ScreenShot
| Created | 2021.10.14 15:38 | Machine | s1_win7_x6402 |
| Filename | 123.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 17 detected (malicious, high confidence, Bulz, Trickster, confidence, Kryptik, HMWS, Trickpak, ai score=87, score, Trickbot, FTYL) | ||
| md5 | 584aa8473d873ecccb7601672550f4dc | ||
| sha256 | 0304fe2f5cbac1cc2e79bdbc8daa3824d6a8eb139f4d5bec7b57358cd4de8252 | ||
| ssdeep | 12288:izMrEY/8q9j0uOEcLmWtQqqCSoHhMVr9fC6n:Z/8e0vEcLmWKIwr9 | ||
| imphash | dc56e072f32d1e6dbbad8cbe6ec04fdb | ||
| impfuzzy | 96:GNVtQ0Wojo14q2DsDe5rgvASQds4CDgWcncMrQPD:HcsDmrgvASQds4CHcncCQPD | ||
Network IP location
Signature (17cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET CNC Feodo Tracker Reported CnC Server group 19
ET CNC Feodo Tracker Reported CnC Server group 11
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 11
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1001d060 RtlUnwind
0x1001d064 HeapAlloc
0x1001d068 GetCommandLineA
0x1001d06c HeapFree
0x1001d070 RaiseException
0x1001d074 VirtualAlloc
0x1001d078 HeapReAlloc
0x1001d07c HeapSize
0x1001d080 Sleep
0x1001d084 TerminateProcess
0x1001d088 UnhandledExceptionFilter
0x1001d08c SetUnhandledExceptionFilter
0x1001d090 IsDebuggerPresent
0x1001d094 GetACP
0x1001d098 IsValidCodePage
0x1001d09c LCMapStringA
0x1001d0a0 LCMapStringW
0x1001d0a4 VirtualFree
0x1001d0a8 HeapCreate
0x1001d0ac HeapDestroy
0x1001d0b0 GetStdHandle
0x1001d0b4 SetHandleCount
0x1001d0b8 GetStartupInfoA
0x1001d0bc FreeEnvironmentStringsA
0x1001d0c0 GetEnvironmentStrings
0x1001d0c4 FreeEnvironmentStringsW
0x1001d0c8 GetEnvironmentStringsW
0x1001d0cc QueryPerformanceCounter
0x1001d0d0 GetTickCount
0x1001d0d4 GetSystemTimeAsFileTime
0x1001d0d8 InitializeCriticalSectionAndSpinCount
0x1001d0dc GetConsoleCP
0x1001d0e0 GetConsoleMode
0x1001d0e4 GetStringTypeA
0x1001d0e8 GetStringTypeW
0x1001d0ec SetStdHandle
0x1001d0f0 WriteConsoleA
0x1001d0f4 GetConsoleOutputCP
0x1001d0f8 WriteConsoleW
0x1001d0fc CreateFileA
0x1001d100 GetCurrentProcess
0x1001d104 FlushFileBuffers
0x1001d108 SetFilePointer
0x1001d10c WriteFile
0x1001d110 GetOEMCP
0x1001d114 GetCPInfo
0x1001d118 GetLocaleInfoA
0x1001d11c InterlockedExchange
0x1001d120 CloseHandle
0x1001d124 GlobalFlags
0x1001d128 TlsFree
0x1001d12c DeleteCriticalSection
0x1001d130 LocalReAlloc
0x1001d134 TlsSetValue
0x1001d138 TlsAlloc
0x1001d13c InitializeCriticalSection
0x1001d140 GlobalHandle
0x1001d144 GlobalReAlloc
0x1001d148 EnterCriticalSection
0x1001d14c TlsGetValue
0x1001d150 LeaveCriticalSection
0x1001d154 LocalAlloc
0x1001d158 InterlockedIncrement
0x1001d15c GetModuleHandleW
0x1001d160 GetCurrentProcessId
0x1001d164 GetModuleFileNameA
0x1001d168 InterlockedDecrement
0x1001d16c lstrcmpA
0x1001d170 GetCurrentThreadId
0x1001d174 GlobalGetAtomNameA
0x1001d178 GlobalAddAtomA
0x1001d17c GlobalFindAtomA
0x1001d180 GlobalDeleteAtom
0x1001d184 FreeLibrary
0x1001d188 CompareStringA
0x1001d18c lstrcmpW
0x1001d190 GetVersionExA
0x1001d194 GlobalFree
0x1001d198 GlobalAlloc
0x1001d19c GlobalLock
0x1001d1a0 GlobalUnlock
0x1001d1a4 FormatMessageA
0x1001d1a8 LocalFree
0x1001d1ac MultiByteToWideChar
0x1001d1b0 lstrlenA
0x1001d1b4 LoadLibraryW
0x1001d1b8 ExitProcess
0x1001d1bc WideCharToMultiByte
0x1001d1c0 FindResourceA
0x1001d1c4 LoadResource
0x1001d1c8 LockResource
0x1001d1cc SizeofResource
0x1001d1d0 GetLastError
0x1001d1d4 SetLastError
0x1001d1d8 GetProcAddress
0x1001d1dc GetModuleHandleA
0x1001d1e0 GetFileType
0x1001d1e4 LoadLibraryA
USER32.dll
0x1001d1fc PostQuitMessage
0x1001d200 ValidateRect
0x1001d204 DestroyMenu
0x1001d208 LoadCursorA
0x1001d20c GetSysColorBrush
0x1001d210 GetWindowThreadProcessId
0x1001d214 IsWindowEnabled
0x1001d218 SetWindowTextA
0x1001d21c SetMenuItemBitmaps
0x1001d220 GetMenuCheckMarkDimensions
0x1001d224 LoadBitmapA
0x1001d228 ModifyMenuA
0x1001d22c EnableMenuItem
0x1001d230 CheckMenuItem
0x1001d234 RegisterWindowMessageA
0x1001d238 WinHelpA
0x1001d23c GetCapture
0x1001d240 CallNextHookEx
0x1001d244 GetClassLongA
0x1001d248 SetPropA
0x1001d24c GetPropA
0x1001d250 RemovePropA
0x1001d254 GetFocus
0x1001d258 IsWindow
0x1001d25c GetWindowTextA
0x1001d260 GetForegroundWindow
0x1001d264 GetLastActivePopup
0x1001d268 DispatchMessageA
0x1001d26c GetDlgItem
0x1001d270 GetTopWindow
0x1001d274 DestroyWindow
0x1001d278 UnhookWindowsHookEx
0x1001d27c GetMessageTime
0x1001d280 GetMessagePos
0x1001d284 PeekMessageA
0x1001d288 MapWindowPoints
0x1001d28c GetKeyState
0x1001d290 SetMenu
0x1001d294 SetForegroundWindow
0x1001d298 PostMessageA
0x1001d29c MessageBoxA
0x1001d2a0 CreateWindowExA
0x1001d2a4 GetClassInfoExA
0x1001d2a8 GetClassInfoA
0x1001d2ac AdjustWindowRectEx
0x1001d2b0 PtInRect
0x1001d2b4 CopyRect
0x1001d2b8 DrawTextA
0x1001d2bc EnableWindow
0x1001d2c0 GetDlgCtrlID
0x1001d2c4 CallWindowProcA
0x1001d2c8 GetMenu
0x1001d2cc GetWindowLongA
0x1001d2d0 SetWindowLongA
0x1001d2d4 SetWindowPos
0x1001d2d8 SystemParametersInfoA
0x1001d2dc GetWindowPlacement
0x1001d2e0 GetWindow
0x1001d2e4 SetWindowsHookExA
0x1001d2e8 SendMessageA
0x1001d2ec GetWindowRect
0x1001d2f0 GetClientRect
0x1001d2f4 GetParent
0x1001d2f8 GetSystemMetrics
0x1001d2fc GetSysColor
0x1001d300 GetDC
0x1001d304 DefWindowProcA
0x1001d308 RegisterClassA
0x1001d30c IsIconic
0x1001d310 LoadIconA
0x1001d314 ReleaseDC
0x1001d318 ClientToScreen
0x1001d31c GrayStringA
0x1001d320 DrawTextExA
0x1001d324 TabbedTextOutA
0x1001d328 GetMenuState
0x1001d32c GetMenuItemID
0x1001d330 GetMenuItemCount
0x1001d334 GetSubMenu
0x1001d338 GetClassNameA
GDI32.dll
0x1001d000 DeleteDC
0x1001d004 CreateBitmap
0x1001d008 ScaleWindowExtEx
0x1001d00c SetWindowExtEx
0x1001d010 ScaleViewportExtEx
0x1001d014 SetViewportExtEx
0x1001d018 OffsetViewportOrgEx
0x1001d01c SetViewportOrgEx
0x1001d020 SelectObject
0x1001d024 Escape
0x1001d028 ExtTextOutA
0x1001d02c TextOutA
0x1001d030 RectVisible
0x1001d034 DeleteObject
0x1001d038 GetClipBox
0x1001d03c SetMapMode
0x1001d040 SetTextColor
0x1001d044 SetBkColor
0x1001d048 RestoreDC
0x1001d04c SaveDC
0x1001d050 GetDeviceCaps
0x1001d054 GetStockObject
0x1001d058 PtVisible
WINSPOOL.DRV
0x1001d340 DocumentPropertiesA
0x1001d344 OpenPrinterA
0x1001d348 ClosePrinter
OLEAUT32.dll
0x1001d1ec VariantClear
0x1001d1f0 VariantChangeType
0x1001d1f4 VariantInit
EAT(Export Address Table) Library
0x100020a0 DllRegisterServer
KERNEL32.dll
0x1001d060 RtlUnwind
0x1001d064 HeapAlloc
0x1001d068 GetCommandLineA
0x1001d06c HeapFree
0x1001d070 RaiseException
0x1001d074 VirtualAlloc
0x1001d078 HeapReAlloc
0x1001d07c HeapSize
0x1001d080 Sleep
0x1001d084 TerminateProcess
0x1001d088 UnhandledExceptionFilter
0x1001d08c SetUnhandledExceptionFilter
0x1001d090 IsDebuggerPresent
0x1001d094 GetACP
0x1001d098 IsValidCodePage
0x1001d09c LCMapStringA
0x1001d0a0 LCMapStringW
0x1001d0a4 VirtualFree
0x1001d0a8 HeapCreate
0x1001d0ac HeapDestroy
0x1001d0b0 GetStdHandle
0x1001d0b4 SetHandleCount
0x1001d0b8 GetStartupInfoA
0x1001d0bc FreeEnvironmentStringsA
0x1001d0c0 GetEnvironmentStrings
0x1001d0c4 FreeEnvironmentStringsW
0x1001d0c8 GetEnvironmentStringsW
0x1001d0cc QueryPerformanceCounter
0x1001d0d0 GetTickCount
0x1001d0d4 GetSystemTimeAsFileTime
0x1001d0d8 InitializeCriticalSectionAndSpinCount
0x1001d0dc GetConsoleCP
0x1001d0e0 GetConsoleMode
0x1001d0e4 GetStringTypeA
0x1001d0e8 GetStringTypeW
0x1001d0ec SetStdHandle
0x1001d0f0 WriteConsoleA
0x1001d0f4 GetConsoleOutputCP
0x1001d0f8 WriteConsoleW
0x1001d0fc CreateFileA
0x1001d100 GetCurrentProcess
0x1001d104 FlushFileBuffers
0x1001d108 SetFilePointer
0x1001d10c WriteFile
0x1001d110 GetOEMCP
0x1001d114 GetCPInfo
0x1001d118 GetLocaleInfoA
0x1001d11c InterlockedExchange
0x1001d120 CloseHandle
0x1001d124 GlobalFlags
0x1001d128 TlsFree
0x1001d12c DeleteCriticalSection
0x1001d130 LocalReAlloc
0x1001d134 TlsSetValue
0x1001d138 TlsAlloc
0x1001d13c InitializeCriticalSection
0x1001d140 GlobalHandle
0x1001d144 GlobalReAlloc
0x1001d148 EnterCriticalSection
0x1001d14c TlsGetValue
0x1001d150 LeaveCriticalSection
0x1001d154 LocalAlloc
0x1001d158 InterlockedIncrement
0x1001d15c GetModuleHandleW
0x1001d160 GetCurrentProcessId
0x1001d164 GetModuleFileNameA
0x1001d168 InterlockedDecrement
0x1001d16c lstrcmpA
0x1001d170 GetCurrentThreadId
0x1001d174 GlobalGetAtomNameA
0x1001d178 GlobalAddAtomA
0x1001d17c GlobalFindAtomA
0x1001d180 GlobalDeleteAtom
0x1001d184 FreeLibrary
0x1001d188 CompareStringA
0x1001d18c lstrcmpW
0x1001d190 GetVersionExA
0x1001d194 GlobalFree
0x1001d198 GlobalAlloc
0x1001d19c GlobalLock
0x1001d1a0 GlobalUnlock
0x1001d1a4 FormatMessageA
0x1001d1a8 LocalFree
0x1001d1ac MultiByteToWideChar
0x1001d1b0 lstrlenA
0x1001d1b4 LoadLibraryW
0x1001d1b8 ExitProcess
0x1001d1bc WideCharToMultiByte
0x1001d1c0 FindResourceA
0x1001d1c4 LoadResource
0x1001d1c8 LockResource
0x1001d1cc SizeofResource
0x1001d1d0 GetLastError
0x1001d1d4 SetLastError
0x1001d1d8 GetProcAddress
0x1001d1dc GetModuleHandleA
0x1001d1e0 GetFileType
0x1001d1e4 LoadLibraryA
USER32.dll
0x1001d1fc PostQuitMessage
0x1001d200 ValidateRect
0x1001d204 DestroyMenu
0x1001d208 LoadCursorA
0x1001d20c GetSysColorBrush
0x1001d210 GetWindowThreadProcessId
0x1001d214 IsWindowEnabled
0x1001d218 SetWindowTextA
0x1001d21c SetMenuItemBitmaps
0x1001d220 GetMenuCheckMarkDimensions
0x1001d224 LoadBitmapA
0x1001d228 ModifyMenuA
0x1001d22c EnableMenuItem
0x1001d230 CheckMenuItem
0x1001d234 RegisterWindowMessageA
0x1001d238 WinHelpA
0x1001d23c GetCapture
0x1001d240 CallNextHookEx
0x1001d244 GetClassLongA
0x1001d248 SetPropA
0x1001d24c GetPropA
0x1001d250 RemovePropA
0x1001d254 GetFocus
0x1001d258 IsWindow
0x1001d25c GetWindowTextA
0x1001d260 GetForegroundWindow
0x1001d264 GetLastActivePopup
0x1001d268 DispatchMessageA
0x1001d26c GetDlgItem
0x1001d270 GetTopWindow
0x1001d274 DestroyWindow
0x1001d278 UnhookWindowsHookEx
0x1001d27c GetMessageTime
0x1001d280 GetMessagePos
0x1001d284 PeekMessageA
0x1001d288 MapWindowPoints
0x1001d28c GetKeyState
0x1001d290 SetMenu
0x1001d294 SetForegroundWindow
0x1001d298 PostMessageA
0x1001d29c MessageBoxA
0x1001d2a0 CreateWindowExA
0x1001d2a4 GetClassInfoExA
0x1001d2a8 GetClassInfoA
0x1001d2ac AdjustWindowRectEx
0x1001d2b0 PtInRect
0x1001d2b4 CopyRect
0x1001d2b8 DrawTextA
0x1001d2bc EnableWindow
0x1001d2c0 GetDlgCtrlID
0x1001d2c4 CallWindowProcA
0x1001d2c8 GetMenu
0x1001d2cc GetWindowLongA
0x1001d2d0 SetWindowLongA
0x1001d2d4 SetWindowPos
0x1001d2d8 SystemParametersInfoA
0x1001d2dc GetWindowPlacement
0x1001d2e0 GetWindow
0x1001d2e4 SetWindowsHookExA
0x1001d2e8 SendMessageA
0x1001d2ec GetWindowRect
0x1001d2f0 GetClientRect
0x1001d2f4 GetParent
0x1001d2f8 GetSystemMetrics
0x1001d2fc GetSysColor
0x1001d300 GetDC
0x1001d304 DefWindowProcA
0x1001d308 RegisterClassA
0x1001d30c IsIconic
0x1001d310 LoadIconA
0x1001d314 ReleaseDC
0x1001d318 ClientToScreen
0x1001d31c GrayStringA
0x1001d320 DrawTextExA
0x1001d324 TabbedTextOutA
0x1001d328 GetMenuState
0x1001d32c GetMenuItemID
0x1001d330 GetMenuItemCount
0x1001d334 GetSubMenu
0x1001d338 GetClassNameA
GDI32.dll
0x1001d000 DeleteDC
0x1001d004 CreateBitmap
0x1001d008 ScaleWindowExtEx
0x1001d00c SetWindowExtEx
0x1001d010 ScaleViewportExtEx
0x1001d014 SetViewportExtEx
0x1001d018 OffsetViewportOrgEx
0x1001d01c SetViewportOrgEx
0x1001d020 SelectObject
0x1001d024 Escape
0x1001d028 ExtTextOutA
0x1001d02c TextOutA
0x1001d030 RectVisible
0x1001d034 DeleteObject
0x1001d038 GetClipBox
0x1001d03c SetMapMode
0x1001d040 SetTextColor
0x1001d044 SetBkColor
0x1001d048 RestoreDC
0x1001d04c SaveDC
0x1001d050 GetDeviceCaps
0x1001d054 GetStockObject
0x1001d058 PtVisible
WINSPOOL.DRV
0x1001d340 DocumentPropertiesA
0x1001d344 OpenPrinterA
0x1001d348 ClosePrinter
OLEAUT32.dll
0x1001d1ec VariantClear
0x1001d1f0 VariantChangeType
0x1001d1f4 VariantInit
EAT(Export Address Table) Library
0x100020a0 DllRegisterServer