ScreenShot
| Created | 2023.03.08 11:07 | Machine | s1_win7_x6403 |
| Filename | cred64.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (FlaVoredP, Mikey, Zusy, Amadey, PasswordStealer, Vfz3, TrojanPSW, malicious, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, high confidence, score, juyxof, TrojanX, QQPass, QQRob, Bkjl, SpyBot, R002C0DBJ23, Steal, lydwq, Detected, R551446, FDOE, ai score=81, 8Idbp2vqW9I) | ||
| md5 | d4175d9293f11ba1b93acceaccc246f6 | ||
| sha256 | 91754bd7d53eec9009fd37b11d67b274b055de8c002faa8c4ac02af60d76943e | ||
| ssdeep | 24576:xdaH8CpPW2AnZVrZ+7xr1bZfVahxs43IF9:HF2AnZVrZSxhZfVaDM | ||
| imphash | 7440c982ea49d693b3f3d5cb31294fdf | ||
| impfuzzy | 96:YtpvZtu7Ze6BF1V5g4uP6xQhDtQ8Bg99tFMTk:Yhtu7Z3FIB+7yTk | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
| info | Tries to locate where the browsers are installed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Ave_Maria_Zero | Remote Access Trojan that is also called WARZONE RAT | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
CRYPT32.dll
0x1800d0048 CryptUnprotectData
KERNEL32.dll
0x1800d0058 OutputDebugStringA
0x1800d0060 LockFile
0x1800d0068 LeaveCriticalSection
0x1800d0070 InitializeCriticalSection
0x1800d0078 SetFilePointer
0x1800d0080 GetFullPathNameA
0x1800d0088 SetEndOfFile
0x1800d0090 UnlockFileEx
0x1800d0098 GetTempPathW
0x1800d00a0 CreateMutexW
0x1800d00a8 WaitForSingleObject
0x1800d00b0 CreateFileW
0x1800d00b8 GetFileAttributesW
0x1800d00c0 GetCurrentThreadId
0x1800d00c8 UnmapViewOfFile
0x1800d00d0 HeapValidate
0x1800d00d8 HeapSize
0x1800d00e0 MultiByteToWideChar
0x1800d00e8 Sleep
0x1800d00f0 GetTempPathA
0x1800d00f8 FormatMessageW
0x1800d0100 GetDiskFreeSpaceA
0x1800d0108 GetLastError
0x1800d0110 GetFileAttributesA
0x1800d0118 GetFileAttributesExW
0x1800d0120 OutputDebugStringW
0x1800d0128 CreateFileA
0x1800d0130 LoadLibraryA
0x1800d0138 WaitForSingleObjectEx
0x1800d0140 DeleteFileA
0x1800d0148 DeleteFileW
0x1800d0150 HeapReAlloc
0x1800d0158 CloseHandle
0x1800d0160 GetSystemInfo
0x1800d0168 LoadLibraryW
0x1800d0170 HeapAlloc
0x1800d0178 HeapCompact
0x1800d0180 HeapDestroy
0x1800d0188 UnlockFile
0x1800d0190 GetProcAddress
0x1800d0198 CreateFileMappingA
0x1800d01a0 LocalFree
0x1800d01a8 LockFileEx
0x1800d01b0 GetFileSize
0x1800d01b8 DeleteCriticalSection
0x1800d01c0 GetCurrentProcessId
0x1800d01c8 GetProcessHeap
0x1800d01d0 SystemTimeToFileTime
0x1800d01d8 FreeLibrary
0x1800d01e0 WideCharToMultiByte
0x1800d01e8 GetSystemTimeAsFileTime
0x1800d01f0 GetSystemTime
0x1800d01f8 FormatMessageA
0x1800d0200 CreateFileMappingW
0x1800d0208 MapViewOfFile
0x1800d0210 QueryPerformanceCounter
0x1800d0218 GetTickCount
0x1800d0220 FlushFileBuffers
0x1800d0228 SetHandleInformation
0x1800d0230 FindFirstFileA
0x1800d0238 Wow64DisableWow64FsRedirection
0x1800d0240 K32GetModuleFileNameExW
0x1800d0248 FindNextFileA
0x1800d0250 CreatePipe
0x1800d0258 PeekNamedPipe
0x1800d0260 lstrlenA
0x1800d0268 FindClose
0x1800d0270 GetCurrentDirectoryA
0x1800d0278 lstrcatA
0x1800d0280 OpenProcess
0x1800d0288 SetCurrentDirectoryA
0x1800d0290 CreateToolhelp32Snapshot
0x1800d0298 ProcessIdToSessionId
0x1800d02a0 CopyFileA
0x1800d02a8 Wow64RevertWow64FsRedirection
0x1800d02b0 Process32NextW
0x1800d02b8 Process32FirstW
0x1800d02c0 CreateThread
0x1800d02c8 CreateProcessA
0x1800d02d0 CreateDirectoryA
0x1800d02d8 WriteConsoleW
0x1800d02e0 WriteFile
0x1800d02e8 GetFullPathNameW
0x1800d02f0 EnterCriticalSection
0x1800d02f8 HeapFree
0x1800d0300 HeapCreate
0x1800d0308 TryEnterCriticalSection
0x1800d0310 ReadFile
0x1800d0318 AreFileApisANSI
0x1800d0320 GetDiskFreeSpaceW
0x1800d0328 ReadConsoleW
0x1800d0330 SetFilePointerEx
0x1800d0338 GetConsoleMode
0x1800d0340 GetConsoleCP
0x1800d0348 SetEnvironmentVariableW
0x1800d0350 FreeEnvironmentStringsW
0x1800d0358 GetEnvironmentStringsW
0x1800d0360 GetCommandLineW
0x1800d0368 GetCommandLineA
0x1800d0370 GetOEMCP
0x1800d0378 GetACP
0x1800d0380 IsValidCodePage
0x1800d0388 FindNextFileW
0x1800d0390 FindFirstFileExW
0x1800d0398 SetStdHandle
0x1800d03a0 GetCurrentDirectoryW
0x1800d03a8 RtlCaptureContext
0x1800d03b0 RtlLookupFunctionEntry
0x1800d03b8 RtlVirtualUnwind
0x1800d03c0 IsDebuggerPresent
0x1800d03c8 UnhandledExceptionFilter
0x1800d03d0 SetUnhandledExceptionFilter
0x1800d03d8 GetStartupInfoW
0x1800d03e0 IsProcessorFeaturePresent
0x1800d03e8 GetModuleHandleW
0x1800d03f0 InitializeSListHead
0x1800d03f8 SetLastError
0x1800d0400 InitializeCriticalSectionAndSpinCount
0x1800d0408 SwitchToThread
0x1800d0410 TlsAlloc
0x1800d0418 TlsGetValue
0x1800d0420 TlsSetValue
0x1800d0428 TlsFree
0x1800d0430 EncodePointer
0x1800d0438 DecodePointer
0x1800d0440 GetCPInfo
0x1800d0448 CompareStringW
0x1800d0450 LCMapStringW
0x1800d0458 GetLocaleInfoW
0x1800d0460 GetStringTypeW
0x1800d0468 RtlUnwindEx
0x1800d0470 RtlPcToFileHeader
0x1800d0478 RaiseException
0x1800d0480 InterlockedFlushSList
0x1800d0488 LoadLibraryExW
0x1800d0490 ExitThread
0x1800d0498 FreeLibraryAndExitThread
0x1800d04a0 GetModuleHandleExW
0x1800d04a8 GetDriveTypeW
0x1800d04b0 GetFileInformationByHandle
0x1800d04b8 GetFileType
0x1800d04c0 SystemTimeToTzSpecificLocalTime
0x1800d04c8 FileTimeToSystemTime
0x1800d04d0 GetCurrentProcess
0x1800d04d8 TerminateProcess
0x1800d04e0 ExitProcess
0x1800d04e8 GetModuleFileNameW
0x1800d04f0 IsValidLocale
0x1800d04f8 GetUserDefaultLCID
0x1800d0500 EnumSystemLocalesW
0x1800d0508 GetTimeZoneInformation
0x1800d0510 GetStdHandle
ADVAPI32.dll
0x1800d0000 RegQueryValueExA
0x1800d0008 RegEnumValueW
0x1800d0010 RegCloseKey
0x1800d0018 RegQueryInfoKeyW
0x1800d0020 GetUserNameW
0x1800d0028 RegOpenKeyExA
0x1800d0030 ConvertSidToStringSidW
0x1800d0038 LookupAccountNameW
SHELL32.dll
0x1800d0520 SHGetFolderPathA
0x1800d0528 SHFileOperationA
WININET.dll
0x1800d0538 HttpOpenRequestA
0x1800d0540 InternetWriteFile
0x1800d0548 InternetReadFile
0x1800d0550 InternetConnectA
0x1800d0558 HttpSendRequestA
0x1800d0560 InternetCloseHandle
0x1800d0568 InternetOpenA
0x1800d0570 HttpAddRequestHeadersA
0x1800d0578 HttpSendRequestExW
0x1800d0580 HttpEndRequestA
0x1800d0588 InternetOpenW
crypt.dll
0x1800d0598 BCryptOpenAlgorithmProvider
0x1800d05a0 BCryptSetProperty
0x1800d05a8 BCryptGenerateSymmetricKey
0x1800d05b0 BCryptDecrypt
EAT(Export Address Table) Library
0x1800a4a20 Main
0x180003bd0 Save
CRYPT32.dll
0x1800d0048 CryptUnprotectData
KERNEL32.dll
0x1800d0058 OutputDebugStringA
0x1800d0060 LockFile
0x1800d0068 LeaveCriticalSection
0x1800d0070 InitializeCriticalSection
0x1800d0078 SetFilePointer
0x1800d0080 GetFullPathNameA
0x1800d0088 SetEndOfFile
0x1800d0090 UnlockFileEx
0x1800d0098 GetTempPathW
0x1800d00a0 CreateMutexW
0x1800d00a8 WaitForSingleObject
0x1800d00b0 CreateFileW
0x1800d00b8 GetFileAttributesW
0x1800d00c0 GetCurrentThreadId
0x1800d00c8 UnmapViewOfFile
0x1800d00d0 HeapValidate
0x1800d00d8 HeapSize
0x1800d00e0 MultiByteToWideChar
0x1800d00e8 Sleep
0x1800d00f0 GetTempPathA
0x1800d00f8 FormatMessageW
0x1800d0100 GetDiskFreeSpaceA
0x1800d0108 GetLastError
0x1800d0110 GetFileAttributesA
0x1800d0118 GetFileAttributesExW
0x1800d0120 OutputDebugStringW
0x1800d0128 CreateFileA
0x1800d0130 LoadLibraryA
0x1800d0138 WaitForSingleObjectEx
0x1800d0140 DeleteFileA
0x1800d0148 DeleteFileW
0x1800d0150 HeapReAlloc
0x1800d0158 CloseHandle
0x1800d0160 GetSystemInfo
0x1800d0168 LoadLibraryW
0x1800d0170 HeapAlloc
0x1800d0178 HeapCompact
0x1800d0180 HeapDestroy
0x1800d0188 UnlockFile
0x1800d0190 GetProcAddress
0x1800d0198 CreateFileMappingA
0x1800d01a0 LocalFree
0x1800d01a8 LockFileEx
0x1800d01b0 GetFileSize
0x1800d01b8 DeleteCriticalSection
0x1800d01c0 GetCurrentProcessId
0x1800d01c8 GetProcessHeap
0x1800d01d0 SystemTimeToFileTime
0x1800d01d8 FreeLibrary
0x1800d01e0 WideCharToMultiByte
0x1800d01e8 GetSystemTimeAsFileTime
0x1800d01f0 GetSystemTime
0x1800d01f8 FormatMessageA
0x1800d0200 CreateFileMappingW
0x1800d0208 MapViewOfFile
0x1800d0210 QueryPerformanceCounter
0x1800d0218 GetTickCount
0x1800d0220 FlushFileBuffers
0x1800d0228 SetHandleInformation
0x1800d0230 FindFirstFileA
0x1800d0238 Wow64DisableWow64FsRedirection
0x1800d0240 K32GetModuleFileNameExW
0x1800d0248 FindNextFileA
0x1800d0250 CreatePipe
0x1800d0258 PeekNamedPipe
0x1800d0260 lstrlenA
0x1800d0268 FindClose
0x1800d0270 GetCurrentDirectoryA
0x1800d0278 lstrcatA
0x1800d0280 OpenProcess
0x1800d0288 SetCurrentDirectoryA
0x1800d0290 CreateToolhelp32Snapshot
0x1800d0298 ProcessIdToSessionId
0x1800d02a0 CopyFileA
0x1800d02a8 Wow64RevertWow64FsRedirection
0x1800d02b0 Process32NextW
0x1800d02b8 Process32FirstW
0x1800d02c0 CreateThread
0x1800d02c8 CreateProcessA
0x1800d02d0 CreateDirectoryA
0x1800d02d8 WriteConsoleW
0x1800d02e0 WriteFile
0x1800d02e8 GetFullPathNameW
0x1800d02f0 EnterCriticalSection
0x1800d02f8 HeapFree
0x1800d0300 HeapCreate
0x1800d0308 TryEnterCriticalSection
0x1800d0310 ReadFile
0x1800d0318 AreFileApisANSI
0x1800d0320 GetDiskFreeSpaceW
0x1800d0328 ReadConsoleW
0x1800d0330 SetFilePointerEx
0x1800d0338 GetConsoleMode
0x1800d0340 GetConsoleCP
0x1800d0348 SetEnvironmentVariableW
0x1800d0350 FreeEnvironmentStringsW
0x1800d0358 GetEnvironmentStringsW
0x1800d0360 GetCommandLineW
0x1800d0368 GetCommandLineA
0x1800d0370 GetOEMCP
0x1800d0378 GetACP
0x1800d0380 IsValidCodePage
0x1800d0388 FindNextFileW
0x1800d0390 FindFirstFileExW
0x1800d0398 SetStdHandle
0x1800d03a0 GetCurrentDirectoryW
0x1800d03a8 RtlCaptureContext
0x1800d03b0 RtlLookupFunctionEntry
0x1800d03b8 RtlVirtualUnwind
0x1800d03c0 IsDebuggerPresent
0x1800d03c8 UnhandledExceptionFilter
0x1800d03d0 SetUnhandledExceptionFilter
0x1800d03d8 GetStartupInfoW
0x1800d03e0 IsProcessorFeaturePresent
0x1800d03e8 GetModuleHandleW
0x1800d03f0 InitializeSListHead
0x1800d03f8 SetLastError
0x1800d0400 InitializeCriticalSectionAndSpinCount
0x1800d0408 SwitchToThread
0x1800d0410 TlsAlloc
0x1800d0418 TlsGetValue
0x1800d0420 TlsSetValue
0x1800d0428 TlsFree
0x1800d0430 EncodePointer
0x1800d0438 DecodePointer
0x1800d0440 GetCPInfo
0x1800d0448 CompareStringW
0x1800d0450 LCMapStringW
0x1800d0458 GetLocaleInfoW
0x1800d0460 GetStringTypeW
0x1800d0468 RtlUnwindEx
0x1800d0470 RtlPcToFileHeader
0x1800d0478 RaiseException
0x1800d0480 InterlockedFlushSList
0x1800d0488 LoadLibraryExW
0x1800d0490 ExitThread
0x1800d0498 FreeLibraryAndExitThread
0x1800d04a0 GetModuleHandleExW
0x1800d04a8 GetDriveTypeW
0x1800d04b0 GetFileInformationByHandle
0x1800d04b8 GetFileType
0x1800d04c0 SystemTimeToTzSpecificLocalTime
0x1800d04c8 FileTimeToSystemTime
0x1800d04d0 GetCurrentProcess
0x1800d04d8 TerminateProcess
0x1800d04e0 ExitProcess
0x1800d04e8 GetModuleFileNameW
0x1800d04f0 IsValidLocale
0x1800d04f8 GetUserDefaultLCID
0x1800d0500 EnumSystemLocalesW
0x1800d0508 GetTimeZoneInformation
0x1800d0510 GetStdHandle
ADVAPI32.dll
0x1800d0000 RegQueryValueExA
0x1800d0008 RegEnumValueW
0x1800d0010 RegCloseKey
0x1800d0018 RegQueryInfoKeyW
0x1800d0020 GetUserNameW
0x1800d0028 RegOpenKeyExA
0x1800d0030 ConvertSidToStringSidW
0x1800d0038 LookupAccountNameW
SHELL32.dll
0x1800d0520 SHGetFolderPathA
0x1800d0528 SHFileOperationA
WININET.dll
0x1800d0538 HttpOpenRequestA
0x1800d0540 InternetWriteFile
0x1800d0548 InternetReadFile
0x1800d0550 InternetConnectA
0x1800d0558 HttpSendRequestA
0x1800d0560 InternetCloseHandle
0x1800d0568 InternetOpenA
0x1800d0570 HttpAddRequestHeadersA
0x1800d0578 HttpSendRequestExW
0x1800d0580 HttpEndRequestA
0x1800d0588 InternetOpenW
crypt.dll
0x1800d0598 BCryptOpenAlgorithmProvider
0x1800d05a0 BCryptSetProperty
0x1800d05a8 BCryptGenerateSymmetricKey
0x1800d05b0 BCryptDecrypt
EAT(Export Address Table) Library
0x1800a4a20 Main
0x180003bd0 Save