ScreenShot
| Created | 2021.10.29 21:37 | Machine | s1_win7_x6401 |
| Filename | temp.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 2 detected (NCXR) | ||
| md5 | 1788ff60c96f28ec0386a838edaa48fb | ||
| sha256 | 6d8fcc850b8c796be3f6244f1f681332d155486bdd326ad6be78ea7172718db4 | ||
| ssdeep | 12288:zZt9mlqOLdL6a+BN1CYqNdJcz1e/tXP2YM2NZRBB6KY2rn65hZF0xmmTXrbrL4:f9ml2P1orJcz1CXnM8tMQn65Lyxmon8 | ||
| imphash | ce543b95297c6bb89c2576e9105d106b | ||
| impfuzzy | 24:/JDC9NlJzWKcWZAjbhqcMvu9/KbTWk2cY7uOcTKTAv5vROovezSn+lQsmu/t+T4g:/I9xuWzWpcwcTKTYki+Bmu/t+T4L5G | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 2 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
crypt.dll
0x1800e92b8 BCryptGenRandom
KERNEL32.dll
0x1800e9000 GetProcAddress
0x1800e9008 TlsGetValue
0x1800e9010 TlsSetValue
0x1800e9018 FormatMessageW
0x1800e9020 GetModuleHandleW
0x1800e9028 GetLastError
0x1800e9030 SetLastError
0x1800e9038 GetCurrentDirectoryW
0x1800e9040 ReleaseSRWLockExclusive
0x1800e9048 TlsAlloc
0x1800e9050 AcquireSRWLockExclusive
0x1800e9058 GetCurrentProcess
0x1800e9060 GetCurrentThread
0x1800e9068 RtlCaptureContext
0x1800e9070 CreateMutexA
0x1800e9078 WaitForSingleObjectEx
0x1800e9080 CloseHandle
0x1800e9088 RtlLookupFunctionEntry
0x1800e9090 ReleaseMutex
0x1800e9098 LoadLibraryA
0x1800e90a0 GetStdHandle
0x1800e90a8 GetConsoleMode
0x1800e90b0 WriteFile
0x1800e90b8 WriteConsoleW
0x1800e90c0 GetEnvironmentVariableW
0x1800e90c8 ReleaseSRWLockShared
0x1800e90d0 AcquireSRWLockShared
0x1800e90d8 DeleteCriticalSection
0x1800e90e0 LeaveCriticalSection
0x1800e90e8 FreeEnvironmentStringsW
0x1800e90f0 FindClose
0x1800e90f8 CreateFileW
0x1800e9100 GetEnvironmentStringsW
0x1800e9108 GetModuleFileNameW
0x1800e9110 GetCommandLineW
0x1800e9118 SetFilePointerEx
0x1800e9120 FlushFileBuffers
0x1800e9128 FindNextFileW
0x1800e9130 InitializeCriticalSection
0x1800e9138 GetModuleHandleA
0x1800e9140 GetCurrentProcessId
0x1800e9148 TerminateProcess
0x1800e9150 ExitProcess
0x1800e9158 QueryPerformanceCounter
0x1800e9160 GetSystemTimeAsFileTime
0x1800e9168 HeapFree
0x1800e9170 HeapAlloc
0x1800e9178 GetProcessHeap
0x1800e9180 HeapReAlloc
0x1800e9188 GetConsoleOutputCP
0x1800e9190 SetStdHandle
0x1800e9198 HeapSize
0x1800e91a0 GetStringTypeW
0x1800e91a8 GetFileType
0x1800e91b0 LCMapStringW
0x1800e91b8 WideCharToMultiByte
0x1800e91c0 MultiByteToWideChar
0x1800e91c8 GetCommandLineA
0x1800e91d0 GetCPInfo
0x1800e91d8 GetOEMCP
0x1800e91e0 GetACP
0x1800e91e8 IsValidCodePage
0x1800e91f0 FindFirstFileExW
0x1800e91f8 GetModuleHandleExW
0x1800e9200 LoadLibraryExW
0x1800e9208 FreeLibrary
0x1800e9210 TlsFree
0x1800e9218 InitializeCriticalSectionAndSpinCount
0x1800e9220 EncodePointer
0x1800e9228 InterlockedFlushSList
0x1800e9230 EnterCriticalSection
0x1800e9238 RaiseException
0x1800e9240 RtlPcToFileHeader
0x1800e9248 RtlVirtualUnwind
0x1800e9250 UnhandledExceptionFilter
0x1800e9258 SetUnhandledExceptionFilter
0x1800e9260 IsProcessorFeaturePresent
0x1800e9268 GetCurrentThreadId
0x1800e9270 InitializeSListHead
0x1800e9278 IsDebuggerPresent
0x1800e9280 GetStartupInfoW
0x1800e9288 RtlUnwindEx
USER32.dll
0x1800e9298 GetWindowRect
0x1800e92a0 ReleaseDC
0x1800e92a8 GetDC
EAT(Export Address Table) Library
0x18000a420 ClearNode
0x18000af60 DllMain
0x18000b140 acnlmrorwqsort
0x18000b0f0 bbdneiv
0x18000b1b0 btlfzdxy
0x18000b190 byzoqjgnj
0x18000a600 cxzasada
0x18000a7e0 ddsdfwe
0x18000b0c0 eqicmcuxw
0x18000b090 flbipxzfoaj
0x18000b150 fqeruzjnzxxbmqqfw
0x18000b0b0 fziqggeyvl
0x18000b000 gadtbxxrzhnxcwby
0x18000b180 gssstrnd
0x18000b020 gsutdyotjussu
0x18000a9c0 htrhrr
0x18000b160 iefihkqlmnb
0x18000b030 iwazjofso
0x18000aff0 jnmayhrpbbhk
0x18000b100 kduftvykeeu
0x18000b080 knipocfgaaupixa
0x18000b010 kwapuprm
0x18000b0d0 lefvsnceecprb
0x18000b040 ltxqtsysuhmiiqpk
0x18000b070 mewdjqcha
0x18000b1a0 mlzvrstick
0x18000b050 mobgiwon
0x18000aba0 nvqqws
0x18000b130 ocxkvhynjixvgpi
0x18000b060 phxyxki
0x18000b110 pjirdinlaiq
0x18000ad80 pogfhgf
0x18000b170 rsuruagoyr
0x180045f50 rust_eh_personality
0x18000b0e0 stlpkzpgvuz
0x18000b120 wnvpypgursezpj
0x18000b0a0 zehzgcp
0x18000b1c0 zthjgbcpvq
crypt.dll
0x1800e92b8 BCryptGenRandom
KERNEL32.dll
0x1800e9000 GetProcAddress
0x1800e9008 TlsGetValue
0x1800e9010 TlsSetValue
0x1800e9018 FormatMessageW
0x1800e9020 GetModuleHandleW
0x1800e9028 GetLastError
0x1800e9030 SetLastError
0x1800e9038 GetCurrentDirectoryW
0x1800e9040 ReleaseSRWLockExclusive
0x1800e9048 TlsAlloc
0x1800e9050 AcquireSRWLockExclusive
0x1800e9058 GetCurrentProcess
0x1800e9060 GetCurrentThread
0x1800e9068 RtlCaptureContext
0x1800e9070 CreateMutexA
0x1800e9078 WaitForSingleObjectEx
0x1800e9080 CloseHandle
0x1800e9088 RtlLookupFunctionEntry
0x1800e9090 ReleaseMutex
0x1800e9098 LoadLibraryA
0x1800e90a0 GetStdHandle
0x1800e90a8 GetConsoleMode
0x1800e90b0 WriteFile
0x1800e90b8 WriteConsoleW
0x1800e90c0 GetEnvironmentVariableW
0x1800e90c8 ReleaseSRWLockShared
0x1800e90d0 AcquireSRWLockShared
0x1800e90d8 DeleteCriticalSection
0x1800e90e0 LeaveCriticalSection
0x1800e90e8 FreeEnvironmentStringsW
0x1800e90f0 FindClose
0x1800e90f8 CreateFileW
0x1800e9100 GetEnvironmentStringsW
0x1800e9108 GetModuleFileNameW
0x1800e9110 GetCommandLineW
0x1800e9118 SetFilePointerEx
0x1800e9120 FlushFileBuffers
0x1800e9128 FindNextFileW
0x1800e9130 InitializeCriticalSection
0x1800e9138 GetModuleHandleA
0x1800e9140 GetCurrentProcessId
0x1800e9148 TerminateProcess
0x1800e9150 ExitProcess
0x1800e9158 QueryPerformanceCounter
0x1800e9160 GetSystemTimeAsFileTime
0x1800e9168 HeapFree
0x1800e9170 HeapAlloc
0x1800e9178 GetProcessHeap
0x1800e9180 HeapReAlloc
0x1800e9188 GetConsoleOutputCP
0x1800e9190 SetStdHandle
0x1800e9198 HeapSize
0x1800e91a0 GetStringTypeW
0x1800e91a8 GetFileType
0x1800e91b0 LCMapStringW
0x1800e91b8 WideCharToMultiByte
0x1800e91c0 MultiByteToWideChar
0x1800e91c8 GetCommandLineA
0x1800e91d0 GetCPInfo
0x1800e91d8 GetOEMCP
0x1800e91e0 GetACP
0x1800e91e8 IsValidCodePage
0x1800e91f0 FindFirstFileExW
0x1800e91f8 GetModuleHandleExW
0x1800e9200 LoadLibraryExW
0x1800e9208 FreeLibrary
0x1800e9210 TlsFree
0x1800e9218 InitializeCriticalSectionAndSpinCount
0x1800e9220 EncodePointer
0x1800e9228 InterlockedFlushSList
0x1800e9230 EnterCriticalSection
0x1800e9238 RaiseException
0x1800e9240 RtlPcToFileHeader
0x1800e9248 RtlVirtualUnwind
0x1800e9250 UnhandledExceptionFilter
0x1800e9258 SetUnhandledExceptionFilter
0x1800e9260 IsProcessorFeaturePresent
0x1800e9268 GetCurrentThreadId
0x1800e9270 InitializeSListHead
0x1800e9278 IsDebuggerPresent
0x1800e9280 GetStartupInfoW
0x1800e9288 RtlUnwindEx
USER32.dll
0x1800e9298 GetWindowRect
0x1800e92a0 ReleaseDC
0x1800e92a8 GetDC
EAT(Export Address Table) Library
0x18000a420 ClearNode
0x18000af60 DllMain
0x18000b140 acnlmrorwqsort
0x18000b0f0 bbdneiv
0x18000b1b0 btlfzdxy
0x18000b190 byzoqjgnj
0x18000a600 cxzasada
0x18000a7e0 ddsdfwe
0x18000b0c0 eqicmcuxw
0x18000b090 flbipxzfoaj
0x18000b150 fqeruzjnzxxbmqqfw
0x18000b0b0 fziqggeyvl
0x18000b000 gadtbxxrzhnxcwby
0x18000b180 gssstrnd
0x18000b020 gsutdyotjussu
0x18000a9c0 htrhrr
0x18000b160 iefihkqlmnb
0x18000b030 iwazjofso
0x18000aff0 jnmayhrpbbhk
0x18000b100 kduftvykeeu
0x18000b080 knipocfgaaupixa
0x18000b010 kwapuprm
0x18000b0d0 lefvsnceecprb
0x18000b040 ltxqtsysuhmiiqpk
0x18000b070 mewdjqcha
0x18000b1a0 mlzvrstick
0x18000b050 mobgiwon
0x18000aba0 nvqqws
0x18000b130 ocxkvhynjixvgpi
0x18000b060 phxyxki
0x18000b110 pjirdinlaiq
0x18000ad80 pogfhgf
0x18000b170 rsuruagoyr
0x180045f50 rust_eh_personality
0x18000b0e0 stlpkzpgvuz
0x18000b120 wnvpypgursezpj
0x18000b0a0 zehzgcp
0x18000b1c0 zthjgbcpvq