ScreenShot
| Created | 2021.11.08 14:49 | Machine | s1_win7_x6402 |
| Filename | gTiBAFGxjBXmnkn.mp3 | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 44 detected (malicious, high confidence, GenericKD, Drixed, Unsafe, Save, confidence, 100%, Cridex, Convagent, Eldorado, Attribute, HighConfidence, Kryptik, HNEO, score, UMal, acwrz@0, Dridex, 0NA103K421, R + Mal, EncPk, Static AI, Suspicious PE, kcloud, R448551, ZedlaF, Cu8@aW@O8Hi, ai score=81, Generic@ML, RDMK, KHcFq5Mw0fTYiPvLcwxOXQ, eegCPv9St6U, GdSda) | ||
| md5 | e44025fdc31cdce162ed7573b6c501f5 | ||
| sha256 | ca38cbc0b86b49e80f1f6452c8444c7edff8028ac70b65bfc745dc69d7554b72 | ||
| ssdeep | 12288:iZKEZNxJPdthZz/MqmOce24Wqa+cKdDSFczjJgiUCeoCqoE:iZKEr/1jhz17Px | ||
| imphash | ccdf79216449388cf5a36d38a385d866 | ||
| impfuzzy | 24:UhCIrRA/KAEGLzQ1t9xo23IdlI9uGnayTVTWC1v/ElRWGHU:U8IS/KAEIzQ1t9xJ3IOv7NNElRWGHU | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
IPHLPAPI.DLL
0x1000903c GetInterfaceInfo
COMDLG32.dll
0x10009014 ReplaceTextW
0x10009018 ChooseFontW
msvcrt.dll
0x10009100 realloc
0x10009104 memset
WININET.dll
0x100090ec InternetSetStatusCallback
USER32.dll
0x100090d0 DefWindowProcW
0x100090d4 MapVirtualKeyA
0x100090d8 GetWindowPlacement
0x100090dc LookupIconIdFromDirectory
0x100090e0 CreateDialogIndirectParamA
0x100090e4 GetMonitorInfoW
ADVAPI32.dll
0x10009000 RegEnumKeyA
0x10009004 SaferIdentifyLevel
SETUPAPI.dll
0x1000909c SetupCreateDiskSpaceListW
0x100090a0 SetupDiGetClassInstallParamsW
0x100090a4 SetupRemoveFromSourceListW
WINMM.dll
0x100090f4 midiInPrepareHeader
0x100090f8 midiOutGetDevCapsW
OLEAUT32.dll
0x10009084 VarI4FromCy
0x10009088 VarBstrFromR4
0x1000908c VarBoolFromR4
GDI32.dll
0x10009034 Polyline
MSACM32.dll
0x1000907c acmDriverClose
POWRPROF.dll
0x10009094 WriteGlobalPwrPolicy
ESENT.dll
0x1000902c JetGetBookmark
KERNEL32.dll
0x10009044 GetCurrentActCtx
0x10009048 TerminateProcess
0x1000904c GetModuleHandleW
0x10009050 GetProfileSectionA
0x10009054 CreateHardLinkW
0x10009058 GetComputerNameW
0x1000905c GetTempPathW
0x10009060 GetProfileStringA
0x10009064 GetModuleHandleA
0x10009068 GetModuleFileNameW
0x1000906c DeleteAtom
CRYPT32.dll
0x10009020 CertSetCertificateContextProperty
0x10009024 CertControlStore
MPRAPI.dll
0x10009074 MprConfigServerConnect
SHELL32.dll
0x100090ac SHParseDisplayName
COMCTL32.dll
0x1000900c PropertySheetW
SHLWAPI.dll
0x100090b4 StrCatBuffW
0x100090b8 PathAppendA
0x100090bc PathGetDriveNumberW
0x100090c0 StrRetToBufA
Secur32.dll
0x100090c8 AcquireCredentialsHandleW
ole32.dll
0x1000910c OleIsRunning
EAT(Export Address Table) Library
0x1006b1ac DmlooirmFert
IPHLPAPI.DLL
0x1000903c GetInterfaceInfo
COMDLG32.dll
0x10009014 ReplaceTextW
0x10009018 ChooseFontW
msvcrt.dll
0x10009100 realloc
0x10009104 memset
WININET.dll
0x100090ec InternetSetStatusCallback
USER32.dll
0x100090d0 DefWindowProcW
0x100090d4 MapVirtualKeyA
0x100090d8 GetWindowPlacement
0x100090dc LookupIconIdFromDirectory
0x100090e0 CreateDialogIndirectParamA
0x100090e4 GetMonitorInfoW
ADVAPI32.dll
0x10009000 RegEnumKeyA
0x10009004 SaferIdentifyLevel
SETUPAPI.dll
0x1000909c SetupCreateDiskSpaceListW
0x100090a0 SetupDiGetClassInstallParamsW
0x100090a4 SetupRemoveFromSourceListW
WINMM.dll
0x100090f4 midiInPrepareHeader
0x100090f8 midiOutGetDevCapsW
OLEAUT32.dll
0x10009084 VarI4FromCy
0x10009088 VarBstrFromR4
0x1000908c VarBoolFromR4
GDI32.dll
0x10009034 Polyline
MSACM32.dll
0x1000907c acmDriverClose
POWRPROF.dll
0x10009094 WriteGlobalPwrPolicy
ESENT.dll
0x1000902c JetGetBookmark
KERNEL32.dll
0x10009044 GetCurrentActCtx
0x10009048 TerminateProcess
0x1000904c GetModuleHandleW
0x10009050 GetProfileSectionA
0x10009054 CreateHardLinkW
0x10009058 GetComputerNameW
0x1000905c GetTempPathW
0x10009060 GetProfileStringA
0x10009064 GetModuleHandleA
0x10009068 GetModuleFileNameW
0x1000906c DeleteAtom
CRYPT32.dll
0x10009020 CertSetCertificateContextProperty
0x10009024 CertControlStore
MPRAPI.dll
0x10009074 MprConfigServerConnect
SHELL32.dll
0x100090ac SHParseDisplayName
COMCTL32.dll
0x1000900c PropertySheetW
SHLWAPI.dll
0x100090b4 StrCatBuffW
0x100090b8 PathAppendA
0x100090bc PathGetDriveNumberW
0x100090c0 StrRetToBufA
Secur32.dll
0x100090c8 AcquireCredentialsHandleW
ole32.dll
0x1000910c OleIsRunning
EAT(Export Address Table) Library
0x1006b1ac DmlooirmFert