popup

Report - 5_System.Numerics.dll

Malicious Library PE File PE32 DLL
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.10.22 09:07 Machine s1_win7_x6403
Filename 5_System.Numerics.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
1.0
ZERO API file : clean
VT API (file) 14 detected (malicious, high confidence, Unsafe, Save, confidence, 100%, ZedlaF, lu8@aaNh@Xn, Cridex, EncPk, score, Drixed, Generic@ML, RDML, LTy1E, I+261Zx9TcvEVb, Static AI, Suspicious PE)
md5 4aa41378b7c700010b1a3ec72a588306
sha256 7bbe546e2f5367c00bb05a53f122756098df9c75019167455c3bffa73e11a7e1
ssdeep 3072:qFp0m9FOGDv64TOvqdjR91E404PUW6bKHJZK0Bzb5jea:qFp0bG6q7040aBfK0db5
imphash badb3d94d7a44189a7eeb5528a733e61
impfuzzy 6:CuDS8cA9jVaML+5Zf31XYBVdBJAMGmwDWU0:PDSFApVo/1XY3VAOYc
  Network IP location

Signature (2cnts)

Level Description
watch File has been identified by 14 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

SHELL32.dll
 0x1000702c SHGetDesktopFolder
USER32.dll
 0x10007034 ShowOwnedPopups
SETUPAPI.dll
 0x10007024 SetupDiEnumDeviceInfo
IPHLPAPI.DLL
 0x10007008 GetIfTable
ADVAPI32.dll
 0x10007000 RegOverridePredefKey
KERNEL32.dll
 0x10007010 GetModuleFileNameW
 0x10007014 LoadLibraryExA
OLEAUT32.dll
 0x1000701c VarR4FromI2
msvcrt.dll
 0x1000703c memset

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure