ScreenShot
| Created | 2022.01.20 07:54 | Machine | s1_win7_x6401 |
| Filename | AxVZTvof0xPasb9nP | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 21 detected (AIDetect, malware2, malicious, high confidence, Emotet, confidence, Eldorado, GenKryptik, FPYD, BankerX, Static AI, Malicious PE, Wacatac, score, R466003, BScope, CJAM) | ||
| md5 | 81e77ccebc0c638812cd75368710b856 | ||
| sha256 | d2b83bfffbaabef77800d6fec843d91fd0ca9f12109b8c2149b41b8fe5143691 | ||
| ssdeep | 6144:+14kZNuAXp3htAsH9dSKSKrjkPIMGCbkOQDb3hfm/U0DjeNqfnkEPJ:pmp3ht7H9dSK/rZz9xSUacqcEP | ||
| imphash | edc5bede1d4d23eae237013f09324b61 | ||
| impfuzzy | 96:VjMQt3TUJMc+pSi1zwsTqisJ5LyaQ2GaBlWcnc4K9QPD:Zspa7qisJ52a1/B4cncT9QPD | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| warning | Generates some ICMP traffic |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Expresses interest in specific running processes |
| notice | Foreign language identified in PE resource |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (13cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x100260b8 GetSystemTimeAsFileTime
0x100260bc GetCommandLineA
0x100260c0 RtlUnwind
0x100260c4 Sleep
0x100260c8 ExitProcess
0x100260cc HeapReAlloc
0x100260d0 RaiseException
0x100260d4 HeapSize
0x100260d8 TerminateProcess
0x100260dc UnhandledExceptionFilter
0x100260e0 SetUnhandledExceptionFilter
0x100260e4 IsDebuggerPresent
0x100260e8 HeapCreate
0x100260ec HeapDestroy
0x100260f0 GetStdHandle
0x100260f4 GetModuleFileNameA
0x100260f8 GetTimeZoneInformation
0x100260fc SetHandleCount
0x10026100 GetFileType
0x10026104 GetStartupInfoA
0x10026108 FreeEnvironmentStringsA
0x1002610c GetEnvironmentStrings
0x10026110 GetEnvironmentStringsW
0x10026114 QueryPerformanceCounter
0x10026118 GetTickCount
0x1002611c InitializeCriticalSectionAndSpinCount
0x10026120 GetCPInfo
0x10026124 GetACP
0x10026128 GetOEMCP
0x1002612c IsValidCodePage
0x10026130 GetConsoleCP
0x10026134 GetConsoleMode
0x10026138 GetLocaleInfoA
0x1002613c GetStringTypeA
0x10026140 GetStringTypeW
0x10026144 LCMapStringA
0x10026148 LCMapStringW
0x1002614c SetStdHandle
0x10026150 WriteConsoleA
0x10026154 GetConsoleOutputCP
0x10026158 WriteConsoleW
0x1002615c CreateFileA
0x10026160 SetEnvironmentVariableA
0x10026164 lstrlenA
0x10026168 GetCurrentProcess
0x1002616c FlushFileBuffers
0x10026170 SetFilePointer
0x10026174 WriteFile
0x10026178 InterlockedIncrement
0x1002617c TlsFree
0x10026180 LocalReAlloc
0x10026184 TlsSetValue
0x10026188 TlsAlloc
0x1002618c GlobalHandle
0x10026190 GlobalReAlloc
0x10026194 TlsGetValue
0x10026198 LocalAlloc
0x1002619c GlobalFlags
0x100261a0 EnterCriticalSection
0x100261a4 LeaveCriticalSection
0x100261a8 DeleteCriticalSection
0x100261ac InitializeCriticalSection
0x100261b0 GlobalFindAtomW
0x100261b4 GetVersionExW
0x100261b8 CompareStringW
0x100261bc GetVersionExA
0x100261c0 FormatMessageW
0x100261c4 LocalFree
0x100261c8 InterlockedDecrement
0x100261cc GetModuleHandleA
0x100261d0 GlobalUnlock
0x100261d4 GlobalFree
0x100261d8 FreeResource
0x100261dc CloseHandle
0x100261e0 lstrlenW
0x100261e4 WritePrivateProfileStringW
0x100261e8 GlobalAddAtomW
0x100261ec GetCurrentProcessId
0x100261f0 GetLastError
0x100261f4 GlobalDeleteAtom
0x100261f8 GetCurrentThread
0x100261fc GetCurrentThreadId
0x10026200 ConvertDefaultLocale
0x10026204 EnumResourceLanguagesW
0x10026208 GetModuleFileNameW
0x1002620c lstrcmpA
0x10026210 GetLocaleInfoW
0x10026214 LoadLibraryW
0x10026218 WideCharToMultiByte
0x1002621c CompareStringA
0x10026220 MultiByteToWideChar
0x10026224 FindResourceW
0x10026228 LoadResource
0x1002622c LockResource
0x10026230 SizeofResource
0x10026234 InterlockedExchange
0x10026238 GlobalLock
0x1002623c lstrcmpW
0x10026240 GlobalAlloc
0x10026244 GetModuleHandleW
0x10026248 VirtualProtect
0x1002624c LoadLibraryA
0x10026250 VirtualAlloc
0x10026254 GetProcAddress
0x10026258 SetLastError
0x1002625c MulDiv
0x10026260 IsBadReadPtr
0x10026264 GetProcessHeap
0x10026268 VirtualFree
0x1002626c HeapFree
0x10026270 HeapAlloc
0x10026274 FreeLibrary
0x10026278 VirtualQuery
0x1002627c FreeEnvironmentStringsW
0x10026280 GetNativeSystemInfo
USER32.dll
0x100262a0 DestroyMenu
0x100262a4 LoadCursorW
0x100262a8 GetSysColorBrush
0x100262ac ShowWindow
0x100262b0 SetWindowTextW
0x100262b4 IsDialogMessageW
0x100262b8 RegisterWindowMessageW
0x100262bc SendDlgItemMessageW
0x100262c0 SendDlgItemMessageA
0x100262c4 WinHelpW
0x100262c8 GetCapture
0x100262cc GetClassLongW
0x100262d0 GetClassNameW
0x100262d4 SetPropW
0x100262d8 GetPropW
0x100262dc RemovePropW
0x100262e0 GetForegroundWindow
0x100262e4 GetTopWindow
0x100262e8 GetMessageTime
0x100262ec GetMessagePos
0x100262f0 MapWindowPoints
0x100262f4 SetMenu
0x100262f8 SetForegroundWindow
0x100262fc CreateWindowExW
0x10026300 GetClassInfoExW
0x10026304 RegisterClassW
0x10026308 AdjustWindowRectEx
0x1002630c CopyRect
0x10026310 PtInRect
0x10026314 GetDlgCtrlID
0x10026318 DefWindowProcW
0x1002631c CallWindowProcW
0x10026320 GetMenu
0x10026324 SetWindowLongW
0x10026328 SetWindowPos
0x1002632c SystemParametersInfoA
0x10026330 GetWindowPlacement
0x10026334 GetMenuItemID
0x10026338 GetMenuItemCount
0x1002633c UnhookWindowsHookEx
0x10026340 EndPaint
0x10026344 BeginPaint
0x10026348 ReleaseDC
0x1002634c GetDC
0x10026350 ClientToScreen
0x10026354 ScreenToClient
0x10026358 GrayStringW
0x1002635c DrawTextExW
0x10026360 DrawTextW
0x10026364 TabbedTextOutW
0x10026368 GetWindowTextW
0x1002636c GetWindow
0x10026370 SetFocus
0x10026374 GetDesktopWindow
0x10026378 EndDeferWindowPos
0x1002637c EnableWindow
0x10026380 UpdateWindow
0x10026384 SendMessageW
0x10026388 SetActiveWindow
0x1002638c CreateDialogIndirectParamW
0x10026390 DestroyWindow
0x10026394 IsWindow
0x10026398 GetDlgItem
0x1002639c GetNextDlgTabItem
0x100263a0 EndDialog
0x100263a4 SetWindowsHookExW
0x100263a8 CallNextHookEx
0x100263ac GetMessageW
0x100263b0 TranslateMessage
0x100263b4 DispatchMessageW
0x100263b8 GetActiveWindow
0x100263bc IsWindowVisible
0x100263c0 GetKeyState
0x100263c4 GetClassInfoW
0x100263c8 GetSystemMetrics
0x100263cc BeginDeferWindowPos
0x100263d0 DeferWindowPos
0x100263d4 GetSysColor
0x100263d8 InvalidateRect
0x100263dc LoadIconW
0x100263e0 GetClientRect
0x100263e4 DrawIcon
0x100263e8 KillTimer
0x100263ec FillRect
0x100263f0 IsIconic
0x100263f4 GetWindowRect
0x100263f8 SetTimer
0x100263fc CheckMenuItem
0x10026400 EnableMenuItem
0x10026404 GetMenuState
0x10026408 ModifyMenuW
0x1002640c GetParent
0x10026410 GetFocus
0x10026414 LoadBitmapW
0x10026418 PeekMessageW
0x1002641c GetCursorPos
0x10026420 ValidateRect
0x10026424 GetWindowThreadProcessId
0x10026428 GetWindowLongW
0x1002642c GetLastActivePopup
0x10026430 IsWindowEnabled
0x10026434 MessageBoxW
0x10026438 SetCursor
0x1002643c PostMessageW
0x10026440 PostQuitMessage
0x10026444 GetSubMenu
0x10026448 SetMenuItemBitmaps
0x1002644c GetMenuCheckMarkDimensions
GDI32.dll
0x10026030 DeleteDC
0x10026034 GetStockObject
0x10026038 GetDeviceCaps
0x1002603c ScaleWindowExtEx
0x10026040 SetWindowExtEx
0x10026044 ScaleViewportExtEx
0x10026048 SetViewportExtEx
0x1002604c OffsetViewportOrgEx
0x10026050 SetViewportOrgEx
0x10026054 SelectObject
0x10026058 Escape
0x1002605c ExtTextOutW
0x10026060 TextOutW
0x10026064 RectVisible
0x10026068 CreateSolidBrush
0x1002606c GetObjectW
0x10026070 DeleteObject
0x10026074 MoveToEx
0x10026078 LineTo
0x1002607c GetClipBox
0x10026080 SetMapMode
0x10026084 SetTextColor
0x10026088 SetBkColor
0x1002608c RestoreDC
0x10026090 SaveDC
0x10026094 CreateBitmap
0x10026098 BitBlt
0x1002609c Polygon
0x100260a0 CreateCompatibleDC
0x100260a4 CreateCompatibleBitmap
0x100260a8 Ellipse
0x100260ac CreatePen
0x100260b0 PtVisible
WINSPOOL.DRV
0x10026454 DocumentPropertiesW
0x10026458 OpenPrinterW
0x1002645c ClosePrinter
ADVAPI32.dll
0x10026000 RegQueryValueW
0x10026004 RegSetValueExW
0x10026008 RegCreateKeyExW
0x1002600c RegCloseKey
0x10026010 RegOpenKeyW
0x10026014 RegEnumKeyW
0x10026018 RegDeleteKeyW
0x1002601c RegOpenKeyExW
0x10026020 RegQueryValueExW
COMCTL32.dll
0x10026028 InitCommonControlsEx
SHLWAPI.dll
0x10026298 PathFindExtensionW
OLEAUT32.dll
0x10026288 VariantClear
0x1002628c VariantChangeType
0x10026290 VariantInit
EAT(Export Address Table) Library
0x100027c6 DllRegisterServer
KERNEL32.dll
0x100260b8 GetSystemTimeAsFileTime
0x100260bc GetCommandLineA
0x100260c0 RtlUnwind
0x100260c4 Sleep
0x100260c8 ExitProcess
0x100260cc HeapReAlloc
0x100260d0 RaiseException
0x100260d4 HeapSize
0x100260d8 TerminateProcess
0x100260dc UnhandledExceptionFilter
0x100260e0 SetUnhandledExceptionFilter
0x100260e4 IsDebuggerPresent
0x100260e8 HeapCreate
0x100260ec HeapDestroy
0x100260f0 GetStdHandle
0x100260f4 GetModuleFileNameA
0x100260f8 GetTimeZoneInformation
0x100260fc SetHandleCount
0x10026100 GetFileType
0x10026104 GetStartupInfoA
0x10026108 FreeEnvironmentStringsA
0x1002610c GetEnvironmentStrings
0x10026110 GetEnvironmentStringsW
0x10026114 QueryPerformanceCounter
0x10026118 GetTickCount
0x1002611c InitializeCriticalSectionAndSpinCount
0x10026120 GetCPInfo
0x10026124 GetACP
0x10026128 GetOEMCP
0x1002612c IsValidCodePage
0x10026130 GetConsoleCP
0x10026134 GetConsoleMode
0x10026138 GetLocaleInfoA
0x1002613c GetStringTypeA
0x10026140 GetStringTypeW
0x10026144 LCMapStringA
0x10026148 LCMapStringW
0x1002614c SetStdHandle
0x10026150 WriteConsoleA
0x10026154 GetConsoleOutputCP
0x10026158 WriteConsoleW
0x1002615c CreateFileA
0x10026160 SetEnvironmentVariableA
0x10026164 lstrlenA
0x10026168 GetCurrentProcess
0x1002616c FlushFileBuffers
0x10026170 SetFilePointer
0x10026174 WriteFile
0x10026178 InterlockedIncrement
0x1002617c TlsFree
0x10026180 LocalReAlloc
0x10026184 TlsSetValue
0x10026188 TlsAlloc
0x1002618c GlobalHandle
0x10026190 GlobalReAlloc
0x10026194 TlsGetValue
0x10026198 LocalAlloc
0x1002619c GlobalFlags
0x100261a0 EnterCriticalSection
0x100261a4 LeaveCriticalSection
0x100261a8 DeleteCriticalSection
0x100261ac InitializeCriticalSection
0x100261b0 GlobalFindAtomW
0x100261b4 GetVersionExW
0x100261b8 CompareStringW
0x100261bc GetVersionExA
0x100261c0 FormatMessageW
0x100261c4 LocalFree
0x100261c8 InterlockedDecrement
0x100261cc GetModuleHandleA
0x100261d0 GlobalUnlock
0x100261d4 GlobalFree
0x100261d8 FreeResource
0x100261dc CloseHandle
0x100261e0 lstrlenW
0x100261e4 WritePrivateProfileStringW
0x100261e8 GlobalAddAtomW
0x100261ec GetCurrentProcessId
0x100261f0 GetLastError
0x100261f4 GlobalDeleteAtom
0x100261f8 GetCurrentThread
0x100261fc GetCurrentThreadId
0x10026200 ConvertDefaultLocale
0x10026204 EnumResourceLanguagesW
0x10026208 GetModuleFileNameW
0x1002620c lstrcmpA
0x10026210 GetLocaleInfoW
0x10026214 LoadLibraryW
0x10026218 WideCharToMultiByte
0x1002621c CompareStringA
0x10026220 MultiByteToWideChar
0x10026224 FindResourceW
0x10026228 LoadResource
0x1002622c LockResource
0x10026230 SizeofResource
0x10026234 InterlockedExchange
0x10026238 GlobalLock
0x1002623c lstrcmpW
0x10026240 GlobalAlloc
0x10026244 GetModuleHandleW
0x10026248 VirtualProtect
0x1002624c LoadLibraryA
0x10026250 VirtualAlloc
0x10026254 GetProcAddress
0x10026258 SetLastError
0x1002625c MulDiv
0x10026260 IsBadReadPtr
0x10026264 GetProcessHeap
0x10026268 VirtualFree
0x1002626c HeapFree
0x10026270 HeapAlloc
0x10026274 FreeLibrary
0x10026278 VirtualQuery
0x1002627c FreeEnvironmentStringsW
0x10026280 GetNativeSystemInfo
USER32.dll
0x100262a0 DestroyMenu
0x100262a4 LoadCursorW
0x100262a8 GetSysColorBrush
0x100262ac ShowWindow
0x100262b0 SetWindowTextW
0x100262b4 IsDialogMessageW
0x100262b8 RegisterWindowMessageW
0x100262bc SendDlgItemMessageW
0x100262c0 SendDlgItemMessageA
0x100262c4 WinHelpW
0x100262c8 GetCapture
0x100262cc GetClassLongW
0x100262d0 GetClassNameW
0x100262d4 SetPropW
0x100262d8 GetPropW
0x100262dc RemovePropW
0x100262e0 GetForegroundWindow
0x100262e4 GetTopWindow
0x100262e8 GetMessageTime
0x100262ec GetMessagePos
0x100262f0 MapWindowPoints
0x100262f4 SetMenu
0x100262f8 SetForegroundWindow
0x100262fc CreateWindowExW
0x10026300 GetClassInfoExW
0x10026304 RegisterClassW
0x10026308 AdjustWindowRectEx
0x1002630c CopyRect
0x10026310 PtInRect
0x10026314 GetDlgCtrlID
0x10026318 DefWindowProcW
0x1002631c CallWindowProcW
0x10026320 GetMenu
0x10026324 SetWindowLongW
0x10026328 SetWindowPos
0x1002632c SystemParametersInfoA
0x10026330 GetWindowPlacement
0x10026334 GetMenuItemID
0x10026338 GetMenuItemCount
0x1002633c UnhookWindowsHookEx
0x10026340 EndPaint
0x10026344 BeginPaint
0x10026348 ReleaseDC
0x1002634c GetDC
0x10026350 ClientToScreen
0x10026354 ScreenToClient
0x10026358 GrayStringW
0x1002635c DrawTextExW
0x10026360 DrawTextW
0x10026364 TabbedTextOutW
0x10026368 GetWindowTextW
0x1002636c GetWindow
0x10026370 SetFocus
0x10026374 GetDesktopWindow
0x10026378 EndDeferWindowPos
0x1002637c EnableWindow
0x10026380 UpdateWindow
0x10026384 SendMessageW
0x10026388 SetActiveWindow
0x1002638c CreateDialogIndirectParamW
0x10026390 DestroyWindow
0x10026394 IsWindow
0x10026398 GetDlgItem
0x1002639c GetNextDlgTabItem
0x100263a0 EndDialog
0x100263a4 SetWindowsHookExW
0x100263a8 CallNextHookEx
0x100263ac GetMessageW
0x100263b0 TranslateMessage
0x100263b4 DispatchMessageW
0x100263b8 GetActiveWindow
0x100263bc IsWindowVisible
0x100263c0 GetKeyState
0x100263c4 GetClassInfoW
0x100263c8 GetSystemMetrics
0x100263cc BeginDeferWindowPos
0x100263d0 DeferWindowPos
0x100263d4 GetSysColor
0x100263d8 InvalidateRect
0x100263dc LoadIconW
0x100263e0 GetClientRect
0x100263e4 DrawIcon
0x100263e8 KillTimer
0x100263ec FillRect
0x100263f0 IsIconic
0x100263f4 GetWindowRect
0x100263f8 SetTimer
0x100263fc CheckMenuItem
0x10026400 EnableMenuItem
0x10026404 GetMenuState
0x10026408 ModifyMenuW
0x1002640c GetParent
0x10026410 GetFocus
0x10026414 LoadBitmapW
0x10026418 PeekMessageW
0x1002641c GetCursorPos
0x10026420 ValidateRect
0x10026424 GetWindowThreadProcessId
0x10026428 GetWindowLongW
0x1002642c GetLastActivePopup
0x10026430 IsWindowEnabled
0x10026434 MessageBoxW
0x10026438 SetCursor
0x1002643c PostMessageW
0x10026440 PostQuitMessage
0x10026444 GetSubMenu
0x10026448 SetMenuItemBitmaps
0x1002644c GetMenuCheckMarkDimensions
GDI32.dll
0x10026030 DeleteDC
0x10026034 GetStockObject
0x10026038 GetDeviceCaps
0x1002603c ScaleWindowExtEx
0x10026040 SetWindowExtEx
0x10026044 ScaleViewportExtEx
0x10026048 SetViewportExtEx
0x1002604c OffsetViewportOrgEx
0x10026050 SetViewportOrgEx
0x10026054 SelectObject
0x10026058 Escape
0x1002605c ExtTextOutW
0x10026060 TextOutW
0x10026064 RectVisible
0x10026068 CreateSolidBrush
0x1002606c GetObjectW
0x10026070 DeleteObject
0x10026074 MoveToEx
0x10026078 LineTo
0x1002607c GetClipBox
0x10026080 SetMapMode
0x10026084 SetTextColor
0x10026088 SetBkColor
0x1002608c RestoreDC
0x10026090 SaveDC
0x10026094 CreateBitmap
0x10026098 BitBlt
0x1002609c Polygon
0x100260a0 CreateCompatibleDC
0x100260a4 CreateCompatibleBitmap
0x100260a8 Ellipse
0x100260ac CreatePen
0x100260b0 PtVisible
WINSPOOL.DRV
0x10026454 DocumentPropertiesW
0x10026458 OpenPrinterW
0x1002645c ClosePrinter
ADVAPI32.dll
0x10026000 RegQueryValueW
0x10026004 RegSetValueExW
0x10026008 RegCreateKeyExW
0x1002600c RegCloseKey
0x10026010 RegOpenKeyW
0x10026014 RegEnumKeyW
0x10026018 RegDeleteKeyW
0x1002601c RegOpenKeyExW
0x10026020 RegQueryValueExW
COMCTL32.dll
0x10026028 InitCommonControlsEx
SHLWAPI.dll
0x10026298 PathFindExtensionW
OLEAUT32.dll
0x10026288 VariantClear
0x1002628c VariantChangeType
0x10026290 VariantInit
EAT(Export Address Table) Library
0x100027c6 DllRegisterServer