ScreenShot
| Created | 2023.08.17 09:23 | Machine | s1_win7_x6402 |
| Filename | payload.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 29 detected (AIDetectMalware, malicious, high confidence, Zusy, confidence, Eldorado, score, Sasfis, InjectorX, Gencirc, Donut, Detected, R593194, ai score=82, Rozena, z77mEFJ0OLO) | ||
| md5 | aa9991d405f0742d592ca9a3c193a931 | ||
| sha256 | fcf532d6bfb6e1c5707b341f7a7ef6f7ee09003f6d4314064ab69d89403acc09 | ||
| ssdeep | 6144:MZQUlCQzPuc3QqCjXvvGio1TAXaDuGsFVncn:QjlCO5gnrvroCaDuGs/ | ||
| imphash | bd59931763d6842a2bed03e6a7c4dc0a | ||
| impfuzzy | 24:viX1gTAuvO9tEqO3JAtfe+DWKB8KbbTWOJz3u9xajZvHWkojEmMV9FuKsYgMLTwS:q8G9OqoJA5bWiUu/Wa9FuKXI2h9mdG | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ntdll.dll
0x180020260 NtWriteFile
0x180020268 NtReadVirtualMemory
0x180020270 RtlNtStatusToDosError
0x180020278 RtlVirtualUnwind
0x180020280 RtlLookupFunctionEntry
0x180020288 RtlCaptureContext
0x180020290 NtWaitForSingleObject
0x180020298 NtCreateThreadEx
0x1800202a0 NtProtectVirtualMemory
0x1800202a8 NtWriteVirtualMemory
0x1800202b0 NtAllocateVirtualMemory
KERNEL32.dll
0x180020000 IsDebuggerPresent
0x180020008 DisableThreadLibraryCalls
0x180020010 GetCurrentThreadId
0x180020018 UnhandledExceptionFilter
0x180020020 InitializeSListHead
0x180020028 SetUnhandledExceptionFilter
0x180020030 GetModuleHandleW
0x180020038 GetSystemTimeAsFileTime
0x180020040 GetConsoleWindow
0x180020048 CreateProcessA
0x180020050 WriteProcessMemory
0x180020058 CreateFileW
0x180020060 CreateFileMappingW
0x180020068 CloseHandle
0x180020070 MapViewOfFile
0x180020078 UnmapViewOfFile
0x180020080 GetCurrentProcess
0x180020088 GetProcAddress
0x180020090 ReleaseSRWLockExclusive
0x180020098 ReleaseMutex
0x1800200a0 ReleaseSRWLockShared
0x1800200a8 GetLastError
0x1800200b0 AcquireSRWLockExclusive
0x1800200b8 GetCurrentThread
0x1800200c0 SetLastError
0x1800200c8 GetCurrentDirectoryW
0x1800200d0 GetEnvironmentVariableW
0x1800200d8 GetStdHandle
0x1800200e0 GetCurrentProcessId
0x1800200e8 WaitForSingleObject
0x1800200f0 TryAcquireSRWLockExclusive
0x1800200f8 QueryPerformanceCounter
0x180020100 HeapAlloc
0x180020108 GetProcessHeap
0x180020110 HeapFree
0x180020118 HeapReAlloc
0x180020120 AcquireSRWLockShared
0x180020128 WaitForSingleObjectEx
0x180020130 LoadLibraryA
0x180020138 CreateMutexA
0x180020140 GetModuleHandleA
0x180020148 GetConsoleMode
0x180020150 IsProcessorFeaturePresent
0x180020158 FormatMessageW
0x180020160 ExitProcess
0x180020168 MultiByteToWideChar
0x180020170 WriteConsoleW
0x180020178 TlsGetValue
0x180020180 TlsSetValue
PSAPI.DLL
0x180020190 GetModuleBaseNameW
0x180020198 EnumProcessModulesEx
USER32.dll
0x1800201a8 ShowWindow
0x1800201b0 SetWindowPos
VCRUNTIME140.dll
0x1800201c0 __C_specific_handler
0x1800201c8 _CxxThrowException
0x1800201d0 __CxxFrameHandler3
0x1800201d8 memset
0x1800201e0 __std_type_info_destroy_list
0x1800201e8 memcmp
0x1800201f0 memmove
0x1800201f8 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x180020218 _cexit
0x180020220 _initialize_onexit_table
0x180020228 _initterm
0x180020230 _initterm_e
0x180020238 _seh_filter_dll
0x180020240 _execute_onexit_table
0x180020248 _initialize_narrow_environment
0x180020250 _configure_narrow_argv
api-ms-win-crt-heap-l1-1-0.dll
0x180020208 free
EAT(Export Address Table) Library
0x180002180 DllGetClassObject
0x180002180 DllRegisterServer
0x180002180 DllUnregisterServer
0x180002180 Run
ntdll.dll
0x180020260 NtWriteFile
0x180020268 NtReadVirtualMemory
0x180020270 RtlNtStatusToDosError
0x180020278 RtlVirtualUnwind
0x180020280 RtlLookupFunctionEntry
0x180020288 RtlCaptureContext
0x180020290 NtWaitForSingleObject
0x180020298 NtCreateThreadEx
0x1800202a0 NtProtectVirtualMemory
0x1800202a8 NtWriteVirtualMemory
0x1800202b0 NtAllocateVirtualMemory
KERNEL32.dll
0x180020000 IsDebuggerPresent
0x180020008 DisableThreadLibraryCalls
0x180020010 GetCurrentThreadId
0x180020018 UnhandledExceptionFilter
0x180020020 InitializeSListHead
0x180020028 SetUnhandledExceptionFilter
0x180020030 GetModuleHandleW
0x180020038 GetSystemTimeAsFileTime
0x180020040 GetConsoleWindow
0x180020048 CreateProcessA
0x180020050 WriteProcessMemory
0x180020058 CreateFileW
0x180020060 CreateFileMappingW
0x180020068 CloseHandle
0x180020070 MapViewOfFile
0x180020078 UnmapViewOfFile
0x180020080 GetCurrentProcess
0x180020088 GetProcAddress
0x180020090 ReleaseSRWLockExclusive
0x180020098 ReleaseMutex
0x1800200a0 ReleaseSRWLockShared
0x1800200a8 GetLastError
0x1800200b0 AcquireSRWLockExclusive
0x1800200b8 GetCurrentThread
0x1800200c0 SetLastError
0x1800200c8 GetCurrentDirectoryW
0x1800200d0 GetEnvironmentVariableW
0x1800200d8 GetStdHandle
0x1800200e0 GetCurrentProcessId
0x1800200e8 WaitForSingleObject
0x1800200f0 TryAcquireSRWLockExclusive
0x1800200f8 QueryPerformanceCounter
0x180020100 HeapAlloc
0x180020108 GetProcessHeap
0x180020110 HeapFree
0x180020118 HeapReAlloc
0x180020120 AcquireSRWLockShared
0x180020128 WaitForSingleObjectEx
0x180020130 LoadLibraryA
0x180020138 CreateMutexA
0x180020140 GetModuleHandleA
0x180020148 GetConsoleMode
0x180020150 IsProcessorFeaturePresent
0x180020158 FormatMessageW
0x180020160 ExitProcess
0x180020168 MultiByteToWideChar
0x180020170 WriteConsoleW
0x180020178 TlsGetValue
0x180020180 TlsSetValue
PSAPI.DLL
0x180020190 GetModuleBaseNameW
0x180020198 EnumProcessModulesEx
USER32.dll
0x1800201a8 ShowWindow
0x1800201b0 SetWindowPos
VCRUNTIME140.dll
0x1800201c0 __C_specific_handler
0x1800201c8 _CxxThrowException
0x1800201d0 __CxxFrameHandler3
0x1800201d8 memset
0x1800201e0 __std_type_info_destroy_list
0x1800201e8 memcmp
0x1800201f0 memmove
0x1800201f8 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x180020218 _cexit
0x180020220 _initialize_onexit_table
0x180020228 _initterm
0x180020230 _initterm_e
0x180020238 _seh_filter_dll
0x180020240 _execute_onexit_table
0x180020248 _initialize_narrow_environment
0x180020250 _configure_narrow_argv
api-ms-win-crt-heap-l1-1-0.dll
0x180020208 free
EAT(Export Address Table) Library
0x180002180 DllGetClassObject
0x180002180 DllRegisterServer
0x180002180 DllUnregisterServer
0x180002180 Run