ScreenShot
| Created | 2023.04.27 11:36 | Machine | s1_win7_x6401 |
| Filename | x64.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 44 detected (Tedy, Artemis, Small, Vd2v, ABRisk, MNKJ, Attribute, HighConfidence, malicious, high confidence, a variant of Generik, FUXZVC, score, CLOUD, R002C0DKB22, GenKD, tvnxz, ai score=87, Detected, Jtgl, susgen, PossibleThreat) | ||
| md5 | 679795d1f387d9a6bedda306964f7aca | ||
| sha256 | 275a9a7b99f3474cbf8a61964a6022e3cf7baf76e0ee2fba31a708d8f1e25bd0 | ||
| ssdeep | 1536:PlDf5UB2vFMiSI6vlOV9JZ+OLJs7UsWe1Ed09dlf/4ia:PlDf5JmiB6tarZ+ii7bcMN/4ia | ||
| imphash | cfaa2e70e3ba0118bca792fff0afedf3 | ||
| impfuzzy | 24:RZSpi02tMS17VlJnc+pl3eDoTYosSOovbO9ZsvwGME:RZS0tMS17Fc+pp/YJ36b | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x18000d218 ShellExecuteA
urlmon.dll
0x18000d228 URLDownloadToFileA
KERNEL32.dll
0x18000d000 HeapFree
0x18000d008 WriteConsoleW
0x18000d010 CloseHandle
0x18000d018 CreateFileW
0x18000d020 RtlCaptureContext
0x18000d028 RtlLookupFunctionEntry
0x18000d030 RtlVirtualUnwind
0x18000d038 UnhandledExceptionFilter
0x18000d040 SetUnhandledExceptionFilter
0x18000d048 GetCurrentProcess
0x18000d050 TerminateProcess
0x18000d058 IsProcessorFeaturePresent
0x18000d060 QueryPerformanceCounter
0x18000d068 GetCurrentProcessId
0x18000d070 GetCurrentThreadId
0x18000d078 GetSystemTimeAsFileTime
0x18000d080 InitializeSListHead
0x18000d088 IsDebuggerPresent
0x18000d090 GetStartupInfoW
0x18000d098 GetModuleHandleW
0x18000d0a0 RtlUnwindEx
0x18000d0a8 InterlockedFlushSList
0x18000d0b0 GetLastError
0x18000d0b8 SetLastError
0x18000d0c0 EnterCriticalSection
0x18000d0c8 LeaveCriticalSection
0x18000d0d0 DeleteCriticalSection
0x18000d0d8 InitializeCriticalSectionAndSpinCount
0x18000d0e0 TlsAlloc
0x18000d0e8 TlsGetValue
0x18000d0f0 TlsSetValue
0x18000d0f8 TlsFree
0x18000d100 FreeLibrary
0x18000d108 GetProcAddress
0x18000d110 LoadLibraryExW
0x18000d118 RaiseException
0x18000d120 ExitProcess
0x18000d128 GetModuleHandleExW
0x18000d130 GetModuleFileNameW
0x18000d138 HeapAlloc
0x18000d140 FindClose
0x18000d148 FindFirstFileExW
0x18000d150 FindNextFileW
0x18000d158 IsValidCodePage
0x18000d160 GetACP
0x18000d168 GetOEMCP
0x18000d170 GetCPInfo
0x18000d178 GetCommandLineA
0x18000d180 GetCommandLineW
0x18000d188 MultiByteToWideChar
0x18000d190 WideCharToMultiByte
0x18000d198 GetEnvironmentStringsW
0x18000d1a0 FreeEnvironmentStringsW
0x18000d1a8 LCMapStringW
0x18000d1b0 GetProcessHeap
0x18000d1b8 GetStdHandle
0x18000d1c0 GetFileType
0x18000d1c8 GetStringTypeW
0x18000d1d0 HeapSize
0x18000d1d8 HeapReAlloc
0x18000d1e0 SetStdHandle
0x18000d1e8 FlushFileBuffers
0x18000d1f0 WriteFile
0x18000d1f8 GetConsoleOutputCP
0x18000d200 GetConsoleMode
0x18000d208 SetFilePointerEx
EAT(Export Address Table) is none
SHELL32.dll
0x18000d218 ShellExecuteA
urlmon.dll
0x18000d228 URLDownloadToFileA
KERNEL32.dll
0x18000d000 HeapFree
0x18000d008 WriteConsoleW
0x18000d010 CloseHandle
0x18000d018 CreateFileW
0x18000d020 RtlCaptureContext
0x18000d028 RtlLookupFunctionEntry
0x18000d030 RtlVirtualUnwind
0x18000d038 UnhandledExceptionFilter
0x18000d040 SetUnhandledExceptionFilter
0x18000d048 GetCurrentProcess
0x18000d050 TerminateProcess
0x18000d058 IsProcessorFeaturePresent
0x18000d060 QueryPerformanceCounter
0x18000d068 GetCurrentProcessId
0x18000d070 GetCurrentThreadId
0x18000d078 GetSystemTimeAsFileTime
0x18000d080 InitializeSListHead
0x18000d088 IsDebuggerPresent
0x18000d090 GetStartupInfoW
0x18000d098 GetModuleHandleW
0x18000d0a0 RtlUnwindEx
0x18000d0a8 InterlockedFlushSList
0x18000d0b0 GetLastError
0x18000d0b8 SetLastError
0x18000d0c0 EnterCriticalSection
0x18000d0c8 LeaveCriticalSection
0x18000d0d0 DeleteCriticalSection
0x18000d0d8 InitializeCriticalSectionAndSpinCount
0x18000d0e0 TlsAlloc
0x18000d0e8 TlsGetValue
0x18000d0f0 TlsSetValue
0x18000d0f8 TlsFree
0x18000d100 FreeLibrary
0x18000d108 GetProcAddress
0x18000d110 LoadLibraryExW
0x18000d118 RaiseException
0x18000d120 ExitProcess
0x18000d128 GetModuleHandleExW
0x18000d130 GetModuleFileNameW
0x18000d138 HeapAlloc
0x18000d140 FindClose
0x18000d148 FindFirstFileExW
0x18000d150 FindNextFileW
0x18000d158 IsValidCodePage
0x18000d160 GetACP
0x18000d168 GetOEMCP
0x18000d170 GetCPInfo
0x18000d178 GetCommandLineA
0x18000d180 GetCommandLineW
0x18000d188 MultiByteToWideChar
0x18000d190 WideCharToMultiByte
0x18000d198 GetEnvironmentStringsW
0x18000d1a0 FreeEnvironmentStringsW
0x18000d1a8 LCMapStringW
0x18000d1b0 GetProcessHeap
0x18000d1b8 GetStdHandle
0x18000d1c0 GetFileType
0x18000d1c8 GetStringTypeW
0x18000d1d0 HeapSize
0x18000d1d8 HeapReAlloc
0x18000d1e0 SetStdHandle
0x18000d1e8 FlushFileBuffers
0x18000d1f0 WriteFile
0x18000d1f8 GetConsoleOutputCP
0x18000d200 GetConsoleMode
0x18000d208 SetFilePointerEx
EAT(Export Address Table) is none