ScreenShot
| Created | 2021.11.01 10:43 | Machine | s1_win7_x6403 |
| Filename | trendmicro.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (Cobalt, GenericKD, Unsafe, CobaltStrike, Artifact, Huzb, Kryptik, bdjbc, BAZARLOADER, SMYXBIMZ, Artemis, ai score=88, Sabsik, Malicious, score, Bazar) | ||
| md5 | 97a33f10e994d32f43404eac8ff3bb02 | ||
| sha256 | 0ba7554e7d120ce355c6995c6af95542499e4ec2f6012ed16b32a85175761a94 | ||
| ssdeep | 12288:dECr4PP2Y44oAVzbqXJOjqPDB1AaK93sPs5hEPMemDnEHoo7:dExjq7k93sPsrDemDnEHoS | ||
| imphash | c1777a21b70712a99cc5e029c88c2bdf | ||
| impfuzzy | 24:0DofcpVWjD02tMS1lgGVlJBl39roCHFZXve/Mk3pOovbOPZHu9R1:VcpVwHtMS1lgGbpZJFZ/B3M1 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x18008a000 VirtualAlloc
0x18008a008 VirtualProtect
0x18008a010 GetProcAddress
0x18008a018 LoadLibraryA
0x18008a020 EnterCriticalSection
0x18008a028 LeaveCriticalSection
0x18008a030 InitializeCriticalSectionEx
0x18008a038 DeleteCriticalSection
0x18008a040 EncodePointer
0x18008a048 DecodePointer
0x18008a050 MultiByteToWideChar
0x18008a058 WideCharToMultiByte
0x18008a060 LCMapStringEx
0x18008a068 GetStringTypeW
0x18008a070 GetCPInfo
0x18008a078 RtlCaptureContext
0x18008a080 RtlLookupFunctionEntry
0x18008a088 RtlVirtualUnwind
0x18008a090 UnhandledExceptionFilter
0x18008a098 SetUnhandledExceptionFilter
0x18008a0a0 GetCurrentProcess
0x18008a0a8 TerminateProcess
0x18008a0b0 IsProcessorFeaturePresent
0x18008a0b8 QueryPerformanceCounter
0x18008a0c0 GetCurrentProcessId
0x18008a0c8 GetCurrentThreadId
0x18008a0d0 GetSystemTimeAsFileTime
0x18008a0d8 InitializeSListHead
0x18008a0e0 IsDebuggerPresent
0x18008a0e8 GetStartupInfoW
0x18008a0f0 GetModuleHandleW
0x18008a0f8 RtlPcToFileHeader
0x18008a100 RaiseException
0x18008a108 RtlUnwindEx
0x18008a110 InterlockedFlushSList
0x18008a118 GetLastError
0x18008a120 SetLastError
0x18008a128 InitializeCriticalSectionAndSpinCount
0x18008a130 TlsAlloc
0x18008a138 TlsGetValue
0x18008a140 TlsSetValue
0x18008a148 TlsFree
0x18008a150 FreeLibrary
0x18008a158 LoadLibraryExW
0x18008a160 ExitProcess
0x18008a168 GetModuleHandleExW
0x18008a170 GetModuleFileNameW
0x18008a178 HeapFree
0x18008a180 HeapAlloc
0x18008a188 CompareStringW
0x18008a190 LCMapStringW
0x18008a198 GetLocaleInfoW
0x18008a1a0 IsValidLocale
0x18008a1a8 GetUserDefaultLCID
0x18008a1b0 EnumSystemLocalesW
0x18008a1b8 GetStdHandle
0x18008a1c0 GetFileType
0x18008a1c8 HeapReAlloc
0x18008a1d0 ReadFile
0x18008a1d8 GetConsoleMode
0x18008a1e0 ReadConsoleW
0x18008a1e8 FlushFileBuffers
0x18008a1f0 WriteFile
0x18008a1f8 GetConsoleOutputCP
0x18008a200 GetFileSizeEx
0x18008a208 SetFilePointerEx
0x18008a210 CloseHandle
0x18008a218 FindClose
0x18008a220 FindFirstFileExW
0x18008a228 FindNextFileW
0x18008a230 IsValidCodePage
0x18008a238 GetACP
0x18008a240 GetOEMCP
0x18008a248 GetCommandLineA
0x18008a250 GetCommandLineW
0x18008a258 GetEnvironmentStringsW
0x18008a260 FreeEnvironmentStringsW
0x18008a268 SetEnvironmentVariableW
0x18008a270 GetProcessHeap
0x18008a278 SetStdHandle
0x18008a280 HeapSize
0x18008a288 CreateFileW
0x18008a290 WriteConsoleW
0x18008a298 RtlUnwind
EAT(Export Address Table) Library
0x180001210 DllGetClassObject
0x1800012a0 DllMain
0x180001330 DllRegisterServer
0x1800013c0 DllUnregisterServer
0x180001450 StartW
KERNEL32.dll
0x18008a000 VirtualAlloc
0x18008a008 VirtualProtect
0x18008a010 GetProcAddress
0x18008a018 LoadLibraryA
0x18008a020 EnterCriticalSection
0x18008a028 LeaveCriticalSection
0x18008a030 InitializeCriticalSectionEx
0x18008a038 DeleteCriticalSection
0x18008a040 EncodePointer
0x18008a048 DecodePointer
0x18008a050 MultiByteToWideChar
0x18008a058 WideCharToMultiByte
0x18008a060 LCMapStringEx
0x18008a068 GetStringTypeW
0x18008a070 GetCPInfo
0x18008a078 RtlCaptureContext
0x18008a080 RtlLookupFunctionEntry
0x18008a088 RtlVirtualUnwind
0x18008a090 UnhandledExceptionFilter
0x18008a098 SetUnhandledExceptionFilter
0x18008a0a0 GetCurrentProcess
0x18008a0a8 TerminateProcess
0x18008a0b0 IsProcessorFeaturePresent
0x18008a0b8 QueryPerformanceCounter
0x18008a0c0 GetCurrentProcessId
0x18008a0c8 GetCurrentThreadId
0x18008a0d0 GetSystemTimeAsFileTime
0x18008a0d8 InitializeSListHead
0x18008a0e0 IsDebuggerPresent
0x18008a0e8 GetStartupInfoW
0x18008a0f0 GetModuleHandleW
0x18008a0f8 RtlPcToFileHeader
0x18008a100 RaiseException
0x18008a108 RtlUnwindEx
0x18008a110 InterlockedFlushSList
0x18008a118 GetLastError
0x18008a120 SetLastError
0x18008a128 InitializeCriticalSectionAndSpinCount
0x18008a130 TlsAlloc
0x18008a138 TlsGetValue
0x18008a140 TlsSetValue
0x18008a148 TlsFree
0x18008a150 FreeLibrary
0x18008a158 LoadLibraryExW
0x18008a160 ExitProcess
0x18008a168 GetModuleHandleExW
0x18008a170 GetModuleFileNameW
0x18008a178 HeapFree
0x18008a180 HeapAlloc
0x18008a188 CompareStringW
0x18008a190 LCMapStringW
0x18008a198 GetLocaleInfoW
0x18008a1a0 IsValidLocale
0x18008a1a8 GetUserDefaultLCID
0x18008a1b0 EnumSystemLocalesW
0x18008a1b8 GetStdHandle
0x18008a1c0 GetFileType
0x18008a1c8 HeapReAlloc
0x18008a1d0 ReadFile
0x18008a1d8 GetConsoleMode
0x18008a1e0 ReadConsoleW
0x18008a1e8 FlushFileBuffers
0x18008a1f0 WriteFile
0x18008a1f8 GetConsoleOutputCP
0x18008a200 GetFileSizeEx
0x18008a208 SetFilePointerEx
0x18008a210 CloseHandle
0x18008a218 FindClose
0x18008a220 FindFirstFileExW
0x18008a228 FindNextFileW
0x18008a230 IsValidCodePage
0x18008a238 GetACP
0x18008a240 GetOEMCP
0x18008a248 GetCommandLineA
0x18008a250 GetCommandLineW
0x18008a258 GetEnvironmentStringsW
0x18008a260 FreeEnvironmentStringsW
0x18008a268 SetEnvironmentVariableW
0x18008a270 GetProcessHeap
0x18008a278 SetStdHandle
0x18008a280 HeapSize
0x18008a288 CreateFileW
0x18008a290 WriteConsoleW
0x18008a298 RtlUnwind
EAT(Export Address Table) Library
0x180001210 DllGetClassObject
0x1800012a0 DllMain
0x180001330 DllRegisterServer
0x1800013c0 DllUnregisterServer
0x180001450 StartW