ScreenShot
| Created | 2022.12.10 15:14 | Machine | s1_win7_x6403 |
| Filename | syncfiles.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Unsafe, Coroxy, Vnt8, Attribute, HighConfidence, score, BackdoorX, FalseSign, Bwnw, Artemis, ydcjs, 9p42WWiBeJC, susgen, PossibleThreat, ZedlaF, @J9@aOoi1ncO) | ||
| md5 | 0d079a931e42f554016db36476e55ba7 | ||
| sha256 | ead2c5aaf92fe07db45b99587f586c7a45f92c67220cd8113a5d2e7bcb320798 | ||
| ssdeep | 196608:l3ksPqmzcl+LG314Hujb7KgkYCbGNBmHTER:lUON+2HBb8 | ||
| imphash | d3a98daa37dbe78969711cc1194ce51b | ||
| impfuzzy | 6:rCgG/ggIl0yMbKIj9GMWtsiAKWmjXA8VyH/JLGMZ/OiBJAEnERGDW:rCgGPIl0yz99aKdw8sZGMZGqAJcDW | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
user32.dll
0x10433000 SendMessageA
kernel32.dll
0x10433008 LocalFree
advapi32.dll
0x10433010 GetSidSubAuthority
wsock32.dll
0x10433018 WSAStartup
shell32.dll
0x10433020 CommandLineToArgvW
ws2_32.dll
0x10433028 freeaddrinfo
ole32.dll
0x10433030 CoUninitialize
secur32.dll
0x10433038 GetUserNameExA
psapi.dll
0x10433040 GetModuleFileNameExA
kernel32.dll
0x10433048 GetSystemTimeAsFileTime
user32.dll
0x10433050 CharUpperBuffW
kernel32.dll
0x10433058 LocalAlloc
0x1043305c LocalFree
0x10433060 GetModuleFileNameW
0x10433064 ExitProcess
0x10433068 LoadLibraryA
0x1043306c GetModuleHandleA
0x10433070 GetProcAddress
EAT(Export Address Table) Library
0x1000100c rundll
user32.dll
0x10433000 SendMessageA
kernel32.dll
0x10433008 LocalFree
advapi32.dll
0x10433010 GetSidSubAuthority
wsock32.dll
0x10433018 WSAStartup
shell32.dll
0x10433020 CommandLineToArgvW
ws2_32.dll
0x10433028 freeaddrinfo
ole32.dll
0x10433030 CoUninitialize
secur32.dll
0x10433038 GetUserNameExA
psapi.dll
0x10433040 GetModuleFileNameExA
kernel32.dll
0x10433048 GetSystemTimeAsFileTime
user32.dll
0x10433050 CharUpperBuffW
kernel32.dll
0x10433058 LocalAlloc
0x1043305c LocalFree
0x10433060 GetModuleFileNameW
0x10433064 ExitProcess
0x10433068 LoadLibraryA
0x1043306c GetModuleHandleA
0x10433070 GetProcAddress
EAT(Export Address Table) Library
0x1000100c rundll