popup

Report - 9_sysprepMCE.dll

Malicious Library PE File PE32 DLL
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.10.22 09:09 Machine s1_win7_x6403
Filename 9_sysprepMCE.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
1.0
ZERO API file : clean
VT API (file) 16 detected (malicious, high confidence, Drixed, Unsafe, Save, confidence, 100%, Cridex, Generic@ML, RDML, 7kj4y8K8lk2cf2fhBAZAmA, EncPk, Static AI, Suspicious PE, score, ZedlaF, lu8@amMD)
md5 493affe2d3fb24b9ef24a523292df0be
sha256 d4335a8401f73186b956495196d60de56083a6c633396358ab4f6ac61b61a520
ssdeep 3072:0zp0m9FOGDv64TOvqdjR91E404PUW6bKHJZK0Bzb5Uea:0zp0bG6q7040aBfK0db5
imphash badb3d94d7a44189a7eeb5528a733e61
impfuzzy 6:CuDS8cA9jVaML+5Zf31XYBVdBJAMGmwDWU0:PDSFApVo/1XY3VAOYc
  Network IP location

Signature (2cnts)

Level Description
watch File has been identified by 16 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

SHELL32.dll
 0x1000702c SHGetDesktopFolder
USER32.dll
 0x10007034 ShowOwnedPopups
SETUPAPI.dll
 0x10007024 SetupDiEnumDeviceInfo
IPHLPAPI.DLL
 0x10007008 GetIfTable
ADVAPI32.dll
 0x10007000 RegOverridePredefKey
KERNEL32.dll
 0x10007010 GetModuleFileNameW
 0x10007014 LoadLibraryExA
OLEAUT32.dll
 0x1000701c VarR4FromI2
msvcrt.dll
 0x1000703c memset

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure