ScreenShot
| Created | 2023.04.22 08:58 | Machine | s1_win7_x6401 |
| Filename | 797979.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 16 detected (malicious, confidence, 100%, Attribute, HighConfidence, IcedID, uokc, CLOUD, YXDDUZ, Infected, VXL7DN, Tasker, Artemis, Chgt, Outbreak) | ||
| md5 | 3c6363eaa26123a42f5051a443385d1e | ||
| sha256 | 3eed1149a953d30bd605abb73bfb88e2e83a463ce45070b292596575b4107140 | ||
| ssdeep | 3072:/iTJagdQYD7GBjarnK/nEaIQrwcNPTNh6aK25HrazOw6CEKr65LizjUu/rNI7gIk:/OagpDn9GJbNw55jUAcbqyO1 | ||
| imphash | 2d422da3e6d86c5c79bacb0595af2f51 | ||
| impfuzzy | 48:9afc+dtMS12BgapZLGj3OA31xn6GTG0lnBn1dr:9afc+dtMS12BgapZBejh9j | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180026000 CloseHandle
0x180026008 GetLastError
0x180026010 MapViewOfFile
0x180026018 UnmapViewOfFile
0x180026020 OpenFileMappingA
0x180026028 GetSystemTimeAsFileTime
0x180026030 InitializeCriticalSection
0x180026038 EnterCriticalSection
0x180026040 LeaveCriticalSection
0x180026048 DeleteCriticalSection
0x180026050 Sleep
0x180026058 WriteConsoleW
0x180026060 SetEndOfFile
0x180026068 ReadConsoleW
0x180026070 ReadFile
0x180026078 HeapReAlloc
0x180026080 HeapSize
0x180026088 CreateFileW
0x180026090 GetStringTypeW
0x180026098 SetFilePointerEx
0x1800260a0 GetFileSizeEx
0x1800260a8 SetStdHandle
0x1800260b0 GetConsoleMode
0x1800260b8 RtlCaptureContext
0x1800260c0 RtlLookupFunctionEntry
0x1800260c8 RtlVirtualUnwind
0x1800260d0 UnhandledExceptionFilter
0x1800260d8 SetUnhandledExceptionFilter
0x1800260e0 GetCurrentProcess
0x1800260e8 TerminateProcess
0x1800260f0 IsProcessorFeaturePresent
0x1800260f8 QueryPerformanceCounter
0x180026100 GetCurrentProcessId
0x180026108 GetCurrentThreadId
0x180026110 InitializeSListHead
0x180026118 IsDebuggerPresent
0x180026120 GetStartupInfoW
0x180026128 GetModuleHandleW
0x180026130 RtlUnwindEx
0x180026138 RtlPcToFileHeader
0x180026140 RaiseException
0x180026148 InterlockedFlushSList
0x180026150 SetLastError
0x180026158 InitializeCriticalSectionAndSpinCount
0x180026160 TlsAlloc
0x180026168 TlsGetValue
0x180026170 TlsSetValue
0x180026178 TlsFree
0x180026180 FreeLibrary
0x180026188 GetProcAddress
0x180026190 LoadLibraryExW
0x180026198 CreateThread
0x1800261a0 ExitThread
0x1800261a8 FreeLibraryAndExitThread
0x1800261b0 GetModuleHandleExW
0x1800261b8 ExitProcess
0x1800261c0 GetModuleFileNameW
0x1800261c8 HeapAlloc
0x1800261d0 HeapFree
0x1800261d8 CompareStringW
0x1800261e0 LCMapStringW
0x1800261e8 GetStdHandle
0x1800261f0 GetFileType
0x1800261f8 FindClose
0x180026200 FindFirstFileExW
0x180026208 FindNextFileW
0x180026210 IsValidCodePage
0x180026218 GetACP
0x180026220 GetOEMCP
0x180026228 GetCPInfo
0x180026230 GetCommandLineA
0x180026238 GetCommandLineW
0x180026240 MultiByteToWideChar
0x180026248 WideCharToMultiByte
0x180026250 GetEnvironmentStringsW
0x180026258 FreeEnvironmentStringsW
0x180026260 SetEnvironmentVariableW
0x180026268 GetProcessHeap
0x180026270 FlushFileBuffers
0x180026278 WriteFile
0x180026280 GetConsoleCP
USER32.dll
0x180026290 GetMessageA
0x180026298 CreateDialogParamA
0x1800262a0 PostMessageA
0x1800262a8 DispatchMessageA
0x1800262b0 TranslateMessage
0x1800262b8 RegisterWindowMessageA
0x1800262c0 PostQuitMessage
0x1800262c8 PostThreadMessageA
0x1800262d0 SendMessageA
EAT(Export Address Table) Library
0x18000fb84 lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate
0x18000fba8 lava_com_sun_java_accessibility_internal_AccessBridge_focusGained
0x18000fbcc lava_com_sun_java_accessibility_internal_AccessBridge_focusLost
0x18000fbf0 lava_com_sun_java_accessibility_internal_AccessBridge_javaShutdown
0x18000fc04 lava_com_sun_java_accessibility_internal_AccessBridge_jawtGetComponentFromNativeWindowHandle
0x18000fc48 lava_com_sun_java_accessibility_internal_AccessBridge_jawtGetNativeWindowHandleFromComponent
0x18000fcb0 lava_com_sun_java_accessibility_internal_AccessBridge_menuCanceled
0x18000fcd4 lava_com_sun_java_accessibility_internal_AccessBridge_menuDeselected
0x18000fcf8 lava_com_sun_java_accessibility_internal_AccessBridge_menuSelected
0x18000fd1c lava_com_sun_java_accessibility_internal_AccessBridge_mouseClicked
0x18000fd40 lava_com_sun_java_accessibility_internal_AccessBridge_mouseEntered
0x18000fd64 lava_com_sun_java_accessibility_internal_AccessBridge_mouseExited
0x18000fd88 lava_com_sun_java_accessibility_internal_AccessBridge_mousePressed
0x18000fdac lava_com_sun_java_accessibility_internal_AccessBridge_mouseReleased
0x18000fdd0 lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuCanceled
0x18000fdf4 lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeInvisible
0x18000fe18 lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeVisible
0x18000fe3c lava_com_sun_java_accessibility_internal_AccessBridge_propertyActiveDescendentChange
0x18000fe74 lava_com_sun_java_accessibility_internal_AccessBridge_propertyCaretChange
0x18000fea8 lava_com_sun_java_accessibility_internal_AccessBridge_propertyChildChange
0x18000fee0 lava_com_sun_java_accessibility_internal_AccessBridge_propertyDescriptionChange
0x18000ff18 lava_com_sun_java_accessibility_internal_AccessBridge_propertyNameChange
0x18000ff50 lava_com_sun_java_accessibility_internal_AccessBridge_propertySelectionChange
0x18000ff74 lava_com_sun_java_accessibility_internal_AccessBridge_propertyStateChange
0x18000ffac lava_com_sun_java_accessibility_internal_AccessBridge_propertyTableModelChange
0x18000ffe4 lava_com_sun_java_accessibility_internal_AccessBridge_propertyTextChange
0x180010008 lava_com_sun_java_accessibility_internal_AccessBridge_propertyValueChange
0x180010040 lava_com_sun_java_accessibility_internal_AccessBridge_propertyVisibleDataChange
0x180010064 lava_com_sun_java_accessibility_internal_AccessBridge_runDLL
0x18001f06c ping
KERNEL32.dll
0x180026000 CloseHandle
0x180026008 GetLastError
0x180026010 MapViewOfFile
0x180026018 UnmapViewOfFile
0x180026020 OpenFileMappingA
0x180026028 GetSystemTimeAsFileTime
0x180026030 InitializeCriticalSection
0x180026038 EnterCriticalSection
0x180026040 LeaveCriticalSection
0x180026048 DeleteCriticalSection
0x180026050 Sleep
0x180026058 WriteConsoleW
0x180026060 SetEndOfFile
0x180026068 ReadConsoleW
0x180026070 ReadFile
0x180026078 HeapReAlloc
0x180026080 HeapSize
0x180026088 CreateFileW
0x180026090 GetStringTypeW
0x180026098 SetFilePointerEx
0x1800260a0 GetFileSizeEx
0x1800260a8 SetStdHandle
0x1800260b0 GetConsoleMode
0x1800260b8 RtlCaptureContext
0x1800260c0 RtlLookupFunctionEntry
0x1800260c8 RtlVirtualUnwind
0x1800260d0 UnhandledExceptionFilter
0x1800260d8 SetUnhandledExceptionFilter
0x1800260e0 GetCurrentProcess
0x1800260e8 TerminateProcess
0x1800260f0 IsProcessorFeaturePresent
0x1800260f8 QueryPerformanceCounter
0x180026100 GetCurrentProcessId
0x180026108 GetCurrentThreadId
0x180026110 InitializeSListHead
0x180026118 IsDebuggerPresent
0x180026120 GetStartupInfoW
0x180026128 GetModuleHandleW
0x180026130 RtlUnwindEx
0x180026138 RtlPcToFileHeader
0x180026140 RaiseException
0x180026148 InterlockedFlushSList
0x180026150 SetLastError
0x180026158 InitializeCriticalSectionAndSpinCount
0x180026160 TlsAlloc
0x180026168 TlsGetValue
0x180026170 TlsSetValue
0x180026178 TlsFree
0x180026180 FreeLibrary
0x180026188 GetProcAddress
0x180026190 LoadLibraryExW
0x180026198 CreateThread
0x1800261a0 ExitThread
0x1800261a8 FreeLibraryAndExitThread
0x1800261b0 GetModuleHandleExW
0x1800261b8 ExitProcess
0x1800261c0 GetModuleFileNameW
0x1800261c8 HeapAlloc
0x1800261d0 HeapFree
0x1800261d8 CompareStringW
0x1800261e0 LCMapStringW
0x1800261e8 GetStdHandle
0x1800261f0 GetFileType
0x1800261f8 FindClose
0x180026200 FindFirstFileExW
0x180026208 FindNextFileW
0x180026210 IsValidCodePage
0x180026218 GetACP
0x180026220 GetOEMCP
0x180026228 GetCPInfo
0x180026230 GetCommandLineA
0x180026238 GetCommandLineW
0x180026240 MultiByteToWideChar
0x180026248 WideCharToMultiByte
0x180026250 GetEnvironmentStringsW
0x180026258 FreeEnvironmentStringsW
0x180026260 SetEnvironmentVariableW
0x180026268 GetProcessHeap
0x180026270 FlushFileBuffers
0x180026278 WriteFile
0x180026280 GetConsoleCP
USER32.dll
0x180026290 GetMessageA
0x180026298 CreateDialogParamA
0x1800262a0 PostMessageA
0x1800262a8 DispatchMessageA
0x1800262b0 TranslateMessage
0x1800262b8 RegisterWindowMessageA
0x1800262c0 PostQuitMessage
0x1800262c8 PostThreadMessageA
0x1800262d0 SendMessageA
EAT(Export Address Table) Library
0x18000fb84 lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate
0x18000fba8 lava_com_sun_java_accessibility_internal_AccessBridge_focusGained
0x18000fbcc lava_com_sun_java_accessibility_internal_AccessBridge_focusLost
0x18000fbf0 lava_com_sun_java_accessibility_internal_AccessBridge_javaShutdown
0x18000fc04 lava_com_sun_java_accessibility_internal_AccessBridge_jawtGetComponentFromNativeWindowHandle
0x18000fc48 lava_com_sun_java_accessibility_internal_AccessBridge_jawtGetNativeWindowHandleFromComponent
0x18000fcb0 lava_com_sun_java_accessibility_internal_AccessBridge_menuCanceled
0x18000fcd4 lava_com_sun_java_accessibility_internal_AccessBridge_menuDeselected
0x18000fcf8 lava_com_sun_java_accessibility_internal_AccessBridge_menuSelected
0x18000fd1c lava_com_sun_java_accessibility_internal_AccessBridge_mouseClicked
0x18000fd40 lava_com_sun_java_accessibility_internal_AccessBridge_mouseEntered
0x18000fd64 lava_com_sun_java_accessibility_internal_AccessBridge_mouseExited
0x18000fd88 lava_com_sun_java_accessibility_internal_AccessBridge_mousePressed
0x18000fdac lava_com_sun_java_accessibility_internal_AccessBridge_mouseReleased
0x18000fdd0 lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuCanceled
0x18000fdf4 lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeInvisible
0x18000fe18 lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeVisible
0x18000fe3c lava_com_sun_java_accessibility_internal_AccessBridge_propertyActiveDescendentChange
0x18000fe74 lava_com_sun_java_accessibility_internal_AccessBridge_propertyCaretChange
0x18000fea8 lava_com_sun_java_accessibility_internal_AccessBridge_propertyChildChange
0x18000fee0 lava_com_sun_java_accessibility_internal_AccessBridge_propertyDescriptionChange
0x18000ff18 lava_com_sun_java_accessibility_internal_AccessBridge_propertyNameChange
0x18000ff50 lava_com_sun_java_accessibility_internal_AccessBridge_propertySelectionChange
0x18000ff74 lava_com_sun_java_accessibility_internal_AccessBridge_propertyStateChange
0x18000ffac lava_com_sun_java_accessibility_internal_AccessBridge_propertyTableModelChange
0x18000ffe4 lava_com_sun_java_accessibility_internal_AccessBridge_propertyTextChange
0x180010008 lava_com_sun_java_accessibility_internal_AccessBridge_propertyValueChange
0x180010040 lava_com_sun_java_accessibility_internal_AccessBridge_propertyVisibleDataChange
0x180010064 lava_com_sun_java_accessibility_internal_AccessBridge_runDLL
0x18001f06c ping