ScreenShot
| Created | 2023.06.12 09:01 | Machine | s1_win7_x6401 |
| Filename | output_64.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (Ulise, Save, malicious, confidence, Eldorado, Attribute, HighConfidence, high confidence, score, Barys, AntiAV, TrojanX, Gencirc, ai score=83, Phonzy, Detected, R563961, GenericRXAA, Farfli, CLASSIC, x5bE, mVN39A, susgen) | ||
| md5 | 91479a5bad88f0f0cfd0e9adb5c995e1 | ||
| sha256 | 93c3b4b783572c8191350d41f57ba4d9fff1568604ed193c7a71736f671e8ab6 | ||
| ssdeep | 6144:HtEkenhntp+bTjbtyIdi/MJcTBwq4FtwbqNFzJSTBKbybpbublt4uYbG:HqkenZr+bDdIVwq4JzJSTQx | ||
| imphash | 6f7ed52feff089e498b098dab143c859 | ||
| impfuzzy | 96:1c3yaqBzMt6yvR4f+H9hyTqUTs/XqMKBU4m5FVp:23yahvtenTFBQp | ||
Network IP location
Signature (13cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| watch | Checks the CPU name from registry |
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Repeatedly searches for a not-found process |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180031098 Process32FirstW
0x1800310a0 Process32NextW
0x1800310a8 CloseHandle
0x1800310b0 LoadLibraryW
0x1800310b8 GetProcAddress
0x1800310c0 CreateFileW
0x1800310c8 GetCurrentProcess
0x1800310d0 lstrcpyW
0x1800310d8 GetLastError
0x1800310e0 HeapAlloc
0x1800310e8 GetProcessHeap
0x1800310f0 HeapFree
0x1800310f8 OpenProcess
0x180031100 GetDriveTypeW
0x180031108 GetDiskFreeSpaceExW
0x180031110 GlobalMemoryStatusEx
0x180031118 GetSystemInfo
0x180031120 FreeLibrary
0x180031128 GetModuleFileNameW
0x180031130 GetCommandLineW
0x180031138 GetStartupInfoW
0x180031140 CreateProcessW
0x180031148 ExitProcess
0x180031150 WideCharToMultiByte
0x180031158 CreateFileA
0x180031160 DeviceIoControl
0x180031168 QueryPerformanceFrequency
0x180031170 CreateEventW
0x180031178 SetEvent
0x180031180 ResetEvent
0x180031188 QueryPerformanceCounter
0x180031190 WaitForSingleObject
0x180031198 WriteFile
0x1800311a0 ExpandEnvironmentStringsW
0x1800311a8 CopyFileW
0x1800311b0 GetFileAttributesW
0x1800311b8 CreateEventA
0x1800311c0 FormatMessageW
0x1800311c8 SetLastError
0x1800311d0 VirtualProtect
0x1800311d8 IsBadReadPtr
0x1800311e0 LoadLibraryA
0x1800311e8 GetNativeSystemInfo
0x1800311f0 SetErrorMode
0x1800311f8 SetUnhandledExceptionFilter
0x180031200 CreateThread
0x180031208 CreateMutexW
0x180031210 GetFileSize
0x180031218 DeleteFileW
0x180031220 ReleaseMutex
0x180031228 SetFilePointer
0x180031230 CreateFileMappingW
0x180031238 MapViewOfFileEx
0x180031240 LocalFree
0x180031248 ReadFile
0x180031250 CreateToolhelp32Snapshot
0x180031258 LCMapStringW
0x180031260 FlushFileBuffers
0x180031268 SetStdHandle
0x180031270 WriteConsoleW
0x180031278 GetConsoleWindow
0x180031280 GetModuleHandleW
0x180031288 lstrcmpW
0x180031290 GetTickCount
0x180031298 Sleep
0x1800312a0 lstrcatW
0x1800312a8 GetSystemDirectoryW
0x1800312b0 InitializeCriticalSection
0x1800312b8 GetLocaleInfoW
0x1800312c0 GetLocalTime
0x1800312c8 GetCurrentProcessId
0x1800312d0 MultiByteToWideChar
0x1800312d8 lstrlenW
0x1800312e0 VirtualAlloc
0x1800312e8 LeaveCriticalSection
0x1800312f0 EnterCriticalSection
0x1800312f8 DeleteCriticalSection
0x180031300 GetSystemTimeAsFileTime
0x180031308 GetEnvironmentStringsW
0x180031310 FreeEnvironmentStringsW
0x180031318 GetModuleFileNameA
0x180031320 CreateWaitableTimerW
0x180031328 HeapDestroy
0x180031330 HeapCreate
0x180031338 GetCurrentThreadId
0x180031340 GetFileType
0x180031348 SetHandleCount
0x180031350 IsValidCodePage
0x180031358 GetOEMCP
0x180031360 GetACP
0x180031368 GetCPInfo
0x180031370 GetStringTypeW
0x180031378 FlsAlloc
0x180031380 FlsFree
0x180031388 FlsGetValue
0x180031390 HeapSize
0x180031398 GetStdHandle
0x1800313a0 GetConsoleMode
0x1800313a8 GetConsoleCP
0x1800313b0 GetVersion
0x1800313b8 HeapSetInformation
0x1800313c0 RtlCaptureContext
0x1800313c8 RtlVirtualUnwind
0x1800313d0 IsDebuggerPresent
0x1800313d8 UnhandledExceptionFilter
0x1800313e0 TerminateProcess
0x1800313e8 RtlUnwindEx
0x1800313f0 RtlLookupFunctionEntry
0x1800313f8 RtlPcToFileHeader
0x180031400 GetCommandLineA
0x180031408 FlsSetValue
0x180031410 HeapReAlloc
0x180031418 ExitThread
0x180031420 EncodePointer
0x180031428 DecodePointer
0x180031430 TryEnterCriticalSection
0x180031438 CancelWaitableTimer
0x180031440 SetWaitableTimer
0x180031448 lstrlenA
0x180031450 UnmapViewOfFile
0x180031458 InitializeCriticalSectionAndSpinCount
0x180031460 VirtualFree
0x180031468 RaiseException
0x180031470 SwitchToThread
USER32.dll
0x1800314d8 GetMonitorInfoW
0x1800314e0 GetWindowTextW
0x1800314e8 GetForegroundWindow
0x1800314f0 MsgWaitForMultipleObjects
0x1800314f8 PeekMessageW
0x180031500 TranslateMessage
0x180031508 DispatchMessageW
0x180031510 GetLastInputInfo
0x180031518 SendMessageW
0x180031520 FindWindowA
0x180031528 GetWindowTextA
0x180031530 GetWindow
0x180031538 GetClassNameA
0x180031540 OpenWindowStationW
0x180031548 SetProcessWindowStation
0x180031550 IsWindow
0x180031558 EnumDisplayMonitors
0x180031560 wsprintfW
ADVAPI32.dll
0x180031000 FreeSid
0x180031008 RegOpenKeyExA
0x180031010 RegSetValueExW
0x180031018 RegCreateKeyW
0x180031020 RegDeleteValueW
0x180031028 RegQueryValueExW
0x180031030 RegOpenKeyExW
0x180031038 LookupAccountSidW
0x180031040 GetTokenInformation
0x180031048 OpenProcessToken
0x180031050 CheckTokenMembership
0x180031058 AllocateAndInitializeSid
0x180031060 RegCloseKey
0x180031068 RegEnumKeyExA
0x180031070 RegQueryInfoKeyW
0x180031078 GetCurrentHwProfileW
SHELL32.dll
0x1800314b0 SHGetFolderPathW
ole32.dll
0x180031690 CoUninitialize
0x180031698 CoCreateInstance
0x1800316a0 CoInitialize
OLEAUT32.dll
0x180031490 SysFreeString
0x180031498 SysStringLen
0x1800314a0 SysAllocString
WS2_32.dll
0x180031598 getsockname
0x1800315a0 getpeername
0x1800315a8 WSASetLastError
0x1800315b0 WSAStringToAddressW
0x1800315b8 shutdown
0x1800315c0 send
0x1800315c8 setsockopt
0x1800315d0 WSAIoctl
0x1800315d8 InetNtopW
0x1800315e0 htons
0x1800315e8 ntohs
0x1800315f0 WSAGetLastError
0x1800315f8 inet_ntoa
0x180031600 gethostbyname
0x180031608 gethostname
0x180031610 freeaddrinfo
0x180031618 getaddrinfo
0x180031620 WSAStartup
0x180031628 WSAResetEvent
0x180031630 WSAEventSelect
0x180031638 WSACleanup
0x180031640 ind
0x180031648 connect
0x180031650 recv
0x180031658 WSACloseEvent
0x180031660 WSACreateEvent
0x180031668 socket
0x180031670 WSAEnumNetworkEvents
0x180031678 WSAWaitForMultipleEvents
0x180031680 closesocket
SHLWAPI.dll
0x1800314c0 StrChrW
0x1800314c8 PathIsDirectoryA
NETAPI32.dll
0x180031480 NetWkstaGetInfo
DINPUT8.dll
0x180031088 DirectInput8Create
WINMM.dll
0x180031570 timeGetDevCaps
0x180031578 timeEndPeriod
0x180031580 timeBeginPeriod
0x180031588 timeGetTime
EAT(Export Address Table) Library
0x18000a9f0 GetInstallDetailsPayload
0x18000aa70 SignalChromeElf
0x18000a9e0 Version
0x18000a950 load
0x18000a9f0 run
KERNEL32.dll
0x180031098 Process32FirstW
0x1800310a0 Process32NextW
0x1800310a8 CloseHandle
0x1800310b0 LoadLibraryW
0x1800310b8 GetProcAddress
0x1800310c0 CreateFileW
0x1800310c8 GetCurrentProcess
0x1800310d0 lstrcpyW
0x1800310d8 GetLastError
0x1800310e0 HeapAlloc
0x1800310e8 GetProcessHeap
0x1800310f0 HeapFree
0x1800310f8 OpenProcess
0x180031100 GetDriveTypeW
0x180031108 GetDiskFreeSpaceExW
0x180031110 GlobalMemoryStatusEx
0x180031118 GetSystemInfo
0x180031120 FreeLibrary
0x180031128 GetModuleFileNameW
0x180031130 GetCommandLineW
0x180031138 GetStartupInfoW
0x180031140 CreateProcessW
0x180031148 ExitProcess
0x180031150 WideCharToMultiByte
0x180031158 CreateFileA
0x180031160 DeviceIoControl
0x180031168 QueryPerformanceFrequency
0x180031170 CreateEventW
0x180031178 SetEvent
0x180031180 ResetEvent
0x180031188 QueryPerformanceCounter
0x180031190 WaitForSingleObject
0x180031198 WriteFile
0x1800311a0 ExpandEnvironmentStringsW
0x1800311a8 CopyFileW
0x1800311b0 GetFileAttributesW
0x1800311b8 CreateEventA
0x1800311c0 FormatMessageW
0x1800311c8 SetLastError
0x1800311d0 VirtualProtect
0x1800311d8 IsBadReadPtr
0x1800311e0 LoadLibraryA
0x1800311e8 GetNativeSystemInfo
0x1800311f0 SetErrorMode
0x1800311f8 SetUnhandledExceptionFilter
0x180031200 CreateThread
0x180031208 CreateMutexW
0x180031210 GetFileSize
0x180031218 DeleteFileW
0x180031220 ReleaseMutex
0x180031228 SetFilePointer
0x180031230 CreateFileMappingW
0x180031238 MapViewOfFileEx
0x180031240 LocalFree
0x180031248 ReadFile
0x180031250 CreateToolhelp32Snapshot
0x180031258 LCMapStringW
0x180031260 FlushFileBuffers
0x180031268 SetStdHandle
0x180031270 WriteConsoleW
0x180031278 GetConsoleWindow
0x180031280 GetModuleHandleW
0x180031288 lstrcmpW
0x180031290 GetTickCount
0x180031298 Sleep
0x1800312a0 lstrcatW
0x1800312a8 GetSystemDirectoryW
0x1800312b0 InitializeCriticalSection
0x1800312b8 GetLocaleInfoW
0x1800312c0 GetLocalTime
0x1800312c8 GetCurrentProcessId
0x1800312d0 MultiByteToWideChar
0x1800312d8 lstrlenW
0x1800312e0 VirtualAlloc
0x1800312e8 LeaveCriticalSection
0x1800312f0 EnterCriticalSection
0x1800312f8 DeleteCriticalSection
0x180031300 GetSystemTimeAsFileTime
0x180031308 GetEnvironmentStringsW
0x180031310 FreeEnvironmentStringsW
0x180031318 GetModuleFileNameA
0x180031320 CreateWaitableTimerW
0x180031328 HeapDestroy
0x180031330 HeapCreate
0x180031338 GetCurrentThreadId
0x180031340 GetFileType
0x180031348 SetHandleCount
0x180031350 IsValidCodePage
0x180031358 GetOEMCP
0x180031360 GetACP
0x180031368 GetCPInfo
0x180031370 GetStringTypeW
0x180031378 FlsAlloc
0x180031380 FlsFree
0x180031388 FlsGetValue
0x180031390 HeapSize
0x180031398 GetStdHandle
0x1800313a0 GetConsoleMode
0x1800313a8 GetConsoleCP
0x1800313b0 GetVersion
0x1800313b8 HeapSetInformation
0x1800313c0 RtlCaptureContext
0x1800313c8 RtlVirtualUnwind
0x1800313d0 IsDebuggerPresent
0x1800313d8 UnhandledExceptionFilter
0x1800313e0 TerminateProcess
0x1800313e8 RtlUnwindEx
0x1800313f0 RtlLookupFunctionEntry
0x1800313f8 RtlPcToFileHeader
0x180031400 GetCommandLineA
0x180031408 FlsSetValue
0x180031410 HeapReAlloc
0x180031418 ExitThread
0x180031420 EncodePointer
0x180031428 DecodePointer
0x180031430 TryEnterCriticalSection
0x180031438 CancelWaitableTimer
0x180031440 SetWaitableTimer
0x180031448 lstrlenA
0x180031450 UnmapViewOfFile
0x180031458 InitializeCriticalSectionAndSpinCount
0x180031460 VirtualFree
0x180031468 RaiseException
0x180031470 SwitchToThread
USER32.dll
0x1800314d8 GetMonitorInfoW
0x1800314e0 GetWindowTextW
0x1800314e8 GetForegroundWindow
0x1800314f0 MsgWaitForMultipleObjects
0x1800314f8 PeekMessageW
0x180031500 TranslateMessage
0x180031508 DispatchMessageW
0x180031510 GetLastInputInfo
0x180031518 SendMessageW
0x180031520 FindWindowA
0x180031528 GetWindowTextA
0x180031530 GetWindow
0x180031538 GetClassNameA
0x180031540 OpenWindowStationW
0x180031548 SetProcessWindowStation
0x180031550 IsWindow
0x180031558 EnumDisplayMonitors
0x180031560 wsprintfW
ADVAPI32.dll
0x180031000 FreeSid
0x180031008 RegOpenKeyExA
0x180031010 RegSetValueExW
0x180031018 RegCreateKeyW
0x180031020 RegDeleteValueW
0x180031028 RegQueryValueExW
0x180031030 RegOpenKeyExW
0x180031038 LookupAccountSidW
0x180031040 GetTokenInformation
0x180031048 OpenProcessToken
0x180031050 CheckTokenMembership
0x180031058 AllocateAndInitializeSid
0x180031060 RegCloseKey
0x180031068 RegEnumKeyExA
0x180031070 RegQueryInfoKeyW
0x180031078 GetCurrentHwProfileW
SHELL32.dll
0x1800314b0 SHGetFolderPathW
ole32.dll
0x180031690 CoUninitialize
0x180031698 CoCreateInstance
0x1800316a0 CoInitialize
OLEAUT32.dll
0x180031490 SysFreeString
0x180031498 SysStringLen
0x1800314a0 SysAllocString
WS2_32.dll
0x180031598 getsockname
0x1800315a0 getpeername
0x1800315a8 WSASetLastError
0x1800315b0 WSAStringToAddressW
0x1800315b8 shutdown
0x1800315c0 send
0x1800315c8 setsockopt
0x1800315d0 WSAIoctl
0x1800315d8 InetNtopW
0x1800315e0 htons
0x1800315e8 ntohs
0x1800315f0 WSAGetLastError
0x1800315f8 inet_ntoa
0x180031600 gethostbyname
0x180031608 gethostname
0x180031610 freeaddrinfo
0x180031618 getaddrinfo
0x180031620 WSAStartup
0x180031628 WSAResetEvent
0x180031630 WSAEventSelect
0x180031638 WSACleanup
0x180031640 ind
0x180031648 connect
0x180031650 recv
0x180031658 WSACloseEvent
0x180031660 WSACreateEvent
0x180031668 socket
0x180031670 WSAEnumNetworkEvents
0x180031678 WSAWaitForMultipleEvents
0x180031680 closesocket
SHLWAPI.dll
0x1800314c0 StrChrW
0x1800314c8 PathIsDirectoryA
NETAPI32.dll
0x180031480 NetWkstaGetInfo
DINPUT8.dll
0x180031088 DirectInput8Create
WINMM.dll
0x180031570 timeGetDevCaps
0x180031578 timeEndPeriod
0x180031580 timeBeginPeriod
0x180031588 timeGetTime
EAT(Export Address Table) Library
0x18000a9f0 GetInstallDetailsPayload
0x18000aa70 SignalChromeElf
0x18000a9e0 Version
0x18000a950 load
0x18000a9f0 run