ScreenShot
| Created | 2023.07.10 18:17 | Machine | s1_win7_x6401 |
| Filename | new64.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 11 detected (malicious, confidence, 100%, Attribute, HighConfidence, high confidence, Coroxy, score, PUPXRV, Generic ML PUA, SystemBC) | ||
| md5 | e8adc07619649cf7775aca6366e44505 | ||
| sha256 | bebd19c9564d5fcd30b61828bd864c06dc3a421b850488972473f8330ad91bbc | ||
| ssdeep | 98304:zfWvjcEr2WI8tUGMQS5bzddMhaiz9U+PnHT7+51N:zev72/8tUG7YzDGaixTPnHT7C | ||
| imphash | fdb86ad1221188d05cf134b7ea883a73 | ||
| impfuzzy | 48:UQnlUbBCEY/G14ASXJ+Zcp++vZZZCTugt7PKq43a:9lyv1AXJ+Zcp+qjOugt7Pr2a | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 11 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
user32.dll
0x1802c3000 wsprintfA
ws2_32.dll
0x1802c3010 getaddrinfo
0x1802c3018 closesocket
0x1802c3020 shutdown
0x1802c3028 send
0x1802c3030 setsockopt
0x1802c3038 freeaddrinfo
0x1802c3040 recv
0x1802c3048 WSAIoctl
0x1802c3050 select
0x1802c3058 connect
0x1802c3060 inet_ntoa
0x1802c3068 inet_addr
0x1802c3070 htons
0x1802c3078 ioctlsocket
0x1802c3080 WSAStartup
0x1802c3088 socket
advapi32.dll
0x1802c3098 GetTokenInformation
0x1802c30a0 OpenProcessToken
0x1802c30a8 GetSidSubAuthority
kernel32.dll
0x1802c30b8 WriteFile
0x1802c30c0 SetFilePointer
0x1802c30c8 CreateFileA
0x1802c30d0 VirtualFree
0x1802c30d8 LocalFree
0x1802c30e0 LocalAlloc
0x1802c30e8 GetLocalTime
0x1802c30f0 SetEvent
0x1802c30f8 WaitForSingleObject
0x1802c3100 ExitThread
0x1802c3108 CloseHandle
0x1802c3110 CreateThread
0x1802c3118 GetVolumeInformationA
0x1802c3120 VirtualAlloc
0x1802c3128 SystemTimeToFileTime
0x1802c3130 Sleep
0x1802c3138 GetCurrentProcess
0x1802c3140 FileTimeToSystemTime
0x1802c3148 CreateEventA
secur32.dll
0x1802c3158 GetUserNameExA
0x1802c3160 GetUserNameExW
ole32.dll
0x1802c3170 CoUninitialize
0x1802c3178 CoCreateInstance
0x1802c3180 CoInitialize
kernel32.dll
0x1802c3190 GetSystemTimeAsFileTime
0x1802c3198 GetModuleHandleA
0x1802c31a0 CreateEventA
0x1802c31a8 GetModuleFileNameW
0x1802c31b0 TerminateProcess
0x1802c31b8 GetCurrentProcess
0x1802c31c0 CreateToolhelp32Snapshot
0x1802c31c8 Thread32First
0x1802c31d0 GetCurrentProcessId
0x1802c31d8 GetCurrentThreadId
0x1802c31e0 OpenThread
0x1802c31e8 Thread32Next
0x1802c31f0 CloseHandle
0x1802c31f8 SuspendThread
0x1802c3200 ResumeThread
0x1802c3208 WriteProcessMemory
0x1802c3210 GetSystemInfo
0x1802c3218 VirtualAlloc
0x1802c3220 VirtualProtect
0x1802c3228 VirtualFree
0x1802c3230 GetProcessAffinityMask
0x1802c3238 SetProcessAffinityMask
0x1802c3240 GetCurrentThread
0x1802c3248 SetThreadAffinityMask
0x1802c3250 Sleep
0x1802c3258 LoadLibraryA
0x1802c3260 FreeLibrary
0x1802c3268 GetTickCount
0x1802c3270 SystemTimeToFileTime
0x1802c3278 FileTimeToSystemTime
0x1802c3280 GlobalFree
0x1802c3288 LocalAlloc
0x1802c3290 LocalFree
0x1802c3298 GetProcAddress
0x1802c32a0 ExitProcess
0x1802c32a8 EnterCriticalSection
0x1802c32b0 LeaveCriticalSection
0x1802c32b8 InitializeCriticalSection
0x1802c32c0 DeleteCriticalSection
0x1802c32c8 GetModuleHandleW
0x1802c32d0 LoadResource
0x1802c32d8 MultiByteToWideChar
0x1802c32e0 FindResourceExW
0x1802c32e8 FindResourceExA
0x1802c32f0 WideCharToMultiByte
0x1802c32f8 GetThreadLocale
0x1802c3300 GetUserDefaultLCID
0x1802c3308 GetSystemDefaultLCID
0x1802c3310 EnumResourceNamesA
0x1802c3318 EnumResourceNamesW
0x1802c3320 EnumResourceLanguagesA
0x1802c3328 EnumResourceLanguagesW
0x1802c3330 EnumResourceTypesA
0x1802c3338 EnumResourceTypesW
0x1802c3340 CreateFileW
0x1802c3348 LoadLibraryW
0x1802c3350 GetLastError
0x1802c3358 FlushFileBuffers
0x1802c3360 WriteConsoleW
0x1802c3368 SetStdHandle
0x1802c3370 HeapReAlloc
0x1802c3378 FlsSetValue
0x1802c3380 GetCommandLineA
0x1802c3388 RaiseException
0x1802c3390 RtlPcToFileHeader
0x1802c3398 HeapFree
0x1802c33a0 GetCPInfo
0x1802c33a8 GetACP
0x1802c33b0 GetOEMCP
0x1802c33b8 IsValidCodePage
0x1802c33c0 EncodePointer
0x1802c33c8 FlsGetValue
0x1802c33d0 FlsFree
0x1802c33d8 SetLastError
0x1802c33e0 FlsAlloc
0x1802c33e8 UnhandledExceptionFilter
0x1802c33f0 SetUnhandledExceptionFilter
0x1802c33f8 IsDebuggerPresent
0x1802c3400 RtlVirtualUnwind
0x1802c3408 RtlLookupFunctionEntry
0x1802c3410 RtlCaptureContext
0x1802c3418 DecodePointer
0x1802c3420 HeapAlloc
0x1802c3428 RtlUnwindEx
0x1802c3430 LCMapStringW
0x1802c3438 GetStringTypeW
0x1802c3440 SetHandleCount
0x1802c3448 GetStdHandle
0x1802c3450 InitializeCriticalSectionAndSpinCount
0x1802c3458 GetFileType
0x1802c3460 GetStartupInfoW
0x1802c3468 GetModuleFileNameA
0x1802c3470 FreeEnvironmentStringsW
0x1802c3478 GetEnvironmentStringsW
0x1802c3480 HeapSetInformation
0x1802c3488 GetVersion
0x1802c3490 HeapCreate
0x1802c3498 HeapDestroy
0x1802c34a0 QueryPerformanceCounter
0x1802c34a8 HeapSize
0x1802c34b0 WriteFile
0x1802c34b8 SetFilePointer
0x1802c34c0 GetConsoleCP
0x1802c34c8 GetConsoleMode
user32.dll
0x1802c34d8 CharUpperBuffW
kernel32.dll
0x1802c34e8 LocalAlloc
0x1802c34f0 LocalFree
0x1802c34f8 GetModuleFileNameW
0x1802c3500 ExitProcess
0x1802c3508 LoadLibraryA
0x1802c3510 GetModuleHandleA
0x1802c3518 GetProcAddress
EAT(Export Address Table) Library
0x180001020 rundll
user32.dll
0x1802c3000 wsprintfA
ws2_32.dll
0x1802c3010 getaddrinfo
0x1802c3018 closesocket
0x1802c3020 shutdown
0x1802c3028 send
0x1802c3030 setsockopt
0x1802c3038 freeaddrinfo
0x1802c3040 recv
0x1802c3048 WSAIoctl
0x1802c3050 select
0x1802c3058 connect
0x1802c3060 inet_ntoa
0x1802c3068 inet_addr
0x1802c3070 htons
0x1802c3078 ioctlsocket
0x1802c3080 WSAStartup
0x1802c3088 socket
advapi32.dll
0x1802c3098 GetTokenInformation
0x1802c30a0 OpenProcessToken
0x1802c30a8 GetSidSubAuthority
kernel32.dll
0x1802c30b8 WriteFile
0x1802c30c0 SetFilePointer
0x1802c30c8 CreateFileA
0x1802c30d0 VirtualFree
0x1802c30d8 LocalFree
0x1802c30e0 LocalAlloc
0x1802c30e8 GetLocalTime
0x1802c30f0 SetEvent
0x1802c30f8 WaitForSingleObject
0x1802c3100 ExitThread
0x1802c3108 CloseHandle
0x1802c3110 CreateThread
0x1802c3118 GetVolumeInformationA
0x1802c3120 VirtualAlloc
0x1802c3128 SystemTimeToFileTime
0x1802c3130 Sleep
0x1802c3138 GetCurrentProcess
0x1802c3140 FileTimeToSystemTime
0x1802c3148 CreateEventA
secur32.dll
0x1802c3158 GetUserNameExA
0x1802c3160 GetUserNameExW
ole32.dll
0x1802c3170 CoUninitialize
0x1802c3178 CoCreateInstance
0x1802c3180 CoInitialize
kernel32.dll
0x1802c3190 GetSystemTimeAsFileTime
0x1802c3198 GetModuleHandleA
0x1802c31a0 CreateEventA
0x1802c31a8 GetModuleFileNameW
0x1802c31b0 TerminateProcess
0x1802c31b8 GetCurrentProcess
0x1802c31c0 CreateToolhelp32Snapshot
0x1802c31c8 Thread32First
0x1802c31d0 GetCurrentProcessId
0x1802c31d8 GetCurrentThreadId
0x1802c31e0 OpenThread
0x1802c31e8 Thread32Next
0x1802c31f0 CloseHandle
0x1802c31f8 SuspendThread
0x1802c3200 ResumeThread
0x1802c3208 WriteProcessMemory
0x1802c3210 GetSystemInfo
0x1802c3218 VirtualAlloc
0x1802c3220 VirtualProtect
0x1802c3228 VirtualFree
0x1802c3230 GetProcessAffinityMask
0x1802c3238 SetProcessAffinityMask
0x1802c3240 GetCurrentThread
0x1802c3248 SetThreadAffinityMask
0x1802c3250 Sleep
0x1802c3258 LoadLibraryA
0x1802c3260 FreeLibrary
0x1802c3268 GetTickCount
0x1802c3270 SystemTimeToFileTime
0x1802c3278 FileTimeToSystemTime
0x1802c3280 GlobalFree
0x1802c3288 LocalAlloc
0x1802c3290 LocalFree
0x1802c3298 GetProcAddress
0x1802c32a0 ExitProcess
0x1802c32a8 EnterCriticalSection
0x1802c32b0 LeaveCriticalSection
0x1802c32b8 InitializeCriticalSection
0x1802c32c0 DeleteCriticalSection
0x1802c32c8 GetModuleHandleW
0x1802c32d0 LoadResource
0x1802c32d8 MultiByteToWideChar
0x1802c32e0 FindResourceExW
0x1802c32e8 FindResourceExA
0x1802c32f0 WideCharToMultiByte
0x1802c32f8 GetThreadLocale
0x1802c3300 GetUserDefaultLCID
0x1802c3308 GetSystemDefaultLCID
0x1802c3310 EnumResourceNamesA
0x1802c3318 EnumResourceNamesW
0x1802c3320 EnumResourceLanguagesA
0x1802c3328 EnumResourceLanguagesW
0x1802c3330 EnumResourceTypesA
0x1802c3338 EnumResourceTypesW
0x1802c3340 CreateFileW
0x1802c3348 LoadLibraryW
0x1802c3350 GetLastError
0x1802c3358 FlushFileBuffers
0x1802c3360 WriteConsoleW
0x1802c3368 SetStdHandle
0x1802c3370 HeapReAlloc
0x1802c3378 FlsSetValue
0x1802c3380 GetCommandLineA
0x1802c3388 RaiseException
0x1802c3390 RtlPcToFileHeader
0x1802c3398 HeapFree
0x1802c33a0 GetCPInfo
0x1802c33a8 GetACP
0x1802c33b0 GetOEMCP
0x1802c33b8 IsValidCodePage
0x1802c33c0 EncodePointer
0x1802c33c8 FlsGetValue
0x1802c33d0 FlsFree
0x1802c33d8 SetLastError
0x1802c33e0 FlsAlloc
0x1802c33e8 UnhandledExceptionFilter
0x1802c33f0 SetUnhandledExceptionFilter
0x1802c33f8 IsDebuggerPresent
0x1802c3400 RtlVirtualUnwind
0x1802c3408 RtlLookupFunctionEntry
0x1802c3410 RtlCaptureContext
0x1802c3418 DecodePointer
0x1802c3420 HeapAlloc
0x1802c3428 RtlUnwindEx
0x1802c3430 LCMapStringW
0x1802c3438 GetStringTypeW
0x1802c3440 SetHandleCount
0x1802c3448 GetStdHandle
0x1802c3450 InitializeCriticalSectionAndSpinCount
0x1802c3458 GetFileType
0x1802c3460 GetStartupInfoW
0x1802c3468 GetModuleFileNameA
0x1802c3470 FreeEnvironmentStringsW
0x1802c3478 GetEnvironmentStringsW
0x1802c3480 HeapSetInformation
0x1802c3488 GetVersion
0x1802c3490 HeapCreate
0x1802c3498 HeapDestroy
0x1802c34a0 QueryPerformanceCounter
0x1802c34a8 HeapSize
0x1802c34b0 WriteFile
0x1802c34b8 SetFilePointer
0x1802c34c0 GetConsoleCP
0x1802c34c8 GetConsoleMode
user32.dll
0x1802c34d8 CharUpperBuffW
kernel32.dll
0x1802c34e8 LocalAlloc
0x1802c34f0 LocalFree
0x1802c34f8 GetModuleFileNameW
0x1802c3500 ExitProcess
0x1802c3508 LoadLibraryA
0x1802c3510 GetModuleHandleA
0x1802c3518 GetProcAddress
EAT(Export Address Table) Library
0x180001020 rundll