popup

Report - %E5%A4%9A%E5%8A%9F%E8%83%BD.dll

DLL PE32 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.06.17 18:08 Machine s1_win7_x6401
Filename %E5%A4%9A%E5%8A%9F%E8%83%BD.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
9
 Behavior Score
1.4
ZERO API file : clean
VT API (file) 24 detected (AIDetectMalware, malicious, high confidence, OI5@Ji4t8Toi, confidence, GenCBL, score, Poison, TrochilCRTD, YongyuFeed, Detected, ai score=86, MalCert, CLASSIC)
md5 cffa65118e7675001f5b61e0def9c1cc
sha256 2161f143f6b9981d0ec771935cc5a324b632a5d1f4236549d9a42e610f4ab7df
ssdeep 49152:JJdH9wNPi9gcV0YwlDAo7nl2di+Y+j4ZAvAtkw6UuWfCa7Q/ykELkUywO7Elzk:XddpRwlDd2di+hJw62ffVA0Bk
imphash 0d3d63e66f9f4ed12e557231072dbbbd
impfuzzy 3:sgBJQgpoIKBMepAGZsBO7oAAJo1MO/OywWBJAEPwSx2AEZsS9KTXzW:Xegpta5slJoZ/OiBJAEnERGDW
  Network IP location

Signature (3cnts)

Level Description
warning File has been identified by 24 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level Name Description Collection
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x1026d000 CloseHandle
USER32.dll
 0x1026d008 GetSystemMetrics
GDI32.dll
 0x1026d010 DeleteObject
KERNEL32.dll
 0x1026d018 HeapAlloc
 0x1026d01c HeapFree
 0x1026d020 ExitProcess
 0x1026d024 LoadLibraryA
 0x1026d028 GetModuleHandleA
 0x1026d02c GetProcAddress

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure