ScreenShot
| Created | 2021.10.29 18:33 | Machine | s1_win7_x6403 |
| Filename | temp.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 16 detected (GenericML, Save, malicious, confidence, xnet, BAZARLOADER, YXBJ3Z, BadFile, score, Artemis, MalwareX, Kryptik, susgen) | ||
| md5 | 388c3456276b8e6e9fa8a827c4f37a76 | ||
| sha256 | 150db989523abcb3ea71fdc587015b6121a382ab0e01f5d1bd72a6164b323bcb | ||
| ssdeep | 3072:bXCWDCvw5bQ0zvSSOap/I9ypqtbspoEXtc+pk32ONPESAJvSkYA9:jCWDCviQk3BTsbsp83sSAlSM | ||
| imphash | ad3ffaf0584336c12d7303af68597f29 | ||
| impfuzzy | 12:mDoAcOovd73eEzZGfbQwDD0Qv6myTPaBE6zyHXn1BGf0AxQEE:mDoxOovd3eeOEw30Qv6myTPaBEM8X1BN | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | Generates some ICMP traffic |
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | BazarLoader_IN | BazarLoader | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180022000 GetProcAddress
0x180022008 LoadLibraryA
0x180022010 GetCommandLineA
0x180022018 HeapAlloc
0x180022020 GetProcessHeap
0x180022028 GetSystemTime
0x180022030 lstrcmpA
0x180022038 GetTempPathA
0x180022040 HeapFree
0x180022048 VirtualAlloc
0x180022050 VirtualFree
0x180022058 GlobalAlloc
0x180022060 ExitProcess
0x180022068 lstrcpyA
0x180022070 lstrcatA
USER32.dll
0x180022080 MessageBoxA
0x180022088 RegisterClassA
0x180022090 LoadMenuA
0x180022098 GetMenu
0x1800220a0 SetMenu
0x1800220a8 GetMenuStringA
0x1800220b0 DrawMenuBar
0x1800220b8 CreateMenu
0x1800220c0 CreatePopupMenu
0x1800220c8 DestroyMenu
0x1800220d0 EnableMenuItem
0x1800220d8 AppendMenuA
0x1800220e0 DeleteMenu
0x1800220e8 InsertMenuItemA
0x1800220f0 SetWindowTextA
0x1800220f8 GetWindowTextA
EAT(Export Address Table) Library
0x180001000 ClearNode
0x18000113c cxzasada
0x180001210 ddsdfwe
0x1800012cc htrhrr
0x180001388 nvqqws
0x180001444 pogfhgf
KERNEL32.dll
0x180022000 GetProcAddress
0x180022008 LoadLibraryA
0x180022010 GetCommandLineA
0x180022018 HeapAlloc
0x180022020 GetProcessHeap
0x180022028 GetSystemTime
0x180022030 lstrcmpA
0x180022038 GetTempPathA
0x180022040 HeapFree
0x180022048 VirtualAlloc
0x180022050 VirtualFree
0x180022058 GlobalAlloc
0x180022060 ExitProcess
0x180022068 lstrcpyA
0x180022070 lstrcatA
USER32.dll
0x180022080 MessageBoxA
0x180022088 RegisterClassA
0x180022090 LoadMenuA
0x180022098 GetMenu
0x1800220a0 SetMenu
0x1800220a8 GetMenuStringA
0x1800220b0 DrawMenuBar
0x1800220b8 CreateMenu
0x1800220c0 CreatePopupMenu
0x1800220c8 DestroyMenu
0x1800220d0 EnableMenuItem
0x1800220d8 AppendMenuA
0x1800220e0 DeleteMenu
0x1800220e8 InsertMenuItemA
0x1800220f0 SetWindowTextA
0x1800220f8 GetWindowTextA
EAT(Export Address Table) Library
0x180001000 ClearNode
0x18000113c cxzasada
0x180001210 ddsdfwe
0x1800012cc htrhrr
0x180001388 nvqqws
0x180001444 pogfhgf