ScreenShot
| Created | 2023.05.03 09:42 | Machine | s1_win7_x6401 |
| Filename | sc64.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (Sybici, malicious, high confidence, Lazy, SystemBC, S27791300, unsafe, Coroxy, Vrv6, confidence, 100%, ABRisk, FKYM, score, Proxy, BackdoorX, Ymhl, AGEN, SMTH, ai score=80, Detected, Artemis, Tk58K9rsafI, Static AI, Suspicious PE, susgen) | ||
| md5 | 4c09e8e3a1d837f125ea9f9c0c2c5380 | ||
| sha256 | 44d91bcc9c29ea92d933095d707a0040e39b08d1c52099014d58eceecbbe3ace | ||
| ssdeep | 384:bHqHNJzn0I71uAstwLW8X4ne7OH0yJLhv812MG6CQ:bHrv5fdv8kc | ||
| imphash | 9d40dd67bb6cfbfeb09c141d693f05f0 | ||
| impfuzzy | 12:sQUyhZsYDdrzSXs/s/0y/Gh5Kjjzgm8pGDqj7kWvKgYNjMuOa3aNRi/wxrd:UUZsYDZzSXsUXG5KPzsJjJiCEY4wx5 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | SystemBC_IN | SystemBC | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
user32.dll
0x1800040f8 wsprintfA
ws2_32.dll
0x180004108 getaddrinfo
0x180004110 closesocket
0x180004118 shutdown
0x180004120 send
0x180004128 setsockopt
0x180004130 freeaddrinfo
0x180004138 recv
0x180004140 WSAIoctl
0x180004148 select
0x180004150 connect
0x180004158 inet_ntoa
0x180004160 inet_addr
0x180004168 htons
0x180004170 ioctlsocket
0x180004178 WSAStartup
0x180004180 socket
advapi32.dll
0x180004000 GetTokenInformation
0x180004008 OpenProcessToken
0x180004010 GetSidSubAuthority
kernel32.dll
0x180004020 WriteFile
0x180004028 SetFilePointer
0x180004030 CreateFileA
0x180004038 VirtualFree
0x180004040 LocalFree
0x180004048 LocalAlloc
0x180004050 GetLocalTime
0x180004058 SetEvent
0x180004060 WaitForSingleObject
0x180004068 ExitThread
0x180004070 CloseHandle
0x180004078 CreateThread
0x180004080 GetVolumeInformationA
0x180004088 VirtualAlloc
0x180004090 SystemTimeToFileTime
0x180004098 Sleep
0x1800040a0 GetCurrentProcess
0x1800040a8 FileTimeToSystemTime
0x1800040b0 CreateEventA
secur32.dll
0x1800040e0 GetUserNameExA
0x1800040e8 GetUserNameExW
ole32.dll
0x1800040c0 CoUninitialize
0x1800040c8 CoCreateInstance
0x1800040d0 CoInitialize
EAT(Export Address Table) Library
0x180001020 rundll
user32.dll
0x1800040f8 wsprintfA
ws2_32.dll
0x180004108 getaddrinfo
0x180004110 closesocket
0x180004118 shutdown
0x180004120 send
0x180004128 setsockopt
0x180004130 freeaddrinfo
0x180004138 recv
0x180004140 WSAIoctl
0x180004148 select
0x180004150 connect
0x180004158 inet_ntoa
0x180004160 inet_addr
0x180004168 htons
0x180004170 ioctlsocket
0x180004178 WSAStartup
0x180004180 socket
advapi32.dll
0x180004000 GetTokenInformation
0x180004008 OpenProcessToken
0x180004010 GetSidSubAuthority
kernel32.dll
0x180004020 WriteFile
0x180004028 SetFilePointer
0x180004030 CreateFileA
0x180004038 VirtualFree
0x180004040 LocalFree
0x180004048 LocalAlloc
0x180004050 GetLocalTime
0x180004058 SetEvent
0x180004060 WaitForSingleObject
0x180004068 ExitThread
0x180004070 CloseHandle
0x180004078 CreateThread
0x180004080 GetVolumeInformationA
0x180004088 VirtualAlloc
0x180004090 SystemTimeToFileTime
0x180004098 Sleep
0x1800040a0 GetCurrentProcess
0x1800040a8 FileTimeToSystemTime
0x1800040b0 CreateEventA
secur32.dll
0x1800040e0 GetUserNameExA
0x1800040e8 GetUserNameExW
ole32.dll
0x1800040c0 CoUninitialize
0x1800040c8 CoCreateInstance
0x1800040d0 CoInitialize
EAT(Export Address Table) Library
0x180001020 rundll