popup

Report - oldmystat3.dll

PE64 PE File DLL
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.11.01 10:58 Machine s1_win7_x6403
Filename oldmystat3.dll
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
AI Score
6
 Behavior Score
2.4
ZERO API file : clean
VT API (file) 35 detected (malicious, high confidence, GenericKD, Unsafe, Ogneglazka, confidence, CobaltStrike, Artifact, BankerX, BAZARLOADER, SMYXBIMZ, Krypt, fhjjb, Wacatac, score, ai score=88, GenAsa, 5MwrDO7BOgQ, GenKryptik, FKYP)
md5 f27bb2f94b96d532e6ba900cab2527fd
sha256 bfbc1c27a73c33e375eeea164dc876c23bca1fbc0051bb48d3ed3e50df6fa0e8
ssdeep 6144:2xUQ2UKZQGbM6Pum96gGco3ZQ++r2Ce/CUE:A2UKZQeM6PzogGcopQ++yV6UE
imphash 1d30df1e5b7623c4b3e7485c04815cbd
impfuzzy 3:sUbos:FL
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 35 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
info Checks if process is being debugged by a debugger
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level Name Description Collection
info IsDLL (no description) binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
oldmystat.com
whois
Unknown clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x18003e000 GetSystemTime

EAT(Export Address Table) Library

0x180001000 DllGetClassObject
0x180001050 DllMain
0x180001350 DllRegisterServer
0x1800013a0 DllUnregisterServer
0x1800013f0 StartW

Similarity measure (PE file only) - Checking for service failure