ScreenShot
| Created | 2023.08.08 09:15 | Machine | s1_win7_x6402 |
| Filename | OLMAPI32.dll | ||
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (Common, Jaik, malicious, high confidence, score, Babar, Artemis, unsafe, Vf79, confidence, 100%, ABRisk, HUAD, Attribute, HighConfidence, Agentb, lbqi, Gencirc, nxsqm, 0NA103DD23, BadFile, Bitter, Wacatac, Emotet, Detected, R560734, ZedlaF, ru8@a0w1afci, ai score=84, Chgt, CLASSIC, susgen) | ||
| md5 | 09a9e1b03f7d7de4340bc5f9e656b798 | ||
| sha256 | 8aeb7dd31c764b0cf08b38030a73ac1d22b29522fbcf512e0d24544b3d01d8b3 | ||
| ssdeep | 3072:hbp5Y0UEmuigQJch1NUZIeKFEW/HXGdSz6ednKUp4s9tlZR0ysKFKcSfxaTAhY5u:hbri1yl/H9dnK44s9LZREK/DAOTGl | ||
| imphash | f2d625db1ca3c7b0cefab187e9edcce3 | ||
| impfuzzy | 48:M3vD1OXkqO/BJcpVsptMS1hGepZB4Z/gKQ45UtQww:M/D1SIcpVsptMS1hGepZu3eQww | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Checks the version of Bios |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
RPCRT4.dll
0x100341c8 RpcStringFreeA
0x100341cc RpcStringBindingComposeA
0x100341d0 RpcBindingFromStringBindingA
KERNEL32.dll
0x10034018 ReadFile
0x1003401c WriteFile
0x10034020 CloseHandle
0x10034024 Sleep
0x10034028 OpenProcess
0x1003402c GetModuleFileNameA
0x10034030 GetModuleFileNameW
0x10034034 GetProcAddress
0x10034038 WinExec
0x1003403c CreateToolhelp32Snapshot
0x10034040 Process32First
0x10034044 Process32Next
0x10034048 GetSystemInfo
0x1003404c DeleteFileA
0x10034050 GetVersionExW
0x10034054 GetModuleHandleA
0x10034058 GlobalMemoryStatus
0x1003405c GetPrivateProfileStringW
0x10034060 GetComputerNameW
0x10034064 GetTimeZoneInformation
0x10034068 GetDateFormatW
0x1003406c GetTimeFormatW
0x10034070 GetLocaleInfoW
0x10034074 GetNumberFormatW
0x10034078 FindFirstFileExW
0x1003407c SetEndOfFile
0x10034080 WriteConsoleW
0x10034084 CreateFileA
0x10034088 FindNextFileW
0x1003408c IsValidCodePage
0x10034090 GetACP
0x10034094 GetSystemDirectoryW
0x10034098 GetCPInfo
0x1003409c HeapSize
0x100340a0 CreateFileW
0x100340a4 SetStdHandle
0x100340a8 GetProcessHeap
0x100340ac SetEnvironmentVariableW
0x100340b0 FindClose
0x100340b4 HeapReAlloc
0x100340b8 DeleteFileW
0x100340bc FreeEnvironmentStringsW
0x100340c0 ReadConsoleW
0x100340c4 SetFilePointerEx
0x100340c8 GetFileSizeEx
0x100340cc GetEnvironmentStringsW
0x100340d0 GetCommandLineW
0x100340d4 GetCommandLineA
0x100340d8 WideCharToMultiByte
0x100340dc EnterCriticalSection
0x100340e0 LeaveCriticalSection
0x100340e4 InitializeCriticalSectionEx
0x100340e8 DeleteCriticalSection
0x100340ec LocalFree
0x100340f0 EncodePointer
0x100340f4 DecodePointer
0x100340f8 MultiByteToWideChar
0x100340fc LCMapStringEx
0x10034100 GetStringTypeW
0x10034104 GetConsoleMode
0x10034108 GetLastError
0x1003410c UnhandledExceptionFilter
0x10034110 SetUnhandledExceptionFilter
0x10034114 GetCurrentProcess
0x10034118 TerminateProcess
0x1003411c IsProcessorFeaturePresent
0x10034120 QueryPerformanceCounter
0x10034124 GetCurrentProcessId
0x10034128 GetCurrentThreadId
0x1003412c GetSystemTimeAsFileTime
0x10034130 InitializeSListHead
0x10034134 IsDebuggerPresent
0x10034138 GetStartupInfoW
0x1003413c GetModuleHandleW
0x10034140 RaiseException
0x10034144 RtlUnwind
0x10034148 InterlockedFlushSList
0x1003414c SetLastError
0x10034150 InitializeCriticalSectionAndSpinCount
0x10034154 TlsAlloc
0x10034158 TlsGetValue
0x1003415c TlsSetValue
0x10034160 TlsFree
0x10034164 FreeLibrary
0x10034168 LoadLibraryExW
0x1003416c ExitProcess
0x10034170 GetModuleHandleExW
0x10034174 HeapAlloc
0x10034178 HeapFree
0x1003417c CompareStringW
0x10034180 LCMapStringW
0x10034184 IsValidLocale
0x10034188 GetUserDefaultLCID
0x1003418c EnumSystemLocalesW
0x10034190 GetStdHandle
0x10034194 GetFileType
0x10034198 FlushFileBuffers
0x1003419c GetConsoleOutputCP
0x100341a0 GetOEMCP
USER32.dll
0x100341e4 wsprintfA
0x100341e8 LoadStringW
ADVAPI32.dll
0x10034000 RegOpenKeyExW
0x10034004 RegEnumKeyExW
0x10034008 RegCloseKey
0x1003400c GetUserNameA
0x10034010 RegQueryValueExW
ole32.dll
0x100341f0 CoInitializeSecurity
0x100341f4 CoCreateInstance
0x100341f8 CoUninitialize
0x100341fc CoInitializeEx
OLEAUT32.dll
0x100341b4 SysFreeString
0x100341b8 SysAllocString
0x100341bc VariantClear
0x100341c0 VariantInit
NETAPI32.dll
0x100341a8 NetApiBufferFree
0x100341ac NetGetJoinInformation
SHLWAPI.dll
0x100341d8 PathFileExistsA
0x100341dc None
EAT(Export Address Table) Library
0x10007e8d ?GetFileVersionInfoByHandleEx@@YGHXZ
0x10004ec8 GetFileVersionInfoA
0x10004ece GetFileVersionInfoByHandle
0x10004ed4 GetFileVersionInfoExW
0x10004eda GetFileVersionInfoSizeA
0x10004ee0 GetFileVersionInfoSizeExW
0x10004ee6 GetFileVersionInfoSizeW
0x10004eec GetFileVersionInfoW
0x10004ef2 VerFindFileA
0x10004ef8 VerFindFileW
0x10004efe VerInstallFileA
0x10004f04 VerInstallFileW
0x10004f0a VerLanguageNameA
0x10004f10 VerLanguageNameW
0x10004f16 VerQueryValueA
0x10004f1c VerQueryValueW
RPCRT4.dll
0x100341c8 RpcStringFreeA
0x100341cc RpcStringBindingComposeA
0x100341d0 RpcBindingFromStringBindingA
KERNEL32.dll
0x10034018 ReadFile
0x1003401c WriteFile
0x10034020 CloseHandle
0x10034024 Sleep
0x10034028 OpenProcess
0x1003402c GetModuleFileNameA
0x10034030 GetModuleFileNameW
0x10034034 GetProcAddress
0x10034038 WinExec
0x1003403c CreateToolhelp32Snapshot
0x10034040 Process32First
0x10034044 Process32Next
0x10034048 GetSystemInfo
0x1003404c DeleteFileA
0x10034050 GetVersionExW
0x10034054 GetModuleHandleA
0x10034058 GlobalMemoryStatus
0x1003405c GetPrivateProfileStringW
0x10034060 GetComputerNameW
0x10034064 GetTimeZoneInformation
0x10034068 GetDateFormatW
0x1003406c GetTimeFormatW
0x10034070 GetLocaleInfoW
0x10034074 GetNumberFormatW
0x10034078 FindFirstFileExW
0x1003407c SetEndOfFile
0x10034080 WriteConsoleW
0x10034084 CreateFileA
0x10034088 FindNextFileW
0x1003408c IsValidCodePage
0x10034090 GetACP
0x10034094 GetSystemDirectoryW
0x10034098 GetCPInfo
0x1003409c HeapSize
0x100340a0 CreateFileW
0x100340a4 SetStdHandle
0x100340a8 GetProcessHeap
0x100340ac SetEnvironmentVariableW
0x100340b0 FindClose
0x100340b4 HeapReAlloc
0x100340b8 DeleteFileW
0x100340bc FreeEnvironmentStringsW
0x100340c0 ReadConsoleW
0x100340c4 SetFilePointerEx
0x100340c8 GetFileSizeEx
0x100340cc GetEnvironmentStringsW
0x100340d0 GetCommandLineW
0x100340d4 GetCommandLineA
0x100340d8 WideCharToMultiByte
0x100340dc EnterCriticalSection
0x100340e0 LeaveCriticalSection
0x100340e4 InitializeCriticalSectionEx
0x100340e8 DeleteCriticalSection
0x100340ec LocalFree
0x100340f0 EncodePointer
0x100340f4 DecodePointer
0x100340f8 MultiByteToWideChar
0x100340fc LCMapStringEx
0x10034100 GetStringTypeW
0x10034104 GetConsoleMode
0x10034108 GetLastError
0x1003410c UnhandledExceptionFilter
0x10034110 SetUnhandledExceptionFilter
0x10034114 GetCurrentProcess
0x10034118 TerminateProcess
0x1003411c IsProcessorFeaturePresent
0x10034120 QueryPerformanceCounter
0x10034124 GetCurrentProcessId
0x10034128 GetCurrentThreadId
0x1003412c GetSystemTimeAsFileTime
0x10034130 InitializeSListHead
0x10034134 IsDebuggerPresent
0x10034138 GetStartupInfoW
0x1003413c GetModuleHandleW
0x10034140 RaiseException
0x10034144 RtlUnwind
0x10034148 InterlockedFlushSList
0x1003414c SetLastError
0x10034150 InitializeCriticalSectionAndSpinCount
0x10034154 TlsAlloc
0x10034158 TlsGetValue
0x1003415c TlsSetValue
0x10034160 TlsFree
0x10034164 FreeLibrary
0x10034168 LoadLibraryExW
0x1003416c ExitProcess
0x10034170 GetModuleHandleExW
0x10034174 HeapAlloc
0x10034178 HeapFree
0x1003417c CompareStringW
0x10034180 LCMapStringW
0x10034184 IsValidLocale
0x10034188 GetUserDefaultLCID
0x1003418c EnumSystemLocalesW
0x10034190 GetStdHandle
0x10034194 GetFileType
0x10034198 FlushFileBuffers
0x1003419c GetConsoleOutputCP
0x100341a0 GetOEMCP
USER32.dll
0x100341e4 wsprintfA
0x100341e8 LoadStringW
ADVAPI32.dll
0x10034000 RegOpenKeyExW
0x10034004 RegEnumKeyExW
0x10034008 RegCloseKey
0x1003400c GetUserNameA
0x10034010 RegQueryValueExW
ole32.dll
0x100341f0 CoInitializeSecurity
0x100341f4 CoCreateInstance
0x100341f8 CoUninitialize
0x100341fc CoInitializeEx
OLEAUT32.dll
0x100341b4 SysFreeString
0x100341b8 SysAllocString
0x100341bc VariantClear
0x100341c0 VariantInit
NETAPI32.dll
0x100341a8 NetApiBufferFree
0x100341ac NetGetJoinInformation
SHLWAPI.dll
0x100341d8 PathFileExistsA
0x100341dc None
EAT(Export Address Table) Library
0x10007e8d ?GetFileVersionInfoByHandleEx@@YGHXZ
0x10004ec8 GetFileVersionInfoA
0x10004ece GetFileVersionInfoByHandle
0x10004ed4 GetFileVersionInfoExW
0x10004eda GetFileVersionInfoSizeA
0x10004ee0 GetFileVersionInfoSizeExW
0x10004ee6 GetFileVersionInfoSizeW
0x10004eec GetFileVersionInfoW
0x10004ef2 VerFindFileA
0x10004ef8 VerFindFileW
0x10004efe VerInstallFileA
0x10004f04 VerInstallFileW
0x10004f0a VerLanguageNameA
0x10004f10 VerLanguageNameW
0x10004f16 VerQueryValueA
0x10004f1c VerQueryValueW