ScreenShot
| Created | 2023.07.31 17:40 | Machine | s1_win7_x6401 |
| Filename | safer.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | |||
| md5 | 56a1858c7fcfe98b43e5f8913e937017 | ||
| sha256 | 25417efb92a7ba7f1d8fa5fd492e542b7e81e041a865f5b61fb17cb6db756023 | ||
| ssdeep | 1536:I1YXG5U3LF0xkhDVZswR7XzRVgf35vWES+cir1gPRpJf0sWxd7B9dlAmMB:yYXW0BKwR7XzHMjncir1IpJKVmmM | ||
| imphash | 57173fba085ffae4495411c317a53747 | ||
| impfuzzy | 24:TQj44XMUt02tMS17fJnc+pl3eDoTA+avRSOovbO0ZoG3AuRpn:2JtMS17pc+pp/qj36V | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180012000 ReadFile
0x180012008 CreatePipe
0x180012010 WaitForSingleObject
0x180012018 Sleep
0x180012020 GetLastError
0x180012028 CloseHandle
0x180012030 ExitProcess
0x180012038 CreateProcessW
0x180012040 WriteConsoleW
0x180012048 CreateFileW
0x180012050 HeapReAlloc
0x180012058 HeapSize
0x180012060 SetFilePointerEx
0x180012068 GetFileSizeEx
0x180012070 SetStdHandle
0x180012078 GetConsoleMode
0x180012080 GetConsoleOutputCP
0x180012088 RtlCaptureContext
0x180012090 RtlLookupFunctionEntry
0x180012098 RtlVirtualUnwind
0x1800120a0 UnhandledExceptionFilter
0x1800120a8 SetUnhandledExceptionFilter
0x1800120b0 GetCurrentProcess
0x1800120b8 TerminateProcess
0x1800120c0 IsProcessorFeaturePresent
0x1800120c8 QueryPerformanceCounter
0x1800120d0 GetCurrentProcessId
0x1800120d8 GetCurrentThreadId
0x1800120e0 GetSystemTimeAsFileTime
0x1800120e8 InitializeSListHead
0x1800120f0 IsDebuggerPresent
0x1800120f8 GetStartupInfoW
0x180012100 GetModuleHandleW
0x180012108 RtlUnwindEx
0x180012110 InterlockedFlushSList
0x180012118 SetLastError
0x180012120 EnterCriticalSection
0x180012128 LeaveCriticalSection
0x180012130 DeleteCriticalSection
0x180012138 InitializeCriticalSectionAndSpinCount
0x180012140 TlsAlloc
0x180012148 TlsGetValue
0x180012150 TlsSetValue
0x180012158 TlsFree
0x180012160 FreeLibrary
0x180012168 GetProcAddress
0x180012170 LoadLibraryExW
0x180012178 RaiseException
0x180012180 GetModuleHandleExW
0x180012188 GetModuleFileNameW
0x180012190 MultiByteToWideChar
0x180012198 HeapAlloc
0x1800121a0 HeapFree
0x1800121a8 LCMapStringW
0x1800121b0 GetStdHandle
0x1800121b8 GetFileType
0x1800121c0 FindClose
0x1800121c8 FindFirstFileExW
0x1800121d0 FindNextFileW
0x1800121d8 IsValidCodePage
0x1800121e0 GetACP
0x1800121e8 GetOEMCP
0x1800121f0 GetCPInfo
0x1800121f8 GetCommandLineA
0x180012200 GetCommandLineW
0x180012208 WideCharToMultiByte
0x180012210 GetEnvironmentStringsW
0x180012218 FreeEnvironmentStringsW
0x180012220 GetProcessHeap
0x180012228 GetStringTypeW
0x180012230 FlushFileBuffers
0x180012238 WriteFile
WS2_32.dll
0x180012248 closesocket
0x180012250 WSASocketW
0x180012258 WSAStartup
0x180012260 WSACleanup
0x180012268 WSAConnect
0x180012270 send
0x180012278 recv
0x180012280 htons
0x180012288 inet_addr
EAT(Export Address Table) is none
KERNEL32.dll
0x180012000 ReadFile
0x180012008 CreatePipe
0x180012010 WaitForSingleObject
0x180012018 Sleep
0x180012020 GetLastError
0x180012028 CloseHandle
0x180012030 ExitProcess
0x180012038 CreateProcessW
0x180012040 WriteConsoleW
0x180012048 CreateFileW
0x180012050 HeapReAlloc
0x180012058 HeapSize
0x180012060 SetFilePointerEx
0x180012068 GetFileSizeEx
0x180012070 SetStdHandle
0x180012078 GetConsoleMode
0x180012080 GetConsoleOutputCP
0x180012088 RtlCaptureContext
0x180012090 RtlLookupFunctionEntry
0x180012098 RtlVirtualUnwind
0x1800120a0 UnhandledExceptionFilter
0x1800120a8 SetUnhandledExceptionFilter
0x1800120b0 GetCurrentProcess
0x1800120b8 TerminateProcess
0x1800120c0 IsProcessorFeaturePresent
0x1800120c8 QueryPerformanceCounter
0x1800120d0 GetCurrentProcessId
0x1800120d8 GetCurrentThreadId
0x1800120e0 GetSystemTimeAsFileTime
0x1800120e8 InitializeSListHead
0x1800120f0 IsDebuggerPresent
0x1800120f8 GetStartupInfoW
0x180012100 GetModuleHandleW
0x180012108 RtlUnwindEx
0x180012110 InterlockedFlushSList
0x180012118 SetLastError
0x180012120 EnterCriticalSection
0x180012128 LeaveCriticalSection
0x180012130 DeleteCriticalSection
0x180012138 InitializeCriticalSectionAndSpinCount
0x180012140 TlsAlloc
0x180012148 TlsGetValue
0x180012150 TlsSetValue
0x180012158 TlsFree
0x180012160 FreeLibrary
0x180012168 GetProcAddress
0x180012170 LoadLibraryExW
0x180012178 RaiseException
0x180012180 GetModuleHandleExW
0x180012188 GetModuleFileNameW
0x180012190 MultiByteToWideChar
0x180012198 HeapAlloc
0x1800121a0 HeapFree
0x1800121a8 LCMapStringW
0x1800121b0 GetStdHandle
0x1800121b8 GetFileType
0x1800121c0 FindClose
0x1800121c8 FindFirstFileExW
0x1800121d0 FindNextFileW
0x1800121d8 IsValidCodePage
0x1800121e0 GetACP
0x1800121e8 GetOEMCP
0x1800121f0 GetCPInfo
0x1800121f8 GetCommandLineA
0x180012200 GetCommandLineW
0x180012208 WideCharToMultiByte
0x180012210 GetEnvironmentStringsW
0x180012218 FreeEnvironmentStringsW
0x180012220 GetProcessHeap
0x180012228 GetStringTypeW
0x180012230 FlushFileBuffers
0x180012238 WriteFile
WS2_32.dll
0x180012248 closesocket
0x180012250 WSASocketW
0x180012258 WSAStartup
0x180012260 WSACleanup
0x180012268 WSAConnect
0x180012270 send
0x180012278 recv
0x180012280 htons
0x180012288 inet_addr
EAT(Export Address Table) is none