ScreenShot
| Created | 2021.10.28 18:15 | Machine | s1_win7_x6402 |
| Filename | SecuriteInfo.com.Variant.Razy.980776.19803.14094.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (Cridex, Razy, Artemis, Unsafe, malicious, confidence, 100%, Attribute, HighConfidence, Dridex, R + Mal, EncPk, Outbreak, kcloud, Sabsik, ai score=83, GdSda) | ||
| md5 | 617b1fd1bfdab72e5562c0c2f7600bcb | ||
| sha256 | 9b9c38d267cedfb2c423fbad71a50f76d0743a3ecc8f6027029fa13ea36e00e4 | ||
| ssdeep | 24576:inxqsL+DvNdnhMr5Lo6dOGcuQNrSH9d6N9eYWtZgDxxxSPnsqz7puATt5csRbu74:icfk82uAJTI7KPswKwuS | ||
| imphash | ccbe70d6d0d02f6248ca160d6a0bb85b | ||
| impfuzzy | 24:dvIpaUc+WcJBliSZD56tMS1TMvpa93PtxviyWkjsnTDPZpgWgOOovbOPZHuqu9oM:dzUc+Hl6tMS1TMvU5tRByPZuH3g | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4c7000 GetCurrentDirectoryA
0x4c7004 GetTempPathA
0x4c7008 GetWindowsDirectoryA
0x4c700c VirtualProtectEx
0x4c7010 FindFirstChangeNotificationA
0x4c7014 FlushFileBuffers
0x4c7018 EnterCriticalSection
0x4c701c LeaveCriticalSection
0x4c7020 DeleteCriticalSection
0x4c7024 EncodePointer
0x4c7028 DecodePointer
0x4c702c SetLastError
0x4c7030 InitializeCriticalSectionAndSpinCount
0x4c7034 CreateEventW
0x4c7038 SwitchToThread
0x4c703c TlsAlloc
0x4c7040 TlsGetValue
0x4c7044 TlsSetValue
0x4c7048 TlsFree
0x4c704c GetSystemTimeAsFileTime
0x4c7050 GetTickCount
0x4c7054 GetModuleHandleW
0x4c7058 GetProcAddress
0x4c705c WideCharToMultiByte
0x4c7060 MultiByteToWideChar
0x4c7064 GetStringTypeW
0x4c7068 CompareStringW
0x4c706c LCMapStringW
0x4c7070 GetLocaleInfoW
0x4c7074 GetCPInfo
0x4c7078 UnhandledExceptionFilter
0x4c707c SetUnhandledExceptionFilter
0x4c7080 GetCurrentProcess
0x4c7084 TerminateProcess
0x4c7088 IsProcessorFeaturePresent
0x4c708c QueryPerformanceCounter
0x4c7090 GetCurrentProcessId
0x4c7094 GetCurrentThreadId
0x4c7098 InitializeSListHead
0x4c709c IsDebuggerPresent
0x4c70a0 GetStartupInfoW
0x4c70a4 RtlUnwind
0x4c70a8 RaiseException
0x4c70ac InterlockedPushEntrySList
0x4c70b0 InterlockedFlushSList
0x4c70b4 GetLastError
0x4c70b8 FreeLibrary
0x4c70bc LoadLibraryExW
0x4c70c0 GetModuleFileNameA
0x4c70c4 GetModuleFileNameW
0x4c70c8 GetModuleHandleExW
0x4c70cc HeapAlloc
0x4c70d0 HeapValidate
0x4c70d4 GetSystemInfo
0x4c70d8 ExitProcess
0x4c70dc GetStdHandle
0x4c70e0 GetFileType
0x4c70e4 WriteFile
0x4c70e8 OutputDebugStringA
0x4c70ec OutputDebugStringW
0x4c70f0 WriteConsoleW
0x4c70f4 CloseHandle
0x4c70f8 WaitForSingleObjectEx
0x4c70fc CreateThread
0x4c7100 SetConsoleCtrlHandler
0x4c7104 GetCurrentThread
0x4c7108 GetDateFormatW
0x4c710c GetTimeFormatW
0x4c7110 IsValidLocale
0x4c7114 GetUserDefaultLCID
0x4c7118 EnumSystemLocalesW
0x4c711c HeapFree
0x4c7120 HeapReAlloc
0x4c7124 HeapSize
0x4c7128 HeapQueryInformation
0x4c712c GetACP
0x4c7130 GetProcessHeap
0x4c7134 GetTimeZoneInformation
0x4c7138 FindClose
0x4c713c FindFirstFileExA
0x4c7140 FindFirstFileExW
0x4c7144 FindNextFileA
0x4c7148 FindNextFileW
0x4c714c IsValidCodePage
0x4c7150 GetOEMCP
0x4c7154 GetCommandLineA
0x4c7158 GetCommandLineW
0x4c715c GetEnvironmentStringsW
0x4c7160 FreeEnvironmentStringsW
0x4c7164 SetEnvironmentVariableA
0x4c7168 SetEnvironmentVariableW
0x4c716c SetStdHandle
0x4c7170 GetConsoleCP
0x4c7174 GetConsoleMode
0x4c7178 SetFilePointerEx
0x4c717c CreateFileW
EAT(Export Address Table) Library
0x49eed0 Bluewing
0x49efd0 Earth
0x49eb20 Masterjust
KERNEL32.dll
0x4c7000 GetCurrentDirectoryA
0x4c7004 GetTempPathA
0x4c7008 GetWindowsDirectoryA
0x4c700c VirtualProtectEx
0x4c7010 FindFirstChangeNotificationA
0x4c7014 FlushFileBuffers
0x4c7018 EnterCriticalSection
0x4c701c LeaveCriticalSection
0x4c7020 DeleteCriticalSection
0x4c7024 EncodePointer
0x4c7028 DecodePointer
0x4c702c SetLastError
0x4c7030 InitializeCriticalSectionAndSpinCount
0x4c7034 CreateEventW
0x4c7038 SwitchToThread
0x4c703c TlsAlloc
0x4c7040 TlsGetValue
0x4c7044 TlsSetValue
0x4c7048 TlsFree
0x4c704c GetSystemTimeAsFileTime
0x4c7050 GetTickCount
0x4c7054 GetModuleHandleW
0x4c7058 GetProcAddress
0x4c705c WideCharToMultiByte
0x4c7060 MultiByteToWideChar
0x4c7064 GetStringTypeW
0x4c7068 CompareStringW
0x4c706c LCMapStringW
0x4c7070 GetLocaleInfoW
0x4c7074 GetCPInfo
0x4c7078 UnhandledExceptionFilter
0x4c707c SetUnhandledExceptionFilter
0x4c7080 GetCurrentProcess
0x4c7084 TerminateProcess
0x4c7088 IsProcessorFeaturePresent
0x4c708c QueryPerformanceCounter
0x4c7090 GetCurrentProcessId
0x4c7094 GetCurrentThreadId
0x4c7098 InitializeSListHead
0x4c709c IsDebuggerPresent
0x4c70a0 GetStartupInfoW
0x4c70a4 RtlUnwind
0x4c70a8 RaiseException
0x4c70ac InterlockedPushEntrySList
0x4c70b0 InterlockedFlushSList
0x4c70b4 GetLastError
0x4c70b8 FreeLibrary
0x4c70bc LoadLibraryExW
0x4c70c0 GetModuleFileNameA
0x4c70c4 GetModuleFileNameW
0x4c70c8 GetModuleHandleExW
0x4c70cc HeapAlloc
0x4c70d0 HeapValidate
0x4c70d4 GetSystemInfo
0x4c70d8 ExitProcess
0x4c70dc GetStdHandle
0x4c70e0 GetFileType
0x4c70e4 WriteFile
0x4c70e8 OutputDebugStringA
0x4c70ec OutputDebugStringW
0x4c70f0 WriteConsoleW
0x4c70f4 CloseHandle
0x4c70f8 WaitForSingleObjectEx
0x4c70fc CreateThread
0x4c7100 SetConsoleCtrlHandler
0x4c7104 GetCurrentThread
0x4c7108 GetDateFormatW
0x4c710c GetTimeFormatW
0x4c7110 IsValidLocale
0x4c7114 GetUserDefaultLCID
0x4c7118 EnumSystemLocalesW
0x4c711c HeapFree
0x4c7120 HeapReAlloc
0x4c7124 HeapSize
0x4c7128 HeapQueryInformation
0x4c712c GetACP
0x4c7130 GetProcessHeap
0x4c7134 GetTimeZoneInformation
0x4c7138 FindClose
0x4c713c FindFirstFileExA
0x4c7140 FindFirstFileExW
0x4c7144 FindNextFileA
0x4c7148 FindNextFileW
0x4c714c IsValidCodePage
0x4c7150 GetOEMCP
0x4c7154 GetCommandLineA
0x4c7158 GetCommandLineW
0x4c715c GetEnvironmentStringsW
0x4c7160 FreeEnvironmentStringsW
0x4c7164 SetEnvironmentVariableA
0x4c7168 SetEnvironmentVariableW
0x4c716c SetStdHandle
0x4c7170 GetConsoleCP
0x4c7174 GetConsoleMode
0x4c7178 SetFilePointerEx
0x4c717c CreateFileW
EAT(Export Address Table) Library
0x49eed0 Bluewing
0x49efd0 Earth
0x49eb20 Masterjust