ScreenShot
| Created | 2023.07.08 14:12 | Machine | s1_win7_x6401 |
| Filename | new64x.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 5 detected (malicious, confidence, 100%, high confidence, Coroxy, score) | ||
| md5 | b63f57d948b00f885ce27af54503df3a | ||
| sha256 | 22a094a2bdd1c3f865046f54b3cf3c958cf59f57f7a0ed9c0c31aadc8cf49ec4 | ||
| ssdeep | 98304:a830UshgHzyAUUxfystLGUtR/UfBt14SUyDIzC4ODoBZNlhK:arhMyO6aUpac+C4KoBl0 | ||
| imphash | f7f99ee48006e1a62ab040d43f6034e2 | ||
| impfuzzy | 24:UUZsYDZzSXsUXG5KPzsJjJiCEY4wx3dNDW:UQnlUbBCEY/3a | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
user32.dll
0x180178000 wsprintfA
ws2_32.dll
0x180178010 getaddrinfo
0x180178018 closesocket
0x180178020 shutdown
0x180178028 send
0x180178030 setsockopt
0x180178038 freeaddrinfo
0x180178040 recv
0x180178048 WSAIoctl
0x180178050 select
0x180178058 connect
0x180178060 inet_ntoa
0x180178068 inet_addr
0x180178070 htons
0x180178078 ioctlsocket
0x180178080 WSAStartup
0x180178088 socket
advapi32.dll
0x180178098 GetTokenInformation
0x1801780a0 OpenProcessToken
0x1801780a8 GetSidSubAuthority
kernel32.dll
0x1801780b8 WriteFile
0x1801780c0 SetFilePointer
0x1801780c8 CreateFileA
0x1801780d0 VirtualFree
0x1801780d8 LocalFree
0x1801780e0 LocalAlloc
0x1801780e8 GetLocalTime
0x1801780f0 SetEvent
0x1801780f8 WaitForSingleObject
0x180178100 ExitThread
0x180178108 CloseHandle
0x180178110 CreateThread
0x180178118 GetVolumeInformationA
0x180178120 VirtualAlloc
0x180178128 SystemTimeToFileTime
0x180178130 Sleep
0x180178138 GetCurrentProcess
0x180178140 FileTimeToSystemTime
0x180178148 CreateEventA
secur32.dll
0x180178158 GetUserNameExA
0x180178160 GetUserNameExW
ole32.dll
0x180178170 CoUninitialize
0x180178178 CoCreateInstance
0x180178180 CoInitialize
kernel32.dll
0x180178190 LocalAlloc
0x180178198 LocalFree
0x1801781a0 GetModuleFileNameW
0x1801781a8 ExitProcess
0x1801781b0 LoadLibraryA
0x1801781b8 GetModuleHandleA
0x1801781c0 GetProcAddress
EAT(Export Address Table) Library
0x180001020 rundll
user32.dll
0x180178000 wsprintfA
ws2_32.dll
0x180178010 getaddrinfo
0x180178018 closesocket
0x180178020 shutdown
0x180178028 send
0x180178030 setsockopt
0x180178038 freeaddrinfo
0x180178040 recv
0x180178048 WSAIoctl
0x180178050 select
0x180178058 connect
0x180178060 inet_ntoa
0x180178068 inet_addr
0x180178070 htons
0x180178078 ioctlsocket
0x180178080 WSAStartup
0x180178088 socket
advapi32.dll
0x180178098 GetTokenInformation
0x1801780a0 OpenProcessToken
0x1801780a8 GetSidSubAuthority
kernel32.dll
0x1801780b8 WriteFile
0x1801780c0 SetFilePointer
0x1801780c8 CreateFileA
0x1801780d0 VirtualFree
0x1801780d8 LocalFree
0x1801780e0 LocalAlloc
0x1801780e8 GetLocalTime
0x1801780f0 SetEvent
0x1801780f8 WaitForSingleObject
0x180178100 ExitThread
0x180178108 CloseHandle
0x180178110 CreateThread
0x180178118 GetVolumeInformationA
0x180178120 VirtualAlloc
0x180178128 SystemTimeToFileTime
0x180178130 Sleep
0x180178138 GetCurrentProcess
0x180178140 FileTimeToSystemTime
0x180178148 CreateEventA
secur32.dll
0x180178158 GetUserNameExA
0x180178160 GetUserNameExW
ole32.dll
0x180178170 CoUninitialize
0x180178178 CoCreateInstance
0x180178180 CoInitialize
kernel32.dll
0x180178190 LocalAlloc
0x180178198 LocalFree
0x1801781a0 GetModuleFileNameW
0x1801781a8 ExitProcess
0x1801781b0 LoadLibraryA
0x1801781b8 GetModuleHandleA
0x1801781c0 GetProcAddress
EAT(Export Address Table) Library
0x180001020 rundll