GetFileType
0x100260e8 GetStartupInfoA
0x100260ec FreeEnvironmentStringsA
0x100260f0 GetEnvironmentStrings
0x100260f4 FreeEnvironmentStringsW
0x100260f8 GetEnvironmentStringsW
0x100260fc QueryPerformanceCounter
0x10026100 GetTickCount
0x10026104 GetSystemTimeAsFileTime
0x10026108 LCMapStringA
0x1002610c LCMapStringW
0x10026110 GetStringTypeA
0x10026114 GetStringTypeW
0x10026118 GetConsoleCP
0x1002611c GetConsoleMode
0x10026120 SetStdHandle
0x10026124 WriteConsoleA
0x10026128 GetConsoleOutputCP
0x1002612c WriteConsoleW
0x10026130 GetOEMCP
0x10026134 GetCPInfo
0x10026138 CreateFileA
0x1002613c GetCurrentProcess
0x10026140 GetThreadLocale
0x10026144 FlushFileBuffers
0x10026148 SetFilePointer
0x1002614c WriteFile
0x10026150 ReadFile
0x10026154 GlobalFlags
0x10026158 WritePrivateProfileStringA
0x1002615c InterlockedIncrement
0x10026160 TlsFree
0x10026164 DeleteCriticalSection
0x10026168 LocalReAlloc
0x1002616c TlsSetValue
0x10026170 TlsAlloc
0x10026174 InitializeCriticalSection
0x10026178 GlobalHandle
0x1002617c GlobalReAlloc
0x10026180 EnterCriticalSection
0x10026184 TlsGetValue
0x10026188 LeaveCriticalSection
0x1002618c LocalAlloc
0x10026190 GlobalGetAtomNameA
0x10026194 GlobalFindAtomA
0x10026198 lstrcmpW
0x1002619c GetVersionExA
0x100261a0 InterlockedDecrement
0x100261a4 FreeResource
0x100261a8 GetCurrentProcessId
0x100261ac GlobalAddAtomA
0x100261b0 CloseHandle
0x100261b4 GetCurrentThread
0x100261b8 GetCurrentThreadId
0x100261bc ConvertDefaultLocale
0x100261c0 GetModuleFileNameA
0x100261c4 EnumResourceLanguagesA
0x100261c8 GetLocaleInfoA
0x100261cc LoadLibraryA
0x100261d0 lstrcmpA
0x100261d4 FreeLibrary
0x100261d8 GlobalDeleteAtom
0x100261dc GetModuleHandleA
0x100261e0 GetProcAddress
0x100261e4 GlobalFree
0x100261e8 GlobalAlloc
0x100261ec GlobalLock
0x100261f0 GlobalUnlock
0x100261f4 FormatMessageA
0x100261f8 LocalFree
0x100261fc MulDiv
0x10026200 SetLastError
0x10026204 LoadLibraryW
0x10026208 ExitProcess
0x1002620c FindResourceA
0x10026210 LoadResource
0x10026214 LockResource
0x10026218 SizeofResource
0x1002621c lstrlenA
0x10026220 CompareStringA
0x10026224 GetVersion
0x10026228 GetLastError
0x1002622c WideCharToMultiByte
0x10026230 MultiByteToWideChar
0x10026234 GetACP
0x10026238 InterlockedExchange
USER32.dll
0x1002625c DestroyMenu
0x10026260 GetSysColorBrush
0x10026264 EndPaint
0x10026268 BeginPaint
0x1002626c ReleaseDC
0x10026270 GetDC
0x10026274 ClientToScreen
0x10026278 GrayStringA
0x1002627c DrawTextExA
0x10026280 DrawTextA
0x10026284 TabbedTextOutA
0x10026288 ShowWindow
0x1002628c MoveWindow
0x10026290 SetWindowTextA
0x10026294 IsDialogMessageA
0x10026298 RegisterWindowMessageA
0x1002629c SendDlgItemMessageA
0x100262a0 WinHelpA
0x100262a4 GetCapture
0x100262a8 GetClassLongA
0x100262ac GetClassNameA
0x100262b0 SetPropA
0x100262b4 GetPropA
0x100262b8 RemovePropA
0x100262bc SetFocus
0x100262c0 GetWindowTextLengthA
0x100262c4 GetWindowTextA
0x100262c8 GetForegroundWindow
0x100262cc GetTopWindow
0x100262d0 GetMessagePos
0x100262d4 MapWindowPoints
0x100262d8 SetForegroundWindow
0x100262dc UpdateWindow
0x100262e0 GetMenu
0x100262e4 CreateWindowExA
0x100262e8 GetClassInfoExA
0x100262ec GetClassInfoA
0x100262f0 RegisterClassA
0x100262f4 AdjustWindowRectEx
0x100262f8 PtInRect
0x100262fc GetDlgCtrlID
0x10026300 DefWindowProcA
0x10026304 CallWindowProcA
0x10026308 SetWindowPos
0x1002630c SystemParametersInfoA
0x10026310 GetWindowPlacement
0x10026314 GetWindowRect
0x10026318 GetWindow
0x1002631c UnhookWindowsHookEx
0x10026320 GetDesktopWindow
0x10026324 SetActiveWindow
0x10026328 CreateDialogIndirectParamA
0x1002632c DestroyWindow
0x10026330 IsWindow
0x10026334 GetDlgItem
0x10026338 GetNextDlgTabItem
0x1002633c EndDialog
0x10026340 GetWindowThreadProcessId
0x10026344 GetLastActivePopup
0x10026348 DrawIcon
0x1002634c SendMessageA
0x10026350 IsWindowEnabled
0x10026354 MessageBoxA
0x10026358 SetCursor
0x1002635c SetWindowsHookExA
0x10026360 CallNextHookEx
0x10026364 GetMessageA
0x10026368 TranslateMessage
0x1002636c DispatchMessageA
0x10026370 GetActiveWindow
0x10026374 IsWindowVisible
0x10026378 GetKeyState
0x1002637c PeekMessageA
0x10026380 UnregisterClassA
0x10026384 GetMessageTime
0x10026388 LoadCursorA
0x1002638c IsIconic
0x10026390 GetClientRect
0x10026394 LoadIconA
0x10026398 EnableWindow
0x1002639c GetSystemMetrics
0x100263a0 GetSysColor
0x100263a4 CopyRect
0x100263a8 LockWindowUpdate
0x100263ac RedrawWindow
0x100263b0 GetParent
0x100263b4 SetWindowLongA
0x100263b8 GetWindowLongA
0x100263bc GetSubMenu
0x100263c0 GetMenuItemCount
0x100263c4 GetMenuItemID
0x100263c8 GetCursorPos
0x100263cc ValidateRect
0x100263d0 SetMenuItemBitmaps
0x100263d4 GetMenuCheckMarkDimensions
0x100263d8 LoadBitmapA
0x100263dc GetFocus
0x100263e0 ModifyMenuA
0x100263e4 EnableMenuItem
0x100263e8 CheckMenuItem
0x100263ec PostMessageA
0x100263f0 PostQuitMessage
0x100263f4 GetMenuState
GDI32.dll
0x10026028 SetWindowExtEx
0x1002602c ScaleWindowExtEx
0x10026030 DeleteDC
0x10026034 GetStockObject
0x10026038 ScaleViewportExtEx
0x1002603c SetViewportExtEx
0x10026040 OffsetViewportOrgEx
0x10026044 SetViewportOrgEx
0x10026048 SelectObject
0x1002604c Escape
0x10026050 ExtTextOutA
0x10026054 TextOutA
0x10026058 RectVisible
0x1002605c PtVisible
0x10026060 GetDeviceCaps
0x10026064 DeleteObject
0x10026068 SetMapMode
0x1002606c RestoreDC
0x10026070 SaveDC
0x10026074 GetObjectA
0x10026078 SetBkColor
0x1002607c SetTextColor
0x10026080 GetClipBox
0x10026084 CreateBitmap
WINSPOOL.DRV
0x100263fc ClosePrinter
0x10026400 DocumentPropertiesA
0x10026404 OpenPrinterA
ADVAPI32.dll
0x10026000 RegSetValueExA
0x10026004 RegCreateKeyExA
0x10026008 RegQueryValueA
0x1002600c RegEnumKeyA
0x10026010 RegDeleteKeyA
0x10026014 RegOpenKeyExA
0x10026018 RegQueryValueExA
0x1002601c RegOpenKeyA
0x10026020 RegCloseKey
SHLWAPI.dll
0x10026254 PathFindExtensionA
OLEAUT32.dll
0x10026240 VarDateFromStr
0x10026244 VariantClear
0x10026248 VariantChangeType
0x1002624c VariantInit
EAT(Export Address Table) Library
0x1000195d DllRegisterServer
KERNEL32.dll
0x1002608c HeapAlloc
0x10026090 HeapFree
0x10026094 RtlUnwind
0x10026098 HeapReAlloc
0x1002609c VirtualProtect
0x100260a0 VirtualAlloc
0x100260a4 GetSystemInfo
0x100260a8 VirtualQuery
0x100260ac GetCommandLineA
0x100260b0 GetProcessHeap
0x100260b4 RaiseException
0x100260b8 HeapSize
0x100260bc VirtualFree
0x100260c0 HeapDestroy
0x100260c4 HeapCreate
0x100260c8 GetStdHandle
0x100260cc TerminateProcess
0x100260d0 UnhandledExceptionFilter
0x100260d4 SetUnhandledExceptionFilter
0x100260d8 IsDebuggerPresent
0x100260dc Sleep
0x100260e0 SetHandleCount
0x100260e4 GetFileType
0x100260e8 GetStartupInfoA
0x100260ec FreeEnvironmentStringsA
0x100260f0 GetEnvironmentStrings
0x100260f4 FreeEnvironmentStringsW
0x100260f8 GetEnvironmentStringsW
0x100260fc QueryPerformanceCounter
0x10026100 GetTickCount
0x10026104 GetSystemTimeAsFileTime
0x10026108 LCMapStringA
0x1002610c LCMapStringW
0x10026110 GetStringTypeA
0x10026114 GetStringTypeW
0x10026118 GetConsoleCP
0x1002611c GetConsoleMode
0x10026120 SetStdHandle
0x10026124 WriteConsoleA
0x10026128 GetConsoleOutputCP
0x1002612c WriteConsoleW
0x10026130 GetOEMCP
0x10026134 GetCPInfo
0x10026138 CreateFileA
0x1002613c GetCurrentProcess
0x10026140 GetThreadLocale
0x10026144 FlushFileBuffers
0x10026148 SetFilePointer
0x1002614c WriteFile
0x10026150 ReadFile
0x10026154 GlobalFlags
0x10026158 WritePrivateProfileStringA
0x1002615c InterlockedIncrement
0x10026160 TlsFree
0x10026164 DeleteCriticalSection
0x10026168 LocalReAlloc
0x1002616c TlsSetValue
0x10026170 TlsAlloc
0x10026174 InitializeCriticalSection
0x10026178 GlobalHandle
0x1002617c GlobalReAlloc
0x10026180 EnterCriticalSection
0x10026184 TlsGetValue
0x10026188 LeaveCriticalSection
0x1002618c LocalAlloc
0x10026190 GlobalGetAtomNameA
0x10026194 GlobalFindAtomA
0x10026198 lstrcmpW
0x1002619c GetVersionExA
0x100261a0 InterlockedDecrement
0x100261a4 FreeResource
0x100261a8 GetCurrentProcessId
0x100261ac GlobalAddAtomA
0x100261b0 CloseHandle
0x100261b4 GetCurrentThread
0x100261b8 GetCurrentThreadId
0x100261bc ConvertDefaultLocale
0x100261c0 GetModuleFileNameA
0x100261c4 EnumResourceLanguagesA
0x100261c8 GetLocaleInfoA
0x100261cc LoadLibraryA
0x100261d0 lstrcmpA
0x100261d4 FreeLibrary
0x100261d8 GlobalDeleteAtom
0x100261dc GetModuleHandleA
0x100261e0 GetProcAddress
0x100261e4 GlobalFree
0x100261e8 GlobalAlloc
0x100261ec GlobalLock
0x100261f0 GlobalUnlock
0x100261f4 FormatMessageA
0x100261f8 LocalFree
0x100261fc MulDiv
0x10026200 SetLastError
0x10026204 LoadLibraryW
0x10026208 ExitProcess
0x1002620c FindResourceA
0x10026210 LoadResource
0x10026214 LockResource
0x10026218 SizeofResource
0x1002621c lstrlenA
0x10026220 CompareStringA
0x10026224 GetVersion
0x10026228 GetLastError
0x1002622c WideCharToMultiByte
0x10026230 MultiByteToWideChar
0x10026234 GetACP
0x10026238 InterlockedExchange
USER32.dll
0x1002625c DestroyMenu
0x10026260 GetSysColorBrush
0x10026264 EndPaint
0x10026268 BeginPaint
0x1002626c ReleaseDC
0x10026270 GetDC
0x10026274 ClientToScreen
0x10026278 GrayStringA
0x1002627c DrawTextExA
0x10026280 DrawTextA
0x10026284 TabbedTextOutA
0x10026288 ShowWindow
0x1002628c MoveWindow
0x10026290 SetWindowTextA
0x10026294 IsDialogMessageA
0x10026298 RegisterWindowMessageA
0x1002629c SendDlgItemMessageA
0x100262a0 WinHelpA
0x100262a4 GetCapture
0x100262a8 GetClassLongA
0x100262ac GetClassNameA
0x100262b0 SetPropA
0x100262b4 GetPropA
0x100262b8 RemovePropA
0x100262bc SetFocus
0x100262c0 GetWindowTextLengthA
0x100262c4 GetWindowTextA
0x100262c8 GetForegroundWindow
0x100262cc GetTopWindow
0x100262d0 GetMessagePos
0x100262d4 MapWindowPoints
0x100262d8 SetForegroundWindow
0x100262dc UpdateWindow
0x100262e0 GetMenu
0x100262e4 CreateWindowExA
0x100262e8 GetClassInfoExA
0x100262ec GetClassInfoA
0x100262f0 RegisterClassA
0x100262f4 AdjustWindowRectEx
0x100262f8 PtInRect
0x100262fc GetDlgCtrlID
0x10026300 DefWindowProcA
0x10026304 CallWindowProcA
0x10026308 SetWindowPos
0x1002630c SystemParametersInfoA
0x10026310 GetWindowPlacement
0x10026314 GetWindowRect
0x10026318 GetWindow
0x1002631c UnhookWindowsHookEx
0x10026320 GetDesktopWindow
0x10026324 SetActiveWindow
0x10026328 CreateDialogIndirectParamA
0x1002632c DestroyWindow
0x10026330 IsWindow
0x10026334 GetDlgItem
0x10026338 GetNextDlgTabItem
0x1002633c EndDialog
0x10026340 GetWindowThreadProcessId
0x10026344 GetLastActivePopup
0x10026348 DrawIcon
0x1002634c SendMessageA
0x10026350 IsWindowEnabled
0x10026354 MessageBoxA
0x10026358 SetCursor
0x1002635c SetWindowsHookExA
0x10026360 CallNextHookEx
0x10026364 GetMessageA
0x10026368 TranslateMessage
0x1002636c DispatchMessageA
0x10026370 GetActiveWindow
0x10026374 IsWindowVisible
0x10026378 GetKeyState
0x1002637c PeekMessageA
0x10026380 UnregisterClassA
0x10026384 GetMessageTime
0x10026388 LoadCursorA
0x1002638c IsIconic
0x10026390 GetClientRect
0x10026394 LoadIconA
0x10026398 EnableWindow
0x1002639c GetSystemMetrics
0x100263a0 GetSysColor
0x100263a4 CopyRect
0x100263a8 LockWindowUpdate
0x100263ac RedrawWindow
0x100263b0 GetParent
0x100263b4 SetWindowLongA
0x100263b8 GetWindowLongA
0x100263bc GetSubMenu
0x100263c0 GetMenuItemCount
0x100263c4 GetMenuItemID
0x100263c8 GetCursorPos
0x100263cc ValidateRect
0x100263d0 SetMenuItemBitmaps
0x100263d4 GetMenuCheckMarkDimensions
0x100263d8 LoadBitmapA
0x100263dc GetFocus
0x100263e0 ModifyMenuA
0x100263e4 EnableMenuItem
0x100263e8 CheckMenuItem
0x100263ec PostMessageA
0x100263f0 PostQuitMessage
0x100263f4 GetMenuState
GDI32.dll
0x10026028 SetWindowExtEx
0x1002602c ScaleWindowExtEx
0x10026030 DeleteDC
0x10026034 GetStockObject
0x10026038 ScaleViewportExtEx
0x1002603c SetViewportExtEx
0x10026040 OffsetViewportOrgEx
0x10026044 SetViewportOrgEx
0x10026048 SelectObject
0x1002604c Escape
0x10026050 ExtTextOutA
0x10026054 TextOutA
0x10026058 RectVisible
0x1002605c PtVisible
0x10026060 GetDeviceCaps
0x10026064 DeleteObject
0x10026068 SetMapMode
0x1002606c RestoreDC
0x10026070 SaveDC
0x10026074 GetObjectA
0x10026078 SetBkColor
0x1002607c SetTextColor
0x10026080 GetClipBox
0x10026084 CreateBitmap
WINSPOOL.DRV
0x100263fc ClosePrinter
0x10026400 DocumentPropertiesA
0x10026404 OpenPrinterA
ADVAPI32.dll
0x10026000 RegSetValueExA
0x10026004 RegCreateKeyExA
0x10026008 RegQueryValueA
0x1002600c RegEnumKeyA
0x10026010 RegDeleteKeyA
0x10026014 RegOpenKeyExA
0x10026018 RegQueryValueExA
0x1002601c RegOpenKeyA
0x10026020 RegCloseKey
SHLWAPI.dll
0x10026254 PathFindExtensionA
OLEAUT32.dll
0x10026240 VarDateFromStr
0x10026244 VariantClear
0x10026248 VariantChangeType
0x1002624c VariantInit
EAT(Export Address Table) Library
0x1000195d DllRegisterServer