ScreenShot
| Created | 2023.06.11 22:38 | Machine | s1_win7_x6401 |
| Filename | datelog.dll | ||
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 57 detected (AIDetectMalware, Zegost, malicious, high confidence, score, LcPfoPk, unsafe, Farfli, Save, confidence, 100%, Eldorado, Attribute, HighConfidence, Gh0stRAT, mttqq, jowlpx, CLASSIC, klzeimd, R002C0DEN23, Ransomware, Vindor, Detected, Magania, R66525, GenericRXRX, ai score=81, Genetic, lv5TZ2+3Ods, Static AI, Malicious PE, susgen, ZedlaF, hu4@aGIbXmdi) | ||
| md5 | c66b0840fb234a69216f2a8762c0d6cc | ||
| sha256 | 08dcca7c39e0c6b529c13290856b32427800bc5e721305442b1633bc78c84a71 | ||
| ssdeep | 1536:STHyv5Zb8g9D720iWDrrZDvvyBnzD6nMVV4J1C2cffcWQVGsk/MY:dvj7biWDRvvKPyHyfcW2Gsk/H | ||
| imphash | e3caadd564a0f376a947bee28dccac67 | ||
| impfuzzy | 96:hBcXJyASKtbmMqdOXX1QzLXc+p7OMh6b4p9G:j6bmJdIFKZ6cu | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win_Backdoor_Farfli | gives threat-actors several options of gaining access to the affected system. | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x100152e8 getsockname
0x100152ec gethostname
0x100152f0 socket
0x100152f4 gethostbyname
0x100152f8 htons
0x100152fc connect
0x10015300 WSAIoctl
0x10015304 select
0x10015308 recv
0x1001530c WSACleanup
0x10015310 send
0x10015314 setsockopt
0x10015318 closesocket
0x1001531c WSAStartup
SHELL32.dll
0x10015278 SHChangeNotify
0x1001527c ShellExecuteExA
0x10015280 ShellExecuteA
0x10015284 SHGetSpecialFolderPathA
ADVAPI32.dll
0x10015000 OpenSCManagerA
0x10015004 RegSetValueExA
0x10015008 DeleteService
0x1001500c OpenEventLogA
0x10015010 ClearEventLogA
0x10015014 CloseEventLog
0x10015018 StartServiceCtrlDispatcherA
0x1001501c RegisterServiceCtrlHandlerA
0x10015020 DuplicateTokenEx
0x10015024 SetTokenInformation
0x10015028 CreateProcessAsUserA
0x1001502c SetServiceStatus
0x10015030 RegOpenKeyExA
0x10015034 StartServiceA
0x10015038 CreateServiceA
0x1001503c LockServiceDatabase
0x10015040 ChangeServiceConfig2A
0x10015044 UnlockServiceDatabase
0x10015048 OpenServiceA
0x1001504c AdjustTokenPrivileges
0x10015050 LookupPrivilegeValueA
0x10015054 OpenProcessToken
0x10015058 RegCloseKey
0x1001505c RegQueryValueExA
0x10015060 RegOpenKeyA
0x10015064 CloseServiceHandle
KERNEL32.dll
0x10015074 GetFileType
0x10015078 GetStartupInfoW
0x1001507c FreeEnvironmentStringsW
0x10015080 GetEnvironmentStringsW
0x10015084 QueryPerformanceCounter
0x10015088 GetCurrentProcessId
0x1001508c GetSystemTimeAsFileTime
0x10015090 HeapSize
0x10015094 GetStringTypeW
0x10015098 GetConsoleCP
0x1001509c GetConsoleMode
0x100150a0 SetStdHandle
0x100150a4 FlushFileBuffers
0x100150a8 WriteConsoleW
0x100150ac VirtualFree
0x100150b0 VirtualAlloc
0x100150b4 CreateEventA
0x100150b8 WaitForSingleObject
0x100150bc SetEvent
0x100150c0 InterlockedExchange
0x100150c4 CancelIo
0x100150c8 Sleep
0x100150cc CloseHandle
0x100150d0 ResetEvent
0x100150d4 GlobalUnlock
0x100150d8 GlobalLock
0x100150dc FindNextFileA
0x100150e0 FindFirstFileA
0x100150e4 GetCurrentProcess
0x100150e8 GetVersion
0x100150ec WriteFile
0x100150f0 DeviceIoControl
0x100150f4 CreateFileA
0x100150f8 SetLastError
0x100150fc LocalFree
0x10015100 GetLastError
0x10015104 GlobalAlloc
0x10015108 LocalAlloc
0x1001510c ReadFile
0x10015110 GetFileSize
0x10015114 GetSystemDirectoryA
0x10015118 DeleteFileA
0x1001511c FreeLibrary
0x10015120 LoadLibraryA
0x10015124 GetSystemInfo
0x10015128 lstrlenA
0x1001512c lstrcpyA
0x10015130 lstrcatA
0x10015134 lstrcmpiA
0x10015138 LoadLibraryW
0x1001513c GetTickCount
0x10015140 GetDiskFreeSpaceExA
0x10015144 GetDriveTypeA
0x10015148 GlobalMemoryStatusEx
0x1001514c GetVersionExA
0x10015150 GetLocalTime
0x10015154 CreateDirectoryA
0x10015158 ReleaseMutex
0x1001515c CreateMutexA
0x10015160 MoveFileExA
0x10015164 MoveFileA
0x10015168 GetModuleFileNameA
0x1001516c SetFileAttributesA
0x10015170 CopyFileA
0x10015174 ExpandEnvironmentStringsA
0x10015178 SetThreadPriority
0x1001517c GetCurrentThread
0x10015180 SetPriorityClass
0x10015184 GetEnvironmentVariableA
0x10015188 GetShortPathNameA
0x1001518c DefineDosDeviceA
0x10015190 GetFileAttributesA
0x10015194 CreateFileW
0x10015198 GetCurrentThreadId
0x1001519c SetFilePointer
0x100151a0 CreateProcessA
0x100151a4 TerminateThread
0x100151a8 ResumeThread
0x100151ac VirtualProtect
0x100151b0 HeapFree
0x100151b4 GetProcessHeap
0x100151b8 HeapAlloc
0x100151bc SetHandleCount
0x100151c0 VirtualQuery
0x100151c4 MultiByteToWideChar
0x100151c8 LCMapStringW
0x100151cc WideCharToMultiByte
0x100151d0 IsValidCodePage
0x100151d4 GetOEMCP
0x100151d8 GetACP
0x100151dc GetCPInfo
0x100151e0 HeapDestroy
0x100151e4 HeapCreate
0x100151e8 GetModuleFileNameW
0x100151ec GetStdHandle
0x100151f0 TerminateProcess
0x100151f4 IsDebuggerPresent
0x100151f8 SetUnhandledExceptionFilter
0x100151fc UnhandledExceptionFilter
0x10015200 EnterCriticalSection
0x10015204 LeaveCriticalSection
0x10015208 DeleteCriticalSection
0x1001520c InitializeCriticalSectionAndSpinCount
0x10015210 InterlockedDecrement
0x10015214 InterlockedIncrement
0x10015218 TlsFree
0x1001521c TlsSetValue
0x10015220 TlsGetValue
0x10015224 TlsAlloc
0x10015228 GetProcAddress
0x1001522c ExitProcess
0x10015230 RtlUnwind
0x10015234 RaiseException
0x10015238 GetModuleHandleW
0x1001523c DecodePointer
0x10015240 HeapReAlloc
0x10015244 ExitThread
0x10015248 CreateThread
0x1001524c GetCommandLineA
0x10015250 EncodePointer
0x10015254 IsProcessorFeaturePresent
USER32.dll
0x1001528c FindWindowA
0x10015290 GetClassNameA
0x10015294 GetWindow
0x10015298 GetKeyState
0x1001529c GetAsyncKeyState
0x100152a0 MessageBoxA
0x100152a4 GetWindowTextA
0x100152a8 GetInputState
0x100152ac PostThreadMessageA
0x100152b0 GetMessageA
0x100152b4 GetLastInputInfo
0x100152b8 wsprintfA
0x100152bc EmptyClipboard
0x100152c0 SetClipboardData
0x100152c4 ExitWindowsEx
0x100152c8 OpenClipboard
0x100152cc GetClipboardData
0x100152d0 CloseClipboard
0x100152d4 SendMessageA
0x100152d8 IsWindowVisible
0x100152dc EnumWindows
0x100152e0 GetForegroundWindow
SETUPAPI.dll
0x1001525c SetupDiGetClassDevsA
0x10015260 SetupDiEnumDeviceInfo
0x10015264 SetupDiGetDeviceRegistryPropertyA
0x10015268 SetupDiSetClassInstallParamsA
0x1001526c SetupDiCallClassInstaller
0x10015270 SetupDiDestroyDeviceInfoList
IPHLPAPI.DLL
0x1001506c GetIfTable
EAT(Export Address Table) Library
0x10004470 fuckyou
WS2_32.dll
0x100152e8 getsockname
0x100152ec gethostname
0x100152f0 socket
0x100152f4 gethostbyname
0x100152f8 htons
0x100152fc connect
0x10015300 WSAIoctl
0x10015304 select
0x10015308 recv
0x1001530c WSACleanup
0x10015310 send
0x10015314 setsockopt
0x10015318 closesocket
0x1001531c WSAStartup
SHELL32.dll
0x10015278 SHChangeNotify
0x1001527c ShellExecuteExA
0x10015280 ShellExecuteA
0x10015284 SHGetSpecialFolderPathA
ADVAPI32.dll
0x10015000 OpenSCManagerA
0x10015004 RegSetValueExA
0x10015008 DeleteService
0x1001500c OpenEventLogA
0x10015010 ClearEventLogA
0x10015014 CloseEventLog
0x10015018 StartServiceCtrlDispatcherA
0x1001501c RegisterServiceCtrlHandlerA
0x10015020 DuplicateTokenEx
0x10015024 SetTokenInformation
0x10015028 CreateProcessAsUserA
0x1001502c SetServiceStatus
0x10015030 RegOpenKeyExA
0x10015034 StartServiceA
0x10015038 CreateServiceA
0x1001503c LockServiceDatabase
0x10015040 ChangeServiceConfig2A
0x10015044 UnlockServiceDatabase
0x10015048 OpenServiceA
0x1001504c AdjustTokenPrivileges
0x10015050 LookupPrivilegeValueA
0x10015054 OpenProcessToken
0x10015058 RegCloseKey
0x1001505c RegQueryValueExA
0x10015060 RegOpenKeyA
0x10015064 CloseServiceHandle
KERNEL32.dll
0x10015074 GetFileType
0x10015078 GetStartupInfoW
0x1001507c FreeEnvironmentStringsW
0x10015080 GetEnvironmentStringsW
0x10015084 QueryPerformanceCounter
0x10015088 GetCurrentProcessId
0x1001508c GetSystemTimeAsFileTime
0x10015090 HeapSize
0x10015094 GetStringTypeW
0x10015098 GetConsoleCP
0x1001509c GetConsoleMode
0x100150a0 SetStdHandle
0x100150a4 FlushFileBuffers
0x100150a8 WriteConsoleW
0x100150ac VirtualFree
0x100150b0 VirtualAlloc
0x100150b4 CreateEventA
0x100150b8 WaitForSingleObject
0x100150bc SetEvent
0x100150c0 InterlockedExchange
0x100150c4 CancelIo
0x100150c8 Sleep
0x100150cc CloseHandle
0x100150d0 ResetEvent
0x100150d4 GlobalUnlock
0x100150d8 GlobalLock
0x100150dc FindNextFileA
0x100150e0 FindFirstFileA
0x100150e4 GetCurrentProcess
0x100150e8 GetVersion
0x100150ec WriteFile
0x100150f0 DeviceIoControl
0x100150f4 CreateFileA
0x100150f8 SetLastError
0x100150fc LocalFree
0x10015100 GetLastError
0x10015104 GlobalAlloc
0x10015108 LocalAlloc
0x1001510c ReadFile
0x10015110 GetFileSize
0x10015114 GetSystemDirectoryA
0x10015118 DeleteFileA
0x1001511c FreeLibrary
0x10015120 LoadLibraryA
0x10015124 GetSystemInfo
0x10015128 lstrlenA
0x1001512c lstrcpyA
0x10015130 lstrcatA
0x10015134 lstrcmpiA
0x10015138 LoadLibraryW
0x1001513c GetTickCount
0x10015140 GetDiskFreeSpaceExA
0x10015144 GetDriveTypeA
0x10015148 GlobalMemoryStatusEx
0x1001514c GetVersionExA
0x10015150 GetLocalTime
0x10015154 CreateDirectoryA
0x10015158 ReleaseMutex
0x1001515c CreateMutexA
0x10015160 MoveFileExA
0x10015164 MoveFileA
0x10015168 GetModuleFileNameA
0x1001516c SetFileAttributesA
0x10015170 CopyFileA
0x10015174 ExpandEnvironmentStringsA
0x10015178 SetThreadPriority
0x1001517c GetCurrentThread
0x10015180 SetPriorityClass
0x10015184 GetEnvironmentVariableA
0x10015188 GetShortPathNameA
0x1001518c DefineDosDeviceA
0x10015190 GetFileAttributesA
0x10015194 CreateFileW
0x10015198 GetCurrentThreadId
0x1001519c SetFilePointer
0x100151a0 CreateProcessA
0x100151a4 TerminateThread
0x100151a8 ResumeThread
0x100151ac VirtualProtect
0x100151b0 HeapFree
0x100151b4 GetProcessHeap
0x100151b8 HeapAlloc
0x100151bc SetHandleCount
0x100151c0 VirtualQuery
0x100151c4 MultiByteToWideChar
0x100151c8 LCMapStringW
0x100151cc WideCharToMultiByte
0x100151d0 IsValidCodePage
0x100151d4 GetOEMCP
0x100151d8 GetACP
0x100151dc GetCPInfo
0x100151e0 HeapDestroy
0x100151e4 HeapCreate
0x100151e8 GetModuleFileNameW
0x100151ec GetStdHandle
0x100151f0 TerminateProcess
0x100151f4 IsDebuggerPresent
0x100151f8 SetUnhandledExceptionFilter
0x100151fc UnhandledExceptionFilter
0x10015200 EnterCriticalSection
0x10015204 LeaveCriticalSection
0x10015208 DeleteCriticalSection
0x1001520c InitializeCriticalSectionAndSpinCount
0x10015210 InterlockedDecrement
0x10015214 InterlockedIncrement
0x10015218 TlsFree
0x1001521c TlsSetValue
0x10015220 TlsGetValue
0x10015224 TlsAlloc
0x10015228 GetProcAddress
0x1001522c ExitProcess
0x10015230 RtlUnwind
0x10015234 RaiseException
0x10015238 GetModuleHandleW
0x1001523c DecodePointer
0x10015240 HeapReAlloc
0x10015244 ExitThread
0x10015248 CreateThread
0x1001524c GetCommandLineA
0x10015250 EncodePointer
0x10015254 IsProcessorFeaturePresent
USER32.dll
0x1001528c FindWindowA
0x10015290 GetClassNameA
0x10015294 GetWindow
0x10015298 GetKeyState
0x1001529c GetAsyncKeyState
0x100152a0 MessageBoxA
0x100152a4 GetWindowTextA
0x100152a8 GetInputState
0x100152ac PostThreadMessageA
0x100152b0 GetMessageA
0x100152b4 GetLastInputInfo
0x100152b8 wsprintfA
0x100152bc EmptyClipboard
0x100152c0 SetClipboardData
0x100152c4 ExitWindowsEx
0x100152c8 OpenClipboard
0x100152cc GetClipboardData
0x100152d0 CloseClipboard
0x100152d4 SendMessageA
0x100152d8 IsWindowVisible
0x100152dc EnumWindows
0x100152e0 GetForegroundWindow
SETUPAPI.dll
0x1001525c SetupDiGetClassDevsA
0x10015260 SetupDiEnumDeviceInfo
0x10015264 SetupDiGetDeviceRegistryPropertyA
0x10015268 SetupDiSetClassInstallParamsA
0x1001526c SetupDiCallClassInstaller
0x10015270 SetupDiDestroyDeviceInfoList
IPHLPAPI.DLL
0x1001506c GetIfTable
EAT(Export Address Table) Library
0x10004470 fuckyou