ScreenShot
| Created | 2023.06.26 15:09 | Machine | s1_win7_x6403 |
| Filename | microengine.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (Convagent, malicious, high confidence, Artemis, Unsafe, Searchclick, FileRepMalware, Efkl, Generic PUA LH, ApplicUnwnt@#3agiupi8hkq4j, AdSearch, alrt, Creprote, Helper, Bitrepeyp, CLOUD, Static AI, Suspicious PE) | ||
| md5 | fb83690fe7e7e0d3a8f40b110de316d0 | ||
| sha256 | 9397f73f7ce35bf66739792b179ee61414b274655a636296f6ce5b437b08827f | ||
| ssdeep | 3072:OFBbQF3jRCiJc4PUFVVs6B+R0XCV6pWmqs2/z4fLewiQa+myefA9YV4FumBFx7:OFBbQF3NCKc4P2jB+3ce/Baz9YkBb7 | ||
| imphash | afbb6bce97739a51ec4fc950faaf41d2 | ||
| impfuzzy | 48:Z90RX41fknpqwUijupDWcGtFf/dKRtQYFQgcI1ch/0:ZqX8fknpqwJjgacGtpdKvQYFQ7I1t | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| watch | Installs a Browser Helper Object to thwart the users browsing experience |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| info | Checks if process is being debugged by a debugger |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1002a030 LoadResource
0x1002a034 SizeofResource
0x1002a038 lstrcmpiW
0x1002a03c LoadLibraryExW
0x1002a040 GetModuleFileNameW
0x1002a044 GetModuleHandleW
0x1002a048 FindResourceW
0x1002a04c FindResourceExW
0x1002a050 MultiByteToWideChar
0x1002a054 WideCharToMultiByte
0x1002a058 FormatMessageW
0x1002a05c GetACP
0x1002a060 EncodePointer
0x1002a064 DecodePointer
0x1002a068 GetThreadLocale
0x1002a06c SetThreadLocale
0x1002a070 GetCurrentProcess
0x1002a074 GetVersionExW
0x1002a078 IsValidCodePage
0x1002a07c GetFileType
0x1002a080 SetFilePointerEx
0x1002a084 LeaveCriticalSection
0x1002a088 EnterCriticalSection
0x1002a08c GetProcAddress
0x1002a090 FreeLibrary
0x1002a094 LockResource
0x1002a098 DeleteCriticalSection
0x1002a09c InitializeCriticalSectionAndSpinCount
0x1002a0a0 GetLastError
0x1002a0a4 RaiseException
0x1002a0a8 DisableThreadLibraryCalls
0x1002a0ac SetEnvironmentVariableA
0x1002a0b0 WriteConsoleW
0x1002a0b4 SetStdHandle
0x1002a0b8 CreateFileW
0x1002a0bc SetFilePointer
0x1002a0c0 ReadConsoleW
0x1002a0c4 GetConsoleMode
0x1002a0c8 GetConsoleCP
0x1002a0cc FlushFileBuffers
0x1002a0d0 GetStringTypeW
0x1002a0d4 GetStartupInfoW
0x1002a0d8 TlsFree
0x1002a0dc TlsSetValue
0x1002a0e0 GetOEMCP
0x1002a0e4 LCMapStringW
0x1002a0e8 CompareStringW
0x1002a0ec InterlockedDecrement
0x1002a0f0 InterlockedIncrement
0x1002a0f4 LoadLibraryW
0x1002a0f8 OutputDebugStringW
0x1002a0fc FreeEnvironmentStringsW
0x1002a100 GetEnvironmentStringsW
0x1002a104 GetCurrentProcessId
0x1002a108 TlsGetValue
0x1002a10c QueryPerformanceCounter
0x1002a110 GetModuleFileNameA
0x1002a114 GetTimeZoneInformation
0x1002a118 GetCPInfo
0x1002a11c HeapDestroy
0x1002a120 HeapAlloc
0x1002a124 HeapReAlloc
0x1002a128 HeapFree
0x1002a12c HeapSize
0x1002a130 GetProcessHeap
0x1002a134 LocalFree
0x1002a138 IsDebuggerPresent
0x1002a13c IsProcessorFeaturePresent
0x1002a140 CloseHandle
0x1002a144 CreateThread
0x1002a148 ExitThread
0x1002a14c ResumeThread
0x1002a150 RtlUnwind
0x1002a154 ReadFile
0x1002a158 GetSystemTimeAsFileTime
0x1002a15c GetCommandLineA
0x1002a160 GetCurrentThreadId
0x1002a164 ExitProcess
0x1002a168 GetModuleHandleExW
0x1002a16c Sleep
0x1002a170 GetStdHandle
0x1002a174 WriteFile
0x1002a178 UnhandledExceptionFilter
0x1002a17c SetUnhandledExceptionFilter
0x1002a180 SetLastError
0x1002a184 TerminateProcess
0x1002a188 TlsAlloc
USER32.dll
0x1002a1cc CharNextW
ADVAPI32.dll
0x1002a000 RegCreateKeyExW
0x1002a004 RegDeleteKeyW
0x1002a008 RegQueryValueExW
0x1002a00c RegSetValueExW
0x1002a010 RegQueryInfoKeyW
0x1002a014 RegOpenKeyExW
0x1002a018 RegEnumKeyExW
0x1002a01c RegDeleteValueW
0x1002a020 RegCloseKey
ole32.dll
0x1002a204 CoTaskMemRealloc
0x1002a208 CoTaskMemFree
0x1002a20c StringFromGUID2
0x1002a210 CoTaskMemAlloc
0x1002a214 CoCreateInstance
OLEAUT32.dll
0x1002a190 UnRegisterTypeLib
0x1002a194 RegisterTypeLib
0x1002a198 SysAllocString
0x1002a19c DispCallFunc
0x1002a1a0 LoadRegTypeLib
0x1002a1a4 LoadTypeLib
0x1002a1a8 VarUI4FromStr
0x1002a1ac VariantClear
0x1002a1b0 VariantInit
0x1002a1b4 SysStringLen
0x1002a1b8 SysAllocStringLen
0x1002a1bc SysFreeString
SHLWAPI.dll
0x1002a1c4 StrStrW
IPHLPAPI.DLL
0x1002a028 GetAdaptersInfo
WININET.dll
0x1002a1d4 HttpAddRequestHeadersA
0x1002a1d8 InternetCloseHandle
0x1002a1dc FindNextUrlCacheEntryW
0x1002a1e0 InternetConnectA
0x1002a1e4 HttpSendRequestA
0x1002a1e8 HttpOpenRequestA
0x1002a1ec InternetReadFile
0x1002a1f0 FindCloseUrlCache
0x1002a1f4 DeleteUrlCacheEntryW
0x1002a1f8 InternetOpenA
0x1002a1fc FindFirstUrlCacheEntryW
EAT(Export Address Table) Library
0x1000fe40 DllCanUnloadNow
0x1000fe60 DllGetClassObject
0x1000fe80 DllInstall
0x1000fef0 DllRegisterServer
0x1000ff00 DllUnregisterServer
KERNEL32.dll
0x1002a030 LoadResource
0x1002a034 SizeofResource
0x1002a038 lstrcmpiW
0x1002a03c LoadLibraryExW
0x1002a040 GetModuleFileNameW
0x1002a044 GetModuleHandleW
0x1002a048 FindResourceW
0x1002a04c FindResourceExW
0x1002a050 MultiByteToWideChar
0x1002a054 WideCharToMultiByte
0x1002a058 FormatMessageW
0x1002a05c GetACP
0x1002a060 EncodePointer
0x1002a064 DecodePointer
0x1002a068 GetThreadLocale
0x1002a06c SetThreadLocale
0x1002a070 GetCurrentProcess
0x1002a074 GetVersionExW
0x1002a078 IsValidCodePage
0x1002a07c GetFileType
0x1002a080 SetFilePointerEx
0x1002a084 LeaveCriticalSection
0x1002a088 EnterCriticalSection
0x1002a08c GetProcAddress
0x1002a090 FreeLibrary
0x1002a094 LockResource
0x1002a098 DeleteCriticalSection
0x1002a09c InitializeCriticalSectionAndSpinCount
0x1002a0a0 GetLastError
0x1002a0a4 RaiseException
0x1002a0a8 DisableThreadLibraryCalls
0x1002a0ac SetEnvironmentVariableA
0x1002a0b0 WriteConsoleW
0x1002a0b4 SetStdHandle
0x1002a0b8 CreateFileW
0x1002a0bc SetFilePointer
0x1002a0c0 ReadConsoleW
0x1002a0c4 GetConsoleMode
0x1002a0c8 GetConsoleCP
0x1002a0cc FlushFileBuffers
0x1002a0d0 GetStringTypeW
0x1002a0d4 GetStartupInfoW
0x1002a0d8 TlsFree
0x1002a0dc TlsSetValue
0x1002a0e0 GetOEMCP
0x1002a0e4 LCMapStringW
0x1002a0e8 CompareStringW
0x1002a0ec InterlockedDecrement
0x1002a0f0 InterlockedIncrement
0x1002a0f4 LoadLibraryW
0x1002a0f8 OutputDebugStringW
0x1002a0fc FreeEnvironmentStringsW
0x1002a100 GetEnvironmentStringsW
0x1002a104 GetCurrentProcessId
0x1002a108 TlsGetValue
0x1002a10c QueryPerformanceCounter
0x1002a110 GetModuleFileNameA
0x1002a114 GetTimeZoneInformation
0x1002a118 GetCPInfo
0x1002a11c HeapDestroy
0x1002a120 HeapAlloc
0x1002a124 HeapReAlloc
0x1002a128 HeapFree
0x1002a12c HeapSize
0x1002a130 GetProcessHeap
0x1002a134 LocalFree
0x1002a138 IsDebuggerPresent
0x1002a13c IsProcessorFeaturePresent
0x1002a140 CloseHandle
0x1002a144 CreateThread
0x1002a148 ExitThread
0x1002a14c ResumeThread
0x1002a150 RtlUnwind
0x1002a154 ReadFile
0x1002a158 GetSystemTimeAsFileTime
0x1002a15c GetCommandLineA
0x1002a160 GetCurrentThreadId
0x1002a164 ExitProcess
0x1002a168 GetModuleHandleExW
0x1002a16c Sleep
0x1002a170 GetStdHandle
0x1002a174 WriteFile
0x1002a178 UnhandledExceptionFilter
0x1002a17c SetUnhandledExceptionFilter
0x1002a180 SetLastError
0x1002a184 TerminateProcess
0x1002a188 TlsAlloc
USER32.dll
0x1002a1cc CharNextW
ADVAPI32.dll
0x1002a000 RegCreateKeyExW
0x1002a004 RegDeleteKeyW
0x1002a008 RegQueryValueExW
0x1002a00c RegSetValueExW
0x1002a010 RegQueryInfoKeyW
0x1002a014 RegOpenKeyExW
0x1002a018 RegEnumKeyExW
0x1002a01c RegDeleteValueW
0x1002a020 RegCloseKey
ole32.dll
0x1002a204 CoTaskMemRealloc
0x1002a208 CoTaskMemFree
0x1002a20c StringFromGUID2
0x1002a210 CoTaskMemAlloc
0x1002a214 CoCreateInstance
OLEAUT32.dll
0x1002a190 UnRegisterTypeLib
0x1002a194 RegisterTypeLib
0x1002a198 SysAllocString
0x1002a19c DispCallFunc
0x1002a1a0 LoadRegTypeLib
0x1002a1a4 LoadTypeLib
0x1002a1a8 VarUI4FromStr
0x1002a1ac VariantClear
0x1002a1b0 VariantInit
0x1002a1b4 SysStringLen
0x1002a1b8 SysAllocStringLen
0x1002a1bc SysFreeString
SHLWAPI.dll
0x1002a1c4 StrStrW
IPHLPAPI.DLL
0x1002a028 GetAdaptersInfo
WININET.dll
0x1002a1d4 HttpAddRequestHeadersA
0x1002a1d8 InternetCloseHandle
0x1002a1dc FindNextUrlCacheEntryW
0x1002a1e0 InternetConnectA
0x1002a1e4 HttpSendRequestA
0x1002a1e8 HttpOpenRequestA
0x1002a1ec InternetReadFile
0x1002a1f0 FindCloseUrlCache
0x1002a1f4 DeleteUrlCacheEntryW
0x1002a1f8 InternetOpenA
0x1002a1fc FindFirstUrlCacheEntryW
EAT(Export Address Table) Library
0x1000fe40 DllCanUnloadNow
0x1000fe60 DllGetClassObject
0x1000fe80 DllInstall
0x1000fef0 DllRegisterServer
0x1000ff00 DllUnregisterServer