ScreenShot
| Created | 2023.04.25 17:49 | Machine | s1_win7_x6403 |
| Filename | mimilib.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (Mimikatz, malicious, high confidence, score, HTool, unsafe, Tool, V0rc, Hacktool, confidence, 100%, jsrsjg, MalwareX, lqmhd, BAZARLOADER, SMYXBIMZ, Apteryx, Static AI, Suspicious PE, Mikatz, Detected, R451356, ai score=87, HKTL, MIMIKATZ64, CLASSIC, 5N98LJ61WxY, susgen) | ||
| md5 | 67651e9d2da634adedbe216948d5f752 | ||
| sha256 | aef6ce3014add838cf676b57957d630cd2bb15b0c9193cf349bcffecddbc3623 | ||
| ssdeep | 768:CsdDjdgqUQv+EAZJimW8ahsNekFkTn5btsnsFfZ9kYeUveejil0g:vU+LuaaQkFkTn5b+sFhW7ejil | ||
| imphash | eaa79f1d9e8a00542b09cb462d0658ef | ||
| impfuzzy | 24:9vsLRzJiQo+B6owxv+1BEzD9p9NDWf0Vj+3MFd:9virk21I9p+0R+3ed | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x180006000 CreateRestrictedToken
0x180006008 CreateProcessAsUserW
0x180006010 ConvertSidToStringSidA
0x180006018 IsTextUnicode
0x180006020 OpenProcessToken
ntdll.dll
0x1800061b0 _stricmp
0x1800061b8 memcmp
0x1800061c0 RtlEqualString
0x1800061c8 RtlFreeUnicodeString
0x1800061d0 RtlStringFromGUID
RPCRT4.dll
0x180006118 NdrMesTypeFree2
0x180006120 NdrMesTypeDecode2
0x180006128 MesIncrementalHandleReset
0x180006130 MesHandleFree
0x180006138 MesDecodeIncrementalHandleCreate
ole32.dll
0x1800061e0 CoCreateInstance
KERNEL32.dll
0x180006030 GetSystemTimeAsFileTime
0x180006038 GetCurrentProcessId
0x180006040 GetCurrentThreadId
0x180006048 GetTickCount
0x180006050 RtlVirtualUnwind
0x180006058 RtlLookupFunctionEntry
0x180006060 RtlCaptureContext
0x180006068 TerminateProcess
0x180006070 QueryPerformanceCounter
0x180006078 SetUnhandledExceptionFilter
0x180006080 VirtualProtect
0x180006088 Sleep
0x180006090 GetCurrentProcess
0x180006098 CloseHandle
0x1800060a0 FreeLibrary
0x1800060a8 LoadLibraryW
0x1800060b0 lstrlenW
0x1800060b8 GetProcAddress
0x1800060c0 GetLastError
0x1800060c8 LocalAlloc
0x1800060d0 LocalFree
0x1800060d8 GetTimeFormatA
0x1800060e0 GetDateFormatA
0x1800060e8 FileTimeToSystemTime
0x1800060f0 FileTimeToLocalFileTime
0x1800060f8 RaiseException
0x180006100 LoadLibraryA
0x180006108 UnhandledExceptionFilter
msvcrt.dll
0x180006148 _wfopen
0x180006150 fclose
0x180006158 free
0x180006160 vfwprintf
0x180006168 fflush
0x180006170 memcpy
0x180006178 memset
0x180006180 __C_specific_handler
0x180006188 _XcptFilter
0x180006190 _initterm
0x180006198 _amsg_exit
0x1800061a0 malloc
EAT(Export Address Table) Library
0x1800011ec DhcpNewPktHook
0x18000113c DhcpServerCalloutEntry
0x180001c04 DllCanUnloadNow
0x180001b98 DllGetClassObject
0x180001474 DnsPluginCleanup
0x180001474 DnsPluginInitialize
0x1800012b0 DnsPluginQuery
0x180003150 ExtensionApiVersion
0x180001314 InitializeChangeNotify
0x180001570 Msv1_0SubAuthenticationFilter
0x180001570 Msv1_0SubAuthenticationRoutine
0x180001450 NPGetCaps
0x1800013a0 NPLogonNotify
0x180001318 PasswordChangeNotify
0x180001554 SpLsaModeInitialize
0x180003158 WinDbgExtensionDllInit
0x180003194 coffee
0x1800031a4 mimikatz
0x180001000 startW
ADVAPI32.dll
0x180006000 CreateRestrictedToken
0x180006008 CreateProcessAsUserW
0x180006010 ConvertSidToStringSidA
0x180006018 IsTextUnicode
0x180006020 OpenProcessToken
ntdll.dll
0x1800061b0 _stricmp
0x1800061b8 memcmp
0x1800061c0 RtlEqualString
0x1800061c8 RtlFreeUnicodeString
0x1800061d0 RtlStringFromGUID
RPCRT4.dll
0x180006118 NdrMesTypeFree2
0x180006120 NdrMesTypeDecode2
0x180006128 MesIncrementalHandleReset
0x180006130 MesHandleFree
0x180006138 MesDecodeIncrementalHandleCreate
ole32.dll
0x1800061e0 CoCreateInstance
KERNEL32.dll
0x180006030 GetSystemTimeAsFileTime
0x180006038 GetCurrentProcessId
0x180006040 GetCurrentThreadId
0x180006048 GetTickCount
0x180006050 RtlVirtualUnwind
0x180006058 RtlLookupFunctionEntry
0x180006060 RtlCaptureContext
0x180006068 TerminateProcess
0x180006070 QueryPerformanceCounter
0x180006078 SetUnhandledExceptionFilter
0x180006080 VirtualProtect
0x180006088 Sleep
0x180006090 GetCurrentProcess
0x180006098 CloseHandle
0x1800060a0 FreeLibrary
0x1800060a8 LoadLibraryW
0x1800060b0 lstrlenW
0x1800060b8 GetProcAddress
0x1800060c0 GetLastError
0x1800060c8 LocalAlloc
0x1800060d0 LocalFree
0x1800060d8 GetTimeFormatA
0x1800060e0 GetDateFormatA
0x1800060e8 FileTimeToSystemTime
0x1800060f0 FileTimeToLocalFileTime
0x1800060f8 RaiseException
0x180006100 LoadLibraryA
0x180006108 UnhandledExceptionFilter
msvcrt.dll
0x180006148 _wfopen
0x180006150 fclose
0x180006158 free
0x180006160 vfwprintf
0x180006168 fflush
0x180006170 memcpy
0x180006178 memset
0x180006180 __C_specific_handler
0x180006188 _XcptFilter
0x180006190 _initterm
0x180006198 _amsg_exit
0x1800061a0 malloc
EAT(Export Address Table) Library
0x1800011ec DhcpNewPktHook
0x18000113c DhcpServerCalloutEntry
0x180001c04 DllCanUnloadNow
0x180001b98 DllGetClassObject
0x180001474 DnsPluginCleanup
0x180001474 DnsPluginInitialize
0x1800012b0 DnsPluginQuery
0x180003150 ExtensionApiVersion
0x180001314 InitializeChangeNotify
0x180001570 Msv1_0SubAuthenticationFilter
0x180001570 Msv1_0SubAuthenticationRoutine
0x180001450 NPGetCaps
0x1800013a0 NPLogonNotify
0x180001318 PasswordChangeNotify
0x180001554 SpLsaModeInitialize
0x180003158 WinDbgExtensionDllInit
0x180003194 coffee
0x1800031a4 mimikatz
0x180001000 startW