ScreenShot
| Created | 2023.04.04 07:03 | Machine | s1_win7_x6401 |
| Filename | libcurl.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 20 detected (GenericKD, AFIY, Infected, Outbreak, ai score=85, Artemis, R06BH0CD223, susgen) | ||
| md5 | 1c812c7057527a6d163c54cc4ecc4830 | ||
| sha256 | a1452126afab8381749c34ab80303fcf95f94af500ba6acd7dba3fbbafa3295f | ||
| ssdeep | 1536:yjGllSyDgwaiaAR6Ts7b8K5kASGlGWSoZ8dkEU+ScHA6sWjcdou8U+eUus7FhE:gDmDR77glU+3Qou8UPts7XE | ||
| imphash | a71870b2900b81810c8101229eba3bda | ||
| impfuzzy | 24:srHMU1/ZoXDVOovhEG5nc+jtVJBl2pvWSBZE:yJWEGRc+jthKWSs | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1000f000 WinExec
0x1000f004 GetCurrentProcess
0x1000f008 GetLastError
0x1000f00c CloseHandle
0x1000f010 WriteConsoleW
0x1000f014 SetStdHandle
0x1000f018 SetFilePointerEx
0x1000f01c GetConsoleMode
0x1000f020 GetConsoleCP
0x1000f024 FlushFileBuffers
0x1000f028 GetStringTypeW
0x1000f02c OutputDebugStringW
0x1000f030 EncodePointer
0x1000f034 DecodePointer
0x1000f038 ExitProcess
0x1000f03c GetModuleHandleExW
0x1000f040 GetProcAddress
0x1000f044 MultiByteToWideChar
0x1000f048 WideCharToMultiByte
0x1000f04c HeapAlloc
0x1000f050 GetCommandLineA
0x1000f054 GetCurrentThreadId
0x1000f058 RaiseException
0x1000f05c RtlUnwind
0x1000f060 IsDebuggerPresent
0x1000f064 IsProcessorFeaturePresent
0x1000f068 HeapSize
0x1000f06c HeapFree
0x1000f070 EnterCriticalSection
0x1000f074 LeaveCriticalSection
0x1000f078 DeleteCriticalSection
0x1000f07c UnhandledExceptionFilter
0x1000f080 SetUnhandledExceptionFilter
0x1000f084 SetLastError
0x1000f088 InitializeCriticalSectionAndSpinCount
0x1000f08c Sleep
0x1000f090 TerminateProcess
0x1000f094 TlsAlloc
0x1000f098 TlsGetValue
0x1000f09c TlsSetValue
0x1000f0a0 TlsFree
0x1000f0a4 GetStartupInfoW
0x1000f0a8 GetModuleHandleW
0x1000f0ac GetStdHandle
0x1000f0b0 WriteFile
0x1000f0b4 GetModuleFileNameW
0x1000f0b8 LoadLibraryExW
0x1000f0bc IsValidCodePage
0x1000f0c0 GetACP
0x1000f0c4 GetOEMCP
0x1000f0c8 GetCPInfo
0x1000f0cc GetProcessHeap
0x1000f0d0 GetFileType
0x1000f0d4 GetModuleFileNameA
0x1000f0d8 QueryPerformanceCounter
0x1000f0dc GetCurrentProcessId
0x1000f0e0 GetSystemTimeAsFileTime
0x1000f0e4 GetEnvironmentStringsW
0x1000f0e8 FreeEnvironmentStringsW
0x1000f0ec HeapReAlloc
0x1000f0f0 LCMapStringW
0x1000f0f4 CreateFileW
EAT(Export Address Table) Library
0x10001990 curl_easy_cleanup
0x10001990 curl_easy_getinfo
0x100019a0 curl_easy_init
0x100019a0 curl_easy_perform
0x100019a0 curl_easy_setopt
0x100019a0 curl_easy_strerror
0x100019a0 curl_formadd
0x100019a0 curl_formfree
0x100019a0 curl_slist_append
KERNEL32.dll
0x1000f000 WinExec
0x1000f004 GetCurrentProcess
0x1000f008 GetLastError
0x1000f00c CloseHandle
0x1000f010 WriteConsoleW
0x1000f014 SetStdHandle
0x1000f018 SetFilePointerEx
0x1000f01c GetConsoleMode
0x1000f020 GetConsoleCP
0x1000f024 FlushFileBuffers
0x1000f028 GetStringTypeW
0x1000f02c OutputDebugStringW
0x1000f030 EncodePointer
0x1000f034 DecodePointer
0x1000f038 ExitProcess
0x1000f03c GetModuleHandleExW
0x1000f040 GetProcAddress
0x1000f044 MultiByteToWideChar
0x1000f048 WideCharToMultiByte
0x1000f04c HeapAlloc
0x1000f050 GetCommandLineA
0x1000f054 GetCurrentThreadId
0x1000f058 RaiseException
0x1000f05c RtlUnwind
0x1000f060 IsDebuggerPresent
0x1000f064 IsProcessorFeaturePresent
0x1000f068 HeapSize
0x1000f06c HeapFree
0x1000f070 EnterCriticalSection
0x1000f074 LeaveCriticalSection
0x1000f078 DeleteCriticalSection
0x1000f07c UnhandledExceptionFilter
0x1000f080 SetUnhandledExceptionFilter
0x1000f084 SetLastError
0x1000f088 InitializeCriticalSectionAndSpinCount
0x1000f08c Sleep
0x1000f090 TerminateProcess
0x1000f094 TlsAlloc
0x1000f098 TlsGetValue
0x1000f09c TlsSetValue
0x1000f0a0 TlsFree
0x1000f0a4 GetStartupInfoW
0x1000f0a8 GetModuleHandleW
0x1000f0ac GetStdHandle
0x1000f0b0 WriteFile
0x1000f0b4 GetModuleFileNameW
0x1000f0b8 LoadLibraryExW
0x1000f0bc IsValidCodePage
0x1000f0c0 GetACP
0x1000f0c4 GetOEMCP
0x1000f0c8 GetCPInfo
0x1000f0cc GetProcessHeap
0x1000f0d0 GetFileType
0x1000f0d4 GetModuleFileNameA
0x1000f0d8 QueryPerformanceCounter
0x1000f0dc GetCurrentProcessId
0x1000f0e0 GetSystemTimeAsFileTime
0x1000f0e4 GetEnvironmentStringsW
0x1000f0e8 FreeEnvironmentStringsW
0x1000f0ec HeapReAlloc
0x1000f0f0 LCMapStringW
0x1000f0f4 CreateFileW
EAT(Export Address Table) Library
0x10001990 curl_easy_cleanup
0x10001990 curl_easy_getinfo
0x100019a0 curl_easy_init
0x100019a0 curl_easy_perform
0x100019a0 curl_easy_setopt
0x100019a0 curl_easy_strerror
0x100019a0 curl_formadd
0x100019a0 curl_formfree
0x100019a0 curl_slist_append