ScreenShot
| Created | 2023.06.12 08:39 | Machine | s1_win7_x6403 |
| Filename | output_32.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 63585f2e36f932a92014e4c6f95fd74d | ||
| sha256 | fcfa6d90c34693b61a6ac6879176a67597e003ab433e131a82b6befa5e8c1e75 | ||
| ssdeep | 6144:6B/MHi3tcfAA4hqtjRR5iZxyMK9PTBYdqCU4MN:6BUC36TVmZxyMK9PTq | ||
| imphash | 3cc284cd2dd655170243627a984cee7b | ||
| impfuzzy | 96:fc3yaqB/yyt6yDzv3zf+sW5yEUTszakKBLH5DVp:03yaSvGcTbBvp | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Checks the CPU name from registry |
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1002b04c CreateToolhelp32Snapshot
0x1002b050 Process32FirstW
0x1002b054 Process32NextW
0x1002b058 CloseHandle
0x1002b05c LoadLibraryW
0x1002b060 GetProcAddress
0x1002b064 CreateFileW
0x1002b068 GetCurrentProcess
0x1002b06c lstrcpyW
0x1002b070 GetLastError
0x1002b074 HeapAlloc
0x1002b078 GetProcessHeap
0x1002b07c HeapFree
0x1002b080 OpenProcess
0x1002b084 GetDriveTypeW
0x1002b088 GetDiskFreeSpaceExW
0x1002b08c GlobalMemoryStatusEx
0x1002b090 GetSystemInfo
0x1002b094 FreeLibrary
0x1002b098 GetModuleFileNameW
0x1002b09c GetCommandLineW
0x1002b0a0 GetStartupInfoW
0x1002b0a4 CreateProcessW
0x1002b0a8 ExitProcess
0x1002b0ac WideCharToMultiByte
0x1002b0b0 CreateFileA
0x1002b0b4 DeviceIoControl
0x1002b0b8 QueryPerformanceFrequency
0x1002b0bc CreateEventW
0x1002b0c0 SetEvent
0x1002b0c4 ResetEvent
0x1002b0c8 QueryPerformanceCounter
0x1002b0cc WaitForSingleObject
0x1002b0d0 InterlockedExchange
0x1002b0d4 WriteFile
0x1002b0d8 ExpandEnvironmentStringsW
0x1002b0dc CopyFileW
0x1002b0e0 GetFileAttributesW
0x1002b0e4 GetConsoleWindow
0x1002b0e8 FormatMessageW
0x1002b0ec SetLastError
0x1002b0f0 VirtualProtect
0x1002b0f4 IsBadReadPtr
0x1002b0f8 LoadLibraryA
0x1002b0fc GetNativeSystemInfo
0x1002b100 SetErrorMode
0x1002b104 SetUnhandledExceptionFilter
0x1002b108 CreateThread
0x1002b10c CreateMutexW
0x1002b110 GetFileSize
0x1002b114 DeleteFileW
0x1002b118 ReleaseMutex
0x1002b11c SetFilePointer
0x1002b120 RaiseException
0x1002b124 InterlockedCompareExchange
0x1002b128 InitializeCriticalSectionAndSpinCount
0x1002b12c GetCurrentThreadId
0x1002b130 LocalFree
0x1002b134 ReadFile
0x1002b138 LCMapStringW
0x1002b13c FlushFileBuffers
0x1002b140 SetStdHandle
0x1002b144 WriteConsoleW
0x1002b148 GetModuleHandleW
0x1002b14c lstrcmpW
0x1002b150 GetTickCount
0x1002b154 Sleep
0x1002b158 lstrcatW
0x1002b15c GetSystemDirectoryW
0x1002b160 GetLocaleInfoW
0x1002b164 GetLocalTime
0x1002b168 GetCurrentProcessId
0x1002b16c MultiByteToWideChar
0x1002b170 lstrlenW
0x1002b174 InterlockedDecrement
0x1002b178 VirtualAlloc
0x1002b17c LeaveCriticalSection
0x1002b180 EnterCriticalSection
0x1002b184 DeleteCriticalSection
0x1002b188 VirtualFree
0x1002b18c GetSystemTimeAsFileTime
0x1002b190 GetEnvironmentStringsW
0x1002b194 FreeEnvironmentStringsW
0x1002b198 GetModuleFileNameA
0x1002b19c HeapCreate
0x1002b1a0 HeapDestroy
0x1002b1a4 CreateEventA
0x1002b1a8 InitializeCriticalSection
0x1002b1ac CreateWaitableTimerW
0x1002b1b0 GetFileType
0x1002b1b4 SetHandleCount
0x1002b1b8 IsValidCodePage
0x1002b1bc GetOEMCP
0x1002b1c0 GetACP
0x1002b1c4 GetCPInfo
0x1002b1c8 GetStringTypeW
0x1002b1cc TlsFree
0x1002b1d0 TlsSetValue
0x1002b1d4 TlsGetValue
0x1002b1d8 TlsAlloc
0x1002b1dc HeapSize
0x1002b1e0 GetStdHandle
0x1002b1e4 GetConsoleMode
0x1002b1e8 GetConsoleCP
0x1002b1ec IsProcessorFeaturePresent
0x1002b1f0 IsDebuggerPresent
0x1002b1f4 UnhandledExceptionFilter
0x1002b1f8 TerminateProcess
0x1002b1fc RtlUnwind
0x1002b200 GetCommandLineA
0x1002b204 HeapReAlloc
0x1002b208 ExitThread
0x1002b20c EncodePointer
0x1002b210 DecodePointer
0x1002b214 TryEnterCriticalSection
0x1002b218 CancelWaitableTimer
0x1002b21c SetWaitableTimer
0x1002b220 lstrlenA
0x1002b224 UnmapViewOfFile
0x1002b228 SwitchToThread
0x1002b22c CreateFileMappingW
0x1002b230 MapViewOfFileEx
0x1002b234 InterlockedIncrement
USER32.dll
0x1002b26c GetForegroundWindow
0x1002b270 GetMonitorInfoW
0x1002b274 GetWindowTextW
0x1002b278 MsgWaitForMultipleObjects
0x1002b27c PeekMessageW
0x1002b280 TranslateMessage
0x1002b284 DispatchMessageW
0x1002b288 GetLastInputInfo
0x1002b28c SendMessageW
0x1002b290 FindWindowA
0x1002b294 GetWindowTextA
0x1002b298 GetWindow
0x1002b29c GetClassNameA
0x1002b2a0 OpenWindowStationW
0x1002b2a4 SetProcessWindowStation
0x1002b2a8 IsWindow
0x1002b2ac EnumDisplayMonitors
0x1002b2b0 wsprintfW
ADVAPI32.dll
0x1002b000 OpenProcessToken
0x1002b004 RegSetValueExW
0x1002b008 RegCreateKeyW
0x1002b00c RegDeleteValueW
0x1002b010 RegQueryValueExW
0x1002b014 RegOpenKeyExW
0x1002b018 LookupAccountSidW
0x1002b01c GetTokenInformation
0x1002b020 GetCurrentHwProfileW
0x1002b024 FreeSid
0x1002b028 CheckTokenMembership
0x1002b02c AllocateAndInitializeSid
0x1002b030 RegCloseKey
0x1002b034 RegEnumKeyExA
0x1002b038 RegQueryInfoKeyW
0x1002b03c RegOpenKeyExA
SHELL32.dll
0x1002b254 SHGetFolderPathW
ole32.dll
0x1002b344 CoUninitialize
0x1002b348 CoCreateInstance
0x1002b34c CoInitialize
OLEAUT32.dll
0x1002b244 SysFreeString
0x1002b248 SysStringLen
0x1002b24c SysAllocString
WS2_32.dll
0x1002b2cc getsockname
0x1002b2d0 WSAAddressToStringW
0x1002b2d4 WSASetLastError
0x1002b2d8 WSAStringToAddressW
0x1002b2dc closesocket
0x1002b2e0 send
0x1002b2e4 setsockopt
0x1002b2e8 WSAIoctl
0x1002b2ec htons
0x1002b2f0 ntohs
0x1002b2f4 WSAGetLastError
0x1002b2f8 inet_ntoa
0x1002b2fc gethostbyname
0x1002b300 gethostname
0x1002b304 freeaddrinfo
0x1002b308 getaddrinfo
0x1002b30c WSAStartup
0x1002b310 WSAResetEvent
0x1002b314 WSAEventSelect
0x1002b318 WSACleanup
0x1002b31c ind
0x1002b320 connect
0x1002b324 recv
0x1002b328 WSACloseEvent
0x1002b32c WSACreateEvent
0x1002b330 socket
0x1002b334 WSAEnumNetworkEvents
0x1002b338 WSAWaitForMultipleEvents
0x1002b33c shutdown
SHLWAPI.dll
0x1002b25c StrChrW
0x1002b260 StrPBrkW
0x1002b264 PathIsDirectoryA
NETAPI32.dll
0x1002b23c NetWkstaGetInfo
DINPUT8.dll
0x1002b044 DirectInput8Create
WINMM.dll
0x1002b2b8 timeGetDevCaps
0x1002b2bc timeEndPeriod
0x1002b2c0 timeBeginPeriod
0x1002b2c4 timeGetTime
EAT(Export Address Table) Library
0x10009080 GetInstallDetailsPayload
0x100090e0 SignalChromeElf
0x100090d0 Version
0x10009020 load
0x10009080 run
KERNEL32.dll
0x1002b04c CreateToolhelp32Snapshot
0x1002b050 Process32FirstW
0x1002b054 Process32NextW
0x1002b058 CloseHandle
0x1002b05c LoadLibraryW
0x1002b060 GetProcAddress
0x1002b064 CreateFileW
0x1002b068 GetCurrentProcess
0x1002b06c lstrcpyW
0x1002b070 GetLastError
0x1002b074 HeapAlloc
0x1002b078 GetProcessHeap
0x1002b07c HeapFree
0x1002b080 OpenProcess
0x1002b084 GetDriveTypeW
0x1002b088 GetDiskFreeSpaceExW
0x1002b08c GlobalMemoryStatusEx
0x1002b090 GetSystemInfo
0x1002b094 FreeLibrary
0x1002b098 GetModuleFileNameW
0x1002b09c GetCommandLineW
0x1002b0a0 GetStartupInfoW
0x1002b0a4 CreateProcessW
0x1002b0a8 ExitProcess
0x1002b0ac WideCharToMultiByte
0x1002b0b0 CreateFileA
0x1002b0b4 DeviceIoControl
0x1002b0b8 QueryPerformanceFrequency
0x1002b0bc CreateEventW
0x1002b0c0 SetEvent
0x1002b0c4 ResetEvent
0x1002b0c8 QueryPerformanceCounter
0x1002b0cc WaitForSingleObject
0x1002b0d0 InterlockedExchange
0x1002b0d4 WriteFile
0x1002b0d8 ExpandEnvironmentStringsW
0x1002b0dc CopyFileW
0x1002b0e0 GetFileAttributesW
0x1002b0e4 GetConsoleWindow
0x1002b0e8 FormatMessageW
0x1002b0ec SetLastError
0x1002b0f0 VirtualProtect
0x1002b0f4 IsBadReadPtr
0x1002b0f8 LoadLibraryA
0x1002b0fc GetNativeSystemInfo
0x1002b100 SetErrorMode
0x1002b104 SetUnhandledExceptionFilter
0x1002b108 CreateThread
0x1002b10c CreateMutexW
0x1002b110 GetFileSize
0x1002b114 DeleteFileW
0x1002b118 ReleaseMutex
0x1002b11c SetFilePointer
0x1002b120 RaiseException
0x1002b124 InterlockedCompareExchange
0x1002b128 InitializeCriticalSectionAndSpinCount
0x1002b12c GetCurrentThreadId
0x1002b130 LocalFree
0x1002b134 ReadFile
0x1002b138 LCMapStringW
0x1002b13c FlushFileBuffers
0x1002b140 SetStdHandle
0x1002b144 WriteConsoleW
0x1002b148 GetModuleHandleW
0x1002b14c lstrcmpW
0x1002b150 GetTickCount
0x1002b154 Sleep
0x1002b158 lstrcatW
0x1002b15c GetSystemDirectoryW
0x1002b160 GetLocaleInfoW
0x1002b164 GetLocalTime
0x1002b168 GetCurrentProcessId
0x1002b16c MultiByteToWideChar
0x1002b170 lstrlenW
0x1002b174 InterlockedDecrement
0x1002b178 VirtualAlloc
0x1002b17c LeaveCriticalSection
0x1002b180 EnterCriticalSection
0x1002b184 DeleteCriticalSection
0x1002b188 VirtualFree
0x1002b18c GetSystemTimeAsFileTime
0x1002b190 GetEnvironmentStringsW
0x1002b194 FreeEnvironmentStringsW
0x1002b198 GetModuleFileNameA
0x1002b19c HeapCreate
0x1002b1a0 HeapDestroy
0x1002b1a4 CreateEventA
0x1002b1a8 InitializeCriticalSection
0x1002b1ac CreateWaitableTimerW
0x1002b1b0 GetFileType
0x1002b1b4 SetHandleCount
0x1002b1b8 IsValidCodePage
0x1002b1bc GetOEMCP
0x1002b1c0 GetACP
0x1002b1c4 GetCPInfo
0x1002b1c8 GetStringTypeW
0x1002b1cc TlsFree
0x1002b1d0 TlsSetValue
0x1002b1d4 TlsGetValue
0x1002b1d8 TlsAlloc
0x1002b1dc HeapSize
0x1002b1e0 GetStdHandle
0x1002b1e4 GetConsoleMode
0x1002b1e8 GetConsoleCP
0x1002b1ec IsProcessorFeaturePresent
0x1002b1f0 IsDebuggerPresent
0x1002b1f4 UnhandledExceptionFilter
0x1002b1f8 TerminateProcess
0x1002b1fc RtlUnwind
0x1002b200 GetCommandLineA
0x1002b204 HeapReAlloc
0x1002b208 ExitThread
0x1002b20c EncodePointer
0x1002b210 DecodePointer
0x1002b214 TryEnterCriticalSection
0x1002b218 CancelWaitableTimer
0x1002b21c SetWaitableTimer
0x1002b220 lstrlenA
0x1002b224 UnmapViewOfFile
0x1002b228 SwitchToThread
0x1002b22c CreateFileMappingW
0x1002b230 MapViewOfFileEx
0x1002b234 InterlockedIncrement
USER32.dll
0x1002b26c GetForegroundWindow
0x1002b270 GetMonitorInfoW
0x1002b274 GetWindowTextW
0x1002b278 MsgWaitForMultipleObjects
0x1002b27c PeekMessageW
0x1002b280 TranslateMessage
0x1002b284 DispatchMessageW
0x1002b288 GetLastInputInfo
0x1002b28c SendMessageW
0x1002b290 FindWindowA
0x1002b294 GetWindowTextA
0x1002b298 GetWindow
0x1002b29c GetClassNameA
0x1002b2a0 OpenWindowStationW
0x1002b2a4 SetProcessWindowStation
0x1002b2a8 IsWindow
0x1002b2ac EnumDisplayMonitors
0x1002b2b0 wsprintfW
ADVAPI32.dll
0x1002b000 OpenProcessToken
0x1002b004 RegSetValueExW
0x1002b008 RegCreateKeyW
0x1002b00c RegDeleteValueW
0x1002b010 RegQueryValueExW
0x1002b014 RegOpenKeyExW
0x1002b018 LookupAccountSidW
0x1002b01c GetTokenInformation
0x1002b020 GetCurrentHwProfileW
0x1002b024 FreeSid
0x1002b028 CheckTokenMembership
0x1002b02c AllocateAndInitializeSid
0x1002b030 RegCloseKey
0x1002b034 RegEnumKeyExA
0x1002b038 RegQueryInfoKeyW
0x1002b03c RegOpenKeyExA
SHELL32.dll
0x1002b254 SHGetFolderPathW
ole32.dll
0x1002b344 CoUninitialize
0x1002b348 CoCreateInstance
0x1002b34c CoInitialize
OLEAUT32.dll
0x1002b244 SysFreeString
0x1002b248 SysStringLen
0x1002b24c SysAllocString
WS2_32.dll
0x1002b2cc getsockname
0x1002b2d0 WSAAddressToStringW
0x1002b2d4 WSASetLastError
0x1002b2d8 WSAStringToAddressW
0x1002b2dc closesocket
0x1002b2e0 send
0x1002b2e4 setsockopt
0x1002b2e8 WSAIoctl
0x1002b2ec htons
0x1002b2f0 ntohs
0x1002b2f4 WSAGetLastError
0x1002b2f8 inet_ntoa
0x1002b2fc gethostbyname
0x1002b300 gethostname
0x1002b304 freeaddrinfo
0x1002b308 getaddrinfo
0x1002b30c WSAStartup
0x1002b310 WSAResetEvent
0x1002b314 WSAEventSelect
0x1002b318 WSACleanup
0x1002b31c ind
0x1002b320 connect
0x1002b324 recv
0x1002b328 WSACloseEvent
0x1002b32c WSACreateEvent
0x1002b330 socket
0x1002b334 WSAEnumNetworkEvents
0x1002b338 WSAWaitForMultipleEvents
0x1002b33c shutdown
SHLWAPI.dll
0x1002b25c StrChrW
0x1002b260 StrPBrkW
0x1002b264 PathIsDirectoryA
NETAPI32.dll
0x1002b23c NetWkstaGetInfo
DINPUT8.dll
0x1002b044 DirectInput8Create
WINMM.dll
0x1002b2b8 timeGetDevCaps
0x1002b2bc timeEndPeriod
0x1002b2c0 timeBeginPeriod
0x1002b2c4 timeGetTime
EAT(Export Address Table) Library
0x10009080 GetInstallDetailsPayload
0x100090e0 SignalChromeElf
0x100090d0 Version
0x10009020 load
0x10009080 run