ScreenShot
| Created | 2021.10.29 09:29 | Machine | s1_win7_x6403 |
| Filename | trze3v.tar | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 15 detected (malicious, high confidence, Fragtor, Save, Dridex, Eldorado, GenKryptik, FMSA, Cridex, ai score=84, GenericRXAA, Genetic) | ||
| md5 | 8c6258bd9f567fed899aeb3f68aaa861 | ||
| sha256 | 711a5e2cd2dc83c0711b9995db62072da4cba477cd21a1a9a95cd5d92e6f9185 | ||
| ssdeep | 24576:x2c6WRTUUt+HxHGRivPX04OhWqVD6wKhGm31m:iW5tQHlvv0f5B6Vhv31 | ||
| imphash | da6b61b1044c1468d1deb0c4944ee99d | ||
| impfuzzy | 24:uu5FH9c+9JBliSZD+tMS1TMvpe29V/IuviyWkjsnTDuFZog5OovbOPZHuqu9KejY:fdc+JqtMS1TMvHHIIByuFZU3B | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x48c000 GetModuleFileNameA
0x48c004 VirtualProtect
0x48c008 GetEnvironmentVariableA
0x48c00c GetSystemDirectoryA
0x48c010 FindFirstChangeNotificationA
0x48c014 SetConsoleOutputCP
0x48c018 DecodePointer
0x48c01c EnterCriticalSection
0x48c020 LeaveCriticalSection
0x48c024 DeleteCriticalSection
0x48c028 SetLastError
0x48c02c InitializeCriticalSectionAndSpinCount
0x48c030 CreateEventW
0x48c034 SwitchToThread
0x48c038 TlsAlloc
0x48c03c TlsGetValue
0x48c040 TlsSetValue
0x48c044 TlsFree
0x48c048 GetSystemTimeAsFileTime
0x48c04c GetTickCount
0x48c050 GetModuleHandleW
0x48c054 GetProcAddress
0x48c058 UnhandledExceptionFilter
0x48c05c SetUnhandledExceptionFilter
0x48c060 GetCurrentProcess
0x48c064 TerminateProcess
0x48c068 IsProcessorFeaturePresent
0x48c06c QueryPerformanceCounter
0x48c070 GetCurrentProcessId
0x48c074 GetCurrentThreadId
0x48c078 InitializeSListHead
0x48c07c IsDebuggerPresent
0x48c080 GetStartupInfoW
0x48c084 RtlUnwind
0x48c088 RaiseException
0x48c08c InterlockedPushEntrySList
0x48c090 InterlockedFlushSList
0x48c094 GetLastError
0x48c098 EncodePointer
0x48c09c FreeLibrary
0x48c0a0 LoadLibraryExW
0x48c0a4 GetModuleFileNameW
0x48c0a8 GetModuleHandleExW
0x48c0ac ExitProcess
0x48c0b0 MultiByteToWideChar
0x48c0b4 WideCharToMultiByte
0x48c0b8 HeapAlloc
0x48c0bc HeapValidate
0x48c0c0 GetSystemInfo
0x48c0c4 GetStdHandle
0x48c0c8 GetFileType
0x48c0cc WriteFile
0x48c0d0 OutputDebugStringA
0x48c0d4 OutputDebugStringW
0x48c0d8 WriteConsoleW
0x48c0dc CloseHandle
0x48c0e0 WaitForSingleObjectEx
0x48c0e4 CreateThread
0x48c0e8 SetConsoleCtrlHandler
0x48c0ec GetCurrentThread
0x48c0f0 GetDateFormatW
0x48c0f4 GetTimeFormatW
0x48c0f8 CompareStringW
0x48c0fc LCMapStringW
0x48c100 GetLocaleInfoW
0x48c104 IsValidLocale
0x48c108 GetUserDefaultLCID
0x48c10c EnumSystemLocalesW
0x48c110 FindClose
0x48c114 FindFirstFileExA
0x48c118 FindFirstFileExW
0x48c11c FindNextFileA
0x48c120 FindNextFileW
0x48c124 IsValidCodePage
0x48c128 GetACP
0x48c12c GetOEMCP
0x48c130 GetCPInfo
0x48c134 GetCommandLineA
0x48c138 GetCommandLineW
0x48c13c GetEnvironmentStringsW
0x48c140 FreeEnvironmentStringsW
0x48c144 SetEnvironmentVariableA
0x48c148 SetEnvironmentVariableW
0x48c14c GetProcessHeap
0x48c150 HeapFree
0x48c154 HeapReAlloc
0x48c158 HeapSize
0x48c15c HeapQueryInformation
0x48c160 GetStringTypeW
0x48c164 SetStdHandle
0x48c168 FlushFileBuffers
0x48c16c GetConsoleCP
0x48c170 GetConsoleMode
0x48c174 SetFilePointerEx
0x48c178 CreateFileW
EAT(Export Address Table) Library
0x4657b0 Ledblock
0x465390 Thousandwire
0x4658b0 Weight
KERNEL32.dll
0x48c000 GetModuleFileNameA
0x48c004 VirtualProtect
0x48c008 GetEnvironmentVariableA
0x48c00c GetSystemDirectoryA
0x48c010 FindFirstChangeNotificationA
0x48c014 SetConsoleOutputCP
0x48c018 DecodePointer
0x48c01c EnterCriticalSection
0x48c020 LeaveCriticalSection
0x48c024 DeleteCriticalSection
0x48c028 SetLastError
0x48c02c InitializeCriticalSectionAndSpinCount
0x48c030 CreateEventW
0x48c034 SwitchToThread
0x48c038 TlsAlloc
0x48c03c TlsGetValue
0x48c040 TlsSetValue
0x48c044 TlsFree
0x48c048 GetSystemTimeAsFileTime
0x48c04c GetTickCount
0x48c050 GetModuleHandleW
0x48c054 GetProcAddress
0x48c058 UnhandledExceptionFilter
0x48c05c SetUnhandledExceptionFilter
0x48c060 GetCurrentProcess
0x48c064 TerminateProcess
0x48c068 IsProcessorFeaturePresent
0x48c06c QueryPerformanceCounter
0x48c070 GetCurrentProcessId
0x48c074 GetCurrentThreadId
0x48c078 InitializeSListHead
0x48c07c IsDebuggerPresent
0x48c080 GetStartupInfoW
0x48c084 RtlUnwind
0x48c088 RaiseException
0x48c08c InterlockedPushEntrySList
0x48c090 InterlockedFlushSList
0x48c094 GetLastError
0x48c098 EncodePointer
0x48c09c FreeLibrary
0x48c0a0 LoadLibraryExW
0x48c0a4 GetModuleFileNameW
0x48c0a8 GetModuleHandleExW
0x48c0ac ExitProcess
0x48c0b0 MultiByteToWideChar
0x48c0b4 WideCharToMultiByte
0x48c0b8 HeapAlloc
0x48c0bc HeapValidate
0x48c0c0 GetSystemInfo
0x48c0c4 GetStdHandle
0x48c0c8 GetFileType
0x48c0cc WriteFile
0x48c0d0 OutputDebugStringA
0x48c0d4 OutputDebugStringW
0x48c0d8 WriteConsoleW
0x48c0dc CloseHandle
0x48c0e0 WaitForSingleObjectEx
0x48c0e4 CreateThread
0x48c0e8 SetConsoleCtrlHandler
0x48c0ec GetCurrentThread
0x48c0f0 GetDateFormatW
0x48c0f4 GetTimeFormatW
0x48c0f8 CompareStringW
0x48c0fc LCMapStringW
0x48c100 GetLocaleInfoW
0x48c104 IsValidLocale
0x48c108 GetUserDefaultLCID
0x48c10c EnumSystemLocalesW
0x48c110 FindClose
0x48c114 FindFirstFileExA
0x48c118 FindFirstFileExW
0x48c11c FindNextFileA
0x48c120 FindNextFileW
0x48c124 IsValidCodePage
0x48c128 GetACP
0x48c12c GetOEMCP
0x48c130 GetCPInfo
0x48c134 GetCommandLineA
0x48c138 GetCommandLineW
0x48c13c GetEnvironmentStringsW
0x48c140 FreeEnvironmentStringsW
0x48c144 SetEnvironmentVariableA
0x48c148 SetEnvironmentVariableW
0x48c14c GetProcessHeap
0x48c150 HeapFree
0x48c154 HeapReAlloc
0x48c158 HeapSize
0x48c15c HeapQueryInformation
0x48c160 GetStringTypeW
0x48c164 SetStdHandle
0x48c168 FlushFileBuffers
0x48c16c GetConsoleCP
0x48c170 GetConsoleMode
0x48c174 SetFilePointerEx
0x48c178 CreateFileW
EAT(Export Address Table) Library
0x4657b0 Ledblock
0x465390 Thousandwire
0x4658b0 Weight