Report - sdp4emp.jpg

Malicious Library UPX PE File OS Processor Check PE32 DLL
ScreenShot
Created 2021.10.28 17:53 Machine s1_win7_x6401
Filename sdp4emp.jpg
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
4
Behavior Score
1.4
ZERO API file : clean
VT API (file) 12 detected (malicious, high confidence, Fragtor, Save, Dridex, Eldorado, GenKryptik, FMSA, Artemis, ai score=83, Sabsik)
md5 fd1abfa50105b2e8552cd8d0071abea7
sha256 b2c28c3a9ec15f34d55b40f150544c337d4a22c8e452354452e423f8acb5a6ff
ssdeep 24576:22c6WRTUUt+HxHGRivPX04OhWqVD6wKhGm31m:fW5tQHlvv0f5B6Vhv31
imphash da6b61b1044c1468d1deb0c4944ee99d
impfuzzy 24:uu5FH9c+9JBliSZD+tMS1TMvpe29V/IuviyWkjsnTDuFZog5OovbOPZHuqu9KejY:fdc+JqtMS1TMvHHIIByuFZU3B
  Network IP location

Signature (4cnts)

Level Description
watch File has been identified by 12 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
info One or more processes crashed
info This executable has a PDB path

Rules (6cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x48c000 GetModuleFileNameA
 0x48c004 VirtualProtect
 0x48c008 GetEnvironmentVariableA
 0x48c00c GetSystemDirectoryA
 0x48c010 FindFirstChangeNotificationA
 0x48c014 SetConsoleOutputCP
 0x48c018 DecodePointer
 0x48c01c EnterCriticalSection
 0x48c020 LeaveCriticalSection
 0x48c024 DeleteCriticalSection
 0x48c028 SetLastError
 0x48c02c InitializeCriticalSectionAndSpinCount
 0x48c030 CreateEventW
 0x48c034 SwitchToThread
 0x48c038 TlsAlloc
 0x48c03c TlsGetValue
 0x48c040 TlsSetValue
 0x48c044 TlsFree
 0x48c048 GetSystemTimeAsFileTime
 0x48c04c GetTickCount
 0x48c050 GetModuleHandleW
 0x48c054 GetProcAddress
 0x48c058 UnhandledExceptionFilter
 0x48c05c SetUnhandledExceptionFilter
 0x48c060 GetCurrentProcess
 0x48c064 TerminateProcess
 0x48c068 IsProcessorFeaturePresent
 0x48c06c QueryPerformanceCounter
 0x48c070 GetCurrentProcessId
 0x48c074 GetCurrentThreadId
 0x48c078 InitializeSListHead
 0x48c07c IsDebuggerPresent
 0x48c080 GetStartupInfoW
 0x48c084 RtlUnwind
 0x48c088 RaiseException
 0x48c08c InterlockedPushEntrySList
 0x48c090 InterlockedFlushSList
 0x48c094 GetLastError
 0x48c098 EncodePointer
 0x48c09c FreeLibrary
 0x48c0a0 LoadLibraryExW
 0x48c0a4 GetModuleFileNameW
 0x48c0a8 GetModuleHandleExW
 0x48c0ac ExitProcess
 0x48c0b0 MultiByteToWideChar
 0x48c0b4 WideCharToMultiByte
 0x48c0b8 HeapAlloc
 0x48c0bc HeapValidate
 0x48c0c0 GetSystemInfo
 0x48c0c4 GetStdHandle
 0x48c0c8 GetFileType
 0x48c0cc WriteFile
 0x48c0d0 OutputDebugStringA
 0x48c0d4 OutputDebugStringW
 0x48c0d8 WriteConsoleW
 0x48c0dc CloseHandle
 0x48c0e0 WaitForSingleObjectEx
 0x48c0e4 CreateThread
 0x48c0e8 SetConsoleCtrlHandler
 0x48c0ec GetCurrentThread
 0x48c0f0 GetDateFormatW
 0x48c0f4 GetTimeFormatW
 0x48c0f8 CompareStringW
 0x48c0fc LCMapStringW
 0x48c100 GetLocaleInfoW
 0x48c104 IsValidLocale
 0x48c108 GetUserDefaultLCID
 0x48c10c EnumSystemLocalesW
 0x48c110 FindClose
 0x48c114 FindFirstFileExA
 0x48c118 FindFirstFileExW
 0x48c11c FindNextFileA
 0x48c120 FindNextFileW
 0x48c124 IsValidCodePage
 0x48c128 GetACP
 0x48c12c GetOEMCP
 0x48c130 GetCPInfo
 0x48c134 GetCommandLineA
 0x48c138 GetCommandLineW
 0x48c13c GetEnvironmentStringsW
 0x48c140 FreeEnvironmentStringsW
 0x48c144 SetEnvironmentVariableA
 0x48c148 SetEnvironmentVariableW
 0x48c14c GetProcessHeap
 0x48c150 HeapFree
 0x48c154 HeapReAlloc
 0x48c158 HeapSize
 0x48c15c HeapQueryInformation
 0x48c160 GetStringTypeW
 0x48c164 SetStdHandle
 0x48c168 FlushFileBuffers
 0x48c16c GetConsoleCP
 0x48c170 GetConsoleMode
 0x48c174 SetFilePointerEx
 0x48c178 CreateFileW

EAT(Export Address Table) Library

0x4657b0 Ledblock
0x465390 Thousandwire
0x4658b0 Weight


Similarity measure (PE file only) - Checking for service failure