ScreenShot
| Created | 2021.10.07 17:39 | Machine | s1_win7_x6402 |
| Filename | lifegreen.png | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 28a26a67316358ef183f71df68713e92 | ||
| sha256 | 7addfcf6783562341274037568a6d35255aab93f59ced02ad16f5f89a6c3e2d5 | ||
| ssdeep | 6144:b3oOkxQXFDzaLtFD2aD3GAKit6lltqFpaI28VwPHK6+TDrAo0dThI9eq0NIaP:b3ExQ1DzM107qFp12iwPqvDr2VI9bZa | ||
| imphash | fd98f67a63ecc847a2028c66b8388afb | ||
| impfuzzy | 96:EhmKgg7JBNj+IpmND0WJwcr4kZsFtIAi9CascRcLrnbRuNPQ:ETmDHr4kZsFtIP9CascRcH0NPQ | ||
Network IP location
Signature (15cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (5cnts) ?
Suricata ids
ET CNC Feodo Tracker Reported CnC Server group 19
ET CNC Feodo Tracker Reported CnC Server group 11
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 5
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 11
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 5
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10020094 GetSystemInfo
0x10020098 VirtualQuery
0x1002009c GetCommandLineA
0x100200a0 ExitProcess
0x100200a4 TerminateProcess
0x100200a8 HeapReAlloc
0x100200ac HeapSize
0x100200b0 HeapDestroy
0x100200b4 HeapCreate
0x100200b8 VirtualFree
0x100200bc IsBadWritePtr
0x100200c0 SetHandleCount
0x100200c4 GetStdHandle
0x100200c8 GetFileType
0x100200cc GetStartupInfoA
0x100200d0 FreeEnvironmentStringsA
0x100200d4 GetEnvironmentStrings
0x100200d8 FreeEnvironmentStringsW
0x100200dc GetEnvironmentStringsW
0x100200e0 UnhandledExceptionFilter
0x100200e4 VirtualAlloc
0x100200e8 GetTickCount
0x100200ec GetCurrentProcessId
0x100200f0 GetSystemTimeAsFileTime
0x100200f4 SetUnhandledExceptionFilter
0x100200f8 LCMapStringA
0x100200fc LCMapStringW
0x10020100 GetStringTypeA
0x10020104 GetStringTypeW
0x10020108 IsBadReadPtr
0x1002010c IsBadCodePtr
0x10020110 GetUserDefaultLCID
0x10020114 EnumSystemLocalesA
0x10020118 IsValidLocale
0x1002011c IsValidCodePage
0x10020120 SetStdHandle
0x10020124 GetLocaleInfoW
0x10020128 VirtualProtect
0x1002012c HeapAlloc
0x10020130 RtlUnwind
0x10020134 HeapFree
0x10020138 GetOEMCP
0x1002013c GetCPInfo
0x10020140 GetCurrentProcess
0x10020144 FlushFileBuffers
0x10020148 SetFilePointer
0x1002014c WriteFile
0x10020150 ReadFile
0x10020154 TlsFree
0x10020158 LocalReAlloc
0x1002015c TlsSetValue
0x10020160 TlsAlloc
0x10020164 TlsGetValue
0x10020168 EnterCriticalSection
0x1002016c GlobalHandle
0x10020170 GlobalReAlloc
0x10020174 LeaveCriticalSection
0x10020178 LocalAlloc
0x1002017c DeleteCriticalSection
0x10020180 InitializeCriticalSection
0x10020184 RaiseException
0x10020188 GlobalFlags
0x1002018c InterlockedIncrement
0x10020190 WritePrivateProfileStringA
0x10020194 InterlockedDecrement
0x10020198 GlobalGetAtomNameA
0x1002019c GlobalFindAtomA
0x100201a0 lstrcatA
0x100201a4 lstrcmpW
0x100201a8 FreeResource
0x100201ac CloseHandle
0x100201b0 GlobalAddAtomA
0x100201b4 SetLastError
0x100201b8 GlobalFree
0x100201bc MulDiv
0x100201c0 GlobalUnlock
0x100201c4 FormatMessageA
0x100201c8 lstrcpynA
0x100201cc LocalFree
0x100201d0 GetCurrentThread
0x100201d4 GetCurrentThreadId
0x100201d8 GlobalLock
0x100201dc GlobalAlloc
0x100201e0 FreeLibrary
0x100201e4 GlobalDeleteAtom
0x100201e8 lstrcmpA
0x100201ec GetModuleFileNameA
0x100201f0 GetModuleHandleA
0x100201f4 GetProcAddress
0x100201f8 ConvertDefaultLocale
0x100201fc EnumResourceLanguagesA
0x10020200 lstrcpyA
0x10020204 LoadLibraryA
0x10020208 LoadResource
0x1002020c LockResource
0x10020210 SizeofResource
0x10020214 FindResourceA
0x10020218 LoadLibraryW
0x1002021c GetLastError
0x10020220 lstrlenA
0x10020224 lstrcmpiA
0x10020228 WideCharToMultiByte
0x1002022c MultiByteToWideChar
0x10020230 GetVersion
0x10020234 GetThreadLocale
0x10020238 GetLocaleInfoA
0x1002023c GetACP
0x10020240 GetVersionExA
0x10020244 QueryPerformanceCounter
0x10020248 InterlockedExchange
USER32.dll
0x10020268 GetClassInfoExA
0x1002026c GetClassNameA
0x10020270 SetPropA
0x10020274 GetPropA
0x10020278 RemovePropA
0x1002027c SendDlgItemMessageA
0x10020280 SetFocus
0x10020284 GetWindowTextLengthA
0x10020288 GetWindowTextA
0x1002028c GetForegroundWindow
0x10020290 GetTopWindow
0x10020294 UnhookWindowsHookEx
0x10020298 GetMessageTime
0x1002029c GetMessagePos
0x100202a0 MapWindowPoints
0x100202a4 SetForegroundWindow
0x100202a8 UpdateWindow
0x100202ac GetMenu
0x100202b0 GetSysColor
0x100202b4 AdjustWindowRectEx
0x100202b8 GetClassInfoA
0x100202bc RegisterClassA
0x100202c0 UnregisterClassA
0x100202c4 GetDlgCtrlID
0x100202c8 DefWindowProcA
0x100202cc CallWindowProcA
0x100202d0 SetWindowLongA
0x100202d4 SetWindowPos
0x100202d8 SystemParametersInfoA
0x100202dc GetWindowPlacement
0x100202e0 GetWindowRect
0x100202e4 CopyRect
0x100202e8 GetWindow
0x100202ec GetDesktopWindow
0x100202f0 SetActiveWindow
0x100202f4 CreateDialogIndirectParamA
0x100202f8 DestroyWindow
0x100202fc IsWindow
0x10020300 GetNextDlgTabItem
0x10020304 EndDialog
0x10020308 SetMenuItemBitmaps
0x1002030c GetFocus
0x10020310 ModifyMenuA
0x10020314 EnableMenuItem
0x10020318 CheckMenuItem
0x1002031c GetMenuCheckMarkDimensions
0x10020320 LoadBitmapA
0x10020324 SetWindowsHookExA
0x10020328 CallNextHookEx
0x1002032c GetMessageA
0x10020330 TranslateMessage
0x10020334 DispatchMessageA
0x10020338 GetActiveWindow
0x1002033c IsWindowVisible
0x10020340 GetKeyState
0x10020344 PeekMessageA
0x10020348 GetCursorPos
0x1002034c ValidateRect
0x10020350 GetParent
0x10020354 GetWindowLongA
0x10020358 GetLastActivePopup
0x1002035c IsWindowEnabled
0x10020360 SetCursor
0x10020364 GetMenuState
0x10020368 GetMenuItemID
0x1002036c GetMenuItemCount
0x10020370 GetSubMenu
0x10020374 LoadCursorA
0x10020378 EndPaint
0x1002037c BeginPaint
0x10020380 ReleaseDC
0x10020384 GetDC
0x10020388 ClientToScreen
0x1002038c GrayStringA
0x10020390 DrawTextExA
0x10020394 PostQuitMessage
0x10020398 PostMessageA
0x1002039c DdeClientTransaction
0x100203a0 DdeAccessData
0x100203a4 DdeUnaccessData
0x100203a8 DdeFreeDataHandle
0x100203ac DdeNameService
0x100203b0 DdeUninitialize
0x100203b4 DdeConnect
0x100203b8 DdeDisconnect
0x100203bc DdeFreeStringHandle
0x100203c0 DdeCreateStringHandleA
0x100203c4 DdeInitializeA
0x100203c8 IsIconic
0x100203cc GetSystemMetrics
0x100203d0 GetClientRect
0x100203d4 DrawIcon
0x100203d8 GetSystemMenu
0x100203dc AppendMenuA
0x100203e0 SendMessageA
0x100203e4 MessageBoxA
0x100203e8 LoadIconA
0x100203ec EnableWindow
0x100203f0 GetDlgItem
0x100203f4 GetSysColorBrush
0x100203f8 DrawTextA
0x100203fc TabbedTextOutA
0x10020400 DestroyMenu
0x10020404 wsprintfA
0x10020408 ShowWindow
0x1002040c SetWindowTextA
0x10020410 IsDialogMessageA
0x10020414 RegisterWindowMessageA
0x10020418 WinHelpA
0x1002041c GetCapture
0x10020420 CreateWindowExA
0x10020424 PtInRect
0x10020428 GetClassLongA
GDI32.dll
0x10020030 DeleteObject
0x10020034 PtVisible
0x10020038 RectVisible
0x1002003c TextOutA
0x10020040 Escape
0x10020044 SelectObject
0x10020048 SetViewportOrgEx
0x1002004c OffsetViewportOrgEx
0x10020050 SetViewportExtEx
0x10020054 ScaleViewportExtEx
0x10020058 SetWindowExtEx
0x1002005c ScaleWindowExtEx
0x10020060 DeleteDC
0x10020064 GetStockObject
0x10020068 SetMapMode
0x1002006c RestoreDC
0x10020070 SaveDC
0x10020074 ExtTextOutA
0x10020078 GetObjectA
0x1002007c SetBkColor
0x10020080 SetTextColor
0x10020084 GetClipBox
0x10020088 CreateBitmap
0x1002008c GetDeviceCaps
WINSPOOL.DRV
0x10020430 OpenPrinterA
0x10020434 DocumentPropertiesA
0x10020438 ClosePrinter
ADVAPI32.dll
0x10020000 RegQueryValueExA
0x10020004 RegOpenKeyExA
0x10020008 RegOpenKeyA
0x1002000c RegDeleteKeyA
0x10020010 RegEnumKeyA
0x10020014 RegQueryValueA
0x10020018 RegCreateKeyExA
0x1002001c RegSetValueExA
0x10020020 RegCloseKey
COMCTL32.dll
0x10020028 None
SHLWAPI.dll
0x10020260 PathFindExtensionA
OLEAUT32.dll
0x10020250 VariantInit
0x10020254 VariantChangeType
0x10020258 VariantClear
EAT(Export Address Table) Library
0x10002b10 coms
KERNEL32.dll
0x10020094 GetSystemInfo
0x10020098 VirtualQuery
0x1002009c GetCommandLineA
0x100200a0 ExitProcess
0x100200a4 TerminateProcess
0x100200a8 HeapReAlloc
0x100200ac HeapSize
0x100200b0 HeapDestroy
0x100200b4 HeapCreate
0x100200b8 VirtualFree
0x100200bc IsBadWritePtr
0x100200c0 SetHandleCount
0x100200c4 GetStdHandle
0x100200c8 GetFileType
0x100200cc GetStartupInfoA
0x100200d0 FreeEnvironmentStringsA
0x100200d4 GetEnvironmentStrings
0x100200d8 FreeEnvironmentStringsW
0x100200dc GetEnvironmentStringsW
0x100200e0 UnhandledExceptionFilter
0x100200e4 VirtualAlloc
0x100200e8 GetTickCount
0x100200ec GetCurrentProcessId
0x100200f0 GetSystemTimeAsFileTime
0x100200f4 SetUnhandledExceptionFilter
0x100200f8 LCMapStringA
0x100200fc LCMapStringW
0x10020100 GetStringTypeA
0x10020104 GetStringTypeW
0x10020108 IsBadReadPtr
0x1002010c IsBadCodePtr
0x10020110 GetUserDefaultLCID
0x10020114 EnumSystemLocalesA
0x10020118 IsValidLocale
0x1002011c IsValidCodePage
0x10020120 SetStdHandle
0x10020124 GetLocaleInfoW
0x10020128 VirtualProtect
0x1002012c HeapAlloc
0x10020130 RtlUnwind
0x10020134 HeapFree
0x10020138 GetOEMCP
0x1002013c GetCPInfo
0x10020140 GetCurrentProcess
0x10020144 FlushFileBuffers
0x10020148 SetFilePointer
0x1002014c WriteFile
0x10020150 ReadFile
0x10020154 TlsFree
0x10020158 LocalReAlloc
0x1002015c TlsSetValue
0x10020160 TlsAlloc
0x10020164 TlsGetValue
0x10020168 EnterCriticalSection
0x1002016c GlobalHandle
0x10020170 GlobalReAlloc
0x10020174 LeaveCriticalSection
0x10020178 LocalAlloc
0x1002017c DeleteCriticalSection
0x10020180 InitializeCriticalSection
0x10020184 RaiseException
0x10020188 GlobalFlags
0x1002018c InterlockedIncrement
0x10020190 WritePrivateProfileStringA
0x10020194 InterlockedDecrement
0x10020198 GlobalGetAtomNameA
0x1002019c GlobalFindAtomA
0x100201a0 lstrcatA
0x100201a4 lstrcmpW
0x100201a8 FreeResource
0x100201ac CloseHandle
0x100201b0 GlobalAddAtomA
0x100201b4 SetLastError
0x100201b8 GlobalFree
0x100201bc MulDiv
0x100201c0 GlobalUnlock
0x100201c4 FormatMessageA
0x100201c8 lstrcpynA
0x100201cc LocalFree
0x100201d0 GetCurrentThread
0x100201d4 GetCurrentThreadId
0x100201d8 GlobalLock
0x100201dc GlobalAlloc
0x100201e0 FreeLibrary
0x100201e4 GlobalDeleteAtom
0x100201e8 lstrcmpA
0x100201ec GetModuleFileNameA
0x100201f0 GetModuleHandleA
0x100201f4 GetProcAddress
0x100201f8 ConvertDefaultLocale
0x100201fc EnumResourceLanguagesA
0x10020200 lstrcpyA
0x10020204 LoadLibraryA
0x10020208 LoadResource
0x1002020c LockResource
0x10020210 SizeofResource
0x10020214 FindResourceA
0x10020218 LoadLibraryW
0x1002021c GetLastError
0x10020220 lstrlenA
0x10020224 lstrcmpiA
0x10020228 WideCharToMultiByte
0x1002022c MultiByteToWideChar
0x10020230 GetVersion
0x10020234 GetThreadLocale
0x10020238 GetLocaleInfoA
0x1002023c GetACP
0x10020240 GetVersionExA
0x10020244 QueryPerformanceCounter
0x10020248 InterlockedExchange
USER32.dll
0x10020268 GetClassInfoExA
0x1002026c GetClassNameA
0x10020270 SetPropA
0x10020274 GetPropA
0x10020278 RemovePropA
0x1002027c SendDlgItemMessageA
0x10020280 SetFocus
0x10020284 GetWindowTextLengthA
0x10020288 GetWindowTextA
0x1002028c GetForegroundWindow
0x10020290 GetTopWindow
0x10020294 UnhookWindowsHookEx
0x10020298 GetMessageTime
0x1002029c GetMessagePos
0x100202a0 MapWindowPoints
0x100202a4 SetForegroundWindow
0x100202a8 UpdateWindow
0x100202ac GetMenu
0x100202b0 GetSysColor
0x100202b4 AdjustWindowRectEx
0x100202b8 GetClassInfoA
0x100202bc RegisterClassA
0x100202c0 UnregisterClassA
0x100202c4 GetDlgCtrlID
0x100202c8 DefWindowProcA
0x100202cc CallWindowProcA
0x100202d0 SetWindowLongA
0x100202d4 SetWindowPos
0x100202d8 SystemParametersInfoA
0x100202dc GetWindowPlacement
0x100202e0 GetWindowRect
0x100202e4 CopyRect
0x100202e8 GetWindow
0x100202ec GetDesktopWindow
0x100202f0 SetActiveWindow
0x100202f4 CreateDialogIndirectParamA
0x100202f8 DestroyWindow
0x100202fc IsWindow
0x10020300 GetNextDlgTabItem
0x10020304 EndDialog
0x10020308 SetMenuItemBitmaps
0x1002030c GetFocus
0x10020310 ModifyMenuA
0x10020314 EnableMenuItem
0x10020318 CheckMenuItem
0x1002031c GetMenuCheckMarkDimensions
0x10020320 LoadBitmapA
0x10020324 SetWindowsHookExA
0x10020328 CallNextHookEx
0x1002032c GetMessageA
0x10020330 TranslateMessage
0x10020334 DispatchMessageA
0x10020338 GetActiveWindow
0x1002033c IsWindowVisible
0x10020340 GetKeyState
0x10020344 PeekMessageA
0x10020348 GetCursorPos
0x1002034c ValidateRect
0x10020350 GetParent
0x10020354 GetWindowLongA
0x10020358 GetLastActivePopup
0x1002035c IsWindowEnabled
0x10020360 SetCursor
0x10020364 GetMenuState
0x10020368 GetMenuItemID
0x1002036c GetMenuItemCount
0x10020370 GetSubMenu
0x10020374 LoadCursorA
0x10020378 EndPaint
0x1002037c BeginPaint
0x10020380 ReleaseDC
0x10020384 GetDC
0x10020388 ClientToScreen
0x1002038c GrayStringA
0x10020390 DrawTextExA
0x10020394 PostQuitMessage
0x10020398 PostMessageA
0x1002039c DdeClientTransaction
0x100203a0 DdeAccessData
0x100203a4 DdeUnaccessData
0x100203a8 DdeFreeDataHandle
0x100203ac DdeNameService
0x100203b0 DdeUninitialize
0x100203b4 DdeConnect
0x100203b8 DdeDisconnect
0x100203bc DdeFreeStringHandle
0x100203c0 DdeCreateStringHandleA
0x100203c4 DdeInitializeA
0x100203c8 IsIconic
0x100203cc GetSystemMetrics
0x100203d0 GetClientRect
0x100203d4 DrawIcon
0x100203d8 GetSystemMenu
0x100203dc AppendMenuA
0x100203e0 SendMessageA
0x100203e4 MessageBoxA
0x100203e8 LoadIconA
0x100203ec EnableWindow
0x100203f0 GetDlgItem
0x100203f4 GetSysColorBrush
0x100203f8 DrawTextA
0x100203fc TabbedTextOutA
0x10020400 DestroyMenu
0x10020404 wsprintfA
0x10020408 ShowWindow
0x1002040c SetWindowTextA
0x10020410 IsDialogMessageA
0x10020414 RegisterWindowMessageA
0x10020418 WinHelpA
0x1002041c GetCapture
0x10020420 CreateWindowExA
0x10020424 PtInRect
0x10020428 GetClassLongA
GDI32.dll
0x10020030 DeleteObject
0x10020034 PtVisible
0x10020038 RectVisible
0x1002003c TextOutA
0x10020040 Escape
0x10020044 SelectObject
0x10020048 SetViewportOrgEx
0x1002004c OffsetViewportOrgEx
0x10020050 SetViewportExtEx
0x10020054 ScaleViewportExtEx
0x10020058 SetWindowExtEx
0x1002005c ScaleWindowExtEx
0x10020060 DeleteDC
0x10020064 GetStockObject
0x10020068 SetMapMode
0x1002006c RestoreDC
0x10020070 SaveDC
0x10020074 ExtTextOutA
0x10020078 GetObjectA
0x1002007c SetBkColor
0x10020080 SetTextColor
0x10020084 GetClipBox
0x10020088 CreateBitmap
0x1002008c GetDeviceCaps
WINSPOOL.DRV
0x10020430 OpenPrinterA
0x10020434 DocumentPropertiesA
0x10020438 ClosePrinter
ADVAPI32.dll
0x10020000 RegQueryValueExA
0x10020004 RegOpenKeyExA
0x10020008 RegOpenKeyA
0x1002000c RegDeleteKeyA
0x10020010 RegEnumKeyA
0x10020014 RegQueryValueA
0x10020018 RegCreateKeyExA
0x1002001c RegSetValueExA
0x10020020 RegCloseKey
COMCTL32.dll
0x10020028 None
SHLWAPI.dll
0x10020260 PathFindExtensionA
OLEAUT32.dll
0x10020250 VariantInit
0x10020254 VariantChangeType
0x10020258 VariantClear
EAT(Export Address Table) Library
0x10002b10 coms