ScreenShot
| Created | 2021.11.07 10:37 | Machine | s1_win7_x6401 |
| Filename | 5662_1636108501_375.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 16 detected (GenericKD, BazaLoader, malicious, confidence, Sabsik, Kundo, ai score=87, susgen) | ||
| md5 | 218d08982a5265df0cbc15074f75ff77 | ||
| sha256 | b6b771c2a6791c43c9eeddaf9970d78a375d3b69661393fe084d930f18059602 | ||
| ssdeep | 6144:n5jHbD+vl2r1PHGRWET0FJPsVCQ4ia2PcO6nBRsCWTEKuC45pv:n1Yo1cWfFiPF6nXsHe | ||
| imphash | c2593a475dbf7eb3342d2354aee69d8a | ||
| impfuzzy | 24:Vd02tMS17VlJnc+pl3eDoTAdUSOovbO9ZbvwjMR:VttMS17Fc+pp/T3Pp | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x18000d000 GetTickCount64
0x18000d008 GetProcessHeap
0x18000d010 ExitProcess
0x18000d018 WriteConsoleW
0x18000d020 RtlCaptureContext
0x18000d028 RtlLookupFunctionEntry
0x18000d030 RtlVirtualUnwind
0x18000d038 UnhandledExceptionFilter
0x18000d040 SetUnhandledExceptionFilter
0x18000d048 GetCurrentProcess
0x18000d050 TerminateProcess
0x18000d058 IsProcessorFeaturePresent
0x18000d060 QueryPerformanceCounter
0x18000d068 GetCurrentProcessId
0x18000d070 GetCurrentThreadId
0x18000d078 GetSystemTimeAsFileTime
0x18000d080 InitializeSListHead
0x18000d088 IsDebuggerPresent
0x18000d090 GetStartupInfoW
0x18000d098 GetModuleHandleW
0x18000d0a0 RtlUnwindEx
0x18000d0a8 InterlockedFlushSList
0x18000d0b0 GetLastError
0x18000d0b8 SetLastError
0x18000d0c0 EnterCriticalSection
0x18000d0c8 LeaveCriticalSection
0x18000d0d0 DeleteCriticalSection
0x18000d0d8 InitializeCriticalSectionAndSpinCount
0x18000d0e0 TlsAlloc
0x18000d0e8 TlsGetValue
0x18000d0f0 TlsSetValue
0x18000d0f8 TlsFree
0x18000d100 FreeLibrary
0x18000d108 GetProcAddress
0x18000d110 LoadLibraryExW
0x18000d118 RaiseException
0x18000d120 GetModuleHandleExW
0x18000d128 GetModuleFileNameW
0x18000d130 HeapAlloc
0x18000d138 HeapFree
0x18000d140 FindClose
0x18000d148 FindFirstFileExW
0x18000d150 FindNextFileW
0x18000d158 IsValidCodePage
0x18000d160 GetACP
0x18000d168 GetOEMCP
0x18000d170 GetCPInfo
0x18000d178 GetCommandLineA
0x18000d180 GetCommandLineW
0x18000d188 MultiByteToWideChar
0x18000d190 WideCharToMultiByte
0x18000d198 GetEnvironmentStringsW
0x18000d1a0 FreeEnvironmentStringsW
0x18000d1a8 LCMapStringW
0x18000d1b0 GetStdHandle
0x18000d1b8 GetFileType
0x18000d1c0 GetStringTypeW
0x18000d1c8 HeapSize
0x18000d1d0 HeapReAlloc
0x18000d1d8 SetStdHandle
0x18000d1e0 FlushFileBuffers
0x18000d1e8 WriteFile
0x18000d1f0 GetConsoleCP
0x18000d1f8 GetConsoleMode
0x18000d200 SetFilePointerEx
0x18000d208 CreateFileW
0x18000d210 CloseHandle
EAT(Export Address Table) Library
0x1800010c0 DllRegisterServer
0x180001550 abhdnlaifrqnx
0x180001390 akokcxvbs
0x1800013d0 bclfsxv
0x1800014f0 bggizexowcgv
0x180001660 btvuselluuqnq
0x1800013b0 bulbgpdughwjjs
0x1800012a0 bvhzuerk
0x180001750 clpdzcotbrtje
0x180001670 cnxuegxbwcqnpqull
0x180001370 erptxjla
0x1800012b0 eufyqefzerxo
0x1800016f0 euthlvhb
0x180001700 exjambbxencnnm
0x180001760 eykoaviljn
0x180001530 fqgewwahgba
0x1800012c0 fuhmbqncbgikcgzz
0x1800013f0 fvlttbdomuyixlfic
0x1800014e0 gaicnxcrbnpywykmi
0x180001320 gigpfwtuln
0x1800014c0 gjzcxpmdljxlcvihl
0x1800017f0 gmolsie
0x180001350 grjhmdg
0x180001740 gynkkzwifuxkpha
0x1800014d0 hhdfwqgfrcehxymv
0x180001310 hwfntsmpkgpqbhq
0x1800015d0 ikeaepgdzuc
0x1800016c0 iomegpuicdrrfgqh
0x180001650 itkqtgyqrzlwq
0x1800014b0 jasondugjokh
0x180001780 jqdabreh
0x1800015b0 jyghvis
0x1800016b0 kdjoxqcqbrjmhfw
0x180001790 kqsbnhq
0x180001710 kzykjvujah
0x1800012e0 ldqcyznwpxdddanvd
0x180001620 ledmbejhksugkxtpa
0x180001590 liuzwsbkuz
0x180001440 loekxidxq
0x1800017d0 lwkxvlqhn
0x1800017c0 lwtrqkmkmhzgz
0x180001510 lyxnlaiiadwrfex
0x1800013a0 mcqkjlqxorotl
0x180001490 mpgwfia
0x180001810 mqmnaseyuo
0x180001680 nbvpbxssxblyvexx
0x1800016e0 ndfmzorcbxtanwmb
0x180001690 nknxrzzmbdc
0x180001560 nrrstqijfbkrfdrug
0x180001500 ntmbmjhrxybpjtte
0x180001480 nvcbcfiabtvtnigc
0x1800016a0 oejlcnqhehpo
0x180001450 ojxkpetpqxop
0x1800017e0 pkpasjm
0x180001420 ptlkktjpooeg
0x180001380 ptlnulgmhdk
0x1800015a0 qpazarajje
0x1800013e0 rhkawqnfu
0x180001460 rmcjqnmurygjbx
0x180001470 rtnwxsbmtczz
0x1800017b0 rwnlxfp
0x180001730 snjwipictbravk
0x180001300 sorwrrxqjszzxtcy
0x180001800 spbdkqjwqfqs
0x180001360 srmrmokpz
0x180001610 svryenlmqg
0x180001580 tmddiouqpmj
0x1800015a0 txiragpbiroixlei
0x180001550 tyittekratwalvuix
0x180001380 uewdttxlivtqjlc
0x1800014a0 umunxllvioio
0x180001400 umutmwwnptiefvj
0x180001430 uxqrwszyle
0x180001330 vjiqrmuw
0x1800012d0 vkugzyjihkmyy
0x1800015f0 vrlimvpa
0x180001410 vuoulcbqu
0x1800015c0 wkewtqnxnuo
0x1800012f0 wxmgnzqxjrinnrgfi
0x180001340 wxzjroekluggu
0x180001600 xfbqaoyijami
0x180001540 xkqgccyxoxayqhea
0x180001570 xktuhbqpdxk
0x1800016d0 xndbdwkzachnx
0x180001720 xpugtnw
0x1800015e0 xxppwux
0x180001770 ybqzovgupd
0x1800013c0 yexjzmq
0x180001630 yjnnbopxkzgj
0x180001640 yprnjnnzoksblfbor
0x1800017a0 ystqeozymts
0x180001520 ztgcdreczwqntrcgw
KERNEL32.dll
0x18000d000 GetTickCount64
0x18000d008 GetProcessHeap
0x18000d010 ExitProcess
0x18000d018 WriteConsoleW
0x18000d020 RtlCaptureContext
0x18000d028 RtlLookupFunctionEntry
0x18000d030 RtlVirtualUnwind
0x18000d038 UnhandledExceptionFilter
0x18000d040 SetUnhandledExceptionFilter
0x18000d048 GetCurrentProcess
0x18000d050 TerminateProcess
0x18000d058 IsProcessorFeaturePresent
0x18000d060 QueryPerformanceCounter
0x18000d068 GetCurrentProcessId
0x18000d070 GetCurrentThreadId
0x18000d078 GetSystemTimeAsFileTime
0x18000d080 InitializeSListHead
0x18000d088 IsDebuggerPresent
0x18000d090 GetStartupInfoW
0x18000d098 GetModuleHandleW
0x18000d0a0 RtlUnwindEx
0x18000d0a8 InterlockedFlushSList
0x18000d0b0 GetLastError
0x18000d0b8 SetLastError
0x18000d0c0 EnterCriticalSection
0x18000d0c8 LeaveCriticalSection
0x18000d0d0 DeleteCriticalSection
0x18000d0d8 InitializeCriticalSectionAndSpinCount
0x18000d0e0 TlsAlloc
0x18000d0e8 TlsGetValue
0x18000d0f0 TlsSetValue
0x18000d0f8 TlsFree
0x18000d100 FreeLibrary
0x18000d108 GetProcAddress
0x18000d110 LoadLibraryExW
0x18000d118 RaiseException
0x18000d120 GetModuleHandleExW
0x18000d128 GetModuleFileNameW
0x18000d130 HeapAlloc
0x18000d138 HeapFree
0x18000d140 FindClose
0x18000d148 FindFirstFileExW
0x18000d150 FindNextFileW
0x18000d158 IsValidCodePage
0x18000d160 GetACP
0x18000d168 GetOEMCP
0x18000d170 GetCPInfo
0x18000d178 GetCommandLineA
0x18000d180 GetCommandLineW
0x18000d188 MultiByteToWideChar
0x18000d190 WideCharToMultiByte
0x18000d198 GetEnvironmentStringsW
0x18000d1a0 FreeEnvironmentStringsW
0x18000d1a8 LCMapStringW
0x18000d1b0 GetStdHandle
0x18000d1b8 GetFileType
0x18000d1c0 GetStringTypeW
0x18000d1c8 HeapSize
0x18000d1d0 HeapReAlloc
0x18000d1d8 SetStdHandle
0x18000d1e0 FlushFileBuffers
0x18000d1e8 WriteFile
0x18000d1f0 GetConsoleCP
0x18000d1f8 GetConsoleMode
0x18000d200 SetFilePointerEx
0x18000d208 CreateFileW
0x18000d210 CloseHandle
EAT(Export Address Table) Library
0x1800010c0 DllRegisterServer
0x180001550 abhdnlaifrqnx
0x180001390 akokcxvbs
0x1800013d0 bclfsxv
0x1800014f0 bggizexowcgv
0x180001660 btvuselluuqnq
0x1800013b0 bulbgpdughwjjs
0x1800012a0 bvhzuerk
0x180001750 clpdzcotbrtje
0x180001670 cnxuegxbwcqnpqull
0x180001370 erptxjla
0x1800012b0 eufyqefzerxo
0x1800016f0 euthlvhb
0x180001700 exjambbxencnnm
0x180001760 eykoaviljn
0x180001530 fqgewwahgba
0x1800012c0 fuhmbqncbgikcgzz
0x1800013f0 fvlttbdomuyixlfic
0x1800014e0 gaicnxcrbnpywykmi
0x180001320 gigpfwtuln
0x1800014c0 gjzcxpmdljxlcvihl
0x1800017f0 gmolsie
0x180001350 grjhmdg
0x180001740 gynkkzwifuxkpha
0x1800014d0 hhdfwqgfrcehxymv
0x180001310 hwfntsmpkgpqbhq
0x1800015d0 ikeaepgdzuc
0x1800016c0 iomegpuicdrrfgqh
0x180001650 itkqtgyqrzlwq
0x1800014b0 jasondugjokh
0x180001780 jqdabreh
0x1800015b0 jyghvis
0x1800016b0 kdjoxqcqbrjmhfw
0x180001790 kqsbnhq
0x180001710 kzykjvujah
0x1800012e0 ldqcyznwpxdddanvd
0x180001620 ledmbejhksugkxtpa
0x180001590 liuzwsbkuz
0x180001440 loekxidxq
0x1800017d0 lwkxvlqhn
0x1800017c0 lwtrqkmkmhzgz
0x180001510 lyxnlaiiadwrfex
0x1800013a0 mcqkjlqxorotl
0x180001490 mpgwfia
0x180001810 mqmnaseyuo
0x180001680 nbvpbxssxblyvexx
0x1800016e0 ndfmzorcbxtanwmb
0x180001690 nknxrzzmbdc
0x180001560 nrrstqijfbkrfdrug
0x180001500 ntmbmjhrxybpjtte
0x180001480 nvcbcfiabtvtnigc
0x1800016a0 oejlcnqhehpo
0x180001450 ojxkpetpqxop
0x1800017e0 pkpasjm
0x180001420 ptlkktjpooeg
0x180001380 ptlnulgmhdk
0x1800015a0 qpazarajje
0x1800013e0 rhkawqnfu
0x180001460 rmcjqnmurygjbx
0x180001470 rtnwxsbmtczz
0x1800017b0 rwnlxfp
0x180001730 snjwipictbravk
0x180001300 sorwrrxqjszzxtcy
0x180001800 spbdkqjwqfqs
0x180001360 srmrmokpz
0x180001610 svryenlmqg
0x180001580 tmddiouqpmj
0x1800015a0 txiragpbiroixlei
0x180001550 tyittekratwalvuix
0x180001380 uewdttxlivtqjlc
0x1800014a0 umunxllvioio
0x180001400 umutmwwnptiefvj
0x180001430 uxqrwszyle
0x180001330 vjiqrmuw
0x1800012d0 vkugzyjihkmyy
0x1800015f0 vrlimvpa
0x180001410 vuoulcbqu
0x1800015c0 wkewtqnxnuo
0x1800012f0 wxmgnzqxjrinnrgfi
0x180001340 wxzjroekluggu
0x180001600 xfbqaoyijami
0x180001540 xkqgccyxoxayqhea
0x180001570 xktuhbqpdxk
0x1800016d0 xndbdwkzachnx
0x180001720 xpugtnw
0x1800015e0 xxppwux
0x180001770 ybqzovgupd
0x1800013c0 yexjzmq
0x180001630 yjnnbopxkzgj
0x180001640 yprnjnnzoksblfbor
0x1800017a0 ystqeozymts
0x180001520 ztgcdreczwqntrcgw