ScreenShot
Created | 2023.05.17 09:22 | Machine | s1_win7_x6401 |
Filename | AtomLdr.dll | ||
Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 17 detected (Lazy, malicious, confidence, Runner, AGen, score, moderate, ai score=84, ivNoXlcNGlJ) | ||
md5 | 513eecac1e602be2a404f1d70719dffb | ||
sha256 | 80ef5b531e2e8cb19403a8f06cfa1d6743900957ebf24d84f63211ae04d6bc1f | ||
ssdeep | 196608:gqtd+hY7xGKq9SsHd9rm2niE6RK/Io+IDZT0Lx:Lt7Q97HX/n76RK/394 | ||
imphash | d9e5262dbdb011627a845c0251a44802 | ||
impfuzzy | 3:srO7S9KnJsJSd1EL/K5sJoAAJo6BJO7a2qyLAJ1M1AJmXHiMRW+HLR9JbHWbGTIM:IaOLG5lJXA2iAOCQWacbKIRbGeA |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | Checks if process is being debugged by a debugger |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsDLL | (no description) | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180004000 HeapAlloc
0x180004008 GetProcessHeap
0x180004010 GetCommandLineW
0x180004018 HeapFree
0x180004020 CloseHandle
0x180004028 CreateEventW
0x180004030 ExitThread
USER32.dll
0x180004058 MsgWaitForMultipleObjectsEx
SHELL32.dll
0x180004040 CommandLineToArgvW
0x180004048 SHGetFolderPathW
EAT(Export Address Table) Library
0x180002930 Atom
0x180002940 AtomHelper
0x180002940 AtomSystemInstaller
0x180002940 InitializeAtomSystem
KERNEL32.dll
0x180004000 HeapAlloc
0x180004008 GetProcessHeap
0x180004010 GetCommandLineW
0x180004018 HeapFree
0x180004020 CloseHandle
0x180004028 CreateEventW
0x180004030 ExitThread
USER32.dll
0x180004058 MsgWaitForMultipleObjectsEx
SHELL32.dll
0x180004040 CommandLineToArgvW
0x180004048 SHGetFolderPathW
EAT(Export Address Table) Library
0x180002930 Atom
0x180002940 AtomHelper
0x180002940 AtomSystemInstaller
0x180002940 InitializeAtomSystem