ScreenShot
| Created | 2022.05.19 07:36 | Machine | s1_win7_x6401 |
| Filename | jkNQKmmMlZi | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 0780b69f46cb3f3e54ec89941f83967b | ||
| sha256 | d429bd9e03abf1de710a82f53282b2359b7c92739be16f5aba69befe6b4920fa | ||
| ssdeep | 12288:J0iTg1PU3G0r96SDEL28tH/9OpeqDfFOezePWAef7osaIwXCzlalnryV:CiTg9U3G0ISDKvSeqf4aePWAy7eUst | ||
| imphash | 5c49ce3660f3f487a221bd7888983b24 | ||
| impfuzzy | 24:dpcpVWjD02tMS17BgYlJBl3eDoFcC9aZevAGMAkpOovbOPZF:dpcpVwHtMS17BgSpxyZYV3j | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| watch | Attempts to remove evidence of file being downloaded from the Internet |
| watch | Created a service where a service was also not started |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | Expresses interest in specific running processes |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ole32.dll
0x1800912a0 CoTaskMemFree
0x1800912a8 CoLoadLibrary
0x1800912b0 CoTaskMemAlloc
KERNEL32.dll
0x180091000 ExitProcess
0x180091008 WriteConsoleW
0x180091010 CreateFileW
0x180091018 EnterCriticalSection
0x180091020 LeaveCriticalSection
0x180091028 InitializeCriticalSectionEx
0x180091030 DeleteCriticalSection
0x180091038 EncodePointer
0x180091040 DecodePointer
0x180091048 MultiByteToWideChar
0x180091050 WideCharToMultiByte
0x180091058 LCMapStringEx
0x180091060 GetStringTypeW
0x180091068 GetCPInfo
0x180091070 RtlCaptureContext
0x180091078 RtlLookupFunctionEntry
0x180091080 RtlVirtualUnwind
0x180091088 UnhandledExceptionFilter
0x180091090 SetUnhandledExceptionFilter
0x180091098 GetCurrentProcess
0x1800910a0 TerminateProcess
0x1800910a8 IsProcessorFeaturePresent
0x1800910b0 QueryPerformanceCounter
0x1800910b8 GetCurrentProcessId
0x1800910c0 GetCurrentThreadId
0x1800910c8 GetSystemTimeAsFileTime
0x1800910d0 InitializeSListHead
0x1800910d8 IsDebuggerPresent
0x1800910e0 GetStartupInfoW
0x1800910e8 GetModuleHandleW
0x1800910f0 RtlUnwindEx
0x1800910f8 RtlPcToFileHeader
0x180091100 RaiseException
0x180091108 InterlockedFlushSList
0x180091110 GetLastError
0x180091118 SetLastError
0x180091120 InitializeCriticalSectionAndSpinCount
0x180091128 TlsAlloc
0x180091130 TlsGetValue
0x180091138 TlsSetValue
0x180091140 TlsFree
0x180091148 FreeLibrary
0x180091150 GetProcAddress
0x180091158 LoadLibraryExW
0x180091160 RtlUnwind
0x180091168 GetModuleHandleExW
0x180091170 GetModuleFileNameW
0x180091178 HeapFree
0x180091180 FlsAlloc
0x180091188 FlsGetValue
0x180091190 FlsSetValue
0x180091198 FlsFree
0x1800911a0 LCMapStringW
0x1800911a8 GetLocaleInfoW
0x1800911b0 IsValidLocale
0x1800911b8 GetUserDefaultLCID
0x1800911c0 EnumSystemLocalesW
0x1800911c8 HeapAlloc
0x1800911d0 GetStdHandle
0x1800911d8 GetFileType
0x1800911e0 CloseHandle
0x1800911e8 FlushFileBuffers
0x1800911f0 WriteFile
0x1800911f8 GetConsoleOutputCP
0x180091200 GetConsoleMode
0x180091208 ReadFile
0x180091210 GetFileSizeEx
0x180091218 SetFilePointerEx
0x180091220 ReadConsoleW
0x180091228 HeapReAlloc
0x180091230 FindClose
0x180091238 FindFirstFileExW
0x180091240 FindNextFileW
0x180091248 IsValidCodePage
0x180091250 GetACP
0x180091258 GetOEMCP
0x180091260 GetCommandLineA
0x180091268 GetCommandLineW
0x180091270 GetEnvironmentStringsW
0x180091278 FreeEnvironmentStringsW
0x180091280 GetProcessHeap
0x180091288 SetStdHandle
0x180091290 HeapSize
EAT(Export Address Table) Library
0x180070020 DllRegisterServer
0x1800702c0 YAeJyEAYL7F4eDck6YUaf
0x1800701e0 fmFkmnQYB5TC2Sq5NGFkK
0x180070100 nrDjhnkd9nedaQwcCY
ole32.dll
0x1800912a0 CoTaskMemFree
0x1800912a8 CoLoadLibrary
0x1800912b0 CoTaskMemAlloc
KERNEL32.dll
0x180091000 ExitProcess
0x180091008 WriteConsoleW
0x180091010 CreateFileW
0x180091018 EnterCriticalSection
0x180091020 LeaveCriticalSection
0x180091028 InitializeCriticalSectionEx
0x180091030 DeleteCriticalSection
0x180091038 EncodePointer
0x180091040 DecodePointer
0x180091048 MultiByteToWideChar
0x180091050 WideCharToMultiByte
0x180091058 LCMapStringEx
0x180091060 GetStringTypeW
0x180091068 GetCPInfo
0x180091070 RtlCaptureContext
0x180091078 RtlLookupFunctionEntry
0x180091080 RtlVirtualUnwind
0x180091088 UnhandledExceptionFilter
0x180091090 SetUnhandledExceptionFilter
0x180091098 GetCurrentProcess
0x1800910a0 TerminateProcess
0x1800910a8 IsProcessorFeaturePresent
0x1800910b0 QueryPerformanceCounter
0x1800910b8 GetCurrentProcessId
0x1800910c0 GetCurrentThreadId
0x1800910c8 GetSystemTimeAsFileTime
0x1800910d0 InitializeSListHead
0x1800910d8 IsDebuggerPresent
0x1800910e0 GetStartupInfoW
0x1800910e8 GetModuleHandleW
0x1800910f0 RtlUnwindEx
0x1800910f8 RtlPcToFileHeader
0x180091100 RaiseException
0x180091108 InterlockedFlushSList
0x180091110 GetLastError
0x180091118 SetLastError
0x180091120 InitializeCriticalSectionAndSpinCount
0x180091128 TlsAlloc
0x180091130 TlsGetValue
0x180091138 TlsSetValue
0x180091140 TlsFree
0x180091148 FreeLibrary
0x180091150 GetProcAddress
0x180091158 LoadLibraryExW
0x180091160 RtlUnwind
0x180091168 GetModuleHandleExW
0x180091170 GetModuleFileNameW
0x180091178 HeapFree
0x180091180 FlsAlloc
0x180091188 FlsGetValue
0x180091190 FlsSetValue
0x180091198 FlsFree
0x1800911a0 LCMapStringW
0x1800911a8 GetLocaleInfoW
0x1800911b0 IsValidLocale
0x1800911b8 GetUserDefaultLCID
0x1800911c0 EnumSystemLocalesW
0x1800911c8 HeapAlloc
0x1800911d0 GetStdHandle
0x1800911d8 GetFileType
0x1800911e0 CloseHandle
0x1800911e8 FlushFileBuffers
0x1800911f0 WriteFile
0x1800911f8 GetConsoleOutputCP
0x180091200 GetConsoleMode
0x180091208 ReadFile
0x180091210 GetFileSizeEx
0x180091218 SetFilePointerEx
0x180091220 ReadConsoleW
0x180091228 HeapReAlloc
0x180091230 FindClose
0x180091238 FindFirstFileExW
0x180091240 FindNextFileW
0x180091248 IsValidCodePage
0x180091250 GetACP
0x180091258 GetOEMCP
0x180091260 GetCommandLineA
0x180091268 GetCommandLineW
0x180091270 GetEnvironmentStringsW
0x180091278 FreeEnvironmentStringsW
0x180091280 GetProcessHeap
0x180091288 SetStdHandle
0x180091290 HeapSize
EAT(Export Address Table) Library
0x180070020 DllRegisterServer
0x1800702c0 YAeJyEAYL7F4eDck6YUaf
0x1800701e0 fmFkmnQYB5TC2Sq5NGFkK
0x180070100 nrDjhnkd9nedaQwcCY