popup

Report - loader_p1_dll_64_n1_x64_inf.dll35.dll

UPX OS Processor Check DLL PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.03.17 07:56 Machine s1_win7_x6403
Filename loader_p1_dll_64_n1_x64_inf.dll35.dll
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
AI Score
3
 Behavior Score
1.6
ZERO API file : clean
VT API (file) 5 detected (malicious, confidence, 100%, ICEDID, SMYXDAVZ, CLOUD)
md5 47fc7775d368ebe67b4b27c7913a4e11
sha256 8bef7c5f74640080536d669c15629c4c720bc081c1f72505eed8c3b87fd5f915
ssdeep 12288:tgUuiAbzjDBGGidp60AHqpKKkmFKpBDor0K:vuiA/BGGioK
imphash 04176b340a5c16b5775696c3d4857c6d
impfuzzy 6:/Yy1ZfP7+OPjIUAZVebPXhXTQwETOGrOliPEcJOMREcJ4izmuETlb7Sn:rbfCObYZ8vhU43YPXJ1XJMzs
  Network IP location

Signature (6cnts)

Level Description
notice File has been identified by 5 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks if process is being debugged by a debugger
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info This executable has a PDB path

Rules (5cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x180038100 WideCharToMultiByte
 0x180038108 GetStartupInfoW
 0x180038110 IsDebuggerPresent
 0x180038118 InitializeSListHead
 0x180038120 DisableThreadLibraryCalls
 0x180038128 GetSystemTimeAsFileTime
 0x180038130 GetCurrentThreadId
 0x180038138 GetCurrentProcessId
 0x180038140 QueryPerformanceCounter
 0x180038148 IsProcessorFeaturePresent
 0x180038150 TerminateProcess
 0x180038158 GetCurrentProcess
 0x180038160 SetUnhandledExceptionFilter
 0x180038168 UnhandledExceptionFilter
 0x180038170 RtlVirtualUnwind
 0x180038178 RtlLookupFunctionEntry
 0x180038180 RtlCaptureContext
 0x180038188 GetModuleHandleW

EAT(Export Address Table) Library

0x180011730 cIFFAccessTagMethods
0x180001c00 cIFFCIELabToRGBInit
0x180001e00 cIFFCIELabToXYZ
0x1800336d0 cIFFCheckTile
0x18000ce60 cIFFCheckpointDirectory
0x1800018f0 cIFFCleanup
0x18002a9c0 cIFFClientOpen
0x18002b0f0 cIFFClientdata
0x180001a80 cIFFClose
0x180032a00 cIFFComputeStrip
0x180033760 cIFFComputeTile
0x180002f90 cIFFCreateCustomDirectory
0x180002fe0 cIFFCreateDirectory
0x180003020 cIFFCreateEXIFDirectory
0x180003080 cIFFCurrentDirOffset
0x18002b100 cIFFCurrentDirectory
0x18002b110 cIFFCurrentRow
0x18002b120 cIFFCurrentStrip
0x18002b130 cIFFCurrentTile
0x1800054d0 cIFFDataWidth
0x180032a70 cIFFDefaultStripSize
0x180033890 cIFFDefaultTileSize
0x180011650 cIFFError
0x1800116b0 cIFFErrorExt
0x180033e20 cIFFFdOpen
0x180005560 cIFFFieldDataType
0x180005570 cIFFFieldName
0x180005580 cIFFFieldPassCount
0x180005590 cIFFFieldReadCount
0x1800055a0 cIFFFieldTag
0x1800055b0 cIFFFieldWithName
0x180005680 cIFFFieldWithTag
0x1800056e0 cIFFFieldWriteCount
0x18002b140 cIFFFileName
0x18002b150 cIFFFileno
0x180002460 cIFFFindCODEC
0x1800056f0 cIFFFindField
0x1800160b0 cIFFFlush
0x180016250 cIFFFlushData
0x1800031f0 cIFFFreeDirectory
0x180032ff0 cIFFGetBitRevTable
0x180011740 cIFFGetClientInfo
0x18002b160 cIFFGetCloseProc
0x1800024b0 cIFFGetConfiguredCODECs
0x1800033d0 cIFFGetField
0x180001300 cIFFGetFieldDefaulted
0x18002b170 cIFFGetMapFileProc
0x18002b180 cIFFGetMode
0x18002b190 cIFFGetReadProc
0x18002b1a0 cIFFGetSeekProc
0x18002b1b0 cIFFGetSizeProc
0x180011790 cIFFGetTagListCount
0x1800117a0 cIFFGetTagListEntry
0x18002b1c0 cIFFGetUnmapFileProc
0x180034310 cIFFGetVersion
0x18002b1d0 cIFFGetWriteProc
0x18002b1e0 cIFFIsBigEndian
0x18002b200 cIFFIsByteSwapped
0x180001ae0 cIFFIsCODECConfigured
0x18002b210 cIFFIsMSB2LSB
0x18002b220 cIFFIsTiled
0x18002b230 cIFFIsUpSampled
0x180003400 cIFFLastDirectory
0x1800057b0 cIFFMergeFieldInfo
0x180003410 cIFFNumberOfDirectories
0x180032a80 cIFFNumberOfStrips
0x1800338a0 cIFFNumberOfTiles
0x180033ea0 cIFFOpen
0x180033fb0 cIFFOpenW
0x180030150 cIFFPrintDirectory
0x180016940 cIFFRGBAImageBegin
0x180016f50 cIFFRGBAImageEnd
0x180017020 cIFFRGBAImageGet
0x1800170a0 cIFFRGBAImageOK
0x180032ad0 cIFFRasterScanlineSize
0x180032ae0 cIFFRasterScanlineSize64
0x180032b70 cIFFRawStripSize
0x180032bc0 cIFFRawStripSize64
0x180031c20 cIFFReadBufferSetup
0x180007f00 cIFFReadCustomDirectory
0x18000bdf0 cIFFReadDirectory
0x18000ce20 cIFFReadEXIFDirectory
0x180031d40 cIFFReadEncodedStrip
0x180031e90 cIFFReadEncodedTile
0x1800173c0 cIFFReadRGBAImage
0x1800173e0 cIFFReadRGBAImageOriented
0x180017530 cIFFReadRGBAStrip
0x1800176f0 cIFFReadRGBATile
0x180031f80 cIFFReadRawStrip
0x180032200 cIFFReadRawTile
0x180032480 cIFFReadScanline
0x180032550 cIFFReadTile
0x180002740 cIFFRegisterCODEC
0x180033010 cIFFReverseBits
0x18000d360 cIFFRewriteDirectory
0x180032c10 cIFFScanlineSize
0x180032c20 cIFFScanlineSize64
0x1800117d0 cIFFSetClientInfo
0x18002b240 cIFFSetClientdata
0x180002800 cIFFSetCompressionScheme
0x1800034c0 cIFFSetDirectory
0x180011710 cIFFSetErrorHandler
0x180011720 cIFFSetErrorHandlerExt
0x180003560 cIFFSetField
0x18002b250 cIFFSetFileName
0x18002b260 cIFFSetFileno
0x18002b270 cIFFSetMode
0x1800035b0 cIFFSetSubDirectory
0x1800035c0 cIFFSetTagExtender
0x180034320 cIFFSetWarningHandler
0x180034330 cIFFSetWarningHandlerExt
0x180034760 cIFFSetWriteOffset
0x180034770 cIFFSetupStrips
0x180032d80 cIFFStripSize
0x180032d90 cIFFStripSize64
0x1800330c0 cIFFSwabArrayOfDouble
0x180033120 cIFFSwabArrayOfFloat
0x180033160 cIFFSwabArrayOfLong
0x1800331a0 cIFFSwabArrayOfLong8
0x180033200 cIFFSwabArrayOfShort
0x180033230 cIFFSwabArrayOfTriples
0x180033260 cIFFSwabDouble
0x1800332a0 cIFFSwabFloat
0x1800332c0 cIFFSwabLong
0x1800332e0 cIFFSwabLong8
0x180033320 cIFFSwabShort
0x1800339b0 cIFFTileRowSize
0x1800339c0 cIFFTileRowSize64
0x180033a80 cIFFTileSize
0x180033a90 cIFFTileSize64
0x1800028a0 cIFFUnRegisterCODEC
0x1800035d0 cIFFUnlinkDirectory
0x180003840 cIFFUnsetField
0x180003940 cIFFVGetField
0x180001330 cIFFVGetFieldDefaulted
0x1800039c0 cIFFVSetField
0x180032da0 cIFFVStripSize
0x180032db0 cIFFVStripSize64
0x180033aa0 cIFFVTileSize
0x180033ab0 cIFFVTileSize64
0x180034340 cIFFWarning
0x1800343a0 cIFFWarningExt
0x180034860 cIFFWriteBufferSetup
0x180034970 cIFFWriteCheck
0x18000d700 cIFFWriteCustomDirectory
0x18000d710 cIFFWriteDirectory
0x180034b00 cIFFWriteEncodedStrip
0x180034d60 cIFFWriteEncodedTile
0x180035000 cIFFWriteRawStrip
0x180035110 cIFFWriteRawTile
0x1800351b0 cIFFWriteScanline
0x180035460 cIFFWriteTile
0x180001f20 cIFFXYZToRGB
0x1800020d0 cIFFYCbCrToRGBInit
0x180002380 cIFFYCbCrtoRGB
0x180001750 cTIFFCheckMalloc
0x180001770 cTIFFCheckRealloc
0x180010db0 cTIFFRewriteField
0x180034110 cTIFFfree
0x180034120 cTIFFmalloc
0x180034130 cTIFFmemcmp
0x180034140 cTIFFmemcpy
0x180034150 cTIFFmemset
0x18001d400 init

Similarity measure (PE file only) - Checking for service failure