ScreenShot
| Created | 2022.12.12 16:18 | Machine | s1_win7_x6401 |
| Filename | chkds.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (Androm, malicious, high confidence, Siggen18, Lazy, confidence, 100%, ZedlaF, Sq6@aqQX5Mji, Genus, DLQF, ABRisk, KHHY, GenCBL, R03FC0DJN22, score, jtcotu, BackdoorX, Uwhl, MalCert, Malware@#2fasj3ho2cp4a, Artemis, Generic ML PUA, bdrw, kiiwe, kcloud, Detected, CLASSIC, ai score=88, PossibleThreat, Chgt) | ||
| md5 | 775fb391db27e299af08933917a3acda | ||
| sha256 | 2d50b03a92445ba53ae147d0b97c494858c86a56fe037c44bc0edabb902420f7 | ||
| ssdeep | 12288:mSr91kIy1bQYZEEDBK515C4sDOIKVQWalJ4+PzOhgxgyag9HEGZ5zi2AGv/:mSr9Ny1zY5CzIanfPXgQtZ5ziRK | ||
| imphash | 6fb4702c474d70a8d90b8cc55a05c07e | ||
| impfuzzy | 48:M60ntQS1jtc+pCPn8uFZ/r3SokSYSv6Uyl3GL:M60ntQS1hc+pCPndrL | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Checks for the presence of known windows from debuggers and forensic tools |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x100ae000 CreateFileW
0x100ae004 FindClose
0x100ae008 FindFirstFileW
0x100ae00c WriteFile
0x100ae010 CloseHandle
0x100ae014 GetLastError
0x100ae018 SetLastError
0x100ae01c HeapAlloc
0x100ae020 HeapFree
0x100ae024 GetProcessHeap
0x100ae028 ReleaseSemaphore
0x100ae02c ReleaseMutex
0x100ae030 WaitForSingleObject
0x100ae034 CreateMutexW
0x100ae038 Sleep
0x100ae03c WaitForMultipleObjects
0x100ae040 CreateSemaphoreW
0x100ae044 GetModuleFileNameW
0x100ae048 lstrlenA
0x100ae04c GetNativeSystemInfo
0x100ae050 VirtualAlloc
0x100ae054 VirtualProtect
0x100ae058 VirtualFree
0x100ae05c FreeLibrary
0x100ae060 GetProcAddress
0x100ae064 LoadLibraryA
0x100ae068 IsBadReadPtr
0x100ae06c WriteConsoleW
0x100ae070 ReadConsoleW
0x100ae074 ReadFile
0x100ae078 HeapSize
0x100ae07c DecodePointer
0x100ae080 GetStringTypeW
0x100ae084 SetFilePointerEx
0x100ae088 GetFileSizeEx
0x100ae08c SetStdHandle
0x100ae090 GetConsoleMode
0x100ae094 GetConsoleCP
0x100ae098 FlushFileBuffers
0x100ae09c IsProcessorFeaturePresent
0x100ae0a0 IsDebuggerPresent
0x100ae0a4 UnhandledExceptionFilter
0x100ae0a8 SetUnhandledExceptionFilter
0x100ae0ac GetStartupInfoW
0x100ae0b0 GetModuleHandleW
0x100ae0b4 GetCurrentProcess
0x100ae0b8 TerminateProcess
0x100ae0bc QueryPerformanceCounter
0x100ae0c0 GetCurrentProcessId
0x100ae0c4 GetCurrentThreadId
0x100ae0c8 GetSystemTimeAsFileTime
0x100ae0cc InitializeSListHead
0x100ae0d0 InterlockedPushEntrySList
0x100ae0d4 InterlockedFlushSList
0x100ae0d8 EnterCriticalSection
0x100ae0dc LeaveCriticalSection
0x100ae0e0 DeleteCriticalSection
0x100ae0e4 InitializeCriticalSectionAndSpinCount
0x100ae0e8 TlsAlloc
0x100ae0ec TlsGetValue
0x100ae0f0 TlsSetValue
0x100ae0f4 TlsFree
0x100ae0f8 LoadLibraryExW
0x100ae0fc RtlUnwind
0x100ae100 EncodePointer
0x100ae104 RaiseException
0x100ae108 CreateThread
0x100ae10c ExitThread
0x100ae110 ResumeThread
0x100ae114 FreeLibraryAndExitThread
0x100ae118 GetModuleHandleExW
0x100ae11c ExitProcess
0x100ae120 GetDateFormatW
0x100ae124 GetTimeFormatW
0x100ae128 CompareStringW
0x100ae12c LCMapStringW
0x100ae130 GetLocaleInfoW
0x100ae134 IsValidLocale
0x100ae138 GetUserDefaultLCID
0x100ae13c EnumSystemLocalesW
0x100ae140 GetStdHandle
0x100ae144 GetFileType
0x100ae148 GetCurrentThread
0x100ae14c HeapReAlloc
0x100ae150 FindFirstFileExW
0x100ae154 FindNextFileW
0x100ae158 IsValidCodePage
0x100ae15c GetACP
0x100ae160 GetOEMCP
0x100ae164 GetCPInfo
0x100ae168 GetCommandLineA
0x100ae16c GetCommandLineW
0x100ae170 MultiByteToWideChar
0x100ae174 WideCharToMultiByte
0x100ae178 GetEnvironmentStringsW
0x100ae17c FreeEnvironmentStringsW
0x100ae180 SetEnvironmentVariableW
0x100ae184 SetConsoleCtrlHandler
0x100ae188 OutputDebugStringW
USER32.dll
0x100ae198 SetWindowLongW
0x100ae19c GetWindowLongW
0x100ae1a0 LoadIconW
0x100ae1a4 EndDialog
0x100ae1a8 DialogBoxParamW
0x100ae1ac SendMessageW
0x100ae1b0 wsprintfW
0x100ae1b4 GetDlgItem
SHELL32.dll
0x100ae190 SHGetSpecialFolderPathW
EAT(Export Address Table) Library
0x100020d0 ChkdskExs
0x10001350 SSL_CTX_config
0x100014b0 SSL_get0_dane_tlsa
0x100016c0 SSL_write_early_data
KERNEL32.dll
0x100ae000 CreateFileW
0x100ae004 FindClose
0x100ae008 FindFirstFileW
0x100ae00c WriteFile
0x100ae010 CloseHandle
0x100ae014 GetLastError
0x100ae018 SetLastError
0x100ae01c HeapAlloc
0x100ae020 HeapFree
0x100ae024 GetProcessHeap
0x100ae028 ReleaseSemaphore
0x100ae02c ReleaseMutex
0x100ae030 WaitForSingleObject
0x100ae034 CreateMutexW
0x100ae038 Sleep
0x100ae03c WaitForMultipleObjects
0x100ae040 CreateSemaphoreW
0x100ae044 GetModuleFileNameW
0x100ae048 lstrlenA
0x100ae04c GetNativeSystemInfo
0x100ae050 VirtualAlloc
0x100ae054 VirtualProtect
0x100ae058 VirtualFree
0x100ae05c FreeLibrary
0x100ae060 GetProcAddress
0x100ae064 LoadLibraryA
0x100ae068 IsBadReadPtr
0x100ae06c WriteConsoleW
0x100ae070 ReadConsoleW
0x100ae074 ReadFile
0x100ae078 HeapSize
0x100ae07c DecodePointer
0x100ae080 GetStringTypeW
0x100ae084 SetFilePointerEx
0x100ae088 GetFileSizeEx
0x100ae08c SetStdHandle
0x100ae090 GetConsoleMode
0x100ae094 GetConsoleCP
0x100ae098 FlushFileBuffers
0x100ae09c IsProcessorFeaturePresent
0x100ae0a0 IsDebuggerPresent
0x100ae0a4 UnhandledExceptionFilter
0x100ae0a8 SetUnhandledExceptionFilter
0x100ae0ac GetStartupInfoW
0x100ae0b0 GetModuleHandleW
0x100ae0b4 GetCurrentProcess
0x100ae0b8 TerminateProcess
0x100ae0bc QueryPerformanceCounter
0x100ae0c0 GetCurrentProcessId
0x100ae0c4 GetCurrentThreadId
0x100ae0c8 GetSystemTimeAsFileTime
0x100ae0cc InitializeSListHead
0x100ae0d0 InterlockedPushEntrySList
0x100ae0d4 InterlockedFlushSList
0x100ae0d8 EnterCriticalSection
0x100ae0dc LeaveCriticalSection
0x100ae0e0 DeleteCriticalSection
0x100ae0e4 InitializeCriticalSectionAndSpinCount
0x100ae0e8 TlsAlloc
0x100ae0ec TlsGetValue
0x100ae0f0 TlsSetValue
0x100ae0f4 TlsFree
0x100ae0f8 LoadLibraryExW
0x100ae0fc RtlUnwind
0x100ae100 EncodePointer
0x100ae104 RaiseException
0x100ae108 CreateThread
0x100ae10c ExitThread
0x100ae110 ResumeThread
0x100ae114 FreeLibraryAndExitThread
0x100ae118 GetModuleHandleExW
0x100ae11c ExitProcess
0x100ae120 GetDateFormatW
0x100ae124 GetTimeFormatW
0x100ae128 CompareStringW
0x100ae12c LCMapStringW
0x100ae130 GetLocaleInfoW
0x100ae134 IsValidLocale
0x100ae138 GetUserDefaultLCID
0x100ae13c EnumSystemLocalesW
0x100ae140 GetStdHandle
0x100ae144 GetFileType
0x100ae148 GetCurrentThread
0x100ae14c HeapReAlloc
0x100ae150 FindFirstFileExW
0x100ae154 FindNextFileW
0x100ae158 IsValidCodePage
0x100ae15c GetACP
0x100ae160 GetOEMCP
0x100ae164 GetCPInfo
0x100ae168 GetCommandLineA
0x100ae16c GetCommandLineW
0x100ae170 MultiByteToWideChar
0x100ae174 WideCharToMultiByte
0x100ae178 GetEnvironmentStringsW
0x100ae17c FreeEnvironmentStringsW
0x100ae180 SetEnvironmentVariableW
0x100ae184 SetConsoleCtrlHandler
0x100ae188 OutputDebugStringW
USER32.dll
0x100ae198 SetWindowLongW
0x100ae19c GetWindowLongW
0x100ae1a0 LoadIconW
0x100ae1a4 EndDialog
0x100ae1a8 DialogBoxParamW
0x100ae1ac SendMessageW
0x100ae1b0 wsprintfW
0x100ae1b4 GetDlgItem
SHELL32.dll
0x100ae190 SHGetSpecialFolderPathW
EAT(Export Address Table) Library
0x100020d0 ChkdskExs
0x10001350 SSL_CTX_config
0x100014b0 SSL_get0_dane_tlsa
0x100016c0 SSL_write_early_data