ScreenShot
| Created | 2022.05.23 17:43 | Machine | s1_win7_x6401 |
| Filename | 9boJQZpTSdQE | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 8d3fb91703422f1dc70f8afa09753c64 | ||
| sha256 | 5a1f914bdc047b4042b507d0fff30edb69f845b2932d8a166485c37f1c88b152 | ||
| ssdeep | 12288:ox+1xXChgHGuLRh++7XfxTIq2J0Rzgi/3J:ox+zn/R8qXfx1RH | ||
| imphash | ac3082512de1f1628e38761c0a1d90aa | ||
| impfuzzy | 96:GVuZtcWpoUIf4jppKQrRJUgVSr+RvmL+u9Phcnc2aMhGC6QPD:hRocKQrjUgVSr+RvmLx9Jcnc2t6QPD | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Attempts to remove evidence of file being downloaded from the Internet |
| watch | Created a service where a service was also not started |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180038128 RtlUnwindEx
0x180038130 RaiseException
0x180038138 RtlPcToFileHeader
0x180038140 FlsSetValue
0x180038148 GetCommandLineA
0x180038150 HeapAlloc
0x180038158 HeapFree
0x180038160 SetStdHandle
0x180038168 GetFileType
0x180038170 HeapReAlloc
0x180038178 Sleep
0x180038180 HeapQueryInformation
0x180038188 HeapSize
0x180038190 TerminateProcess
0x180038198 UnhandledExceptionFilter
0x1800381a0 SetUnhandledExceptionFilter
0x1800381a8 IsDebuggerPresent
0x1800381b0 RtlVirtualUnwind
0x1800381b8 RtlCaptureContext
0x1800381c0 EncodePointer
0x1800381c8 DecodePointer
0x1800381d0 FlsGetValue
0x1800381d8 FlsFree
0x1800381e0 FlsAlloc
0x1800381e8 IsValidCodePage
0x1800381f0 SetHandleCount
0x1800381f8 GetStdHandle
0x180038200 RtlLookupFunctionEntry
0x180038208 FreeEnvironmentStringsA
0x180038210 GetEnvironmentStrings
0x180038218 FreeEnvironmentStringsW
0x180038220 GetEnvironmentStringsW
0x180038228 HeapSetInformation
0x180038230 HeapCreate
0x180038238 HeapDestroy
0x180038240 QueryPerformanceCounter
0x180038248 GetTickCount
0x180038250 GetSystemTimeAsFileTime
0x180038258 InitializeCriticalSectionAndSpinCount
0x180038260 GetConsoleCP
0x180038268 GetConsoleMode
0x180038270 GetTimeZoneInformation
0x180038278 LCMapStringA
0x180038280 LCMapStringW
0x180038288 GetStringTypeA
0x180038290 GetStringTypeW
0x180038298 WriteConsoleA
0x1800382a0 GetConsoleOutputCP
0x1800382a8 WriteConsoleW
0x1800382b0 CompareStringW
0x1800382b8 SetEnvironmentVariableA
0x1800382c0 GetOEMCP
0x1800382c8 GetCPInfo
0x1800382d0 GlobalFlags
0x1800382d8 WritePrivateProfileStringA
0x1800382e0 DeleteCriticalSection
0x1800382e8 LocalReAlloc
0x1800382f0 TlsSetValue
0x1800382f8 GlobalHandle
0x180038300 GlobalReAlloc
0x180038308 TlsAlloc
0x180038310 InitializeCriticalSection
0x180038318 EnterCriticalSection
0x180038320 TlsGetValue
0x180038328 LeaveCriticalSection
0x180038330 LocalAlloc
0x180038338 GetModuleHandleW
0x180038340 GlobalGetAtomNameA
0x180038348 GlobalFindAtomA
0x180038350 lstrcmpW
0x180038358 GetVersionExA
0x180038360 FreeResource
0x180038368 GetCurrentProcessId
0x180038370 GlobalAddAtomA
0x180038378 GlobalDeleteAtom
0x180038380 GetCurrentThread
0x180038388 GetCurrentThreadId
0x180038390 ConvertDefaultLocale
0x180038398 EnumResourceLanguagesA
0x1800383a0 CompareStringA
0x1800383a8 lstrcmpA
0x1800383b0 FreeLibrary
0x1800383b8 GetModuleHandleA
0x1800383c0 GlobalFree
0x1800383c8 GlobalAlloc
0x1800383d0 GlobalLock
0x1800383d8 GlobalUnlock
0x1800383e0 FormatMessageA
0x1800383e8 LocalFree
0x1800383f0 MulDiv
0x1800383f8 GetProcAddress
0x180038400 GetModuleFileNameA
0x180038408 GetFullPathNameA
0x180038410 GetVolumeInformationA
0x180038418 GetCurrentProcess
0x180038420 DuplicateHandle
0x180038428 GetFileSize
0x180038430 SetEndOfFile
0x180038438 UnlockFile
0x180038440 LockFile
0x180038448 FlushFileBuffers
0x180038450 SetFilePointer
0x180038458 WriteFile
0x180038460 ReadFile
0x180038468 LoadLibraryA
0x180038470 SetLastError
0x180038478 GetFileTime
0x180038480 GetFileSizeEx
0x180038488 GetFileAttributesA
0x180038490 CreateFileA
0x180038498 CloseHandle
0x1800384a0 GetLastError
0x1800384a8 FindFirstFileA
0x1800384b0 FindClose
0x1800384b8 FileTimeToLocalFileTime
0x1800384c0 FileTimeToSystemTime
0x1800384c8 ExitProcess
0x1800384d0 VirtualAlloc
0x1800384d8 lstrlenA
0x1800384e0 lstrcpyA
0x1800384e8 FindResourceA
0x1800384f0 LoadResource
0x1800384f8 LockResource
0x180038500 SizeofResource
0x180038508 WideCharToMultiByte
0x180038510 GetACP
0x180038518 MultiByteToWideChar
0x180038520 GetStartupInfoA
0x180038528 GetLocaleInfoA
USER32.dll
0x180038588 LoadCursorA
0x180038590 GetSysColorBrush
0x180038598 EndPaint
0x1800385a0 BeginPaint
0x1800385a8 ReleaseDC
0x1800385b0 GetDC
0x1800385b8 ClientToScreen
0x1800385c0 GrayStringA
0x1800385c8 DrawTextExA
0x1800385d0 DrawTextA
0x1800385d8 TabbedTextOutA
0x1800385e0 DestroyMenu
0x1800385e8 ShowWindow
0x1800385f0 SetWindowTextA
0x1800385f8 IsDialogMessageA
0x180038600 RegisterWindowMessageA
0x180038608 SendDlgItemMessageA
0x180038610 WinHelpA
0x180038618 GetCapture
0x180038620 GetClassLongA
0x180038628 GetClassNameA
0x180038630 GetClassLongPtrA
0x180038638 SetPropA
0x180038640 GetPropA
0x180038648 RemovePropA
0x180038650 SetFocus
0x180038658 GetWindowTextLengthA
0x180038660 GetWindowTextA
0x180038668 GetForegroundWindow
0x180038670 GetTopWindow
0x180038678 GetWindowLongPtrA
0x180038680 SetWindowLongPtrA
0x180038688 UnhookWindowsHookEx
0x180038690 GetMessagePos
0x180038698 MapWindowPoints
0x1800386a0 SetMenu
0x1800386a8 SetForegroundWindow
0x1800386b0 UpdateWindow
0x1800386b8 CreateWindowExA
0x1800386c0 GetClassInfoExA
0x1800386c8 GetClassInfoA
0x1800386d0 RegisterClassA
0x1800386d8 GetSysColor
0x1800386e0 AdjustWindowRectEx
0x1800386e8 CopyRect
0x1800386f0 PtInRect
0x1800386f8 GetDlgCtrlID
0x180038700 DefWindowProcA
0x180038708 CallWindowProcA
0x180038710 GetMenu
0x180038718 SetWindowPos
0x180038720 SystemParametersInfoA
0x180038728 GetWindowPlacement
0x180038730 GetWindowRect
0x180038738 GetWindow
0x180038740 MessageBoxA
0x180038748 DrawIcon
0x180038750 AppendMenuA
0x180038758 SendMessageA
0x180038760 GetDesktopWindow
0x180038768 SetActiveWindow
0x180038770 CreateDialogIndirectParamA
0x180038778 DestroyWindow
0x180038780 IsWindow
0x180038788 GetDlgItem
0x180038790 GetNextDlgTabItem
0x180038798 EndDialog
0x1800387a0 GetWindowThreadProcessId
0x1800387a8 GetWindowLongA
0x1800387b0 GetLastActivePopup
0x1800387b8 IsWindowEnabled
0x1800387c0 GetSystemMenu
0x1800387c8 IsIconic
0x1800387d0 GetClientRect
0x1800387d8 EnableWindow
0x1800387e0 LoadIconA
0x1800387e8 GetSystemMetrics
0x1800387f0 CharUpperA
0x1800387f8 GetSubMenu
0x180038800 GetMenuItemCount
0x180038808 GetMenuItemID
0x180038810 GetMenuState
0x180038818 PostQuitMessage
0x180038820 PostMessageA
0x180038828 CheckMenuItem
0x180038830 EnableMenuItem
0x180038838 ModifyMenuA
0x180038840 GetParent
0x180038848 GetFocus
0x180038850 SetCursor
0x180038858 SetWindowsHookExA
0x180038860 CallNextHookEx
0x180038868 GetMessageA
0x180038870 TranslateMessage
0x180038878 DispatchMessageA
0x180038880 GetActiveWindow
0x180038888 IsWindowVisible
0x180038890 GetKeyState
0x180038898 PeekMessageA
0x1800388a0 GetCursorPos
0x1800388a8 ValidateRect
0x1800388b0 SetMenuItemBitmaps
0x1800388b8 GetMenuCheckMarkDimensions
0x1800388c0 LoadBitmapA
0x1800388c8 GetMessageTime
GDI32.dll
0x180038060 ScaleWindowExtEx
0x180038068 DeleteDC
0x180038070 GetStockObject
0x180038078 SetWindowExtEx
0x180038080 ScaleViewportExtEx
0x180038088 SetViewportExtEx
0x180038090 OffsetViewportOrgEx
0x180038098 SetViewportOrgEx
0x1800380a0 SelectObject
0x1800380a8 Escape
0x1800380b0 TextOutA
0x1800380b8 RectVisible
0x1800380c0 PtVisible
0x1800380c8 GetDeviceCaps
0x1800380d0 DeleteObject
0x1800380d8 SetMapMode
0x1800380e0 RestoreDC
0x1800380e8 SaveDC
0x1800380f0 ExtTextOutA
0x1800380f8 GetObjectA
0x180038100 SetBkColor
0x180038108 SetTextColor
0x180038110 GetClipBox
0x180038118 CreateBitmap
COMDLG32.dll
0x180038050 GetFileTitleA
WINSPOOL.DRV
0x1800388d8 DocumentPropertiesA
0x1800388e0 OpenPrinterA
0x1800388e8 ClosePrinter
ADVAPI32.dll
0x180038000 RegSetValueExA
0x180038008 RegCreateKeyExA
0x180038010 RegQueryValueA
0x180038018 RegEnumKeyA
0x180038020 RegDeleteKeyA
0x180038028 RegOpenKeyExA
0x180038030 RegOpenKeyA
0x180038038 RegQueryValueExA
0x180038040 RegCloseKey
SHLWAPI.dll
0x180038558 PathFindExtensionA
0x180038560 PathFindFileNameA
0x180038568 PathStripToRootA
0x180038570 PathIsUNCA
0x180038578 PathRemoveFileSpecW
ole32.dll
0x1800388f8 CoCreateInstance
0x180038900 CoUninitialize
0x180038908 CoInitializeEx
0x180038910 CoLoadLibrary
0x180038918 CoTaskMemAlloc
0x180038920 CoTaskMemFree
OLEAUT32.dll
0x180038538 VariantClear
0x180038540 VariantChangeType
0x180038548 VariantInit
EAT(Export Address Table) Library
0x1800082d8 DllRegisterServer
KERNEL32.dll
0x180038128 RtlUnwindEx
0x180038130 RaiseException
0x180038138 RtlPcToFileHeader
0x180038140 FlsSetValue
0x180038148 GetCommandLineA
0x180038150 HeapAlloc
0x180038158 HeapFree
0x180038160 SetStdHandle
0x180038168 GetFileType
0x180038170 HeapReAlloc
0x180038178 Sleep
0x180038180 HeapQueryInformation
0x180038188 HeapSize
0x180038190 TerminateProcess
0x180038198 UnhandledExceptionFilter
0x1800381a0 SetUnhandledExceptionFilter
0x1800381a8 IsDebuggerPresent
0x1800381b0 RtlVirtualUnwind
0x1800381b8 RtlCaptureContext
0x1800381c0 EncodePointer
0x1800381c8 DecodePointer
0x1800381d0 FlsGetValue
0x1800381d8 FlsFree
0x1800381e0 FlsAlloc
0x1800381e8 IsValidCodePage
0x1800381f0 SetHandleCount
0x1800381f8 GetStdHandle
0x180038200 RtlLookupFunctionEntry
0x180038208 FreeEnvironmentStringsA
0x180038210 GetEnvironmentStrings
0x180038218 FreeEnvironmentStringsW
0x180038220 GetEnvironmentStringsW
0x180038228 HeapSetInformation
0x180038230 HeapCreate
0x180038238 HeapDestroy
0x180038240 QueryPerformanceCounter
0x180038248 GetTickCount
0x180038250 GetSystemTimeAsFileTime
0x180038258 InitializeCriticalSectionAndSpinCount
0x180038260 GetConsoleCP
0x180038268 GetConsoleMode
0x180038270 GetTimeZoneInformation
0x180038278 LCMapStringA
0x180038280 LCMapStringW
0x180038288 GetStringTypeA
0x180038290 GetStringTypeW
0x180038298 WriteConsoleA
0x1800382a0 GetConsoleOutputCP
0x1800382a8 WriteConsoleW
0x1800382b0 CompareStringW
0x1800382b8 SetEnvironmentVariableA
0x1800382c0 GetOEMCP
0x1800382c8 GetCPInfo
0x1800382d0 GlobalFlags
0x1800382d8 WritePrivateProfileStringA
0x1800382e0 DeleteCriticalSection
0x1800382e8 LocalReAlloc
0x1800382f0 TlsSetValue
0x1800382f8 GlobalHandle
0x180038300 GlobalReAlloc
0x180038308 TlsAlloc
0x180038310 InitializeCriticalSection
0x180038318 EnterCriticalSection
0x180038320 TlsGetValue
0x180038328 LeaveCriticalSection
0x180038330 LocalAlloc
0x180038338 GetModuleHandleW
0x180038340 GlobalGetAtomNameA
0x180038348 GlobalFindAtomA
0x180038350 lstrcmpW
0x180038358 GetVersionExA
0x180038360 FreeResource
0x180038368 GetCurrentProcessId
0x180038370 GlobalAddAtomA
0x180038378 GlobalDeleteAtom
0x180038380 GetCurrentThread
0x180038388 GetCurrentThreadId
0x180038390 ConvertDefaultLocale
0x180038398 EnumResourceLanguagesA
0x1800383a0 CompareStringA
0x1800383a8 lstrcmpA
0x1800383b0 FreeLibrary
0x1800383b8 GetModuleHandleA
0x1800383c0 GlobalFree
0x1800383c8 GlobalAlloc
0x1800383d0 GlobalLock
0x1800383d8 GlobalUnlock
0x1800383e0 FormatMessageA
0x1800383e8 LocalFree
0x1800383f0 MulDiv
0x1800383f8 GetProcAddress
0x180038400 GetModuleFileNameA
0x180038408 GetFullPathNameA
0x180038410 GetVolumeInformationA
0x180038418 GetCurrentProcess
0x180038420 DuplicateHandle
0x180038428 GetFileSize
0x180038430 SetEndOfFile
0x180038438 UnlockFile
0x180038440 LockFile
0x180038448 FlushFileBuffers
0x180038450 SetFilePointer
0x180038458 WriteFile
0x180038460 ReadFile
0x180038468 LoadLibraryA
0x180038470 SetLastError
0x180038478 GetFileTime
0x180038480 GetFileSizeEx
0x180038488 GetFileAttributesA
0x180038490 CreateFileA
0x180038498 CloseHandle
0x1800384a0 GetLastError
0x1800384a8 FindFirstFileA
0x1800384b0 FindClose
0x1800384b8 FileTimeToLocalFileTime
0x1800384c0 FileTimeToSystemTime
0x1800384c8 ExitProcess
0x1800384d0 VirtualAlloc
0x1800384d8 lstrlenA
0x1800384e0 lstrcpyA
0x1800384e8 FindResourceA
0x1800384f0 LoadResource
0x1800384f8 LockResource
0x180038500 SizeofResource
0x180038508 WideCharToMultiByte
0x180038510 GetACP
0x180038518 MultiByteToWideChar
0x180038520 GetStartupInfoA
0x180038528 GetLocaleInfoA
USER32.dll
0x180038588 LoadCursorA
0x180038590 GetSysColorBrush
0x180038598 EndPaint
0x1800385a0 BeginPaint
0x1800385a8 ReleaseDC
0x1800385b0 GetDC
0x1800385b8 ClientToScreen
0x1800385c0 GrayStringA
0x1800385c8 DrawTextExA
0x1800385d0 DrawTextA
0x1800385d8 TabbedTextOutA
0x1800385e0 DestroyMenu
0x1800385e8 ShowWindow
0x1800385f0 SetWindowTextA
0x1800385f8 IsDialogMessageA
0x180038600 RegisterWindowMessageA
0x180038608 SendDlgItemMessageA
0x180038610 WinHelpA
0x180038618 GetCapture
0x180038620 GetClassLongA
0x180038628 GetClassNameA
0x180038630 GetClassLongPtrA
0x180038638 SetPropA
0x180038640 GetPropA
0x180038648 RemovePropA
0x180038650 SetFocus
0x180038658 GetWindowTextLengthA
0x180038660 GetWindowTextA
0x180038668 GetForegroundWindow
0x180038670 GetTopWindow
0x180038678 GetWindowLongPtrA
0x180038680 SetWindowLongPtrA
0x180038688 UnhookWindowsHookEx
0x180038690 GetMessagePos
0x180038698 MapWindowPoints
0x1800386a0 SetMenu
0x1800386a8 SetForegroundWindow
0x1800386b0 UpdateWindow
0x1800386b8 CreateWindowExA
0x1800386c0 GetClassInfoExA
0x1800386c8 GetClassInfoA
0x1800386d0 RegisterClassA
0x1800386d8 GetSysColor
0x1800386e0 AdjustWindowRectEx
0x1800386e8 CopyRect
0x1800386f0 PtInRect
0x1800386f8 GetDlgCtrlID
0x180038700 DefWindowProcA
0x180038708 CallWindowProcA
0x180038710 GetMenu
0x180038718 SetWindowPos
0x180038720 SystemParametersInfoA
0x180038728 GetWindowPlacement
0x180038730 GetWindowRect
0x180038738 GetWindow
0x180038740 MessageBoxA
0x180038748 DrawIcon
0x180038750 AppendMenuA
0x180038758 SendMessageA
0x180038760 GetDesktopWindow
0x180038768 SetActiveWindow
0x180038770 CreateDialogIndirectParamA
0x180038778 DestroyWindow
0x180038780 IsWindow
0x180038788 GetDlgItem
0x180038790 GetNextDlgTabItem
0x180038798 EndDialog
0x1800387a0 GetWindowThreadProcessId
0x1800387a8 GetWindowLongA
0x1800387b0 GetLastActivePopup
0x1800387b8 IsWindowEnabled
0x1800387c0 GetSystemMenu
0x1800387c8 IsIconic
0x1800387d0 GetClientRect
0x1800387d8 EnableWindow
0x1800387e0 LoadIconA
0x1800387e8 GetSystemMetrics
0x1800387f0 CharUpperA
0x1800387f8 GetSubMenu
0x180038800 GetMenuItemCount
0x180038808 GetMenuItemID
0x180038810 GetMenuState
0x180038818 PostQuitMessage
0x180038820 PostMessageA
0x180038828 CheckMenuItem
0x180038830 EnableMenuItem
0x180038838 ModifyMenuA
0x180038840 GetParent
0x180038848 GetFocus
0x180038850 SetCursor
0x180038858 SetWindowsHookExA
0x180038860 CallNextHookEx
0x180038868 GetMessageA
0x180038870 TranslateMessage
0x180038878 DispatchMessageA
0x180038880 GetActiveWindow
0x180038888 IsWindowVisible
0x180038890 GetKeyState
0x180038898 PeekMessageA
0x1800388a0 GetCursorPos
0x1800388a8 ValidateRect
0x1800388b0 SetMenuItemBitmaps
0x1800388b8 GetMenuCheckMarkDimensions
0x1800388c0 LoadBitmapA
0x1800388c8 GetMessageTime
GDI32.dll
0x180038060 ScaleWindowExtEx
0x180038068 DeleteDC
0x180038070 GetStockObject
0x180038078 SetWindowExtEx
0x180038080 ScaleViewportExtEx
0x180038088 SetViewportExtEx
0x180038090 OffsetViewportOrgEx
0x180038098 SetViewportOrgEx
0x1800380a0 SelectObject
0x1800380a8 Escape
0x1800380b0 TextOutA
0x1800380b8 RectVisible
0x1800380c0 PtVisible
0x1800380c8 GetDeviceCaps
0x1800380d0 DeleteObject
0x1800380d8 SetMapMode
0x1800380e0 RestoreDC
0x1800380e8 SaveDC
0x1800380f0 ExtTextOutA
0x1800380f8 GetObjectA
0x180038100 SetBkColor
0x180038108 SetTextColor
0x180038110 GetClipBox
0x180038118 CreateBitmap
COMDLG32.dll
0x180038050 GetFileTitleA
WINSPOOL.DRV
0x1800388d8 DocumentPropertiesA
0x1800388e0 OpenPrinterA
0x1800388e8 ClosePrinter
ADVAPI32.dll
0x180038000 RegSetValueExA
0x180038008 RegCreateKeyExA
0x180038010 RegQueryValueA
0x180038018 RegEnumKeyA
0x180038020 RegDeleteKeyA
0x180038028 RegOpenKeyExA
0x180038030 RegOpenKeyA
0x180038038 RegQueryValueExA
0x180038040 RegCloseKey
SHLWAPI.dll
0x180038558 PathFindExtensionA
0x180038560 PathFindFileNameA
0x180038568 PathStripToRootA
0x180038570 PathIsUNCA
0x180038578 PathRemoveFileSpecW
ole32.dll
0x1800388f8 CoCreateInstance
0x180038900 CoUninitialize
0x180038908 CoInitializeEx
0x180038910 CoLoadLibrary
0x180038918 CoTaskMemAlloc
0x180038920 CoTaskMemFree
OLEAUT32.dll
0x180038538 VariantClear
0x180038540 VariantChangeType
0x180038548 VariantInit
EAT(Export Address Table) Library
0x1800082d8 DllRegisterServer