ScreenShot
| Created | 2021.11.01 10:31 | Machine | s1_win7_x6401 |
| Filename | trendmicro2.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (GenericKD, Unsafe, Shelma, GenKryptik, malicious, confidence, 100%, CobaltStrike, Artifact, BAZARLOADER, SMYXBIMZ, Artemis, wjsrm, Sabsik, score, ai score=80, Bazar) | ||
| md5 | af41813cc051b8d0c9c418e99ba345c6 | ||
| sha256 | 2b29c80a4829d3dc816b99606aa5aeead3533d24137f79b5c9a8407957e97b10 | ||
| ssdeep | 24576:h+5jq+9BGqWeU33V8V0HmkKaH1S2807SPFL3EOGTWqG5QVEzAJ24GOy2irA8+fj7:h+keU33V8V0HmkKaH1S277SPFL3EOGTZ | ||
| imphash | ccd94d54b49b113bd9c8eb4e3fa720ca | ||
| impfuzzy | 24:0DoJxs02th1JgGVlJeDc+pl39roYv/DdwMktxSOovbO9ZHu9R:3xkth1JgGac+ppZzh43u | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1800f3000 VirtualAlloc
0x1800f3008 VirtualProtect
0x1800f3010 GetProcAddress
0x1800f3018 LoadLibraryA
0x1800f3020 QueryPerformanceCounter
0x1800f3028 QueryPerformanceFrequency
0x1800f3030 RtlCaptureContext
0x1800f3038 RtlLookupFunctionEntry
0x1800f3040 RtlVirtualUnwind
0x1800f3048 UnhandledExceptionFilter
0x1800f3050 SetUnhandledExceptionFilter
0x1800f3058 GetCurrentProcess
0x1800f3060 TerminateProcess
0x1800f3068 IsProcessorFeaturePresent
0x1800f3070 GetCurrentProcessId
0x1800f3078 GetCurrentThreadId
0x1800f3080 GetSystemTimeAsFileTime
0x1800f3088 InitializeSListHead
0x1800f3090 IsDebuggerPresent
0x1800f3098 GetStartupInfoW
0x1800f30a0 GetModuleHandleW
0x1800f30a8 SetEndOfFile
0x1800f30b0 RtlPcToFileHeader
0x1800f30b8 RaiseException
0x1800f30c0 RtlUnwindEx
0x1800f30c8 InterlockedFlushSList
0x1800f30d0 GetLastError
0x1800f30d8 SetLastError
0x1800f30e0 EncodePointer
0x1800f30e8 EnterCriticalSection
0x1800f30f0 LeaveCriticalSection
0x1800f30f8 DeleteCriticalSection
0x1800f3100 InitializeCriticalSectionAndSpinCount
0x1800f3108 TlsAlloc
0x1800f3110 TlsGetValue
0x1800f3118 TlsSetValue
0x1800f3120 TlsFree
0x1800f3128 FreeLibrary
0x1800f3130 LoadLibraryExW
0x1800f3138 ExitProcess
0x1800f3140 GetModuleHandleExW
0x1800f3148 GetStdHandle
0x1800f3150 GetFileType
0x1800f3158 GetModuleFileNameW
0x1800f3160 WriteConsoleW
0x1800f3168 ReadFile
0x1800f3170 HeapFree
0x1800f3178 HeapAlloc
0x1800f3180 HeapReAlloc
0x1800f3188 CompareStringW
0x1800f3190 LCMapStringW
0x1800f3198 GetConsoleMode
0x1800f31a0 ReadConsoleW
0x1800f31a8 FlushFileBuffers
0x1800f31b0 WriteFile
0x1800f31b8 GetConsoleOutputCP
0x1800f31c0 GetFileSizeEx
0x1800f31c8 SetFilePointerEx
0x1800f31d0 OutputDebugStringW
0x1800f31d8 CloseHandle
0x1800f31e0 FindClose
0x1800f31e8 FindFirstFileExW
0x1800f31f0 FindNextFileW
0x1800f31f8 IsValidCodePage
0x1800f3200 GetACP
0x1800f3208 GetOEMCP
0x1800f3210 GetCPInfo
0x1800f3218 GetCommandLineA
0x1800f3220 GetCommandLineW
0x1800f3228 MultiByteToWideChar
0x1800f3230 WideCharToMultiByte
0x1800f3238 GetEnvironmentStringsW
0x1800f3240 FreeEnvironmentStringsW
0x1800f3248 SetEnvironmentVariableW
0x1800f3250 GetProcessHeap
0x1800f3258 SetStdHandle
0x1800f3260 GetStringTypeW
0x1800f3268 CreateFileW
0x1800f3270 HeapSize
EAT(Export Address Table) Library
0x1800010d0 DllGetClassObject
0x180001160 DllMain
0x1800011f0 DllRegisterServer
0x180001280 DllUnregisterServer
0x180001310 StartW
0x18007aaf0 opj_codec_set_threads
0x18007b0f0 opj_create_compress
0x18007a5f0 opj_create_decompress
0x18007ad30 opj_decode
0x18007b050 opj_decode_tile_data
0x18007a8f0 opj_destroy_codec
0x18007b7f0 opj_destroy_cstr_index
0x18007b6c0 opj_destroy_cstr_info
0x18007b720 opj_dump_codec
0x18007b640 opj_encode
0x18007b4e0 opj_encoder_set_extra_options
0x18007b5c0 opj_end_compress
0x18007a960 opj_end_decompress
0x18007b7b0 opj_get_cstr_index
0x18007b770 opj_get_cstr_info
0x18007adb0 opj_get_decoded_tile
0x1800be290 opj_get_num_cpus
0x1800be280 opj_has_thread_support
0x1800bce40 opj_image_create
0x18007a330 opj_image_data_alloc
0x18007a360 opj_image_data_free
0x1800bd0c0 opj_image_destroy
0x1800bd180 opj_image_tile_create
0x18007ab40 opj_read_header
0x18007af30 opj_read_tile_header
0x18007b830 opj_set_MCT
0x18007aca0 opj_set_decode_area
0x18007abe0 opj_set_decoded_components
0x18007ae40 opj_set_decoded_resolution_factor
0x18007a9e0 opj_set_default_decoder_parameters
0x18007b300 opj_set_default_encoder_parameters
0x18007a590 opj_set_error_handler
0x18007a4d0 opj_set_info_handler
0x18007a530 opj_set_warning_handler
0x18007aa60 opj_setup_decoder
0x18007b460 opj_setup_encoder
0x18007b540 opj_start_compress
0x1800bafc0 opj_stream_create
0x18007a380 opj_stream_create_default_file_stream
0x18007a3b0 opj_stream_create_file_stream
0x1800baf90 opj_stream_default_create
0x1800bb110 opj_stream_destroy
0x1800bb180 opj_stream_set_read_function
0x1800bb260 opj_stream_set_seek_function
0x1800bb220 opj_stream_set_skip_function
0x1800bb2a0 opj_stream_set_user_data
0x1800bb2f0 opj_stream_set_user_data_length
0x1800bb1d0 opj_stream_set_write_function
0x18007a320 opj_version
0x18007ae90 opj_write_tile
KERNEL32.dll
0x1800f3000 VirtualAlloc
0x1800f3008 VirtualProtect
0x1800f3010 GetProcAddress
0x1800f3018 LoadLibraryA
0x1800f3020 QueryPerformanceCounter
0x1800f3028 QueryPerformanceFrequency
0x1800f3030 RtlCaptureContext
0x1800f3038 RtlLookupFunctionEntry
0x1800f3040 RtlVirtualUnwind
0x1800f3048 UnhandledExceptionFilter
0x1800f3050 SetUnhandledExceptionFilter
0x1800f3058 GetCurrentProcess
0x1800f3060 TerminateProcess
0x1800f3068 IsProcessorFeaturePresent
0x1800f3070 GetCurrentProcessId
0x1800f3078 GetCurrentThreadId
0x1800f3080 GetSystemTimeAsFileTime
0x1800f3088 InitializeSListHead
0x1800f3090 IsDebuggerPresent
0x1800f3098 GetStartupInfoW
0x1800f30a0 GetModuleHandleW
0x1800f30a8 SetEndOfFile
0x1800f30b0 RtlPcToFileHeader
0x1800f30b8 RaiseException
0x1800f30c0 RtlUnwindEx
0x1800f30c8 InterlockedFlushSList
0x1800f30d0 GetLastError
0x1800f30d8 SetLastError
0x1800f30e0 EncodePointer
0x1800f30e8 EnterCriticalSection
0x1800f30f0 LeaveCriticalSection
0x1800f30f8 DeleteCriticalSection
0x1800f3100 InitializeCriticalSectionAndSpinCount
0x1800f3108 TlsAlloc
0x1800f3110 TlsGetValue
0x1800f3118 TlsSetValue
0x1800f3120 TlsFree
0x1800f3128 FreeLibrary
0x1800f3130 LoadLibraryExW
0x1800f3138 ExitProcess
0x1800f3140 GetModuleHandleExW
0x1800f3148 GetStdHandle
0x1800f3150 GetFileType
0x1800f3158 GetModuleFileNameW
0x1800f3160 WriteConsoleW
0x1800f3168 ReadFile
0x1800f3170 HeapFree
0x1800f3178 HeapAlloc
0x1800f3180 HeapReAlloc
0x1800f3188 CompareStringW
0x1800f3190 LCMapStringW
0x1800f3198 GetConsoleMode
0x1800f31a0 ReadConsoleW
0x1800f31a8 FlushFileBuffers
0x1800f31b0 WriteFile
0x1800f31b8 GetConsoleOutputCP
0x1800f31c0 GetFileSizeEx
0x1800f31c8 SetFilePointerEx
0x1800f31d0 OutputDebugStringW
0x1800f31d8 CloseHandle
0x1800f31e0 FindClose
0x1800f31e8 FindFirstFileExW
0x1800f31f0 FindNextFileW
0x1800f31f8 IsValidCodePage
0x1800f3200 GetACP
0x1800f3208 GetOEMCP
0x1800f3210 GetCPInfo
0x1800f3218 GetCommandLineA
0x1800f3220 GetCommandLineW
0x1800f3228 MultiByteToWideChar
0x1800f3230 WideCharToMultiByte
0x1800f3238 GetEnvironmentStringsW
0x1800f3240 FreeEnvironmentStringsW
0x1800f3248 SetEnvironmentVariableW
0x1800f3250 GetProcessHeap
0x1800f3258 SetStdHandle
0x1800f3260 GetStringTypeW
0x1800f3268 CreateFileW
0x1800f3270 HeapSize
EAT(Export Address Table) Library
0x1800010d0 DllGetClassObject
0x180001160 DllMain
0x1800011f0 DllRegisterServer
0x180001280 DllUnregisterServer
0x180001310 StartW
0x18007aaf0 opj_codec_set_threads
0x18007b0f0 opj_create_compress
0x18007a5f0 opj_create_decompress
0x18007ad30 opj_decode
0x18007b050 opj_decode_tile_data
0x18007a8f0 opj_destroy_codec
0x18007b7f0 opj_destroy_cstr_index
0x18007b6c0 opj_destroy_cstr_info
0x18007b720 opj_dump_codec
0x18007b640 opj_encode
0x18007b4e0 opj_encoder_set_extra_options
0x18007b5c0 opj_end_compress
0x18007a960 opj_end_decompress
0x18007b7b0 opj_get_cstr_index
0x18007b770 opj_get_cstr_info
0x18007adb0 opj_get_decoded_tile
0x1800be290 opj_get_num_cpus
0x1800be280 opj_has_thread_support
0x1800bce40 opj_image_create
0x18007a330 opj_image_data_alloc
0x18007a360 opj_image_data_free
0x1800bd0c0 opj_image_destroy
0x1800bd180 opj_image_tile_create
0x18007ab40 opj_read_header
0x18007af30 opj_read_tile_header
0x18007b830 opj_set_MCT
0x18007aca0 opj_set_decode_area
0x18007abe0 opj_set_decoded_components
0x18007ae40 opj_set_decoded_resolution_factor
0x18007a9e0 opj_set_default_decoder_parameters
0x18007b300 opj_set_default_encoder_parameters
0x18007a590 opj_set_error_handler
0x18007a4d0 opj_set_info_handler
0x18007a530 opj_set_warning_handler
0x18007aa60 opj_setup_decoder
0x18007b460 opj_setup_encoder
0x18007b540 opj_start_compress
0x1800bafc0 opj_stream_create
0x18007a380 opj_stream_create_default_file_stream
0x18007a3b0 opj_stream_create_file_stream
0x1800baf90 opj_stream_default_create
0x1800bb110 opj_stream_destroy
0x1800bb180 opj_stream_set_read_function
0x1800bb260 opj_stream_set_seek_function
0x1800bb220 opj_stream_set_skip_function
0x1800bb2a0 opj_stream_set_user_data
0x1800bb2f0 opj_stream_set_user_data_length
0x1800bb1d0 opj_stream_set_write_function
0x18007a320 opj_version
0x18007ae90 opj_write_tile