ScreenShot
| Created | 2023.04.26 07:43 | Machine | s1_win7_x6401 |
| Filename | 2 | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | fca51c45c88a92f340faaca0a8e832c8 | ||
| sha256 | 41770017c9f44ef476ba05e44fbd19b0df70a21156ff7fa9c9b5b7f4f07a3705 | ||
| ssdeep | 6144:GzsetYQi0K8xwAXr/fUT7td4HCp6hInogO5cJN2W3MnBJW2WraDOhTKnOF8QAZaR:FeaIfiP3O2sK2WraDOhel0WVvKX5H5N | ||
| imphash | abbf45d53faf8e5020b1ed87d549651b | ||
| impfuzzy | 24:Bcp0ZzuIzvfaS1jthbJBl3eDoroSATOovbOPZcjMC:Bcpi6wyS1jth7pXb3o | ||
Network IP location
Signature (16cnts)
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| warning | Generates some ICMP traffic |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10010000 EnterCriticalSection
0x10010004 LeaveCriticalSection
0x10010008 InitializeCriticalSection
0x1001000c CreateFileA
0x10010010 CloseHandle
0x10010014 GetLastError
0x10010018 HeapWalk
0x1001001c DeleteCriticalSection
0x10010020 CreateThread
0x10010024 SuspendThread
0x10010028 FindFirstFileA
0x1001002c FindNextFileA
0x10010030 GetFileType
0x10010034 VirtualAlloc
0x10010038 CreateMutexA
0x1001003c ReleaseMutex
0x10010040 SetHandleInformation
0x10010044 GetLocalTime
0x10010048 QueryPerformanceCounter
0x1001004c GetCurrentProcessId
0x10010050 GetCurrentThreadId
0x10010054 GetSystemTimeAsFileTime
0x10010058 InitializeSListHead
0x1001005c IsDebuggerPresent
0x10010060 UnhandledExceptionFilter
0x10010064 SetUnhandledExceptionFilter
0x10010068 GetStartupInfoW
0x1001006c IsProcessorFeaturePresent
0x10010070 GetModuleHandleW
0x10010074 GetCurrentProcess
0x10010078 TerminateProcess
0x1001007c InterlockedFlushSList
0x10010080 RtlUnwind
0x10010084 SetLastError
0x10010088 InitializeCriticalSectionAndSpinCount
0x1001008c TlsAlloc
0x10010090 TlsGetValue
0x10010094 TlsSetValue
0x10010098 TlsFree
0x1001009c FreeLibrary
0x100100a0 GetProcAddress
0x100100a4 LoadLibraryExW
0x100100a8 ExitProcess
0x100100ac GetModuleHandleExW
0x100100b0 GetModuleFileNameA
0x100100b4 MultiByteToWideChar
0x100100b8 WideCharToMultiByte
0x100100bc HeapFree
0x100100c0 HeapAlloc
0x100100c4 LCMapStringW
0x100100c8 FindClose
0x100100cc FindFirstFileExA
0x100100d0 IsValidCodePage
0x100100d4 GetACP
0x100100d8 GetOEMCP
0x100100dc GetCPInfo
0x100100e0 GetCommandLineA
0x100100e4 GetCommandLineW
0x100100e8 GetEnvironmentStringsW
0x100100ec FreeEnvironmentStringsW
0x100100f0 GetProcessHeap
0x100100f4 GetStdHandle
0x100100f8 GetStringTypeW
0x100100fc HeapSize
0x10010100 HeapReAlloc
0x10010104 SetStdHandle
0x10010108 WriteFile
0x1001010c FlushFileBuffers
0x10010110 GetConsoleCP
0x10010114 GetConsoleMode
0x10010118 SetFilePointerEx
0x1001011c WriteConsoleW
0x10010120 DecodePointer
0x10010124 CreateFileW
0x10010128 RaiseException
EAT(Export Address Table) Library
0x1000e270 Motd
KERNEL32.dll
0x10010000 EnterCriticalSection
0x10010004 LeaveCriticalSection
0x10010008 InitializeCriticalSection
0x1001000c CreateFileA
0x10010010 CloseHandle
0x10010014 GetLastError
0x10010018 HeapWalk
0x1001001c DeleteCriticalSection
0x10010020 CreateThread
0x10010024 SuspendThread
0x10010028 FindFirstFileA
0x1001002c FindNextFileA
0x10010030 GetFileType
0x10010034 VirtualAlloc
0x10010038 CreateMutexA
0x1001003c ReleaseMutex
0x10010040 SetHandleInformation
0x10010044 GetLocalTime
0x10010048 QueryPerformanceCounter
0x1001004c GetCurrentProcessId
0x10010050 GetCurrentThreadId
0x10010054 GetSystemTimeAsFileTime
0x10010058 InitializeSListHead
0x1001005c IsDebuggerPresent
0x10010060 UnhandledExceptionFilter
0x10010064 SetUnhandledExceptionFilter
0x10010068 GetStartupInfoW
0x1001006c IsProcessorFeaturePresent
0x10010070 GetModuleHandleW
0x10010074 GetCurrentProcess
0x10010078 TerminateProcess
0x1001007c InterlockedFlushSList
0x10010080 RtlUnwind
0x10010084 SetLastError
0x10010088 InitializeCriticalSectionAndSpinCount
0x1001008c TlsAlloc
0x10010090 TlsGetValue
0x10010094 TlsSetValue
0x10010098 TlsFree
0x1001009c FreeLibrary
0x100100a0 GetProcAddress
0x100100a4 LoadLibraryExW
0x100100a8 ExitProcess
0x100100ac GetModuleHandleExW
0x100100b0 GetModuleFileNameA
0x100100b4 MultiByteToWideChar
0x100100b8 WideCharToMultiByte
0x100100bc HeapFree
0x100100c0 HeapAlloc
0x100100c4 LCMapStringW
0x100100c8 FindClose
0x100100cc FindFirstFileExA
0x100100d0 IsValidCodePage
0x100100d4 GetACP
0x100100d8 GetOEMCP
0x100100dc GetCPInfo
0x100100e0 GetCommandLineA
0x100100e4 GetCommandLineW
0x100100e8 GetEnvironmentStringsW
0x100100ec FreeEnvironmentStringsW
0x100100f0 GetProcessHeap
0x100100f4 GetStdHandle
0x100100f8 GetStringTypeW
0x100100fc HeapSize
0x10010100 HeapReAlloc
0x10010104 SetStdHandle
0x10010108 WriteFile
0x1001010c FlushFileBuffers
0x10010110 GetConsoleCP
0x10010114 GetConsoleMode
0x10010118 SetFilePointerEx
0x1001011c WriteConsoleW
0x10010120 DecodePointer
0x10010124 CreateFileW
0x10010128 RaiseException
EAT(Export Address Table) Library
0x1000e270 Motd