ScreenShot
| Created | 2023.01.22 14:02 | Machine | s1_win7_x6401 |
| Filename | Y6F8h5 | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (GenericKD, Artemis, Unsafe, Vhjt, Attribute, HighConfidence, AFBN, Malicious, score, CLOUD, ai score=84, Detected, Chgt, R04AH09AH23, susgen) | ||
| md5 | 5c1d49ce048a20458519ba0b762d84c7 | ||
| sha256 | 320ed64e1200825dab347eca5d78c2aac988e1fc20a1dc4d010879000dd984ae | ||
| ssdeep | 12288:AuUMcATtpy9GZRWYc6Nqg01g2u+OeO+OeNhBBhhBBAK+BUEM9ATHnyCLuiesexmm:AuwQXcy7K+G+THhLuCempzLqOGg2h3rD | ||
| imphash | ea85fafdd61be6b6e3ca7ab463b53a78 | ||
| impfuzzy | 96:/uX3IqxoNc+H32btqTuX17fysX+k4iMo6quRK9Hn83L4UTN:/I3F7fHOk40XukpikUTN | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10081048 GetSystemWow64DirectoryW
0x1008104c IsWow64Process
0x10081050 GetCurrentProcess
0x10081054 CreateProcessA
0x10081058 HeapAlloc
0x1008105c GetProcessHeap
0x10081060 HeapFree
0x10081064 SetLastError
0x10081068 VirtualProtect
0x1008106c IsBadReadPtr
0x10081070 VirtualAlloc
0x10081074 WinExec
0x10081078 GetProcAddress
0x1008107c FreeLibrary
0x10081080 GetNativeSystemInfo
0x10081084 GetThreadLocale
0x10081088 IsDebuggerPresent
0x1008108c WTSGetActiveConsoleSessionId
0x10081090 GetComputerNameW
0x10081094 OutputDebugStringW
0x10081098 CreateEventW
0x1008109c CreateThread
0x100810a0 SetEvent
0x100810a4 SetEndOfFile
0x100810a8 GetTempPathW
0x100810ac MultiByteToWideChar
0x100810b0 WriteFile
0x100810b4 lstrlenW
0x100810b8 ReadFile
0x100810bc CreateFileW
0x100810c0 WaitForSingleObject
0x100810c4 TerminateProcess
0x100810c8 GetLastError
0x100810cc CreateProcessW
0x100810d0 LoadLibraryA
0x100810d4 OpenProcess
0x100810d8 Sleep
0x100810dc CloseHandle
0x100810e0 Process32NextW
0x100810e4 Process32FirstW
0x100810e8 VirtualFree
0x100810ec CreateToolhelp32Snapshot
0x100810f0 WriteConsoleW
0x100810f4 SetStdHandle
0x100810f8 FreeEnvironmentStringsW
0x100810fc GetEnvironmentStringsW
0x10081100 GetCommandLineW
0x10081104 GetCommandLineA
0x10081108 GetOEMCP
0x1008110c GetACP
0x10081110 IsValidCodePage
0x10081114 FindNextFileW
0x10081118 FindFirstFileExW
0x1008111c FindClose
0x10081120 HeapSize
0x10081124 WideCharToMultiByte
0x10081128 QueryPerformanceCounter
0x1008112c QueryPerformanceFrequency
0x10081130 WaitForSingleObjectEx
0x10081134 SwitchToThread
0x10081138 GetCurrentThreadId
0x1008113c EnterCriticalSection
0x10081140 LeaveCriticalSection
0x10081144 DeleteCriticalSection
0x10081148 EncodePointer
0x1008114c DecodePointer
0x10081150 InitializeCriticalSectionAndSpinCount
0x10081154 TlsAlloc
0x10081158 TlsGetValue
0x1008115c TlsSetValue
0x10081160 TlsFree
0x10081164 GetSystemTimeAsFileTime
0x10081168 GetTickCount
0x1008116c GetModuleHandleW
0x10081170 TryEnterCriticalSection
0x10081174 LCMapStringW
0x10081178 GetLocaleInfoW
0x1008117c GetStringTypeW
0x10081180 GetCPInfo
0x10081184 GetCurrentThread
0x10081188 GetThreadTimes
0x1008118c InitializeSListHead
0x10081190 UnhandledExceptionFilter
0x10081194 SetUnhandledExceptionFilter
0x10081198 IsProcessorFeaturePresent
0x1008119c ResetEvent
0x100811a0 GetStartupInfoW
0x100811a4 GetCurrentProcessId
0x100811a8 CreateTimerQueue
0x100811ac SignalObjectAndWait
0x100811b0 SetThreadPriority
0x100811b4 GetThreadPriority
0x100811b8 GetLogicalProcessorInformation
0x100811bc CreateTimerQueueTimer
0x100811c0 ChangeTimerQueueTimer
0x100811c4 DeleteTimerQueueTimer
0x100811c8 GetNumaHighestNodeNumber
0x100811cc GetProcessAffinityMask
0x100811d0 SetThreadAffinityMask
0x100811d4 RegisterWaitForSingleObject
0x100811d8 UnregisterWait
0x100811dc FreeLibraryAndExitThread
0x100811e0 GetModuleFileNameW
0x100811e4 GetModuleHandleA
0x100811e8 LoadLibraryExW
0x100811ec GetVersionExW
0x100811f0 DuplicateHandle
0x100811f4 ReleaseSemaphore
0x100811f8 InterlockedPopEntrySList
0x100811fc InterlockedPushEntrySList
0x10081200 InterlockedFlushSList
0x10081204 QueryDepthSList
0x10081208 UnregisterWaitEx
0x1008120c LoadLibraryW
0x10081210 RtlUnwind
0x10081214 RaiseException
0x10081218 ExitThread
0x1008121c GetModuleHandleExW
0x10081220 ExitProcess
0x10081224 GetStdHandle
0x10081228 GetFileType
0x1008122c IsValidLocale
0x10081230 GetUserDefaultLCID
0x10081234 EnumSystemLocalesW
0x10081238 GetFileSizeEx
0x1008123c SetFilePointerEx
0x10081240 GetFileAttributesExW
0x10081244 DeleteFileW
0x10081248 HeapReAlloc
0x1008124c GetConsoleMode
0x10081250 ReadConsoleW
0x10081254 FlushFileBuffers
0x10081258 GetConsoleCP
ADVAPI32.dll
0x10081000 SetServiceStatus
0x10081004 RegisterServiceCtrlHandlerW
0x10081008 StartServiceCtrlDispatcherW
0x1008100c RegGetValueA
0x10081010 RegOpenKeyExW
0x10081014 RegCloseKey
0x10081018 RegSetValueExW
0x1008101c RegCreateKeyExW
0x10081020 CryptReleaseContext
0x10081024 CryptDestroyKey
0x10081028 CryptDestroyHash
0x1008102c CryptDecrypt
0x10081030 CryptDeriveKey
0x10081034 CryptHashData
0x10081038 CryptCreateHash
0x1008103c CryptImportKey
0x10081040 CryptAcquireContextW
WS2_32.dll
0x10081260 recv
0x10081264 inet_addr
0x10081268 WSACleanup
0x1008126c closesocket
0x10081270 connect
0x10081274 inet_ntop
0x10081278 socket
0x1008127c WSAStartup
0x10081280 htons
0x10081284 WSAGetLastError
0x10081288 select
0x1008128c send
WTSAPI32.dll
0x10081294 WTSQuerySessionInformationW
crypt.dll
0x1008129c BCryptGenRandom
0x100812a0 BCryptCloseAlgorithmProvider
0x100812a4 BCryptOpenAlgorithmProvider
EAT(Export Address Table) Library
0x1000e2e0 AxlnstSVGroup
KERNEL32.dll
0x10081048 GetSystemWow64DirectoryW
0x1008104c IsWow64Process
0x10081050 GetCurrentProcess
0x10081054 CreateProcessA
0x10081058 HeapAlloc
0x1008105c GetProcessHeap
0x10081060 HeapFree
0x10081064 SetLastError
0x10081068 VirtualProtect
0x1008106c IsBadReadPtr
0x10081070 VirtualAlloc
0x10081074 WinExec
0x10081078 GetProcAddress
0x1008107c FreeLibrary
0x10081080 GetNativeSystemInfo
0x10081084 GetThreadLocale
0x10081088 IsDebuggerPresent
0x1008108c WTSGetActiveConsoleSessionId
0x10081090 GetComputerNameW
0x10081094 OutputDebugStringW
0x10081098 CreateEventW
0x1008109c CreateThread
0x100810a0 SetEvent
0x100810a4 SetEndOfFile
0x100810a8 GetTempPathW
0x100810ac MultiByteToWideChar
0x100810b0 WriteFile
0x100810b4 lstrlenW
0x100810b8 ReadFile
0x100810bc CreateFileW
0x100810c0 WaitForSingleObject
0x100810c4 TerminateProcess
0x100810c8 GetLastError
0x100810cc CreateProcessW
0x100810d0 LoadLibraryA
0x100810d4 OpenProcess
0x100810d8 Sleep
0x100810dc CloseHandle
0x100810e0 Process32NextW
0x100810e4 Process32FirstW
0x100810e8 VirtualFree
0x100810ec CreateToolhelp32Snapshot
0x100810f0 WriteConsoleW
0x100810f4 SetStdHandle
0x100810f8 FreeEnvironmentStringsW
0x100810fc GetEnvironmentStringsW
0x10081100 GetCommandLineW
0x10081104 GetCommandLineA
0x10081108 GetOEMCP
0x1008110c GetACP
0x10081110 IsValidCodePage
0x10081114 FindNextFileW
0x10081118 FindFirstFileExW
0x1008111c FindClose
0x10081120 HeapSize
0x10081124 WideCharToMultiByte
0x10081128 QueryPerformanceCounter
0x1008112c QueryPerformanceFrequency
0x10081130 WaitForSingleObjectEx
0x10081134 SwitchToThread
0x10081138 GetCurrentThreadId
0x1008113c EnterCriticalSection
0x10081140 LeaveCriticalSection
0x10081144 DeleteCriticalSection
0x10081148 EncodePointer
0x1008114c DecodePointer
0x10081150 InitializeCriticalSectionAndSpinCount
0x10081154 TlsAlloc
0x10081158 TlsGetValue
0x1008115c TlsSetValue
0x10081160 TlsFree
0x10081164 GetSystemTimeAsFileTime
0x10081168 GetTickCount
0x1008116c GetModuleHandleW
0x10081170 TryEnterCriticalSection
0x10081174 LCMapStringW
0x10081178 GetLocaleInfoW
0x1008117c GetStringTypeW
0x10081180 GetCPInfo
0x10081184 GetCurrentThread
0x10081188 GetThreadTimes
0x1008118c InitializeSListHead
0x10081190 UnhandledExceptionFilter
0x10081194 SetUnhandledExceptionFilter
0x10081198 IsProcessorFeaturePresent
0x1008119c ResetEvent
0x100811a0 GetStartupInfoW
0x100811a4 GetCurrentProcessId
0x100811a8 CreateTimerQueue
0x100811ac SignalObjectAndWait
0x100811b0 SetThreadPriority
0x100811b4 GetThreadPriority
0x100811b8 GetLogicalProcessorInformation
0x100811bc CreateTimerQueueTimer
0x100811c0 ChangeTimerQueueTimer
0x100811c4 DeleteTimerQueueTimer
0x100811c8 GetNumaHighestNodeNumber
0x100811cc GetProcessAffinityMask
0x100811d0 SetThreadAffinityMask
0x100811d4 RegisterWaitForSingleObject
0x100811d8 UnregisterWait
0x100811dc FreeLibraryAndExitThread
0x100811e0 GetModuleFileNameW
0x100811e4 GetModuleHandleA
0x100811e8 LoadLibraryExW
0x100811ec GetVersionExW
0x100811f0 DuplicateHandle
0x100811f4 ReleaseSemaphore
0x100811f8 InterlockedPopEntrySList
0x100811fc InterlockedPushEntrySList
0x10081200 InterlockedFlushSList
0x10081204 QueryDepthSList
0x10081208 UnregisterWaitEx
0x1008120c LoadLibraryW
0x10081210 RtlUnwind
0x10081214 RaiseException
0x10081218 ExitThread
0x1008121c GetModuleHandleExW
0x10081220 ExitProcess
0x10081224 GetStdHandle
0x10081228 GetFileType
0x1008122c IsValidLocale
0x10081230 GetUserDefaultLCID
0x10081234 EnumSystemLocalesW
0x10081238 GetFileSizeEx
0x1008123c SetFilePointerEx
0x10081240 GetFileAttributesExW
0x10081244 DeleteFileW
0x10081248 HeapReAlloc
0x1008124c GetConsoleMode
0x10081250 ReadConsoleW
0x10081254 FlushFileBuffers
0x10081258 GetConsoleCP
ADVAPI32.dll
0x10081000 SetServiceStatus
0x10081004 RegisterServiceCtrlHandlerW
0x10081008 StartServiceCtrlDispatcherW
0x1008100c RegGetValueA
0x10081010 RegOpenKeyExW
0x10081014 RegCloseKey
0x10081018 RegSetValueExW
0x1008101c RegCreateKeyExW
0x10081020 CryptReleaseContext
0x10081024 CryptDestroyKey
0x10081028 CryptDestroyHash
0x1008102c CryptDecrypt
0x10081030 CryptDeriveKey
0x10081034 CryptHashData
0x10081038 CryptCreateHash
0x1008103c CryptImportKey
0x10081040 CryptAcquireContextW
WS2_32.dll
0x10081260 recv
0x10081264 inet_addr
0x10081268 WSACleanup
0x1008126c closesocket
0x10081270 connect
0x10081274 inet_ntop
0x10081278 socket
0x1008127c WSAStartup
0x10081280 htons
0x10081284 WSAGetLastError
0x10081288 select
0x1008128c send
WTSAPI32.dll
0x10081294 WTSQuerySessionInformationW
crypt.dll
0x1008129c BCryptGenRandom
0x100812a0 BCryptCloseAlgorithmProvider
0x100812a4 BCryptOpenAlgorithmProvider
EAT(Export Address Table) Library
0x1000e2e0 AxlnstSVGroup