ScreenShot
| Created | 2022.05.24 09:19 | Machine | s1_win7_x6403 |
| Filename | 1.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 4 detected (malicious, high confidence, Unsafe, Save, score) | ||
| md5 | 5a0e570b13623c79c9261a8a2cc41f04 | ||
| sha256 | 3dfe63d2c9a7e2f848d2f92171cc577158318b4e9cb62e74ec603be84ba13109 | ||
| ssdeep | 12288:1IIX/KMsUM4ilTgZ51So74EONNuoMoOc9y21dRDXJy//zJOvcW:1IIXJgrUZfJEEONNuozxZXJWJkc | ||
| imphash | b60d18971f329cb5243e0198109a3914 | ||
| impfuzzy | 6:JKhnXSKTqT2dKTqvWQvlvdmJiyOi23yK+SX7+v9ArA:ohXSI5IKnxEdOioP09AU | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 4 AntiVirus engines on VirusTotal as malicious |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| info | Checks if process is being debugged by a debugger |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x180008000 StrChrW
0x180008008 StrStrA
0x180008010 StrToInt64ExA
0x180008018 StrToInt64ExW
0x180008020 StrChrA
ole32.dll
0x180008030 CoGetContextToken
0x180008038 CoGetStandardMarshal
0x180008040 PropVariantClear
0x180008048 SNB_UserMarshal
0x180008050 StgIsStorageFile
0x180008058 StgOpenStorageEx
0x180008060 OleQueryLinkFromData
0x180008068 OleNoteObjectVisible
EAT(Export Address Table) Library
0x180006d9f BLawoX
0x180006fa8 DQeCfWsaaS
0x1800010a4 DllRegisterServer
0x180006b1b FLzChEzQ
0x180006881 MTxVfU
0x180006b61 MzEcZXbzdF
0x18000698f SAKGfztl
0x180006f23 SwFJJKLNqq
0x180007123 asbbCg
0x180006e3a cwZAbFv
0x180006a58 exkDsP
0x180006d3a ggQKgzIr
0x180006cb7 jzbTYAi
0x180006c45 phTqcsNgtrP
0x1800067a6 rfWHGX
0x180007282 tmbGVMHZIy
0x18000724c zDnFFlqDtA
0x1800071b0 zNMGUb
0x18000705d zQYMUrW
SHLWAPI.dll
0x180008000 StrChrW
0x180008008 StrStrA
0x180008010 StrToInt64ExA
0x180008018 StrToInt64ExW
0x180008020 StrChrA
ole32.dll
0x180008030 CoGetContextToken
0x180008038 CoGetStandardMarshal
0x180008040 PropVariantClear
0x180008048 SNB_UserMarshal
0x180008050 StgIsStorageFile
0x180008058 StgOpenStorageEx
0x180008060 OleQueryLinkFromData
0x180008068 OleNoteObjectVisible
EAT(Export Address Table) Library
0x180006d9f BLawoX
0x180006fa8 DQeCfWsaaS
0x1800010a4 DllRegisterServer
0x180006b1b FLzChEzQ
0x180006881 MTxVfU
0x180006b61 MzEcZXbzdF
0x18000698f SAKGfztl
0x180006f23 SwFJJKLNqq
0x180007123 asbbCg
0x180006e3a cwZAbFv
0x180006a58 exkDsP
0x180006d3a ggQKgzIr
0x180006cb7 jzbTYAi
0x180006c45 phTqcsNgtrP
0x1800067a6 rfWHGX
0x180007282 tmbGVMHZIy
0x18000724c zDnFFlqDtA
0x1800071b0 zNMGUb
0x18000705d zQYMUrW