ScreenShot
| Created | 2021.11.07 10:12 | Machine | s1_win7_x6403 |
| Filename | leh5 | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 2f10ba7d7cabbff26172fa9befcac2c2 | ||
| sha256 | 2c41b190dbd4c3925c50199bea5d0dd4a6a58f8f89e01c3e1635c35d599b264e | ||
| ssdeep | 3072:b5/6jjhOWoqmYstRQs+eR2Wu96+EqEkGTqBQMwVo+PBbhOP3xJPpokK3Bl6DU3ue:bJ6Zv6ntRQwsc+E9fBw37pVDUuNz5ViP | ||
| imphash | 651f6515b60c81769fb288ed8968e1c1 | ||
| impfuzzy | 24:xd02tMS17mgdlJnc+pl3eDoRkUSOovbO9ZuvwjMR:xttMS17mg9c+ppd3cp | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180019000 GetProcessHeap
0x180019008 ExitProcess
0x180019010 WriteConsoleW
0x180019018 RtlCaptureContext
0x180019020 RtlLookupFunctionEntry
0x180019028 RtlVirtualUnwind
0x180019030 UnhandledExceptionFilter
0x180019038 SetUnhandledExceptionFilter
0x180019040 GetCurrentProcess
0x180019048 TerminateProcess
0x180019050 IsProcessorFeaturePresent
0x180019058 QueryPerformanceCounter
0x180019060 GetCurrentProcessId
0x180019068 GetCurrentThreadId
0x180019070 GetSystemTimeAsFileTime
0x180019078 InitializeSListHead
0x180019080 IsDebuggerPresent
0x180019088 GetStartupInfoW
0x180019090 GetModuleHandleW
0x180019098 RtlUnwindEx
0x1800190a0 InterlockedFlushSList
0x1800190a8 RtlPcToFileHeader
0x1800190b0 RaiseException
0x1800190b8 GetLastError
0x1800190c0 SetLastError
0x1800190c8 EnterCriticalSection
0x1800190d0 LeaveCriticalSection
0x1800190d8 DeleteCriticalSection
0x1800190e0 InitializeCriticalSectionAndSpinCount
0x1800190e8 TlsAlloc
0x1800190f0 TlsGetValue
0x1800190f8 TlsSetValue
0x180019100 TlsFree
0x180019108 FreeLibrary
0x180019110 GetProcAddress
0x180019118 LoadLibraryExW
0x180019120 GetModuleHandleExW
0x180019128 GetModuleFileNameW
0x180019130 HeapAlloc
0x180019138 LCMapStringW
0x180019140 HeapFree
0x180019148 FindClose
0x180019150 FindFirstFileExW
0x180019158 FindNextFileW
0x180019160 IsValidCodePage
0x180019168 GetACP
0x180019170 GetOEMCP
0x180019178 GetCPInfo
0x180019180 GetCommandLineA
0x180019188 GetCommandLineW
0x180019190 MultiByteToWideChar
0x180019198 WideCharToMultiByte
0x1800191a0 GetEnvironmentStringsW
0x1800191a8 FreeEnvironmentStringsW
0x1800191b0 GetStdHandle
0x1800191b8 GetFileType
0x1800191c0 GetStringTypeW
0x1800191c8 HeapSize
0x1800191d0 HeapReAlloc
0x1800191d8 SetStdHandle
0x1800191e0 FlushFileBuffers
0x1800191e8 WriteFile
0x1800191f0 GetConsoleCP
0x1800191f8 GetConsoleMode
0x180019200 SetFilePointerEx
0x180019208 CreateFileW
0x180019210 CloseHandle
EAT(Export Address Table) Library
0x18000c350 DllRegisterServer
0x18000c430 DllUnregisterServer
0x18000c790 aerghlnbbneduhs
0x18000ca40 aiwkkcxryot
0x18000c750 aquncxxeyeri
0x18000c980 asyfquhsdv
0x18000c680 avdpulh
0x18000c6f0 ayoizyblkjcr
0x18000c760 bhlgvbmxhbafwsf
0x18000c720 bkrpcjqxuyr
0x18000c730 bnmzzfyna
0x18000c640 bwnwjabnjpwijex
0x18000c870 cacdjzuef
0x18000c600 cdxvnjhfxbez
0x18000c890 denawhfigtalypxym
0x18000ca00 dvvqsfnc
0x18000c700 eqmcmblcbtt
0x18000c6e0 ewqmfuwwehfcgx
0x18000c990 favxquprprvm
0x18000c960 fblrjzv
0x18000c6a0 fdbpvduyvrvsit
0x18000c9c0 ffqeumpyhjipb
0x18000c630 forjyoidxgkprwj
0x18000c9e0 fqqhnnasigcs
0x18000c840 ftxsissa
0x18000c950 fvqyrygloq
0x18000c8a0 gbliyelkopoquz
0x18000c780 glxxpla
0x18000c550 goallyvllcrfsek
0x18000c5b0 gofzzigktnlecxmv
0x18000c850 gqnepbdhebsmgoxp
0x18000c660 hnqxeiwmii
0x18000c6d0 hpcondmuqmrhlvk
0x18000c560 ilixbtuwmbjbeyg
0x18000c5c0 ipbpwjoqw
0x18000c690 ipovsognxmp
0x18000c7f0 itwgvvlqwu
0x18000c880 kgmrsveokahapodhd
0x18000c7a0 klbyuahtj
0x18000ca20 kukryymbvfyxx
0x18000c6f0 kzyibsncymtnmoalb
0x18000c740 lohaxgg
0x18000c590 louyhjskv
0x18000c830 lrxoldbfdmugw
0x18000c9a0 majzgacyvcyi
0x18000ca30 mxdizfhoj
0x18000c710 negcybzxgnawzh
0x18000c6b0 niwxveuvmjmm
0x18000c7c0 njjlaru
0x18000c7b0 nkqvywbzprd
0x18000ca60 nmlrohxs
0x18000c5e0 nptuwsodr
0x18000c570 ntlbplaaystpjlkdo
0x18000c970 ogthdwobzu
0x18000c8f0 ousswsa
0x18000c610 pdzuvbhyzuy
0x18000c900 pfhsbdoqbp
0x18000c990 picnnoyxzaxptsgh
0x18000c540 pzppcxnrb
0x18000c8c0 qegdbbkmucrpnd
0x18000c8b0 qegsqmxjc
0x18000ca10 qrceziyxj
0x18000c7e0 qscwaurodnkazy
0x18000c920 qsgwrgt
0x18000c8d0 qsunnitkh
0x18000c910 qufmbmzmkp
0x18000c5e0 qvowhrf
0x18000c930 raucwmyw
0x18000c9d0 rkyltlairxrcbjh
0x18000c5d0 srpquvaimowyczyll
0x18000c620 tcoivijypuswvcr
0x18000c9b0 tlfnmetx
0x18000c6c0 ubztetrtc
0x18000c670 ulfuwsezh
0x18000c810 unfuzyfo
0x18000c5a0 vndbhzphp
0x18000c8e0 vntqdappit
0x18000c650 wkzqvahlekirw
0x18000c860 wmjfcmaisnpsrkz
0x18000ca50 xaeuoxgpjnkfplp
0x18000c9f0 xazmcqboi
0x18000c580 xcsbrdojcui
0x18000c770 xfvapthp
0x18000c5f0 xxstqbytpighk
0x18000c820 yyifmoegkk
0x18000c800 zfvqfpgrdwwocap
0x18000c940 zpzvnxxprlabbentz
0x18000c530 zqppyptyg
0x18000c7d0 zvbjkdmxme
KERNEL32.dll
0x180019000 GetProcessHeap
0x180019008 ExitProcess
0x180019010 WriteConsoleW
0x180019018 RtlCaptureContext
0x180019020 RtlLookupFunctionEntry
0x180019028 RtlVirtualUnwind
0x180019030 UnhandledExceptionFilter
0x180019038 SetUnhandledExceptionFilter
0x180019040 GetCurrentProcess
0x180019048 TerminateProcess
0x180019050 IsProcessorFeaturePresent
0x180019058 QueryPerformanceCounter
0x180019060 GetCurrentProcessId
0x180019068 GetCurrentThreadId
0x180019070 GetSystemTimeAsFileTime
0x180019078 InitializeSListHead
0x180019080 IsDebuggerPresent
0x180019088 GetStartupInfoW
0x180019090 GetModuleHandleW
0x180019098 RtlUnwindEx
0x1800190a0 InterlockedFlushSList
0x1800190a8 RtlPcToFileHeader
0x1800190b0 RaiseException
0x1800190b8 GetLastError
0x1800190c0 SetLastError
0x1800190c8 EnterCriticalSection
0x1800190d0 LeaveCriticalSection
0x1800190d8 DeleteCriticalSection
0x1800190e0 InitializeCriticalSectionAndSpinCount
0x1800190e8 TlsAlloc
0x1800190f0 TlsGetValue
0x1800190f8 TlsSetValue
0x180019100 TlsFree
0x180019108 FreeLibrary
0x180019110 GetProcAddress
0x180019118 LoadLibraryExW
0x180019120 GetModuleHandleExW
0x180019128 GetModuleFileNameW
0x180019130 HeapAlloc
0x180019138 LCMapStringW
0x180019140 HeapFree
0x180019148 FindClose
0x180019150 FindFirstFileExW
0x180019158 FindNextFileW
0x180019160 IsValidCodePage
0x180019168 GetACP
0x180019170 GetOEMCP
0x180019178 GetCPInfo
0x180019180 GetCommandLineA
0x180019188 GetCommandLineW
0x180019190 MultiByteToWideChar
0x180019198 WideCharToMultiByte
0x1800191a0 GetEnvironmentStringsW
0x1800191a8 FreeEnvironmentStringsW
0x1800191b0 GetStdHandle
0x1800191b8 GetFileType
0x1800191c0 GetStringTypeW
0x1800191c8 HeapSize
0x1800191d0 HeapReAlloc
0x1800191d8 SetStdHandle
0x1800191e0 FlushFileBuffers
0x1800191e8 WriteFile
0x1800191f0 GetConsoleCP
0x1800191f8 GetConsoleMode
0x180019200 SetFilePointerEx
0x180019208 CreateFileW
0x180019210 CloseHandle
EAT(Export Address Table) Library
0x18000c350 DllRegisterServer
0x18000c430 DllUnregisterServer
0x18000c790 aerghlnbbneduhs
0x18000ca40 aiwkkcxryot
0x18000c750 aquncxxeyeri
0x18000c980 asyfquhsdv
0x18000c680 avdpulh
0x18000c6f0 ayoizyblkjcr
0x18000c760 bhlgvbmxhbafwsf
0x18000c720 bkrpcjqxuyr
0x18000c730 bnmzzfyna
0x18000c640 bwnwjabnjpwijex
0x18000c870 cacdjzuef
0x18000c600 cdxvnjhfxbez
0x18000c890 denawhfigtalypxym
0x18000ca00 dvvqsfnc
0x18000c700 eqmcmblcbtt
0x18000c6e0 ewqmfuwwehfcgx
0x18000c990 favxquprprvm
0x18000c960 fblrjzv
0x18000c6a0 fdbpvduyvrvsit
0x18000c9c0 ffqeumpyhjipb
0x18000c630 forjyoidxgkprwj
0x18000c9e0 fqqhnnasigcs
0x18000c840 ftxsissa
0x18000c950 fvqyrygloq
0x18000c8a0 gbliyelkopoquz
0x18000c780 glxxpla
0x18000c550 goallyvllcrfsek
0x18000c5b0 gofzzigktnlecxmv
0x18000c850 gqnepbdhebsmgoxp
0x18000c660 hnqxeiwmii
0x18000c6d0 hpcondmuqmrhlvk
0x18000c560 ilixbtuwmbjbeyg
0x18000c5c0 ipbpwjoqw
0x18000c690 ipovsognxmp
0x18000c7f0 itwgvvlqwu
0x18000c880 kgmrsveokahapodhd
0x18000c7a0 klbyuahtj
0x18000ca20 kukryymbvfyxx
0x18000c6f0 kzyibsncymtnmoalb
0x18000c740 lohaxgg
0x18000c590 louyhjskv
0x18000c830 lrxoldbfdmugw
0x18000c9a0 majzgacyvcyi
0x18000ca30 mxdizfhoj
0x18000c710 negcybzxgnawzh
0x18000c6b0 niwxveuvmjmm
0x18000c7c0 njjlaru
0x18000c7b0 nkqvywbzprd
0x18000ca60 nmlrohxs
0x18000c5e0 nptuwsodr
0x18000c570 ntlbplaaystpjlkdo
0x18000c970 ogthdwobzu
0x18000c8f0 ousswsa
0x18000c610 pdzuvbhyzuy
0x18000c900 pfhsbdoqbp
0x18000c990 picnnoyxzaxptsgh
0x18000c540 pzppcxnrb
0x18000c8c0 qegdbbkmucrpnd
0x18000c8b0 qegsqmxjc
0x18000ca10 qrceziyxj
0x18000c7e0 qscwaurodnkazy
0x18000c920 qsgwrgt
0x18000c8d0 qsunnitkh
0x18000c910 qufmbmzmkp
0x18000c5e0 qvowhrf
0x18000c930 raucwmyw
0x18000c9d0 rkyltlairxrcbjh
0x18000c5d0 srpquvaimowyczyll
0x18000c620 tcoivijypuswvcr
0x18000c9b0 tlfnmetx
0x18000c6c0 ubztetrtc
0x18000c670 ulfuwsezh
0x18000c810 unfuzyfo
0x18000c5a0 vndbhzphp
0x18000c8e0 vntqdappit
0x18000c650 wkzqvahlekirw
0x18000c860 wmjfcmaisnpsrkz
0x18000ca50 xaeuoxgpjnkfplp
0x18000c9f0 xazmcqboi
0x18000c580 xcsbrdojcui
0x18000c770 xfvapthp
0x18000c5f0 xxstqbytpighk
0x18000c820 yyifmoegkk
0x18000c800 zfvqfpgrdwwocap
0x18000c940 zpzvnxxprlabbentz
0x18000c530 zqppyptyg
0x18000c7d0 zvbjkdmxme