ScreenShot
| Created | 2022.12.14 13:28 | Machine | s1_win7_x6401 |
| Filename | tempresource.tmp | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 5 detected (malicious, high confidence, confidence, Generic ML PUA, score) | ||
| md5 | 2bdb5acc4e988fd06a757455ab706054 | ||
| sha256 | 881f63a744db8b580970ae2737869322a222d0ccf82b25ed38bf0657f7dfd3a0 | ||
| ssdeep | 6144:TFAcN0+Jf+U9vOPTPEKBw68l5t+ohqg6hBNla/dIpzzV+AUYKfX+SYPkdD:TWcN0+Jf0FBwhXL+xJzULfLYPkd | ||
| imphash | c7532019c885953ac7a18df9fd34d53a | ||
| impfuzzy | 24:uyTlJHMziTEK02tnqDpOFvTkzvPWvNwA3uM4VTM4gM7ICn51zRIfTgKxL:VTgT+tn+uvmINlkTBH58J | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The executable uses a known packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180077000 OutputDebugStringA
0x180077008 CloseHandle
0x180077010 GetLastError
0x180077018 SetLastError
0x180077020 HeapAlloc
0x180077028 GetProcessHeap
0x180077030 CreateProcessA
0x180077038 GetProcessId
0x180077040 InitializeProcThreadAttributeList
0x180077048 UpdateProcThreadAttribute
0x180077050 OpenProcess
0x180077058 lstrcmpW
0x180077060 lstrcmpiA
0x180077068 CreateToolhelp32Snapshot
0x180077070 Process32First
0x180077078 Process32Next
0x180077080 IsDebuggerPresent
0x180077088 RaiseException
0x180077090 MultiByteToWideChar
0x180077098 WideCharToMultiByte
0x1800770a0 RtlCaptureContext
0x1800770a8 RtlLookupFunctionEntry
0x1800770b0 RtlVirtualUnwind
0x1800770b8 UnhandledExceptionFilter
0x1800770c0 SetUnhandledExceptionFilter
0x1800770c8 GetCurrentThreadId
0x1800770d0 GetProcAddress
0x1800770d8 FreeLibrary
0x1800770e0 VirtualQuery
0x1800770e8 HeapFree
0x1800770f0 GetModuleHandleW
0x1800770f8 GetStartupInfoW
0x180077100 InitializeSListHead
0x180077108 GetSystemTimeAsFileTime
0x180077110 GetCurrentProcessId
0x180077118 QueryPerformanceCounter
0x180077120 IsProcessorFeaturePresent
0x180077128 GetCurrentProcess
0x180077130 TerminateProcess
VCRUNTIME140D.dll
0x1800771c8 __vcrt_GetModuleHandleW
0x1800771d0 __vcrt_GetModuleFileNameW
0x1800771d8 __current_exception_context
0x1800771e0 __current_exception
0x1800771e8 __std_type_info_destroy_list
0x1800771f0 __C_specific_handler_noexcept
0x1800771f8 __C_specific_handler
0x180077200 memset
0x180077208 memcpy
0x180077210 __vcrt_LoadLibraryExW
ucrtbased.dll
0x180077280 wcscpy_s
0x180077288 _wsplitpath_s
0x180077290 _wmakepath_s
0x180077298 terminate
0x1800772a0 _cexit
0x1800772a8 _crt_at_quick_exit
0x1800772b0 _crt_atexit
0x1800772b8 _execute_onexit_table
0x1800772c0 _register_onexit_function
0x1800772c8 _initialize_onexit_table
0x1800772d0 _initialize_narrow_environment
0x1800772d8 _configure_narrow_argv
0x1800772e0 __stdio_common_vsprintf_s
0x1800772e8 strcat_s
0x1800772f0 strcpy_s
0x1800772f8 _initterm_e
0x180077300 _initterm
0x180077308 _CrtDbgReportW
0x180077310 _CrtDbgReport
0x180077318 rand
0x180077320 exit
0x180077328 _seh_filter_dll
EAT(Export Address Table) Library
0x180011276 mydllmain
KERNEL32.dll
0x180077000 OutputDebugStringA
0x180077008 CloseHandle
0x180077010 GetLastError
0x180077018 SetLastError
0x180077020 HeapAlloc
0x180077028 GetProcessHeap
0x180077030 CreateProcessA
0x180077038 GetProcessId
0x180077040 InitializeProcThreadAttributeList
0x180077048 UpdateProcThreadAttribute
0x180077050 OpenProcess
0x180077058 lstrcmpW
0x180077060 lstrcmpiA
0x180077068 CreateToolhelp32Snapshot
0x180077070 Process32First
0x180077078 Process32Next
0x180077080 IsDebuggerPresent
0x180077088 RaiseException
0x180077090 MultiByteToWideChar
0x180077098 WideCharToMultiByte
0x1800770a0 RtlCaptureContext
0x1800770a8 RtlLookupFunctionEntry
0x1800770b0 RtlVirtualUnwind
0x1800770b8 UnhandledExceptionFilter
0x1800770c0 SetUnhandledExceptionFilter
0x1800770c8 GetCurrentThreadId
0x1800770d0 GetProcAddress
0x1800770d8 FreeLibrary
0x1800770e0 VirtualQuery
0x1800770e8 HeapFree
0x1800770f0 GetModuleHandleW
0x1800770f8 GetStartupInfoW
0x180077100 InitializeSListHead
0x180077108 GetSystemTimeAsFileTime
0x180077110 GetCurrentProcessId
0x180077118 QueryPerformanceCounter
0x180077120 IsProcessorFeaturePresent
0x180077128 GetCurrentProcess
0x180077130 TerminateProcess
VCRUNTIME140D.dll
0x1800771c8 __vcrt_GetModuleHandleW
0x1800771d0 __vcrt_GetModuleFileNameW
0x1800771d8 __current_exception_context
0x1800771e0 __current_exception
0x1800771e8 __std_type_info_destroy_list
0x1800771f0 __C_specific_handler_noexcept
0x1800771f8 __C_specific_handler
0x180077200 memset
0x180077208 memcpy
0x180077210 __vcrt_LoadLibraryExW
ucrtbased.dll
0x180077280 wcscpy_s
0x180077288 _wsplitpath_s
0x180077290 _wmakepath_s
0x180077298 terminate
0x1800772a0 _cexit
0x1800772a8 _crt_at_quick_exit
0x1800772b0 _crt_atexit
0x1800772b8 _execute_onexit_table
0x1800772c0 _register_onexit_function
0x1800772c8 _initialize_onexit_table
0x1800772d0 _initialize_narrow_environment
0x1800772d8 _configure_narrow_argv
0x1800772e0 __stdio_common_vsprintf_s
0x1800772e8 strcat_s
0x1800772f0 strcpy_s
0x1800772f8 _initterm_e
0x180077300 _initterm
0x180077308 _CrtDbgReportW
0x180077310 _CrtDbgReport
0x180077318 rand
0x180077320 exit
0x180077328 _seh_filter_dll
EAT(Export Address Table) Library
0x180011276 mydllmain