ScreenShot
| Created | 2021.10.27 18:12 | Machine | s1_win7_x6401 |
| Filename | v2worottu.zip | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 6 detected (malicious, high confidence, Save, Wacatac, score, Static AI, Malicious PE) | ||
| md5 | 179547d6f870b7ecf096bc3fd7481c59 | ||
| sha256 | 809a94edad3d9e989f1041f04bb9dc8142eddf1fa5a7a5b95d8b292dd861fbef | ||
| ssdeep | 12288:rMwXNVGBEqneq/kFPwRHFrup/ODy+bucjeX/3sf58A6eGX57xo:rVFPwFFy/Om+pH6eY5F | ||
| imphash | abd00e0ce6394b7745cf233658fb49ba | ||
| impfuzzy | 48:ZihOe/UwtMS17Mv2c+ppZ3uFZu3UQQJxWqO:EzntMS17Muc+ppZI7xWqO | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x47e000 GetModuleFileNameA
0x47e004 VirtualProtect
0x47e008 PeekNamedPipe
0x47e00c GetEnvironmentVariableA
0x47e010 CreateMutexA
0x47e014 LocalAlloc
0x47e018 DuplicateHandle
0x47e01c Sleep
0x47e020 GetTempPathA
0x47e024 OpenMutexA
0x47e028 GetCurrentThread
0x47e02c LoadLibraryA
0x47e030 DeleteFileA
0x47e034 CreateThread
0x47e038 ResetEvent
0x47e03c GetWindowsDirectoryA
0x47e040 GetProcAddress
0x47e044 LocalFree
0x47e048 RemoveDirectoryA
0x47e04c FindFirstChangeNotificationA
0x47e050 GetTickCount
0x47e054 DecodePointer
0x47e058 WriteConsoleW
0x47e05c WaitForSingleObjectEx
0x47e060 CloseHandle
0x47e064 OutputDebugStringW
0x47e068 OutputDebugStringA
0x47e06c SetFilePointerEx
0x47e070 GetConsoleMode
0x47e074 GetConsoleCP
0x47e078 FlushFileBuffers
0x47e07c WriteFile
0x47e080 SetStdHandle
0x47e084 HeapReAlloc
0x47e088 HeapSize
0x47e08c GetStringTypeW
0x47e090 SetConsoleCtrlHandler
0x47e094 GetFileType
0x47e098 UnhandledExceptionFilter
0x47e09c SetUnhandledExceptionFilter
0x47e0a0 GetCurrentProcess
0x47e0a4 TerminateProcess
0x47e0a8 IsProcessorFeaturePresent
0x47e0ac QueryPerformanceCounter
0x47e0b0 GetCurrentProcessId
0x47e0b4 GetCurrentThreadId
0x47e0b8 GetSystemTimeAsFileTime
0x47e0bc InitializeSListHead
0x47e0c0 IsDebuggerPresent
0x47e0c4 GetStartupInfoW
0x47e0c8 GetModuleHandleW
0x47e0cc RtlUnwind
0x47e0d0 RaiseException
0x47e0d4 InterlockedPushEntrySList
0x47e0d8 InterlockedFlushSList
0x47e0dc GetLastError
0x47e0e0 SetLastError
0x47e0e4 EncodePointer
0x47e0e8 EnterCriticalSection
0x47e0ec LeaveCriticalSection
0x47e0f0 DeleteCriticalSection
0x47e0f4 InitializeCriticalSectionAndSpinCount
0x47e0f8 TlsAlloc
0x47e0fc TlsGetValue
0x47e100 TlsSetValue
0x47e104 TlsFree
0x47e108 FreeLibrary
0x47e10c LoadLibraryExW
0x47e110 ExitProcess
0x47e114 GetModuleHandleExW
0x47e118 GetModuleFileNameW
0x47e11c MultiByteToWideChar
0x47e120 WideCharToMultiByte
0x47e124 HeapAlloc
0x47e128 HeapFree
0x47e12c GetACP
0x47e130 GetDateFormatW
0x47e134 GetTimeFormatW
0x47e138 CompareStringW
0x47e13c LCMapStringW
0x47e140 GetLocaleInfoW
0x47e144 IsValidLocale
0x47e148 GetUserDefaultLCID
0x47e14c EnumSystemLocalesW
0x47e150 FindClose
0x47e154 FindFirstFileExA
0x47e158 FindFirstFileExW
0x47e15c FindNextFileA
0x47e160 FindNextFileW
0x47e164 IsValidCodePage
0x47e168 GetOEMCP
0x47e16c GetCPInfo
0x47e170 GetCommandLineA
0x47e174 GetCommandLineW
0x47e178 GetEnvironmentStringsW
0x47e17c FreeEnvironmentStringsW
0x47e180 SetEnvironmentVariableA
0x47e184 SetEnvironmentVariableW
0x47e188 GetProcessHeap
0x47e18c GetStdHandle
0x47e190 CreateFileW
ole32.dll
0x47e1c0 CoTaskMemFree
0x47e1c4 CoUninitialize
0x47e1c8 CoCreateInstance
0x47e1cc CoTaskMemAlloc
0x47e1d0 CoInitialize
RPCRT4.dll
0x47e198 RpcMgmtSetServerStackSize
0x47e19c UuidFromStringA
0x47e1a0 NdrServerCall2
0x47e1a4 UuidCreate
0x47e1a8 RpcRevertToSelf
0x47e1ac RpcImpersonateClient
0x47e1b0 RpcServerRegisterIf
0x47e1b4 I_RpcBindingIsClientLocal
0x47e1b8 RpcServerListen
EAT(Export Address Table) Library
0x433020 Mine
0x432c70 Storeexperience
0x432f00 Wineat
KERNEL32.dll
0x47e000 GetModuleFileNameA
0x47e004 VirtualProtect
0x47e008 PeekNamedPipe
0x47e00c GetEnvironmentVariableA
0x47e010 CreateMutexA
0x47e014 LocalAlloc
0x47e018 DuplicateHandle
0x47e01c Sleep
0x47e020 GetTempPathA
0x47e024 OpenMutexA
0x47e028 GetCurrentThread
0x47e02c LoadLibraryA
0x47e030 DeleteFileA
0x47e034 CreateThread
0x47e038 ResetEvent
0x47e03c GetWindowsDirectoryA
0x47e040 GetProcAddress
0x47e044 LocalFree
0x47e048 RemoveDirectoryA
0x47e04c FindFirstChangeNotificationA
0x47e050 GetTickCount
0x47e054 DecodePointer
0x47e058 WriteConsoleW
0x47e05c WaitForSingleObjectEx
0x47e060 CloseHandle
0x47e064 OutputDebugStringW
0x47e068 OutputDebugStringA
0x47e06c SetFilePointerEx
0x47e070 GetConsoleMode
0x47e074 GetConsoleCP
0x47e078 FlushFileBuffers
0x47e07c WriteFile
0x47e080 SetStdHandle
0x47e084 HeapReAlloc
0x47e088 HeapSize
0x47e08c GetStringTypeW
0x47e090 SetConsoleCtrlHandler
0x47e094 GetFileType
0x47e098 UnhandledExceptionFilter
0x47e09c SetUnhandledExceptionFilter
0x47e0a0 GetCurrentProcess
0x47e0a4 TerminateProcess
0x47e0a8 IsProcessorFeaturePresent
0x47e0ac QueryPerformanceCounter
0x47e0b0 GetCurrentProcessId
0x47e0b4 GetCurrentThreadId
0x47e0b8 GetSystemTimeAsFileTime
0x47e0bc InitializeSListHead
0x47e0c0 IsDebuggerPresent
0x47e0c4 GetStartupInfoW
0x47e0c8 GetModuleHandleW
0x47e0cc RtlUnwind
0x47e0d0 RaiseException
0x47e0d4 InterlockedPushEntrySList
0x47e0d8 InterlockedFlushSList
0x47e0dc GetLastError
0x47e0e0 SetLastError
0x47e0e4 EncodePointer
0x47e0e8 EnterCriticalSection
0x47e0ec LeaveCriticalSection
0x47e0f0 DeleteCriticalSection
0x47e0f4 InitializeCriticalSectionAndSpinCount
0x47e0f8 TlsAlloc
0x47e0fc TlsGetValue
0x47e100 TlsSetValue
0x47e104 TlsFree
0x47e108 FreeLibrary
0x47e10c LoadLibraryExW
0x47e110 ExitProcess
0x47e114 GetModuleHandleExW
0x47e118 GetModuleFileNameW
0x47e11c MultiByteToWideChar
0x47e120 WideCharToMultiByte
0x47e124 HeapAlloc
0x47e128 HeapFree
0x47e12c GetACP
0x47e130 GetDateFormatW
0x47e134 GetTimeFormatW
0x47e138 CompareStringW
0x47e13c LCMapStringW
0x47e140 GetLocaleInfoW
0x47e144 IsValidLocale
0x47e148 GetUserDefaultLCID
0x47e14c EnumSystemLocalesW
0x47e150 FindClose
0x47e154 FindFirstFileExA
0x47e158 FindFirstFileExW
0x47e15c FindNextFileA
0x47e160 FindNextFileW
0x47e164 IsValidCodePage
0x47e168 GetOEMCP
0x47e16c GetCPInfo
0x47e170 GetCommandLineA
0x47e174 GetCommandLineW
0x47e178 GetEnvironmentStringsW
0x47e17c FreeEnvironmentStringsW
0x47e180 SetEnvironmentVariableA
0x47e184 SetEnvironmentVariableW
0x47e188 GetProcessHeap
0x47e18c GetStdHandle
0x47e190 CreateFileW
ole32.dll
0x47e1c0 CoTaskMemFree
0x47e1c4 CoUninitialize
0x47e1c8 CoCreateInstance
0x47e1cc CoTaskMemAlloc
0x47e1d0 CoInitialize
RPCRT4.dll
0x47e198 RpcMgmtSetServerStackSize
0x47e19c UuidFromStringA
0x47e1a0 NdrServerCall2
0x47e1a4 UuidCreate
0x47e1a8 RpcRevertToSelf
0x47e1ac RpcImpersonateClient
0x47e1b0 RpcServerRegisterIf
0x47e1b4 I_RpcBindingIsClientLocal
0x47e1b8 RpcServerListen
EAT(Export Address Table) Library
0x433020 Mine
0x432c70 Storeexperience
0x432f00 Wineat