Report - ZeroBOX

ScreenShot

Info
Location map


Created	2023.04.13 09:09	Machine	s1_win7_x6401
Filename	auto.dll
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
AI Score	1	Behavior Score	1.8
ZERO API	file : clean
VT API (file)	12 detected (malicious, high confidence, score, confidence, Agen, Generic ML PUA, Wacapew, Detected, CoinMiner, susgen)
md5	f983bbe67c157f9debd63b5d434982a0
sha256	f3eb93c37e708dbe46a47182b5d5f7b4b1ce49ac667405d28996c1e029761e77
ssdeep	49152:p0xMzCdy2p487NpszY17wCRB8JFOHQyvFgu:+2zHL8pqE18o8HOw
imphash	ab617391acd54c87f7271a1439b367f6
impfuzzy	6:nERGDvZ/OiBJAEcXQwDLzRgSdn8BbMqtYbdfVG:EcDvZGqA9AwDXRgKQcdG

Network IP location

Signature (5cnts)

Level	Description
watch	File has been identified by 12 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	Queries for the computername
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level	Name	Description	Collection
info	IsDLL	(no description)	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x2cc0c1158 GetModuleHandleA
0x2cc0c1160 GetProcAddress
0x2cc0c1168 ExitProcess
0x2cc0c1170 LoadLibraryA
user32.dll
0x2cc0c1180 MessageBoxA
advapi32.dll
0x2cc0c1190 RegCloseKey
oleaut32.dll
0x2cc0c11a0 SysFreeString
gdi32.dll
0x2cc0c11b0 CreateFontA
shell32.dll
0x2cc0c11c0 ShellExecuteA
version.dll
0x2cc0c11d0 GetFileVersionInfoA
msvcrt.dll
0x2cc0c11e0 __iob_func

EAT(Export Address Table) Library

0x2cbbc25a0 main

Report - auto.dll

Signature (5cnts)

Rules (3cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure