ScreenShot
| Created | 2023.03.15 09:04 | Machine | s1_win7_x6401 |
| Filename | loader_p1_dll_64_n1_x64_inf.dll77.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 1 detected (ICEDID, SMYXDAVZ) | ||
| md5 | 658f14c5d83de5e5fee5f5ae00087139 | ||
| sha256 | 274ff7a41a6af130f6342b4625ab139c7077702e59cd0d5fc375f404a918b6be | ||
| ssdeep | 6144:wI+QWLzCll9xQXnJ2740Za/Q6hJFl/q+LT54w:wP1zCb9xQXnJCfx6hPdK | ||
| imphash | 46c09ac363e8f98a61dc89538208d875 | ||
| impfuzzy | 12:HZNVjJ5A/D7vhb543YPXJ1XJMzcf/IziqtHzqtHM3aV8WKjCYKamEsgaICu1W6aZ:5950D7vXL6ziyftOt5Kj4V4J0Z | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by one AntiVirus engine on VirusTotal as malicious |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180033890 GetCurrentThreadId
0x180033898 GetSystemTimeAsFileTime
0x1800338a0 WideCharToMultiByte
0x1800338a8 GetVersionExA
0x1800338b0 GetLastError
0x1800338b8 MultiByteToWideChar
0x1800338c0 GetLocaleInfoA
0x1800338c8 LoadLibraryA
0x1800338d0 GetProcAddress
0x1800338d8 GetCurrentProcessId
0x1800338e0 QueryPerformanceCounter
0x1800338e8 GetModuleHandleW
0x1800338f0 GetStartupInfoW
0x1800338f8 IsDebuggerPresent
0x180033900 IsProcessorFeaturePresent
0x180033908 TerminateProcess
0x180033910 GetCurrentProcess
0x180033918 SetUnhandledExceptionFilter
0x180033920 UnhandledExceptionFilter
0x180033928 RtlVirtualUnwind
0x180033930 RtlLookupFunctionEntry
0x180033938 RtlCaptureContext
0x180033940 InitializeSListHead
USER32.dll
0x180033950 SystemParametersInfoA
GDI32.dll
0x1800337e8 Polyline
0x1800337f0 ExtTextOutW
0x1800337f8 SetWorldTransform
0x180033800 GetWorldTransform
0x180033808 GetTextMetricsA
0x180033810 SetGraphicsMode
0x180033818 Rectangle
0x180033820 GetGlyphIndicesW
0x180033828 GetFontUnicodeRanges
0x180033830 GetGraphicsMode
0x180033838 GetGlyphOutlineA
0x180033840 CreateSolidBrush
0x180033848 CreateDCA
0x180033850 SelectObject
0x180033858 GetFontData
0x180033860 EnumFontFamiliesExW
0x180033868 CreateFontIndirectA
0x180033870 DeleteObject
0x180033878 CreateFontIndirectW
0x180033880 GetDeviceCaps
EAT(Export Address Table) Library
0x18000b3e0 cango_attr_letter_spacing_new
0x18000b980 cango_attr_list_insert
0x18000bb10 cango_attr_list_new
0x18000bd30 cango_attr_list_unref
0x18000c1a0 cango_attr_strikethrough_new
0x18000c460 cango_attr_underline_new
0x180023660 cango_cairo_context_set_font_options
0x180023720 cango_cairo_context_set_resolution
0x180025030 cango_cairo_font_map_create_context
0x180025110 cango_cairo_font_map_get_default
0x180025310 cango_cairo_font_map_get_type
0x1800253a0 cango_cairo_font_map_new
0x1800254d0 cango_cairo_font_map_set_resolution
0x1800266e0 cango_cairo_layout_path
0x180027460 cango_cairo_show_layout
0x1800238b0 cango_cairo_update_context
0x18000e0f0 cango_context_get_font_description
0x18000e1d0 cango_context_get_gravity
0x18000e710 cango_context_set_base_dir
0x18000e750 cango_context_set_base_gravity
0x18000e980 cango_context_set_gravity_hint
0x18000e9c0 cango_context_set_language
0x180006450 cango_font_description_copy
0x1800065b0 cango_font_description_free
0x1800065f0 cango_font_description_from_string
0x180006d70 cango_font_description_new
0x180006e70 cango_font_description_set_family_static
0x180006f40 cango_font_description_set_size
0x180006f80 cango_font_description_set_stretch
0x180006fb0 cango_font_description_set_style
0x180006fe0 cango_font_description_set_variant
0x180007010 cango_font_description_set_weight
0x180010f90 cango_font_map_create_context
0x1800130a0 cango_gravity_to_rotation
0x180013660 cango_language_from_string
0x180015b60 cango_layout_context_changed
0x1800160e0 cango_layout_get_context
0x1800165d0 cango_layout_get_extents
0x180016ae0 cango_layout_get_iter
0x1800171b0 cango_layout_get_size
0x180017da0 cango_layout_iter_free
0x180017df0 cango_layout_iter_get_baseline
0x180019f30 cango_layout_new
0x18001a240 cango_layout_set_alignment
0x18001a2a0 cango_layout_set_attributes
0x18001a320 cango_layout_set_auto_dir
0x18001a420 cango_layout_set_ellipsize
0x18001a510 cango_layout_set_font_description
0x18001a5c0 cango_layout_set_height
0x18001a630 cango_layout_set_indent
0x18001a670 cango_layout_set_justify
0x18001a6d0 cango_layout_set_markup
0x18001a870 cango_layout_set_single_paragraph_mode
0x18001aab0 cango_layout_set_text
0x18001ac20 cango_layout_set_width
0x18001ac70 cango_layout_set_wrap
0x18001d310 init
KERNEL32.dll
0x180033890 GetCurrentThreadId
0x180033898 GetSystemTimeAsFileTime
0x1800338a0 WideCharToMultiByte
0x1800338a8 GetVersionExA
0x1800338b0 GetLastError
0x1800338b8 MultiByteToWideChar
0x1800338c0 GetLocaleInfoA
0x1800338c8 LoadLibraryA
0x1800338d0 GetProcAddress
0x1800338d8 GetCurrentProcessId
0x1800338e0 QueryPerformanceCounter
0x1800338e8 GetModuleHandleW
0x1800338f0 GetStartupInfoW
0x1800338f8 IsDebuggerPresent
0x180033900 IsProcessorFeaturePresent
0x180033908 TerminateProcess
0x180033910 GetCurrentProcess
0x180033918 SetUnhandledExceptionFilter
0x180033920 UnhandledExceptionFilter
0x180033928 RtlVirtualUnwind
0x180033930 RtlLookupFunctionEntry
0x180033938 RtlCaptureContext
0x180033940 InitializeSListHead
USER32.dll
0x180033950 SystemParametersInfoA
GDI32.dll
0x1800337e8 Polyline
0x1800337f0 ExtTextOutW
0x1800337f8 SetWorldTransform
0x180033800 GetWorldTransform
0x180033808 GetTextMetricsA
0x180033810 SetGraphicsMode
0x180033818 Rectangle
0x180033820 GetGlyphIndicesW
0x180033828 GetFontUnicodeRanges
0x180033830 GetGraphicsMode
0x180033838 GetGlyphOutlineA
0x180033840 CreateSolidBrush
0x180033848 CreateDCA
0x180033850 SelectObject
0x180033858 GetFontData
0x180033860 EnumFontFamiliesExW
0x180033868 CreateFontIndirectA
0x180033870 DeleteObject
0x180033878 CreateFontIndirectW
0x180033880 GetDeviceCaps
EAT(Export Address Table) Library
0x18000b3e0 cango_attr_letter_spacing_new
0x18000b980 cango_attr_list_insert
0x18000bb10 cango_attr_list_new
0x18000bd30 cango_attr_list_unref
0x18000c1a0 cango_attr_strikethrough_new
0x18000c460 cango_attr_underline_new
0x180023660 cango_cairo_context_set_font_options
0x180023720 cango_cairo_context_set_resolution
0x180025030 cango_cairo_font_map_create_context
0x180025110 cango_cairo_font_map_get_default
0x180025310 cango_cairo_font_map_get_type
0x1800253a0 cango_cairo_font_map_new
0x1800254d0 cango_cairo_font_map_set_resolution
0x1800266e0 cango_cairo_layout_path
0x180027460 cango_cairo_show_layout
0x1800238b0 cango_cairo_update_context
0x18000e0f0 cango_context_get_font_description
0x18000e1d0 cango_context_get_gravity
0x18000e710 cango_context_set_base_dir
0x18000e750 cango_context_set_base_gravity
0x18000e980 cango_context_set_gravity_hint
0x18000e9c0 cango_context_set_language
0x180006450 cango_font_description_copy
0x1800065b0 cango_font_description_free
0x1800065f0 cango_font_description_from_string
0x180006d70 cango_font_description_new
0x180006e70 cango_font_description_set_family_static
0x180006f40 cango_font_description_set_size
0x180006f80 cango_font_description_set_stretch
0x180006fb0 cango_font_description_set_style
0x180006fe0 cango_font_description_set_variant
0x180007010 cango_font_description_set_weight
0x180010f90 cango_font_map_create_context
0x1800130a0 cango_gravity_to_rotation
0x180013660 cango_language_from_string
0x180015b60 cango_layout_context_changed
0x1800160e0 cango_layout_get_context
0x1800165d0 cango_layout_get_extents
0x180016ae0 cango_layout_get_iter
0x1800171b0 cango_layout_get_size
0x180017da0 cango_layout_iter_free
0x180017df0 cango_layout_iter_get_baseline
0x180019f30 cango_layout_new
0x18001a240 cango_layout_set_alignment
0x18001a2a0 cango_layout_set_attributes
0x18001a320 cango_layout_set_auto_dir
0x18001a420 cango_layout_set_ellipsize
0x18001a510 cango_layout_set_font_description
0x18001a5c0 cango_layout_set_height
0x18001a630 cango_layout_set_indent
0x18001a670 cango_layout_set_justify
0x18001a6d0 cango_layout_set_markup
0x18001a870 cango_layout_set_single_paragraph_mode
0x18001aab0 cango_layout_set_text
0x18001ac20 cango_layout_set_width
0x18001ac70 cango_layout_set_wrap
0x18001d310 init