Report - 0_WPDSp.dll

Malicious Library PE File PE32 DLL
ScreenShot
Created 2021.10.22 09:13 Machine s1_win7_x6403
Filename 0_WPDSp.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
4
Behavior Score
2.0
ZERO API file : clean
VT API (file) 14 detected (malicious, high confidence, Drixed, Unsafe, Save, confidence, 100%, ZedlaF, lu8@aWGwEli, Cridex, Static AI, Suspicious PE, EncPk, Sabsik, score, Generic@ML, RDML, voI+bStdNCf5UyQLTw)
md5 8bbac1f6e64537bd91f903994912dc96
sha256 12627600a70bff6a42e8319f71a2221338ff54332afbf6ae28f130f2cfde630b
ssdeep 3072:zy9p0m9FOGDv64TOvqdjR91E404PUW6bKHJZK0Bzb5rea:zy9p0bG6q7040aBfK0db5
imphash badb3d94d7a44189a7eeb5528a733e61
impfuzzy 6:CuDS8cA9jVaML+5Zf31XYBVdBJAMGmwDWU0:PDSFApVo/1XY3VAOYc
  Network IP location

Signature (3cnts)

Level Description
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
watch File has been identified by 14 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

SHELL32.dll
 0x1000702c SHGetDesktopFolder
USER32.dll
 0x10007034 ShowOwnedPopups
SETUPAPI.dll
 0x10007024 SetupDiEnumDeviceInfo
IPHLPAPI.DLL
 0x10007008 GetIfTable
ADVAPI32.dll
 0x10007000 RegOverridePredefKey
KERNEL32.dll
 0x10007010 GetModuleFileNameW
 0x10007014 LoadLibraryExA
OLEAUT32.dll
 0x1000701c VarR4FromI2
msvcrt.dll
 0x1000703c memset

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure