ScreenShot
| Created | 2023.01.22 14:07 | Machine | s1_win7_x6403 |
| Filename | xlsrd.cpl | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (GenericKD, Unsafe, Bypassuac, V2q6, malicious, confidence, 100%, ABRisk, IYDL, Attribute, HighConfidence, moderate confidence, AFAV, score, TrojanX, Gencirc, jyidx, R002C0PA723, moderate, kcloud, Wacatac, Detected, R550611, Artemis, ai score=86, nRdGDLjv9nC, PossibleThreat, Chgt) | ||
| md5 | e8bab18bed7a61cadf2f0e0131329897 | ||
| sha256 | fcfa4888521a3850eae1afd0e336b3d9019b48d8b70bf43a907c3f8c8e0d36a2 | ||
| ssdeep | 3072:/hjiSq8FncYrxG5G6qk71yFqu58kXJXOgc0F7DdoamzoLuAB:/hfJFcd06R1zu584xTmzoLuk | ||
| imphash | 4318ccee09fca891f79e2432f02ab707 | ||
| impfuzzy | 24:sKtMS17MYlJeDc+pl3eDorodavRSOovbO9Z1jMj1wMuKmy:ztMS17Mbc+ppX1j3TKb | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10013014 WinExec
0x10013018 Sleep
0x1001301c CloseHandle
0x10013020 CreateProcessA
0x10013024 UnhandledExceptionFilter
0x10013028 SetUnhandledExceptionFilter
0x1001302c GetCurrentProcess
0x10013030 TerminateProcess
0x10013034 IsProcessorFeaturePresent
0x10013038 QueryPerformanceCounter
0x1001303c GetCurrentProcessId
0x10013040 GetCurrentThreadId
0x10013044 GetSystemTimeAsFileTime
0x10013048 InitializeSListHead
0x1001304c IsDebuggerPresent
0x10013050 GetStartupInfoW
0x10013054 GetModuleHandleW
0x10013058 RtlUnwind
0x1001305c RaiseException
0x10013060 InterlockedFlushSList
0x10013064 GetLastError
0x10013068 SetLastError
0x1001306c EncodePointer
0x10013070 EnterCriticalSection
0x10013074 LeaveCriticalSection
0x10013078 DeleteCriticalSection
0x1001307c InitializeCriticalSectionAndSpinCount
0x10013080 TlsAlloc
0x10013084 TlsGetValue
0x10013088 TlsSetValue
0x1001308c TlsFree
0x10013090 FreeLibrary
0x10013094 GetProcAddress
0x10013098 LoadLibraryExW
0x1001309c ExitProcess
0x100130a0 GetModuleHandleExW
0x100130a4 GetModuleFileNameW
0x100130a8 HeapAlloc
0x100130ac HeapFree
0x100130b0 LCMapStringW
0x100130b4 GetStdHandle
0x100130b8 GetFileType
0x100130bc FindClose
0x100130c0 FindFirstFileExW
0x100130c4 FindNextFileW
0x100130c8 IsValidCodePage
0x100130cc GetACP
0x100130d0 GetOEMCP
0x100130d4 GetCPInfo
0x100130d8 GetCommandLineA
0x100130dc GetCommandLineW
0x100130e0 MultiByteToWideChar
0x100130e4 WideCharToMultiByte
0x100130e8 GetEnvironmentStringsW
0x100130ec FreeEnvironmentStringsW
0x100130f0 GetProcessHeap
0x100130f4 FlushFileBuffers
0x100130f8 WriteFile
0x100130fc GetConsoleCP
0x10013100 GetConsoleMode
0x10013104 SetStdHandle
0x10013108 GetFileSizeEx
0x1001310c SetFilePointerEx
0x10013110 GetStringTypeW
0x10013114 HeapSize
0x10013118 HeapReAlloc
0x1001311c CreateFileW
0x10013120 WriteConsoleW
0x10013124 DecodePointer
ADVAPI32.dll
0x10013000 RegDeleteValueW
0x10013004 RegCloseKey
0x10013008 RegSetValueExW
0x1001300c RegOpenKeyExW
EAT(Export Address Table) is none
KERNEL32.dll
0x10013014 WinExec
0x10013018 Sleep
0x1001301c CloseHandle
0x10013020 CreateProcessA
0x10013024 UnhandledExceptionFilter
0x10013028 SetUnhandledExceptionFilter
0x1001302c GetCurrentProcess
0x10013030 TerminateProcess
0x10013034 IsProcessorFeaturePresent
0x10013038 QueryPerformanceCounter
0x1001303c GetCurrentProcessId
0x10013040 GetCurrentThreadId
0x10013044 GetSystemTimeAsFileTime
0x10013048 InitializeSListHead
0x1001304c IsDebuggerPresent
0x10013050 GetStartupInfoW
0x10013054 GetModuleHandleW
0x10013058 RtlUnwind
0x1001305c RaiseException
0x10013060 InterlockedFlushSList
0x10013064 GetLastError
0x10013068 SetLastError
0x1001306c EncodePointer
0x10013070 EnterCriticalSection
0x10013074 LeaveCriticalSection
0x10013078 DeleteCriticalSection
0x1001307c InitializeCriticalSectionAndSpinCount
0x10013080 TlsAlloc
0x10013084 TlsGetValue
0x10013088 TlsSetValue
0x1001308c TlsFree
0x10013090 FreeLibrary
0x10013094 GetProcAddress
0x10013098 LoadLibraryExW
0x1001309c ExitProcess
0x100130a0 GetModuleHandleExW
0x100130a4 GetModuleFileNameW
0x100130a8 HeapAlloc
0x100130ac HeapFree
0x100130b0 LCMapStringW
0x100130b4 GetStdHandle
0x100130b8 GetFileType
0x100130bc FindClose
0x100130c0 FindFirstFileExW
0x100130c4 FindNextFileW
0x100130c8 IsValidCodePage
0x100130cc GetACP
0x100130d0 GetOEMCP
0x100130d4 GetCPInfo
0x100130d8 GetCommandLineA
0x100130dc GetCommandLineW
0x100130e0 MultiByteToWideChar
0x100130e4 WideCharToMultiByte
0x100130e8 GetEnvironmentStringsW
0x100130ec FreeEnvironmentStringsW
0x100130f0 GetProcessHeap
0x100130f4 FlushFileBuffers
0x100130f8 WriteFile
0x100130fc GetConsoleCP
0x10013100 GetConsoleMode
0x10013104 SetStdHandle
0x10013108 GetFileSizeEx
0x1001310c SetFilePointerEx
0x10013110 GetStringTypeW
0x10013114 HeapSize
0x10013118 HeapReAlloc
0x1001311c CreateFileW
0x10013120 WriteConsoleW
0x10013124 DecodePointer
ADVAPI32.dll
0x10013000 RegDeleteValueW
0x10013004 RegCloseKey
0x10013008 RegSetValueExW
0x1001300c RegOpenKeyExW
EAT(Export Address Table) is none