popup

Report - oldmystat.dll

PE64 PE File DLL
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.11.01 10:51 Machine s1_win7_x6403
Filename oldmystat.dll
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
AI Score
9
 Behavior Score
2.4
ZERO API file : clean
VT API (file) 34 detected (malicious, high confidence, GenericKD, Unsafe, Ogneglazka, confidence, CobaltStrike, Artifact, BankerX, BAZARLOADER, SMYXBIMZ, Krypt, xgtxb, Wacatac, score, ai score=82, GenAsa, 5MwrDO7BOgQ, GenKryptik, FKYP)
md5 022bc73fb9791a575e7799c81158b70a
sha256 f520f97e3aa065efc4b7633735530a7ea341f3b332122921cb9257bf55147fb7
ssdeep 3072:TWK939CyKO0NZThiKlNkZRmiXmAe/lY1lzBRjn9vOw:P0vhXsZBmEltRjh
imphash 1d30df1e5b7623c4b3e7485c04815cbd
impfuzzy 3:sUbos:FL
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 34 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
info Checks if process is being debugged by a debugger
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level Name Description Collection
info IsDLL (no description) binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
oldmystat.com
whois
Unknown clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x18000e000 GetSystemTime

EAT(Export Address Table) Library

0x180001000 DllGetClassObject
0x180001330 DllMain
0x180001380 DllRegisterServer
0x1800013d0 DllUnregisterServer
0x180001420 StartW

Similarity measure (PE file only) - Checking for service failure