ScreenShot
| Created | 2022.03.03 17:13 | Machine | s1_win7_x6401 |
| Filename | DyMNglRY5B4abPy1hH | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 12 detected (malicious, high confidence, Emotet, Eldorado, GenKryptik, FRMF, BotX, ASCommon, YzY0Oh0vshRw7Vz3) | ||
| md5 | 6cc3dc76cafdf5e34067999a76d7d9eb | ||
| sha256 | ade4d52dac792f27b4ad48d0ff5b23308e96fb4361ae577e04e27ef6b2065797 | ||
| ssdeep | 12288:ZxpNJJJ2NHPoczJOOtIhxf3foRXIa5EPwvA:Zx2gczJOFf3fnaFvA | ||
| imphash | b193e4975b360aaa9ff34a6f93823ae8 | ||
| impfuzzy | 96:sibtrjLo14XoVDdE4wnxmQk4dvKSUH2DcL6cyqF1QPD:H1mdEXxmQk4dvKSUWDc+cRQPD | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | Generates some ICMP traffic |
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Communication to multiple IPs on high port numbers possibly indicative of a peer-to-peer (P2P) or non-standard command and control protocol |
| notice | Expresses interest in specific running processes |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (22cnts) ?
Suricata ids
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 9
ET CNC Feodo Tracker Reported CnC Server group 3
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 23
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 9
ET CNC Feodo Tracker Reported CnC Server group 3
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 23
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1003e0ac HeapFree
0x1003e0b0 RtlUnwind
0x1003e0b4 VirtualAlloc
0x1003e0b8 HeapAlloc
0x1003e0bc HeapReAlloc
0x1003e0c0 GetCommandLineA
0x1003e0c4 GetProcessHeap
0x1003e0c8 RaiseException
0x1003e0cc HeapSize
0x1003e0d0 HeapDestroy
0x1003e0d4 HeapCreate
0x1003e0d8 VirtualFree
0x1003e0dc TerminateProcess
0x1003e0e0 UnhandledExceptionFilter
0x1003e0e4 SetUnhandledExceptionFilter
0x1003e0e8 IsDebuggerPresent
0x1003e0ec GetStdHandle
0x1003e0f0 Sleep
0x1003e0f4 SetHandleCount
0x1003e0f8 GetFileType
0x1003e0fc FreeEnvironmentStringsA
0x1003e100 GetEnvironmentStrings
0x1003e104 FreeEnvironmentStringsW
0x1003e108 GetEnvironmentStringsW
0x1003e10c QueryPerformanceCounter
0x1003e110 GetTickCount
0x1003e114 GetSystemTimeAsFileTime
0x1003e118 GetACP
0x1003e11c LCMapStringA
0x1003e120 LCMapStringW
0x1003e124 GetStringTypeA
0x1003e128 GetStringTypeW
0x1003e12c GetConsoleCP
0x1003e130 GetConsoleMode
0x1003e134 SetStdHandle
0x1003e138 WriteConsoleA
0x1003e13c GetConsoleOutputCP
0x1003e140 WriteConsoleW
0x1003e144 CreateFileA
0x1003e148 GetCurrentProcess
0x1003e14c GetThreadLocale
0x1003e150 FlushFileBuffers
0x1003e154 SetFilePointer
0x1003e158 WriteFile
0x1003e15c ReadFile
0x1003e160 GetOEMCP
0x1003e164 GetCPInfo
0x1003e168 TlsFree
0x1003e16c DeleteCriticalSection
0x1003e170 LocalReAlloc
0x1003e174 TlsSetValue
0x1003e178 TlsAlloc
0x1003e17c InitializeCriticalSection
0x1003e180 GlobalHandle
0x1003e184 GlobalReAlloc
0x1003e188 EnterCriticalSection
0x1003e18c TlsGetValue
0x1003e190 LeaveCriticalSection
0x1003e194 LocalAlloc
0x1003e198 InterlockedIncrement
0x1003e19c GlobalFlags
0x1003e1a0 WritePrivateProfileStringA
0x1003e1a4 GetCurrentProcessId
0x1003e1a8 CloseHandle
0x1003e1ac GetCurrentThread
0x1003e1b0 ConvertDefaultLocale
0x1003e1b4 GetModuleFileNameA
0x1003e1b8 EnumResourceLanguagesA
0x1003e1bc GetLocaleInfoA
0x1003e1c0 lstrcmpA
0x1003e1c4 InterlockedDecrement
0x1003e1c8 GetCurrentThreadId
0x1003e1cc GlobalGetAtomNameA
0x1003e1d0 GlobalAddAtomA
0x1003e1d4 GlobalFindAtomA
0x1003e1d8 GlobalDeleteAtom
0x1003e1dc FreeLibrary
0x1003e1e0 lstrcmpW
0x1003e1e4 GetVersionExA
0x1003e1e8 GlobalAlloc
0x1003e1ec FormatMessageA
0x1003e1f0 LocalFree
0x1003e1f4 SizeofResource
0x1003e1f8 MulDiv
0x1003e1fc GlobalLock
0x1003e200 GlobalUnlock
0x1003e204 GlobalFree
0x1003e208 FindResourceA
0x1003e20c LoadResource
0x1003e210 LockResource
0x1003e214 FreeResource
0x1003e218 ExitProcess
0x1003e21c GetModuleHandleA
0x1003e220 LoadLibraryA
0x1003e224 GetProcAddress
0x1003e228 GetLastError
0x1003e22c SetLastError
0x1003e230 lstrlenA
0x1003e234 WideCharToMultiByte
0x1003e238 CompareStringA
0x1003e23c MultiByteToWideChar
0x1003e240 GetVersion
0x1003e244 GetStartupInfoA
0x1003e248 InterlockedExchange
USER32.dll
0x1003e268 LoadCursorA
0x1003e26c GetSysColorBrush
0x1003e270 GetWindowThreadProcessId
0x1003e274 SetCursor
0x1003e278 GetMessageA
0x1003e27c TranslateMessage
0x1003e280 GetCursorPos
0x1003e284 ValidateRect
0x1003e288 PostQuitMessage
0x1003e28c EndPaint
0x1003e290 BeginPaint
0x1003e294 ClientToScreen
0x1003e298 GrayStringA
0x1003e29c DrawTextExA
0x1003e2a0 DrawTextA
0x1003e2a4 TabbedTextOutA
0x1003e2a8 GetDC
0x1003e2ac ShowWindow
0x1003e2b0 SetWindowTextA
0x1003e2b4 IsDialogMessageA
0x1003e2b8 SetMenuItemBitmaps
0x1003e2bc GetMenuCheckMarkDimensions
0x1003e2c0 ModifyMenuA
0x1003e2c4 EnableMenuItem
0x1003e2c8 CheckMenuItem
0x1003e2cc RegisterWindowMessageA
0x1003e2d0 SendDlgItemMessageA
0x1003e2d4 WinHelpA
0x1003e2d8 GetCapture
0x1003e2dc CallNextHookEx
0x1003e2e0 GetClassLongA
0x1003e2e4 GetClassNameA
0x1003e2e8 GetPropA
0x1003e2ec RemovePropA
0x1003e2f0 GetFocus
0x1003e2f4 SetFocus
0x1003e2f8 GetWindowTextA
0x1003e2fc GetForegroundWindow
0x1003e300 GetLastActivePopup
0x1003e304 DispatchMessageA
0x1003e308 GetTopWindow
0x1003e30c UnhookWindowsHookEx
0x1003e310 GetMessageTime
0x1003e314 GetMessagePos
0x1003e318 PeekMessageA
0x1003e31c MapWindowPoints
0x1003e320 GetKeyState
0x1003e324 SetForegroundWindow
0x1003e328 IsWindowVisible
0x1003e32c UpdateWindow
0x1003e330 GetMenu
0x1003e334 PostMessageA
0x1003e338 MessageBoxA
0x1003e33c CreateWindowExA
0x1003e340 GetClassInfoExA
0x1003e344 GetClassInfoA
0x1003e348 RegisterClassA
0x1003e34c AdjustWindowRectEx
0x1003e350 EnableWindow
0x1003e354 SendMessageA
0x1003e358 CopyRect
0x1003e35c PtInRect
0x1003e360 GetDlgCtrlID
0x1003e364 DefWindowProcA
0x1003e368 CallWindowProcA
0x1003e36c SetWindowLongA
0x1003e370 SetWindowPos
0x1003e374 SystemParametersInfoA
0x1003e378 GetWindowPlacement
0x1003e37c GetWindowRect
0x1003e380 UnregisterClassA
0x1003e384 DestroyMenu
0x1003e388 SetWindowsHookExA
0x1003e38c LoadBitmapA
0x1003e390 ReleaseDC
0x1003e394 InvalidateRect
0x1003e398 LoadIconA
0x1003e39c FillRect
0x1003e3a0 GetSysColor
0x1003e3a4 DrawIcon
0x1003e3a8 GetClientRect
0x1003e3ac GetSystemMetrics
0x1003e3b0 IsIconic
0x1003e3b4 EndDialog
0x1003e3b8 GetNextDlgTabItem
0x1003e3bc GetParent
0x1003e3c0 IsWindowEnabled
0x1003e3c4 GetDlgItem
0x1003e3c8 GetWindowLongA
0x1003e3cc IsWindow
0x1003e3d0 DestroyWindow
0x1003e3d4 GetWindow
0x1003e3d8 GetMenuState
0x1003e3dc GetMenuItemID
0x1003e3e0 GetMenuItemCount
0x1003e3e4 GetSubMenu
0x1003e3e8 GetDesktopWindow
0x1003e3ec GetActiveWindow
0x1003e3f0 SetActiveWindow
0x1003e3f4 CreateDialogIndirectParamA
0x1003e3f8 SetPropA
GDI32.dll
0x1003e030 ScaleViewportExtEx
0x1003e034 SetWindowExtEx
0x1003e038 ScaleWindowExtEx
0x1003e03c DeleteDC
0x1003e040 GetStockObject
0x1003e044 SetViewportExtEx
0x1003e048 CreateSolidBrush
0x1003e04c OffsetViewportOrgEx
0x1003e050 SetViewportOrgEx
0x1003e054 SelectObject
0x1003e058 Escape
0x1003e05c ExtTextOutA
0x1003e060 TextOutA
0x1003e064 RectVisible
0x1003e068 PtVisible
0x1003e06c BitBlt
0x1003e070 DeleteObject
0x1003e074 MoveToEx
0x1003e078 LineTo
0x1003e07c SetMapMode
0x1003e080 RestoreDC
0x1003e084 SaveDC
0x1003e088 CreateBitmap
0x1003e08c GetObjectA
0x1003e090 SetBkColor
0x1003e094 SetTextColor
0x1003e098 GetClipBox
0x1003e09c GetDeviceCaps
0x1003e0a0 CreateCompatibleDC
0x1003e0a4 CreateCompatibleBitmap
WINSPOOL.DRV
0x1003e400 ClosePrinter
0x1003e404 DocumentPropertiesA
0x1003e408 OpenPrinterA
ADVAPI32.dll
0x1003e000 RegEnumKeyA
0x1003e004 RegSetValueExA
0x1003e008 RegCreateKeyExA
0x1003e00c RegQueryValueA
0x1003e010 RegCloseKey
0x1003e014 RegDeleteKeyA
0x1003e018 RegOpenKeyExA
0x1003e01c RegQueryValueExA
0x1003e020 RegOpenKeyA
COMCTL32.dll
0x1003e028 InitCommonControlsEx
SHLWAPI.dll
0x1003e260 PathFindExtensionA
OLEAUT32.dll
0x1003e250 VariantClear
0x1003e254 VariantChangeType
0x1003e258 VariantInit
EAT(Export Address Table) Library
0x10019020 DllRegisterClass
0x10018fe0 DllRegisterServer
0x10019020 DllUnregisterClass
0x10019020 DllUnregisterServer
KERNEL32.dll
0x1003e0ac HeapFree
0x1003e0b0 RtlUnwind
0x1003e0b4 VirtualAlloc
0x1003e0b8 HeapAlloc
0x1003e0bc HeapReAlloc
0x1003e0c0 GetCommandLineA
0x1003e0c4 GetProcessHeap
0x1003e0c8 RaiseException
0x1003e0cc HeapSize
0x1003e0d0 HeapDestroy
0x1003e0d4 HeapCreate
0x1003e0d8 VirtualFree
0x1003e0dc TerminateProcess
0x1003e0e0 UnhandledExceptionFilter
0x1003e0e4 SetUnhandledExceptionFilter
0x1003e0e8 IsDebuggerPresent
0x1003e0ec GetStdHandle
0x1003e0f0 Sleep
0x1003e0f4 SetHandleCount
0x1003e0f8 GetFileType
0x1003e0fc FreeEnvironmentStringsA
0x1003e100 GetEnvironmentStrings
0x1003e104 FreeEnvironmentStringsW
0x1003e108 GetEnvironmentStringsW
0x1003e10c QueryPerformanceCounter
0x1003e110 GetTickCount
0x1003e114 GetSystemTimeAsFileTime
0x1003e118 GetACP
0x1003e11c LCMapStringA
0x1003e120 LCMapStringW
0x1003e124 GetStringTypeA
0x1003e128 GetStringTypeW
0x1003e12c GetConsoleCP
0x1003e130 GetConsoleMode
0x1003e134 SetStdHandle
0x1003e138 WriteConsoleA
0x1003e13c GetConsoleOutputCP
0x1003e140 WriteConsoleW
0x1003e144 CreateFileA
0x1003e148 GetCurrentProcess
0x1003e14c GetThreadLocale
0x1003e150 FlushFileBuffers
0x1003e154 SetFilePointer
0x1003e158 WriteFile
0x1003e15c ReadFile
0x1003e160 GetOEMCP
0x1003e164 GetCPInfo
0x1003e168 TlsFree
0x1003e16c DeleteCriticalSection
0x1003e170 LocalReAlloc
0x1003e174 TlsSetValue
0x1003e178 TlsAlloc
0x1003e17c InitializeCriticalSection
0x1003e180 GlobalHandle
0x1003e184 GlobalReAlloc
0x1003e188 EnterCriticalSection
0x1003e18c TlsGetValue
0x1003e190 LeaveCriticalSection
0x1003e194 LocalAlloc
0x1003e198 InterlockedIncrement
0x1003e19c GlobalFlags
0x1003e1a0 WritePrivateProfileStringA
0x1003e1a4 GetCurrentProcessId
0x1003e1a8 CloseHandle
0x1003e1ac GetCurrentThread
0x1003e1b0 ConvertDefaultLocale
0x1003e1b4 GetModuleFileNameA
0x1003e1b8 EnumResourceLanguagesA
0x1003e1bc GetLocaleInfoA
0x1003e1c0 lstrcmpA
0x1003e1c4 InterlockedDecrement
0x1003e1c8 GetCurrentThreadId
0x1003e1cc GlobalGetAtomNameA
0x1003e1d0 GlobalAddAtomA
0x1003e1d4 GlobalFindAtomA
0x1003e1d8 GlobalDeleteAtom
0x1003e1dc FreeLibrary
0x1003e1e0 lstrcmpW
0x1003e1e4 GetVersionExA
0x1003e1e8 GlobalAlloc
0x1003e1ec FormatMessageA
0x1003e1f0 LocalFree
0x1003e1f4 SizeofResource
0x1003e1f8 MulDiv
0x1003e1fc GlobalLock
0x1003e200 GlobalUnlock
0x1003e204 GlobalFree
0x1003e208 FindResourceA
0x1003e20c LoadResource
0x1003e210 LockResource
0x1003e214 FreeResource
0x1003e218 ExitProcess
0x1003e21c GetModuleHandleA
0x1003e220 LoadLibraryA
0x1003e224 GetProcAddress
0x1003e228 GetLastError
0x1003e22c SetLastError
0x1003e230 lstrlenA
0x1003e234 WideCharToMultiByte
0x1003e238 CompareStringA
0x1003e23c MultiByteToWideChar
0x1003e240 GetVersion
0x1003e244 GetStartupInfoA
0x1003e248 InterlockedExchange
USER32.dll
0x1003e268 LoadCursorA
0x1003e26c GetSysColorBrush
0x1003e270 GetWindowThreadProcessId
0x1003e274 SetCursor
0x1003e278 GetMessageA
0x1003e27c TranslateMessage
0x1003e280 GetCursorPos
0x1003e284 ValidateRect
0x1003e288 PostQuitMessage
0x1003e28c EndPaint
0x1003e290 BeginPaint
0x1003e294 ClientToScreen
0x1003e298 GrayStringA
0x1003e29c DrawTextExA
0x1003e2a0 DrawTextA
0x1003e2a4 TabbedTextOutA
0x1003e2a8 GetDC
0x1003e2ac ShowWindow
0x1003e2b0 SetWindowTextA
0x1003e2b4 IsDialogMessageA
0x1003e2b8 SetMenuItemBitmaps
0x1003e2bc GetMenuCheckMarkDimensions
0x1003e2c0 ModifyMenuA
0x1003e2c4 EnableMenuItem
0x1003e2c8 CheckMenuItem
0x1003e2cc RegisterWindowMessageA
0x1003e2d0 SendDlgItemMessageA
0x1003e2d4 WinHelpA
0x1003e2d8 GetCapture
0x1003e2dc CallNextHookEx
0x1003e2e0 GetClassLongA
0x1003e2e4 GetClassNameA
0x1003e2e8 GetPropA
0x1003e2ec RemovePropA
0x1003e2f0 GetFocus
0x1003e2f4 SetFocus
0x1003e2f8 GetWindowTextA
0x1003e2fc GetForegroundWindow
0x1003e300 GetLastActivePopup
0x1003e304 DispatchMessageA
0x1003e308 GetTopWindow
0x1003e30c UnhookWindowsHookEx
0x1003e310 GetMessageTime
0x1003e314 GetMessagePos
0x1003e318 PeekMessageA
0x1003e31c MapWindowPoints
0x1003e320 GetKeyState
0x1003e324 SetForegroundWindow
0x1003e328 IsWindowVisible
0x1003e32c UpdateWindow
0x1003e330 GetMenu
0x1003e334 PostMessageA
0x1003e338 MessageBoxA
0x1003e33c CreateWindowExA
0x1003e340 GetClassInfoExA
0x1003e344 GetClassInfoA
0x1003e348 RegisterClassA
0x1003e34c AdjustWindowRectEx
0x1003e350 EnableWindow
0x1003e354 SendMessageA
0x1003e358 CopyRect
0x1003e35c PtInRect
0x1003e360 GetDlgCtrlID
0x1003e364 DefWindowProcA
0x1003e368 CallWindowProcA
0x1003e36c SetWindowLongA
0x1003e370 SetWindowPos
0x1003e374 SystemParametersInfoA
0x1003e378 GetWindowPlacement
0x1003e37c GetWindowRect
0x1003e380 UnregisterClassA
0x1003e384 DestroyMenu
0x1003e388 SetWindowsHookExA
0x1003e38c LoadBitmapA
0x1003e390 ReleaseDC
0x1003e394 InvalidateRect
0x1003e398 LoadIconA
0x1003e39c FillRect
0x1003e3a0 GetSysColor
0x1003e3a4 DrawIcon
0x1003e3a8 GetClientRect
0x1003e3ac GetSystemMetrics
0x1003e3b0 IsIconic
0x1003e3b4 EndDialog
0x1003e3b8 GetNextDlgTabItem
0x1003e3bc GetParent
0x1003e3c0 IsWindowEnabled
0x1003e3c4 GetDlgItem
0x1003e3c8 GetWindowLongA
0x1003e3cc IsWindow
0x1003e3d0 DestroyWindow
0x1003e3d4 GetWindow
0x1003e3d8 GetMenuState
0x1003e3dc GetMenuItemID
0x1003e3e0 GetMenuItemCount
0x1003e3e4 GetSubMenu
0x1003e3e8 GetDesktopWindow
0x1003e3ec GetActiveWindow
0x1003e3f0 SetActiveWindow
0x1003e3f4 CreateDialogIndirectParamA
0x1003e3f8 SetPropA
GDI32.dll
0x1003e030 ScaleViewportExtEx
0x1003e034 SetWindowExtEx
0x1003e038 ScaleWindowExtEx
0x1003e03c DeleteDC
0x1003e040 GetStockObject
0x1003e044 SetViewportExtEx
0x1003e048 CreateSolidBrush
0x1003e04c OffsetViewportOrgEx
0x1003e050 SetViewportOrgEx
0x1003e054 SelectObject
0x1003e058 Escape
0x1003e05c ExtTextOutA
0x1003e060 TextOutA
0x1003e064 RectVisible
0x1003e068 PtVisible
0x1003e06c BitBlt
0x1003e070 DeleteObject
0x1003e074 MoveToEx
0x1003e078 LineTo
0x1003e07c SetMapMode
0x1003e080 RestoreDC
0x1003e084 SaveDC
0x1003e088 CreateBitmap
0x1003e08c GetObjectA
0x1003e090 SetBkColor
0x1003e094 SetTextColor
0x1003e098 GetClipBox
0x1003e09c GetDeviceCaps
0x1003e0a0 CreateCompatibleDC
0x1003e0a4 CreateCompatibleBitmap
WINSPOOL.DRV
0x1003e400 ClosePrinter
0x1003e404 DocumentPropertiesA
0x1003e408 OpenPrinterA
ADVAPI32.dll
0x1003e000 RegEnumKeyA
0x1003e004 RegSetValueExA
0x1003e008 RegCreateKeyExA
0x1003e00c RegQueryValueA
0x1003e010 RegCloseKey
0x1003e014 RegDeleteKeyA
0x1003e018 RegOpenKeyExA
0x1003e01c RegQueryValueExA
0x1003e020 RegOpenKeyA
COMCTL32.dll
0x1003e028 InitCommonControlsEx
SHLWAPI.dll
0x1003e260 PathFindExtensionA
OLEAUT32.dll
0x1003e250 VariantClear
0x1003e254 VariantChangeType
0x1003e258 VariantInit
EAT(Export Address Table) Library
0x10019020 DllRegisterClass
0x10018fe0 DllRegisterServer
0x10019020 DllUnregisterClass
0x10019020 DllUnregisterServer