ScreenShot
| Created | 2022.12.09 09:54 | Machine | s1_win7_x6403 |
| Filename | sys_module.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 14 detected (malicious, high confidence, score, confidence, Attribute, HighConfidence, TrojanX, BumbleBee, CLOUD, susgen) | ||
| md5 | 27dfc5e856a1de1beafddb8efb767016 | ||
| sha256 | 343d5c5319bf9d595f9fd4b1f932f2a64430133dfa3691fded92b35020fdea8d | ||
| ssdeep | 3072:BQoHepM/1kJnf4OedNEhbOttExQ/8PigsT8XnyYU/pkaUJJ:6oj/1kJf4OUeSWVnj | ||
| imphash | 12e9f46301807daf6ccba7a782c13e87 | ||
| impfuzzy | 24:envEAU7fc+PKN4RSo0qtSfJBl3eDob2SfJOovbOPZKjMnU:uEfc+PNSYtS3pnE3PU | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| watch | Network activity contains more than one unique useragent |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180017000 CreateFileA
0x180017008 FindFirstFileA
0x180017010 FindNextFileA
0x180017018 GetFileAttributesA
0x180017020 GetFileType
0x180017028 CloseHandle
0x180017030 GetLastError
0x180017038 ConnectNamedPipe
0x180017040 DisconnectNamedPipe
0x180017048 InitializeCriticalSection
0x180017050 EnterCriticalSection
0x180017058 LeaveCriticalSection
0x180017060 DeleteCriticalSection
0x180017068 GetCurrentThreadId
0x180017070 VirtualAlloc
0x180017078 GetModuleHandleA
0x180017080 GetTempPathA
0x180017088 CreateNamedPipeA
0x180017090 GetComputerNameA
0x180017098 QueryPerformanceCounter
0x1800170a0 GetCurrentProcessId
0x1800170a8 GetSystemTimeAsFileTime
0x1800170b0 InitializeSListHead
0x1800170b8 RtlCaptureContext
0x1800170c0 RtlLookupFunctionEntry
0x1800170c8 RtlVirtualUnwind
0x1800170d0 IsDebuggerPresent
0x1800170d8 UnhandledExceptionFilter
0x1800170e0 SetUnhandledExceptionFilter
0x1800170e8 GetStartupInfoW
0x1800170f0 IsProcessorFeaturePresent
0x1800170f8 GetModuleHandleW
0x180017100 RtlUnwindEx
0x180017108 InterlockedFlushSList
0x180017110 SetLastError
0x180017118 InitializeCriticalSectionAndSpinCount
0x180017120 TlsAlloc
0x180017128 TlsGetValue
0x180017130 TlsSetValue
0x180017138 TlsFree
0x180017140 FreeLibrary
0x180017148 GetProcAddress
0x180017150 LoadLibraryExW
0x180017158 GetCurrentProcess
0x180017160 ExitProcess
0x180017168 TerminateProcess
0x180017170 GetModuleHandleExW
0x180017178 GetModuleFileNameA
0x180017180 MultiByteToWideChar
0x180017188 WideCharToMultiByte
0x180017190 HeapFree
0x180017198 HeapAlloc
0x1800171a0 LCMapStringW
0x1800171a8 GetStdHandle
0x1800171b0 GetACP
0x1800171b8 GetStringTypeW
0x1800171c0 FindClose
0x1800171c8 FindFirstFileExA
0x1800171d0 IsValidCodePage
0x1800171d8 GetOEMCP
0x1800171e0 GetCPInfo
0x1800171e8 GetCommandLineA
0x1800171f0 GetCommandLineW
0x1800171f8 GetEnvironmentStringsW
0x180017200 FreeEnvironmentStringsW
0x180017208 GetProcessHeap
0x180017210 SetStdHandle
0x180017218 FlushFileBuffers
0x180017220 WriteFile
0x180017228 GetConsoleCP
0x180017230 GetConsoleMode
0x180017238 RaiseException
0x180017240 HeapSize
0x180017248 HeapReAlloc
0x180017250 SetFilePointerEx
0x180017258 WriteConsoleW
0x180017260 CreateFileW
EAT(Export Address Table) Library
0x1800154d0 CKQXU
0x180016050 DllRegisterServer
0x180015b50 KMYDtl
0x180012ec0 OLtC11K
0x180015e60 ZGWrNo7ng
KERNEL32.dll
0x180017000 CreateFileA
0x180017008 FindFirstFileA
0x180017010 FindNextFileA
0x180017018 GetFileAttributesA
0x180017020 GetFileType
0x180017028 CloseHandle
0x180017030 GetLastError
0x180017038 ConnectNamedPipe
0x180017040 DisconnectNamedPipe
0x180017048 InitializeCriticalSection
0x180017050 EnterCriticalSection
0x180017058 LeaveCriticalSection
0x180017060 DeleteCriticalSection
0x180017068 GetCurrentThreadId
0x180017070 VirtualAlloc
0x180017078 GetModuleHandleA
0x180017080 GetTempPathA
0x180017088 CreateNamedPipeA
0x180017090 GetComputerNameA
0x180017098 QueryPerformanceCounter
0x1800170a0 GetCurrentProcessId
0x1800170a8 GetSystemTimeAsFileTime
0x1800170b0 InitializeSListHead
0x1800170b8 RtlCaptureContext
0x1800170c0 RtlLookupFunctionEntry
0x1800170c8 RtlVirtualUnwind
0x1800170d0 IsDebuggerPresent
0x1800170d8 UnhandledExceptionFilter
0x1800170e0 SetUnhandledExceptionFilter
0x1800170e8 GetStartupInfoW
0x1800170f0 IsProcessorFeaturePresent
0x1800170f8 GetModuleHandleW
0x180017100 RtlUnwindEx
0x180017108 InterlockedFlushSList
0x180017110 SetLastError
0x180017118 InitializeCriticalSectionAndSpinCount
0x180017120 TlsAlloc
0x180017128 TlsGetValue
0x180017130 TlsSetValue
0x180017138 TlsFree
0x180017140 FreeLibrary
0x180017148 GetProcAddress
0x180017150 LoadLibraryExW
0x180017158 GetCurrentProcess
0x180017160 ExitProcess
0x180017168 TerminateProcess
0x180017170 GetModuleHandleExW
0x180017178 GetModuleFileNameA
0x180017180 MultiByteToWideChar
0x180017188 WideCharToMultiByte
0x180017190 HeapFree
0x180017198 HeapAlloc
0x1800171a0 LCMapStringW
0x1800171a8 GetStdHandle
0x1800171b0 GetACP
0x1800171b8 GetStringTypeW
0x1800171c0 FindClose
0x1800171c8 FindFirstFileExA
0x1800171d0 IsValidCodePage
0x1800171d8 GetOEMCP
0x1800171e0 GetCPInfo
0x1800171e8 GetCommandLineA
0x1800171f0 GetCommandLineW
0x1800171f8 GetEnvironmentStringsW
0x180017200 FreeEnvironmentStringsW
0x180017208 GetProcessHeap
0x180017210 SetStdHandle
0x180017218 FlushFileBuffers
0x180017220 WriteFile
0x180017228 GetConsoleCP
0x180017230 GetConsoleMode
0x180017238 RaiseException
0x180017240 HeapSize
0x180017248 HeapReAlloc
0x180017250 SetFilePointerEx
0x180017258 WriteConsoleW
0x180017260 CreateFileW
EAT(Export Address Table) Library
0x1800154d0 CKQXU
0x180016050 DllRegisterServer
0x180015b50 KMYDtl
0x180012ec0 OLtC11K
0x180015e60 ZGWrNo7ng