ScreenShot
| Created | 2021.11.10 09:40 | Machine | s1_win7_x6401 |
| Filename | zuroq9 | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 813e4625e96182b6a99b0c3a8733ff77 | ||
| sha256 | 77e2786e4867685294fdccd9905fa08f9f75f81df31497c5a8b4656bcee67eb9 | ||
| ssdeep | 6144:Ni/6pI17FrzJpguwVOPSBOyPdpXzwdyuPMgGUKXs8IMd6RXiqrcsrc/Qe:NDuxrWIPSBOyPmSs8Inbu/ | ||
| imphash | a4585b02e9865ca7dab7867b81bc3a92 | ||
| impfuzzy | 48:6qoO8uedglPtTc+pCv6myTEEM8XtuhK0QECACGIQQ+9:6XxrdglPtTc+p0EE | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | BazarLoader_IN | BazarLoader | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180052038 GetModuleFileNameA
0x180052040 GetProcAddress
0x180052048 LoadLibraryA
0x180052050 CreateFileMappingA
0x180052058 GetCommandLineA
0x180052060 DeleteFileA
0x180052068 GetLastError
0x180052070 HeapAlloc
0x180052078 HeapFree
0x180052080 GetProcessHeap
0x180052088 Sleep
0x180052090 ExitProcess
0x180052098 ExitThread
0x1800520a0 GetSystemTime
0x1800520a8 VirtualAlloc
0x1800520b0 lstrcmpA
0x1800520b8 WriteFile
0x1800520c0 GetTempPathA
0x1800520c8 CreateMutexA
0x1800520d0 GetTickCount
0x1800520d8 VirtualFree
0x1800520e0 GlobalAlloc
0x1800520e8 GetDateFormatA
0x1800520f0 GetTimeFormatA
0x1800520f8 FreeLibrary
0x180052100 Process32First
0x180052108 Process32Next
0x180052110 CreateThread
0x180052118 lstrcatA
0x180052120 lstrcpyA
0x180052128 WriteConsoleW
0x180052130 CreateFileW
0x180052138 FlushFileBuffers
0x180052140 SetFilePointerEx
0x180052148 GetConsoleMode
0x180052150 GetConsoleCP
0x180052158 SetStdHandle
0x180052160 RtlPcToFileHeader
0x180052168 RaiseException
0x180052170 EncodePointer
0x180052178 RtlUnwindEx
0x180052180 UnmapViewOfFile
0x180052188 MapViewOfFile
0x180052190 VirtualProtect
0x180052198 CloseHandle
0x1800521a0 GetFileSize
0x1800521a8 CreateToolhelp32Snapshot
0x1800521b0 CreateFileA
0x1800521b8 WideCharToMultiByte
0x1800521c0 MultiByteToWideChar
0x1800521c8 GetStringTypeW
0x1800521d0 GetCPInfo
0x1800521d8 GetOEMCP
0x1800521e0 GetACP
0x1800521e8 IsValidCodePage
0x1800521f0 LCMapStringW
0x1800521f8 UnhandledExceptionFilter
0x180052200 SetUnhandledExceptionFilter
0x180052208 GetCurrentProcess
0x180052210 TerminateProcess
0x180052218 IsProcessorFeaturePresent
0x180052220 SetLastError
0x180052228 GetModuleHandleW
0x180052230 GetModuleHandleExW
0x180052238 IsDebuggerPresent
0x180052240 EnterCriticalSection
0x180052248 LeaveCriticalSection
0x180052250 DeleteCriticalSection
0x180052258 InitializeCriticalSectionAndSpinCount
0x180052260 TlsGetValue
0x180052268 TlsSetValue
0x180052270 LoadLibraryExW
USER32.dll
0x180052280 LoadMenuA
0x180052288 GetMenu
0x180052290 SetMenu
0x180052298 GetMenuStringA
0x1800522a0 DrawMenuBar
0x1800522a8 CreateMenu
0x1800522b0 CreatePopupMenu
0x1800522b8 DestroyMenu
0x1800522c0 EnableMenuItem
0x1800522c8 AppendMenuA
0x1800522d0 InsertMenuItemA
0x1800522d8 MessageBoxA
0x1800522e0 ActivateKeyboardLayout
0x1800522e8 GetKeyboardLayout
0x1800522f0 RegisterClassA
0x1800522f8 GetWindowTextA
0x180052300 SetWindowTextA
0x180052308 DeleteMenu
GDI32.dll
0x180052000 SetBkMode
0x180052008 SetBkColor
0x180052010 GetTextExtentPoint32A
0x180052018 DeleteObject
0x180052020 CreateFontIndirectA
0x180052028 SetTextColor
ntdll.dll
0x180052378 RtlVirtualUnwind
0x180052380 RtlLookupFunctionEntry
0x180052388 RtlCaptureContext
WININET.dll
0x180052318 InternetCanonicalizeUrlA
0x180052320 InternetCloseHandle
0x180052328 InternetConnectA
0x180052330 InternetReadFile
0x180052338 InternetQueryOptionA
0x180052340 InternetSetOptionA
0x180052348 HttpOpenRequestA
0x180052350 HttpAddRequestHeadersA
0x180052358 HttpSendRequestA
0x180052360 HttpQueryInfoA
0x180052368 InternetOpenA
EAT(Export Address Table) Library
0x18002a1f0 DllRegisterServer
0x18002a284 DllResumeServer
0x18002a310 DllStartServer
0x18002a39c DllStopServer
0x18002a428 DllSuspendServer
0x18002a4bc DllUnregisterServer
0x18002b300 a0i
0x18002b4a4 bn2o
0x18002a550 chql
0x18002acb8 fmr8t6xyemlhdyszy9ny
0x18002aed0 fvchb0dsyzm4k5pqs50zvvooyd2
0x18002a5d0 gf8
0x18002ac18 gnvfiwfpoekyfqfb00y8dwl7ao0
0x18002a9a8 hpsd2mmdaq09nkotvt31hq3j
0x18002a91c ia6qhyu36gk6
0x18002b1e4 iejm
0x18002a638 it42f4vda6
0x18002ad54 ma8anqvwb5vu2bk2zmy
0x18002a888 n6oqp8x4cwd9jb9258a
0x18002b264 nvr4od50szz9548z43ki8q
0x18002b524 p3bf
0x18002b150 p8b13v1cc61zs1pd
0x18002a6c0 q0ztrpprlf8
0x18002b368 r2vfhdue8qs1t8r4p6tk4lv7m
0x18002aae8 s0qa5
0x18002af70 t7ai2
0x18002ae68 u5u
0x18002b408 uneuzmof23nua4d0ba98
0x18002ade8 v1dmo
0x18002a7e8 vjxdko54e8lp66owkcg20zg0o
0x18002aff0 vv1pokfu3gzelhcqro39mddcfrtg
0x18002b0a0 x0dzgvozyb5eq90v1zjzibmiiyaaj
0x18002a748 xgj66mbqyl798991zmj3upb40
0x18002ab68 yasebtt45cuhjlxza9q5tfo4dp811
0x18002aa48 yigqk0uelvgjxf7ot47jfc3oi
KERNEL32.dll
0x180052038 GetModuleFileNameA
0x180052040 GetProcAddress
0x180052048 LoadLibraryA
0x180052050 CreateFileMappingA
0x180052058 GetCommandLineA
0x180052060 DeleteFileA
0x180052068 GetLastError
0x180052070 HeapAlloc
0x180052078 HeapFree
0x180052080 GetProcessHeap
0x180052088 Sleep
0x180052090 ExitProcess
0x180052098 ExitThread
0x1800520a0 GetSystemTime
0x1800520a8 VirtualAlloc
0x1800520b0 lstrcmpA
0x1800520b8 WriteFile
0x1800520c0 GetTempPathA
0x1800520c8 CreateMutexA
0x1800520d0 GetTickCount
0x1800520d8 VirtualFree
0x1800520e0 GlobalAlloc
0x1800520e8 GetDateFormatA
0x1800520f0 GetTimeFormatA
0x1800520f8 FreeLibrary
0x180052100 Process32First
0x180052108 Process32Next
0x180052110 CreateThread
0x180052118 lstrcatA
0x180052120 lstrcpyA
0x180052128 WriteConsoleW
0x180052130 CreateFileW
0x180052138 FlushFileBuffers
0x180052140 SetFilePointerEx
0x180052148 GetConsoleMode
0x180052150 GetConsoleCP
0x180052158 SetStdHandle
0x180052160 RtlPcToFileHeader
0x180052168 RaiseException
0x180052170 EncodePointer
0x180052178 RtlUnwindEx
0x180052180 UnmapViewOfFile
0x180052188 MapViewOfFile
0x180052190 VirtualProtect
0x180052198 CloseHandle
0x1800521a0 GetFileSize
0x1800521a8 CreateToolhelp32Snapshot
0x1800521b0 CreateFileA
0x1800521b8 WideCharToMultiByte
0x1800521c0 MultiByteToWideChar
0x1800521c8 GetStringTypeW
0x1800521d0 GetCPInfo
0x1800521d8 GetOEMCP
0x1800521e0 GetACP
0x1800521e8 IsValidCodePage
0x1800521f0 LCMapStringW
0x1800521f8 UnhandledExceptionFilter
0x180052200 SetUnhandledExceptionFilter
0x180052208 GetCurrentProcess
0x180052210 TerminateProcess
0x180052218 IsProcessorFeaturePresent
0x180052220 SetLastError
0x180052228 GetModuleHandleW
0x180052230 GetModuleHandleExW
0x180052238 IsDebuggerPresent
0x180052240 EnterCriticalSection
0x180052248 LeaveCriticalSection
0x180052250 DeleteCriticalSection
0x180052258 InitializeCriticalSectionAndSpinCount
0x180052260 TlsGetValue
0x180052268 TlsSetValue
0x180052270 LoadLibraryExW
USER32.dll
0x180052280 LoadMenuA
0x180052288 GetMenu
0x180052290 SetMenu
0x180052298 GetMenuStringA
0x1800522a0 DrawMenuBar
0x1800522a8 CreateMenu
0x1800522b0 CreatePopupMenu
0x1800522b8 DestroyMenu
0x1800522c0 EnableMenuItem
0x1800522c8 AppendMenuA
0x1800522d0 InsertMenuItemA
0x1800522d8 MessageBoxA
0x1800522e0 ActivateKeyboardLayout
0x1800522e8 GetKeyboardLayout
0x1800522f0 RegisterClassA
0x1800522f8 GetWindowTextA
0x180052300 SetWindowTextA
0x180052308 DeleteMenu
GDI32.dll
0x180052000 SetBkMode
0x180052008 SetBkColor
0x180052010 GetTextExtentPoint32A
0x180052018 DeleteObject
0x180052020 CreateFontIndirectA
0x180052028 SetTextColor
ntdll.dll
0x180052378 RtlVirtualUnwind
0x180052380 RtlLookupFunctionEntry
0x180052388 RtlCaptureContext
WININET.dll
0x180052318 InternetCanonicalizeUrlA
0x180052320 InternetCloseHandle
0x180052328 InternetConnectA
0x180052330 InternetReadFile
0x180052338 InternetQueryOptionA
0x180052340 InternetSetOptionA
0x180052348 HttpOpenRequestA
0x180052350 HttpAddRequestHeadersA
0x180052358 HttpSendRequestA
0x180052360 HttpQueryInfoA
0x180052368 InternetOpenA
EAT(Export Address Table) Library
0x18002a1f0 DllRegisterServer
0x18002a284 DllResumeServer
0x18002a310 DllStartServer
0x18002a39c DllStopServer
0x18002a428 DllSuspendServer
0x18002a4bc DllUnregisterServer
0x18002b300 a0i
0x18002b4a4 bn2o
0x18002a550 chql
0x18002acb8 fmr8t6xyemlhdyszy9ny
0x18002aed0 fvchb0dsyzm4k5pqs50zvvooyd2
0x18002a5d0 gf8
0x18002ac18 gnvfiwfpoekyfqfb00y8dwl7ao0
0x18002a9a8 hpsd2mmdaq09nkotvt31hq3j
0x18002a91c ia6qhyu36gk6
0x18002b1e4 iejm
0x18002a638 it42f4vda6
0x18002ad54 ma8anqvwb5vu2bk2zmy
0x18002a888 n6oqp8x4cwd9jb9258a
0x18002b264 nvr4od50szz9548z43ki8q
0x18002b524 p3bf
0x18002b150 p8b13v1cc61zs1pd
0x18002a6c0 q0ztrpprlf8
0x18002b368 r2vfhdue8qs1t8r4p6tk4lv7m
0x18002aae8 s0qa5
0x18002af70 t7ai2
0x18002ae68 u5u
0x18002b408 uneuzmof23nua4d0ba98
0x18002ade8 v1dmo
0x18002a7e8 vjxdko54e8lp66owkcg20zg0o
0x18002aff0 vv1pokfu3gzelhcqro39mddcfrtg
0x18002b0a0 x0dzgvozyb5eq90v1zjzibmiiyaaj
0x18002a748 xgj66mbqyl798991zmj3upb40
0x18002ab68 yasebtt45cuhjlxza9q5tfo4dp811
0x18002aa48 yigqk0uelvgjxf7ot47jfc3oi