ScreenShot
| Created | 2021.11.01 10:27 | Machine | s1_win7_x6403 |
| Filename | oldmystat2.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ba810a8879b6ba2cccd49e28789fb059 | ||
| sha256 | 7370c09d07b4695aa11e299a9c17007e9267e1578ce2753259c02a8cf27b18b6 | ||
| ssdeep | 6144:n063Fqg7uKUITd3Mo/SO+6+yoprzfXW82E1:n06P7uKDd3M0R+6+bhzfXW82E1 | ||
| imphash | 1d30df1e5b7623c4b3e7485c04815cbd | ||
| impfuzzy | 3:sUbos:FL | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180066000 GetSystemTime
EAT(Export Address Table) Library
0x180001000 DllGetClassObject
0x180001300 DllMain
0x180001350 DllRegisterServer
0x1800016b0 DllUnregisterServer
0x1800019b0 StartW
KERNEL32.dll
0x180066000 GetSystemTime
EAT(Export Address Table) Library
0x180001000 DllGetClassObject
0x180001300 DllMain
0x180001350 DllRegisterServer
0x1800016b0 DllUnregisterServer
0x1800019b0 StartW