Report - ZeroBOX

ScreenShot

Info
Location map


Created	2023.06.30 09:29	Machine	s1_win7_x6401
Filename	new64.dll
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
AI Score	4	Behavior Score	2.4
ZERO API	file : malware
VT API (file)	12 detected (malicious, high confidence, Save, confidence, score, FileRepMalware, Artemis, moderate, Casdet)
md5	0168ca4a89a13c8b48f97edcd8c32165
sha256	10f2b39f63da35827e667f29e2b69524079e06e454160dee4c28636fffcce199
ssdeep	49152:jjjH4ZOXhVNeJBCDRTJ+j6ErUCBOU9EUSqVLsGC8egyQVTlFvqCBfZKQO9NPe5Ie:l8BcNYjnJLnC8egyQVPNZwL
imphash	7e60c38086d25d57354ecdf04c4b17ba
impfuzzy	3:sUx2AEJtGRbQ6CioSEl8MpOA43KXPMKLJWjpDAiAdPJApLMLgn:nEJtGbQ6CiZBFAUKXPMKYpsiAjApGg

Network IP location

Signature (6cnts)

Level	Description
watch	File has been identified by 12 AntiVirus engines on VirusTotal as malicious
watch	Tries to unhook Windows functions monitored by Cuckoo
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (4cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
info	IsDLL	(no description)	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x18000a138 GetModuleHandleA
user32.dll
0x18000a148 wsprintfA
ws2_32.dll
0x18000a158 getaddrinfo
advapi32.dll
0x18000a168 GetTokenInformation
secur32.dll
0x18000a178 GetUserNameExA
ole32.dll
0x18000a188 CoUninitialize

EAT(Export Address Table) Library

0x180001020 rundll

Report - new64.dll

Signature (6cnts)

Rules (4cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure