Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.10.16 13:22	Machine	s1_win7_x6401
Filename	kv3.dll
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score	6	Behavior Score	1.8
ZERO API	file : malware
VT API (file)	46 detected (malicious, high confidence, FNEN, GenericRXQE, Unsafe, Qbot, Save, confidence, 100%, Injuke, Eldorado, DangerousSig, Gencirc, R002C0DIN21, Static AI, Malicious PE, Minerva, ziose, ai score=89, ASMalwS, kcloud, Qakbot, score, BScope, Deyma, Qshell, Ge441644sf8, susgen)
md5	5c76498485ac6534b1b1aa0d6d543762
sha256	d3fa92f89ffbc4403c0f8b95034a61d63cfb47fd11cb7d90b5a8d724250234a3
ssdeep	24576:EFYpMTTHVlVTyv7o5pGyctKIvOO1CjdekTVzGLnHhtRfDVaG:EQkT1fo+xlVzGLnHLza
imphash	ef7793fb29a91e2ec547fae0d4d77318
impfuzzy	192:339Nk1QDupbuuSrSUvK9RqooqEse7GPbOQPO:33A17SA9LLPbOQm

Network IP location

Signature (3cnts)

Level	Description
danger	File has been identified by 46 AntiVirus engines on VirusTotal as malicious
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (6cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x4ba154 DeleteCriticalSection
0x4ba158 LeaveCriticalSection
0x4ba15c EnterCriticalSection
0x4ba160 InitializeCriticalSection
0x4ba164 VirtualFree
0x4ba168 VirtualAlloc
0x4ba16c LocalFree
0x4ba170 LocalAlloc
0x4ba174 GetTickCount
0x4ba178 QueryPerformanceCounter
0x4ba17c GetVersion
0x4ba180 GetCurrentThreadId
0x4ba184 InterlockedDecrement
0x4ba188 InterlockedIncrement
0x4ba18c VirtualQuery
0x4ba190 WideCharToMultiByte
0x4ba194 MultiByteToWideChar
0x4ba198 lstrlenA
0x4ba19c lstrcpynA
0x4ba1a0 LoadLibraryExA
0x4ba1a4 GetThreadLocale
0x4ba1a8 GetStartupInfoA
0x4ba1ac GetProcAddress
0x4ba1b0 GetModuleHandleA
0x4ba1b4 GetModuleFileNameA
0x4ba1b8 GetLocaleInfoA
0x4ba1bc GetCommandLineA
0x4ba1c0 FreeLibrary
0x4ba1c4 FindFirstFileA
0x4ba1c8 FindClose
0x4ba1cc ExitProcess
0x4ba1d0 WriteFile
0x4ba1d4 UnhandledExceptionFilter
0x4ba1d8 RtlUnwind
0x4ba1dc RaiseException
0x4ba1e0 GetStdHandle
user32.dll
0x4ba1e8 GetKeyboardType
0x4ba1ec LoadStringA
0x4ba1f0 MessageBoxA
0x4ba1f4 CharNextA
advapi32.dll
0x4ba1fc RegQueryValueExA
0x4ba200 RegOpenKeyExA
0x4ba204 RegCloseKey
oleaut32.dll
0x4ba20c SysFreeString
0x4ba210 SysReAllocStringLen
0x4ba214 SysAllocStringLen
kernel32.dll
0x4ba21c TlsSetValue
0x4ba220 TlsGetValue
0x4ba224 TlsFree
0x4ba228 TlsAlloc
0x4ba22c LocalFree
0x4ba230 LocalAlloc
advapi32.dll
0x4ba238 RegQueryValueExA
0x4ba23c RegOpenKeyExA
0x4ba240 RegCloseKey
kernel32.dll
0x4ba248 lstrcpyA
0x4ba24c WriteFile
0x4ba250 WaitForSingleObject
0x4ba254 VirtualQuery
0x4ba258 VirtualAlloc
0x4ba25c Sleep
0x4ba260 SizeofResource
0x4ba264 SetThreadLocale
0x4ba268 SetFilePointer
0x4ba26c SetEvent
0x4ba270 SetErrorMode
0x4ba274 SetEndOfFile
0x4ba278 ResetEvent
0x4ba27c ReadFile
0x4ba280 MultiByteToWideChar
0x4ba284 MulDiv
0x4ba288 LockResource
0x4ba28c LoadResource
0x4ba290 LoadLibraryA
0x4ba294 LeaveCriticalSection
0x4ba298 InitializeCriticalSection
0x4ba29c GlobalUnlock
0x4ba2a0 GlobalReAlloc
0x4ba2a4 GlobalHandle
0x4ba2a8 GlobalLock
0x4ba2ac GlobalFree
0x4ba2b0 GlobalFindAtomA
0x4ba2b4 GlobalDeleteAtom
0x4ba2b8 GlobalAlloc
0x4ba2bc GlobalAddAtomA
0x4ba2c0 GetVersionExA
0x4ba2c4 GetVersion
0x4ba2c8 GetTickCount
0x4ba2cc GetThreadLocale
0x4ba2d0 GetSystemInfo
0x4ba2d4 GetStringTypeExA
0x4ba2d8 GetStdHandle
0x4ba2dc GetProcAddress
0x4ba2e0 GetModuleHandleA
0x4ba2e4 GetModuleFileNameA
0x4ba2e8 GetLocaleInfoA
0x4ba2ec GetLocalTime
0x4ba2f0 GetLastError
0x4ba2f4 GetFullPathNameA
0x4ba2f8 GetDiskFreeSpaceA
0x4ba2fc GetDateFormatA
0x4ba300 GetCurrentThreadId
0x4ba304 GetCurrentProcessId
0x4ba308 GetCPInfo
0x4ba30c GetACP
0x4ba310 FreeResource
0x4ba314 InterlockedExchange
0x4ba318 FreeLibrary
0x4ba31c FormatMessageA
0x4ba320 FindResourceA
0x4ba324 EnumCalendarInfoA
0x4ba328 EnterCriticalSection
0x4ba32c DeleteCriticalSection
0x4ba330 CreateThread
0x4ba334 CreateFileA
0x4ba338 CreateEventA
0x4ba33c CompareStringA
0x4ba340 CloseHandle
version.dll
0x4ba348 VerQueryValueA
0x4ba34c GetFileVersionInfoSizeA
0x4ba350 GetFileVersionInfoA
gdi32.dll
0x4ba358 UnrealizeObject
0x4ba35c StretchBlt
0x4ba360 SetWindowOrgEx
0x4ba364 SetWinMetaFileBits
0x4ba368 SetViewportOrgEx
0x4ba36c SetTextColor
0x4ba370 SetStretchBltMode
0x4ba374 SetROP2
0x4ba378 SetPixel
0x4ba37c SetEnhMetaFileBits
0x4ba380 SetDIBColorTable
0x4ba384 SetBrushOrgEx
0x4ba388 SetBkMode
0x4ba38c SetBkColor
0x4ba390 SelectPalette
0x4ba394 SelectObject
0x4ba398 SaveDC
0x4ba39c RestoreDC
0x4ba3a0 RectVisible
0x4ba3a4 RealizePalette
0x4ba3a8 PlayEnhMetaFile
0x4ba3ac PatBlt
0x4ba3b0 MoveToEx
0x4ba3b4 MaskBlt
0x4ba3b8 LineTo
0x4ba3bc IntersectClipRect
0x4ba3c0 GetWindowOrgEx
0x4ba3c4 GetWinMetaFileBits
0x4ba3c8 GetTextMetricsA
0x4ba3cc GetTextExtentPoint32A
0x4ba3d0 GetTextColor
0x4ba3d4 GetSystemPaletteEntries
0x4ba3d8 GetStretchBltMode
0x4ba3dc GetStockObject
0x4ba3e0 GetPixelFormat
0x4ba3e4 GetPixel
0x4ba3e8 GetPaletteEntries
0x4ba3ec GetObjectA
0x4ba3f0 GetEnhMetaFilePaletteEntries
0x4ba3f4 GetEnhMetaFileHeader
0x4ba3f8 GetEnhMetaFileBits
0x4ba3fc GetDeviceCaps
0x4ba400 GetDIBits
0x4ba404 GetDIBColorTable
0x4ba408 GetDCOrgEx
0x4ba40c GetCurrentPositionEx
0x4ba410 GetClipBox
0x4ba414 GetBrushOrgEx
0x4ba418 GetBitmapBits
0x4ba41c GdiFlush
0x4ba420 ExcludeClipRect
0x4ba424 DeleteObject
0x4ba428 DeleteEnhMetaFile
0x4ba42c DeleteDC
0x4ba430 CreateSolidBrush
0x4ba434 CreatePenIndirect
0x4ba438 CreatePalette
0x4ba43c CreateHalftonePalette
0x4ba440 CreateFontIndirectA
0x4ba444 CreateDIBitmap
0x4ba448 CreateDIBSection
0x4ba44c CreateCompatibleDC
0x4ba450 CreateCompatibleBitmap
0x4ba454 CreateBrushIndirect
0x4ba458 CreateBitmap
0x4ba45c CopyEnhMetaFileA
0x4ba460 BitBlt
user32.dll
0x4ba468 CreateWindowExA
0x4ba46c WindowFromPoint
0x4ba470 WinHelpA
0x4ba474 WaitMessage
0x4ba478 UpdateWindow
0x4ba47c UnregisterClassA
0x4ba480 UnhookWindowsHookEx
0x4ba484 TranslateMessage
0x4ba488 TranslateMDISysAccel
0x4ba48c TrackPopupMenu
0x4ba490 SystemParametersInfoA
0x4ba494 ShowWindow
0x4ba498 ShowScrollBar
0x4ba49c ShowOwnedPopups
0x4ba4a0 ShowCursor
0x4ba4a4 SetWindowsHookExA
0x4ba4a8 SetWindowPos
0x4ba4ac SetWindowPlacement
0x4ba4b0 SetWindowLongA
0x4ba4b4 SetTimer
0x4ba4b8 SetScrollRange
0x4ba4bc SetScrollPos
0x4ba4c0 SetScrollInfo
0x4ba4c4 SetRect
0x4ba4c8 SetPropA
0x4ba4cc SetParent
0x4ba4d0 SetMenuItemInfoA
0x4ba4d4 SetMenu
0x4ba4d8 SetForegroundWindow
0x4ba4dc SetFocus
0x4ba4e0 SetCursor
0x4ba4e4 SetClassLongA
0x4ba4e8 SetCapture
0x4ba4ec SetActiveWindow
0x4ba4f0 SendMessageA
0x4ba4f4 ScrollWindow
0x4ba4f8 ScreenToClient
0x4ba4fc RemovePropA
0x4ba500 RemoveMenu
0x4ba504 ReleaseDC
0x4ba508 ReleaseCapture
0x4ba50c RegisterWindowMessageA
0x4ba510 RegisterClipboardFormatA
0x4ba514 RegisterClassA
0x4ba518 RedrawWindow
0x4ba51c PtInRect
0x4ba520 PostQuitMessage
0x4ba524 PostMessageA
0x4ba528 PeekMessageA
0x4ba52c OffsetRect
0x4ba530 OemToCharA
0x4ba534 MessageBoxA
0x4ba538 MapWindowPoints
0x4ba53c MapVirtualKeyA
0x4ba540 LoadStringA
0x4ba544 LoadKeyboardLayoutA
0x4ba548 LoadIconA
0x4ba54c LoadCursorA
0x4ba550 LoadBitmapA
0x4ba554 KillTimer
0x4ba558 IsZoomed
0x4ba55c IsWindowVisible
0x4ba560 IsWindowEnabled
0x4ba564 IsWindow
0x4ba568 IsRectEmpty
0x4ba56c IsIconic
0x4ba570 IsDialogMessageA
0x4ba574 IsChild
0x4ba578 InvalidateRect
0x4ba57c IntersectRect
0x4ba580 InsertMenuItemA
0x4ba584 InsertMenuA
0x4ba588 InflateRect
0x4ba58c GetWindowThreadProcessId
0x4ba590 GetWindowTextA
0x4ba594 GetWindowRect
0x4ba598 GetWindowPlacement
0x4ba59c GetWindowLongA
0x4ba5a0 GetWindowDC
0x4ba5a4 GetTopWindow
0x4ba5a8 GetSystemMetrics
0x4ba5ac GetSystemMenu
0x4ba5b0 GetSysColorBrush
0x4ba5b4 GetSysColor
0x4ba5b8 GetSubMenu
0x4ba5bc GetScrollRange
0x4ba5c0 GetScrollPos
0x4ba5c4 GetScrollInfo
0x4ba5c8 GetPropA
0x4ba5cc GetParent
0x4ba5d0 GetWindow
0x4ba5d4 GetMenuStringA
0x4ba5d8 GetMenuState
0x4ba5dc GetMenuItemInfoA
0x4ba5e0 GetMenuItemID
0x4ba5e4 GetMenuItemCount
0x4ba5e8 GetMenu
0x4ba5ec GetLastActivePopup
0x4ba5f0 GetKeyboardState
0x4ba5f4 GetKeyboardLayoutList
0x4ba5f8 GetKeyboardLayout
0x4ba5fc GetKeyState
0x4ba600 GetKeyNameTextA
0x4ba604 GetIconInfo
0x4ba608 GetForegroundWindow
0x4ba60c GetFocus
0x4ba610 GetDesktopWindow
0x4ba614 GetDCEx
0x4ba618 GetDC
0x4ba61c GetCursorPos
0x4ba620 GetCursor
0x4ba624 GetClipboardData
0x4ba628 GetClientRect
0x4ba62c GetClassNameA
0x4ba630 GetClassInfoA
0x4ba634 GetCapture
0x4ba638 GetActiveWindow
0x4ba63c FrameRect
0x4ba640 FindWindowA
0x4ba644 FillRect
0x4ba648 EqualRect
0x4ba64c EnumWindows
0x4ba650 EnumThreadWindows
0x4ba654 EndPaint
0x4ba658 EnableWindow
0x4ba65c EnableScrollBar
0x4ba660 EnableMenuItem
0x4ba664 DrawTextA
0x4ba668 DrawMenuBar
0x4ba66c DrawIconEx
0x4ba670 DrawIcon
0x4ba674 DrawFrameControl
0x4ba678 DrawEdge
0x4ba67c DispatchMessageA
0x4ba680 DestroyWindow
0x4ba684 DestroyMenu
0x4ba688 DestroyIcon
0x4ba68c DestroyCursor
0x4ba690 DeleteMenu
0x4ba694 DefWindowProcA
0x4ba698 DefMDIChildProcA
0x4ba69c DefFrameProcA
0x4ba6a0 CreatePopupMenu
0x4ba6a4 CreateMenu
0x4ba6a8 CreateIcon
0x4ba6ac ClientToScreen
0x4ba6b0 CheckMenuItem
0x4ba6b4 CallWindowProcA
0x4ba6b8 CallNextHookEx
0x4ba6bc BeginPaint
0x4ba6c0 CharNextA
0x4ba6c4 CharLowerBuffA
0x4ba6c8 CharLowerA
0x4ba6cc CharUpperBuffA
0x4ba6d0 CharToOemA
0x4ba6d4 AdjustWindowRectEx
0x4ba6d8 ActivateKeyboardLayout
ole32.dll
0x4ba6e0 IsEqualGUID
kernel32.dll
0x4ba6e8 Sleep
oleaut32.dll
0x4ba6f0 SafeArrayPtrOfIndex
0x4ba6f4 SafeArrayPutElement
0x4ba6f8 SafeArrayGetElement
0x4ba6fc SafeArrayUnaccessData
0x4ba700 SafeArrayAccessData
0x4ba704 SafeArrayGetUBound
0x4ba708 SafeArrayGetLBound
0x4ba70c SafeArrayCreate
0x4ba710 VariantChangeType
0x4ba714 VariantCopyInd
0x4ba718 VariantCopy
0x4ba71c VariantClear
0x4ba720 VariantInit
ole32.dll
0x4ba728 CLSIDFromProgID
0x4ba72c CoCreateInstance
0x4ba730 CoUninitialize
0x4ba734 CoInitialize
oleaut32.dll
0x4ba73c GetErrorInfo
0x4ba740 SysFreeString
comctl32.dll
0x4ba748 ImageList_SetIconSize
0x4ba74c ImageList_GetIconSize
0x4ba750 ImageList_Write
0x4ba754 ImageList_Read
0x4ba758 ImageList_GetDragImage
0x4ba75c ImageList_DragShowNolock
0x4ba760 ImageList_SetDragCursorImage
0x4ba764 ImageList_DragMove
0x4ba768 ImageList_DragLeave
0x4ba76c ImageList_DragEnter
0x4ba770 ImageList_EndDrag
0x4ba774 ImageList_BeginDrag
0x4ba778 ImageList_Remove
0x4ba77c ImageList_DrawEx
0x4ba780 ImageList_Draw
0x4ba784 ImageList_GetBkColor
0x4ba788 ImageList_SetBkColor
0x4ba78c ImageList_ReplaceIcon
0x4ba790 ImageList_Add
0x4ba794 ImageList_GetImageCount
0x4ba798 ImageList_Destroy
0x4ba79c ImageList_Create

EAT(Export Address Table) is none

Report - kv3.dll

Signature (3cnts)

Rules (6cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure