popup

Report - 7_padrs404.dll

Malicious Library PE File PE32 DLL
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.10.22 09:29 Machine s1_win7_x6401
Filename 7_padrs404.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
1.0
ZERO API file : clean
VT API (file) 16 detected (malicious, high confidence, Drixed, Unsafe, Save, confidence, 100%, ZedlaF, lu8@aaNh@Xn, Cridex, EncPk, Sabsik, score, Generic@ML, RDML, YrOzFT7jOfM5CleqSFVgqw, Static AI, Suspicious PE)
md5 a3a5924e4c87c69d14c2502875416ba6
sha256 51a6358624d0cc0ceb023e2931f10dc31a6a41bd46ce01397ee73fd6b74af933
ssdeep 3072:q0p0m9FOGDv64TOvqdjR91E404PUW6bKHJZK0Bzb5Iea:q0p0bG6q7040aBfK0db5
imphash badb3d94d7a44189a7eeb5528a733e61
impfuzzy 6:CuDS8cA9jVaML+5Zf31XYBVdBJAMGmwDWU0:PDSFApVo/1XY3VAOYc
  Network IP location

Signature (2cnts)

Level Description
watch File has been identified by 16 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

SHELL32.dll
 0x1000702c SHGetDesktopFolder
USER32.dll
 0x10007034 ShowOwnedPopups
SETUPAPI.dll
 0x10007024 SetupDiEnumDeviceInfo
IPHLPAPI.DLL
 0x10007008 GetIfTable
ADVAPI32.dll
 0x10007000 RegOverridePredefKey
KERNEL32.dll
 0x10007010 GetModuleFileNameW
 0x10007014 LoadLibraryExA
OLEAUT32.dll
 0x1000701c VarR4FromI2
msvcrt.dll
 0x1000703c memset

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure