ScreenShot
| Created | 2021.11.05 09:19 | Machine | s1_win7_x6401 |
| Filename | sdd.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 9cfd97227c5095d2efd4dd86688e04b0 | ||
| sha256 | a10f0e188da684caa1f635985bb297b85998c080feae1b61c7e70881df5b1206 | ||
| ssdeep | 49152:oQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4B3eMqfn8+nFFQCxEsJwKQB:ofaNQh+NUABO/c0Y9AdgMqf8+gqJW | ||
| imphash | bb11b144a5554facd4d946814076c8be | ||
| impfuzzy | 48:bSiAbepoI4ZCzodx+fcMMZtfm/Kx63LQahD7I:bSiAUDYiAx+fcMMZtfCdLlhD7I | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x578000 QueryPerformanceCounter
0x578004 CreateFileW
0x578008 GetWindowsDirectoryW
0x57800c GetSystemTime
0x578010 GetModuleHandleW
0x578014 GetVersionExW
0x578018 OpenProcess
0x57801c GetDateFormatW
0x578020 SizeofResource
0x578024 LockResource
0x578028 LoadLibraryW
0x57802c ExitProcess
0x578030 GetFileTime
0x578034 WideCharToMultiByte
0x578038 GetModuleFileNameW
0x57803c TlsAlloc
0x578040 GetTempPathW
0x578044 VirtualProtect
0x578048 CreateSemaphoreW
0x57804c GetCurrentDirectoryW
0x578050 GetEnvironmentVariableW
0x578054 CompareStringW
0x578058 CompareStringA
0x57805c CreateFileA
0x578060 GetLocaleInfoW
0x578064 SetStdHandle
0x578068 WriteConsoleW
0x57806c GetConsoleOutputCP
0x578070 WriteConsoleA
0x578074 ReadFile
0x578078 GetTimeZoneInformation
0x57807c LoadLibraryA
0x578080 FreeLibrary
0x578084 SetConsoleCtrlHandler
0x578088 CloseHandle
0x57808c SetFilePointer
0x578090 FlushFileBuffers
0x578094 GetConsoleMode
0x578098 GetConsoleCP
0x57809c WriteFile
0x5780a0 HeapSize
0x5780a4 IsValidCodePage
0x5780a8 IsValidLocale
0x5780ac EnumSystemLocalesA
0x5780b0 GetLocaleInfoA
0x5780b4 GetUserDefaultLCID
0x5780b8 GetOEMCP
0x5780bc GetACP
0x5780c0 GetDateFormatA
0x5780c4 GetTimeFormatA
0x5780c8 GetSystemTimeAsFileTime
0x5780cc GetCurrentProcessId
0x5780d0 GetTickCount
0x5780d4 InterlockedIncrement
0x5780d8 InterlockedDecrement
0x5780dc InterlockedCompareExchange
0x5780e0 InterlockedExchange
0x5780e4 MultiByteToWideChar
0x5780e8 Sleep
0x5780ec InitializeCriticalSection
0x5780f0 DeleteCriticalSection
0x5780f4 EnterCriticalSection
0x5780f8 LeaveCriticalSection
0x5780fc RtlUnwind
0x578100 RaiseException
0x578104 TerminateProcess
0x578108 GetCurrentProcess
0x57810c UnhandledExceptionFilter
0x578110 SetUnhandledExceptionFilter
0x578114 IsDebuggerPresent
0x578118 GetLastError
0x57811c HeapFree
0x578120 GetCurrentThreadId
0x578124 GetCommandLineA
0x578128 GetVersionExA
0x57812c HeapAlloc
0x578130 GetProcessHeap
0x578134 LCMapStringA
0x578138 LCMapStringW
0x57813c GetCPInfo
0x578140 GetStringTypeA
0x578144 GetStringTypeW
0x578148 GetProcAddress
0x57814c GetModuleHandleA
0x578150 TlsGetValue
0x578154 TlsSetValue
0x578158 TlsFree
0x57815c SetLastError
0x578160 GetCurrentThread
0x578164 HeapDestroy
0x578168 HeapCreate
0x57816c VirtualFree
0x578170 FatalAppExitA
0x578174 VirtualAlloc
0x578178 HeapReAlloc
0x57817c SetHandleCount
0x578180 GetStdHandle
0x578184 GetFileType
0x578188 GetStartupInfoA
0x57818c GetModuleFileNameA
0x578190 FreeEnvironmentStringsA
0x578194 GetEnvironmentStrings
0x578198 FreeEnvironmentStringsW
0x57819c GetEnvironmentStringsW
0x5781a0 SetEnvironmentVariableA
SETUPAPI.dll
0x5781a8 SetupInitDefaultQueueCallback
0x5781ac SetupFreeSourceListW
0x5781b0 SetupCancelTemporarySourceList
0x5781b4 SetupAddToSourceListW
0x5781b8 SetupQuerySpaceRequiredOnDriveW
0x5781bc SetupGetLineByIndexW
0x5781c0 SetupTermDefaultQueueCallback
0x5781c4 SetupSetSourceListW
0x5781c8 SetupDestroyDiskSpaceList
0x5781cc SetupGetTargetPathW
0x5781d0 SetupQueryInfVersionInformationW
0x5781d4 SetupCopyOEMInfW
0x5781d8 SetupGetLineCountW
0x5781dc SetupGetSourceInfoW
0x5781e0 SetupPromptForDiskW
0x5781e4 SetupQueueCopyW
0x5781e8 SetupGetFieldCount
0x5781ec SetupQueueRenameW
0x5781f0 SetupCreateDiskSpaceListW
0x5781f4 SetupSetPlatformPathOverrideW
0x5781f8 SetupRemoveFromSourceListW
0x5781fc SetupQuerySourceListW
0x578200 SetupPromptReboot
0x578204 SetupDefaultQueueCallbackW
0x578208 SetupGetIntField
0x57820c SetupGetLineTextW
0x578210 SetupGetStringFieldW
0x578214 SetupRemoveFromDiskSpaceListW
0x578218 SetupQueueDefaultCopyW
0x57821c SetupQueryDrivesInDiskSpaceListW
0x578220 SetupIterateCabinetW
EAT(Export Address Table) Library
0x54b430 Armshoe
0x54af70 Bepitch
0x54ae50 Comelife
0x54b590 Fathertone
0x54ad80 Namebefore
0x54aca0 NationSugar
0x54aff0 Passshop
0x54b0e0 Put
0x54b260 Roadspend
KERNEL32.dll
0x578000 QueryPerformanceCounter
0x578004 CreateFileW
0x578008 GetWindowsDirectoryW
0x57800c GetSystemTime
0x578010 GetModuleHandleW
0x578014 GetVersionExW
0x578018 OpenProcess
0x57801c GetDateFormatW
0x578020 SizeofResource
0x578024 LockResource
0x578028 LoadLibraryW
0x57802c ExitProcess
0x578030 GetFileTime
0x578034 WideCharToMultiByte
0x578038 GetModuleFileNameW
0x57803c TlsAlloc
0x578040 GetTempPathW
0x578044 VirtualProtect
0x578048 CreateSemaphoreW
0x57804c GetCurrentDirectoryW
0x578050 GetEnvironmentVariableW
0x578054 CompareStringW
0x578058 CompareStringA
0x57805c CreateFileA
0x578060 GetLocaleInfoW
0x578064 SetStdHandle
0x578068 WriteConsoleW
0x57806c GetConsoleOutputCP
0x578070 WriteConsoleA
0x578074 ReadFile
0x578078 GetTimeZoneInformation
0x57807c LoadLibraryA
0x578080 FreeLibrary
0x578084 SetConsoleCtrlHandler
0x578088 CloseHandle
0x57808c SetFilePointer
0x578090 FlushFileBuffers
0x578094 GetConsoleMode
0x578098 GetConsoleCP
0x57809c WriteFile
0x5780a0 HeapSize
0x5780a4 IsValidCodePage
0x5780a8 IsValidLocale
0x5780ac EnumSystemLocalesA
0x5780b0 GetLocaleInfoA
0x5780b4 GetUserDefaultLCID
0x5780b8 GetOEMCP
0x5780bc GetACP
0x5780c0 GetDateFormatA
0x5780c4 GetTimeFormatA
0x5780c8 GetSystemTimeAsFileTime
0x5780cc GetCurrentProcessId
0x5780d0 GetTickCount
0x5780d4 InterlockedIncrement
0x5780d8 InterlockedDecrement
0x5780dc InterlockedCompareExchange
0x5780e0 InterlockedExchange
0x5780e4 MultiByteToWideChar
0x5780e8 Sleep
0x5780ec InitializeCriticalSection
0x5780f0 DeleteCriticalSection
0x5780f4 EnterCriticalSection
0x5780f8 LeaveCriticalSection
0x5780fc RtlUnwind
0x578100 RaiseException
0x578104 TerminateProcess
0x578108 GetCurrentProcess
0x57810c UnhandledExceptionFilter
0x578110 SetUnhandledExceptionFilter
0x578114 IsDebuggerPresent
0x578118 GetLastError
0x57811c HeapFree
0x578120 GetCurrentThreadId
0x578124 GetCommandLineA
0x578128 GetVersionExA
0x57812c HeapAlloc
0x578130 GetProcessHeap
0x578134 LCMapStringA
0x578138 LCMapStringW
0x57813c GetCPInfo
0x578140 GetStringTypeA
0x578144 GetStringTypeW
0x578148 GetProcAddress
0x57814c GetModuleHandleA
0x578150 TlsGetValue
0x578154 TlsSetValue
0x578158 TlsFree
0x57815c SetLastError
0x578160 GetCurrentThread
0x578164 HeapDestroy
0x578168 HeapCreate
0x57816c VirtualFree
0x578170 FatalAppExitA
0x578174 VirtualAlloc
0x578178 HeapReAlloc
0x57817c SetHandleCount
0x578180 GetStdHandle
0x578184 GetFileType
0x578188 GetStartupInfoA
0x57818c GetModuleFileNameA
0x578190 FreeEnvironmentStringsA
0x578194 GetEnvironmentStrings
0x578198 FreeEnvironmentStringsW
0x57819c GetEnvironmentStringsW
0x5781a0 SetEnvironmentVariableA
SETUPAPI.dll
0x5781a8 SetupInitDefaultQueueCallback
0x5781ac SetupFreeSourceListW
0x5781b0 SetupCancelTemporarySourceList
0x5781b4 SetupAddToSourceListW
0x5781b8 SetupQuerySpaceRequiredOnDriveW
0x5781bc SetupGetLineByIndexW
0x5781c0 SetupTermDefaultQueueCallback
0x5781c4 SetupSetSourceListW
0x5781c8 SetupDestroyDiskSpaceList
0x5781cc SetupGetTargetPathW
0x5781d0 SetupQueryInfVersionInformationW
0x5781d4 SetupCopyOEMInfW
0x5781d8 SetupGetLineCountW
0x5781dc SetupGetSourceInfoW
0x5781e0 SetupPromptForDiskW
0x5781e4 SetupQueueCopyW
0x5781e8 SetupGetFieldCount
0x5781ec SetupQueueRenameW
0x5781f0 SetupCreateDiskSpaceListW
0x5781f4 SetupSetPlatformPathOverrideW
0x5781f8 SetupRemoveFromSourceListW
0x5781fc SetupQuerySourceListW
0x578200 SetupPromptReboot
0x578204 SetupDefaultQueueCallbackW
0x578208 SetupGetIntField
0x57820c SetupGetLineTextW
0x578210 SetupGetStringFieldW
0x578214 SetupRemoveFromDiskSpaceListW
0x578218 SetupQueueDefaultCopyW
0x57821c SetupQueryDrivesInDiskSpaceListW
0x578220 SetupIterateCabinetW
EAT(Export Address Table) Library
0x54b430 Armshoe
0x54af70 Bepitch
0x54ae50 Comelife
0x54b590 Fathertone
0x54ad80 Namebefore
0x54aca0 NationSugar
0x54aff0 Passshop
0x54b0e0 Put
0x54b260 Roadspend