Report - trxV9376

Malicious Library UPX Malicious Packer OS Processor Check PE File DLL PE64
ScreenShot
Created 2023.08.22 17:18 Machine s1_win7_x6402
Filename trxV9376
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
AI Score
4
Behavior Score
2.4
ZERO API file : malware
VT API (file) 54 detected (AIDetectMalware, Emotet, Ulise, unsafe, Vjsd, TrojanBanker, malicious, confidence, 100%, Eldorado, high confidence, score, cmvs, jvobvn, BankerX, Gencirc, aogi, YXDCQZ, GenKryptik, Malware@#1f2osespawys, Detected, R564334, ai score=100, Chgt, Kryptik, F5gXdyKd7lN, T5E6Ku8, PossibleThreat)
md5 c901c8089c5e017f8e9b4b15c8ef154f
sha256 fd79e8fa5e3801101a1305b6aba7a5e7fdc852ed9036d6d9a5210be414a5cc5a
ssdeep 12288:chQZR06Fy1F5YqSDZ9ma2aCStos1F3uD2Hescq2mc:jT08y1F5YqSDZ9ma21Str3cTX
imphash 8e4ac255f5ef2adac99344450f27e6ce
impfuzzy 48:V+hGBStdS1CcjBc+ppnFuFZ+QQ5mS5ECnB+GzOKF/KA/X09jf7OAT+LX:VgHtdS1CwBc+ppnmsHcOz
  Network IP location

Signature (5cnts)

Level Description
danger File has been identified by 54 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (7cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x18004a038 OutputDebugStringA
 0x18004a040 SetFilePointerEx
 0x18004a048 GetConsoleMode
 0x18004a050 GetConsoleCP
 0x18004a058 FlushFileBuffers
 0x18004a060 WriteFile
 0x18004a068 SetStdHandle
 0x18004a070 OutputDebugStringW
 0x18004a078 HeapSize
 0x18004a080 GetStringTypeW
 0x18004a088 SetConsoleCtrlHandler
 0x18004a090 GetFileType
 0x18004a098 GetStdHandle
 0x18004a0a0 GetProcessHeap
 0x18004a0a8 SetEnvironmentVariableW
 0x18004a0b0 SetEnvironmentVariableA
 0x18004a0b8 CloseHandle
 0x18004a0c0 WaitForSingleObjectEx
 0x18004a0c8 CreateThread
 0x18004a0d0 WriteConsoleW
 0x18004a0d8 CreateFileW
 0x18004a0e0 HeapReAlloc
 0x18004a0e8 ExitProcess
 0x18004a0f0 FreeEnvironmentStringsW
 0x18004a0f8 GetEnvironmentStringsW
 0x18004a100 GetCommandLineW
 0x18004a108 GetCommandLineA
 0x18004a110 GetCPInfo
 0x18004a118 GetOEMCP
 0x18004a120 GetACP
 0x18004a128 IsValidCodePage
 0x18004a130 FindNextFileW
 0x18004a138 FindNextFileA
 0x18004a140 FindFirstFileExW
 0x18004a148 FindFirstFileExA
 0x18004a150 FindClose
 0x18004a158 UnhandledExceptionFilter
 0x18004a160 SetUnhandledExceptionFilter
 0x18004a168 GetCurrentProcess
 0x18004a170 TerminateProcess
 0x18004a178 IsProcessorFeaturePresent
 0x18004a180 IsDebuggerPresent
 0x18004a188 GetStartupInfoW
 0x18004a190 GetModuleHandleW
 0x18004a198 QueryPerformanceCounter
 0x18004a1a0 GetCurrentProcessId
 0x18004a1a8 GetCurrentThreadId
 0x18004a1b0 GetSystemTimeAsFileTime
 0x18004a1b8 InitializeSListHead
 0x18004a1c0 RtlUnwindEx
 0x18004a1c8 InterlockedPushEntrySList
 0x18004a1d0 InterlockedFlushSList
 0x18004a1d8 GetLastError
 0x18004a1e0 SetLastError
 0x18004a1e8 EncodePointer
 0x18004a1f0 RaiseException
 0x18004a1f8 EnterCriticalSection
 0x18004a200 LeaveCriticalSection
 0x18004a208 DeleteCriticalSection
 0x18004a210 InitializeCriticalSectionAndSpinCount
 0x18004a218 TlsAlloc
 0x18004a220 TlsGetValue
 0x18004a228 TlsSetValue
 0x18004a230 TlsFree
 0x18004a238 FreeLibrary
 0x18004a240 GetProcAddress
 0x18004a248 LoadLibraryExW
 0x18004a250 RtlPcToFileHeader
 0x18004a258 GetModuleHandleExW
 0x18004a260 GetModuleFileNameA
 0x18004a268 GetModuleFileNameW
 0x18004a270 MultiByteToWideChar
 0x18004a278 WideCharToMultiByte
 0x18004a280 GetCurrentThread
 0x18004a288 GetDateFormatW
 0x18004a290 GetTimeFormatW
 0x18004a298 CompareStringW
 0x18004a2a0 LCMapStringW
 0x18004a2a8 GetLocaleInfoW
 0x18004a2b0 IsValidLocale
 0x18004a2b8 GetUserDefaultLCID
 0x18004a2c0 EnumSystemLocalesW
 0x18004a2c8 HeapAlloc
 0x18004a2d0 HeapFree
USER32.dll
 0x18004a2e0 GetGestureInfo
 0x18004a2e8 InvalidateRect
 0x18004a2f0 ScreenToClient
 0x18004a2f8 CloseGestureInfoHandle
 0x18004a300 EndPaint
 0x18004a308 BeginPaint
 0x18004a310 UpdateWindow
 0x18004a318 PostQuitMessage
 0x18004a320 LoadCursorW
 0x18004a328 TranslateMessage
 0x18004a330 TranslateAcceleratorW
 0x18004a338 SetGestureConfig
 0x18004a340 ShowWindow
 0x18004a348 GetMessageW
 0x18004a350 DefWindowProcW
 0x18004a358 DestroyWindow
 0x18004a360 CreateWindowExW
 0x18004a368 RegisterClassExW
 0x18004a370 LoadStringW
 0x18004a378 DispatchMessageW
GDI32.dll
 0x18004a000 Polyline
 0x18004a008 LineTo
 0x18004a010 CreatePen
 0x18004a018 MoveToEx
 0x18004a020 DeleteObject
 0x18004a028 SelectObject
ntdll.dll
 0x18004a388 NtQueueApcThread
 0x18004a390 ZwOpenSymbolicLinkObject
 0x18004a398 LdrFindResource_U
 0x18004a3a0 NtAllocateVirtualMemory
 0x18004a3a8 atoi
 0x18004a3b0 sin
 0x18004a3b8 LdrAccessResource
 0x18004a3c0 __C_specific_handler
 0x18004a3c8 RtlCaptureContext
 0x18004a3d0 RtlLookupFunctionEntry
 0x18004a3d8 RtlVirtualUnwind
 0x18004a3e0 memset
 0x18004a3e8 NtTestAlert
 0x18004a3f0 strchr
 0x18004a3f8 wcschr
 0x18004a400 strrchr
 0x18004a408 _local_unwind
 0x18004a410 memcmp
 0x18004a418 cos
 0x18004a420 floor

EAT(Export Address Table) Library

0x180047d00 AFxNCNDhpJUjLGSUBdyJAlirW
0x180047cd0 APgLpQbnGOFg
0x180048270 AaVQghYMoDvlcIkoDhwOzm
0x180048380 AbGiqsZapYXQEJBQNrWj
0x180047d70 AcIMOdUMWKfNaHjlQaJhaKDTvv
0x180047d10 AjmdNJiPaRsRtAqadcjQnlCAvv
0x180047620 AmhroJJBvgsvk
0x180047d40 BdxxRGs
0x1800481b0 BgAFcJi
0x180047710 BlIVCeEMUhTYUniUkHlJscB
0x1800475f0 BleGyOkIaepldUi
0x1800474e0 BoepXZDDjhOrSbcuQncJB
0x180047f00 BpzeaEnGa
0x180047f70 BwCjRp
0x1800478f0 CFIstcx
0x180047e80 CJsqCnAMpj
0x180047f20 CNPpdSVcuSzviIZhvCWSTfhZ
0x180047bc0 COOXnQoQSaTGSpWIAaSzo
0x1800483f0 CSUruSgGDFRVUvVHcTu
0x180047d50 CTCQAClHYzuiPWfwqyQYV
0x180047dd0 CeHgsCxOuoDTDrP
0x180048170 CpbkGyHjPVYKKbevwuabtfos
0x180047e10 DIczDdVVlD
0x180048290 DXtcAMkZFB
0x180048460 DahoeOjCy
0x180048420 DdmfNyLzGBEZdhjuVaLnGLAC
0x180048a60 DllRegisterServer
0x1800475e0 EDirxlezljynQMb
0x1800481a0 EJrkYuGqWKJxcbkEWFxWuj
0x180048210 EOCBExEDvmpuiTSdISaFTJpbnD
0x1800483b0 ERdHSxbrluXBmlg
0x180047c50 EWqRXzEYZJPwDvIiOC
0x180048080 EbquiojgkxAH
0x180047f90 EjCrzK
0x1800476b0 FSJZHjqXtVCcouB
0x180047be0 FmgnZSs
0x180047da0 FwGMzFvmlRhqfdgYj
0x180047e20 GEakZdngEgkQEMUw
0x180048440 GIucseXHMrRrXPFeKw
0x180047680 GNoduqRICMxxYLScjzRR
0x1800481f0 GTdkEFQtZIyifVPtMw
0x180047b40 GUUIOYFVBkCRKKGPM
0x180047690 GabGyY
0x180047790 GlmIPNFEUxGfzccoGbGvt
0x180048090 GqxGeRkjCFW
0x180047600 GrnXAG
0x180047ba0 GsRUyGCvRhXYbBNdoXgMoD
0x1800483a0 GyQSbTrVGUQXgOfZOvlwGGJOZ
0x180047a90 HCaLEQxCPhokiggZc
0x180047c90 HETlXz
0x180047c30 HRQNzHLCNHYjXY
0x1800481d0 HbOXELXYC
0x180047ff0 ISKZiApGwwqfPxyvDE
0x180047840 IcSKMpKalYoTBtNC
0x1800481e0 IprhqRmUjfLjdAvaVSyh
0x180047920 IsZFDjJYWWGraQqQsCIojuoPI
0x180047500 ItCdjvWTgdRQjqKEojXISZB
0x180047800 JEVIhwFBZItxqXVhyUDXDtvW
0x1800475b0 JEhcfsFJLI
0x180047b10 JhsVgkWwuNGjkVJBv
0x180047a50 JiXLWADK
0x180048110 JkvQVFXLk
0x180047df0 JqTVuEmdOv
0x180048310 JuvMSMMEvEF
0x180047aa0 KDwYBJCicCZzRoOZ
0x1800477e0 KLAfQsdsaKGHSrQOYTMpVzgK
0x180047570 KSnZqpvzTNl
0x180048340 KWfbJvRFrOV
0x180047b80 KcugiBMUcgjkCqc
0x180047ac0 KidKIFrYdPHAre
0x180047e70 KlkHRlyspyEbCqaAF
0x1800481c0 KtJgAGRGyADIhGc
0x180047e40 LGWXmeQgMABu
0x180048330 LGyzhOBlGMKKEiSyBNOA
0x180047f50 LUjVXvmpjLkwIEYtcKcCx
0x180047830 LebFCnlzbXtrrLdB
0x180047740 LsyMBhredZBvk
0x180047ca0 LtFyFAsWliacGsTGXqjeeLvK
0x1800476c0 MBYEluvEyDzsC
0x1800478e0 MHJytDnaUPMzueb
0x180047d60 MRAAdjwmnMsgXIeyxsstimL
0x180047b60 MTyYvXrFDEVJRoIKFwFl
0x180048160 MXvGmOYJBUNcUhrUCfuEpj
0x1800478d0 MZrxiTTzjWhcxLrlJk
0x1800477d0 MdAKHWoLiTGZE
0x180048200 MoEtlGhIUoAqzlzsWDD
0x180047730 MxxORRnm
0x180048060 NDUAXvzsdeydywwRNMHWRJGK
0x180047b20 NTSxfMIpNzhwDaIYTg
0x180047a60 NUIiQUpkB
0x180047670 NdojhsEWJXelkYgY
0x180047bf0 NqNktJurxEPsSVvLgoiCKI
0x180047ce0 OBviaeAmDhEKB
0x180047760 OPTztDwnXmUalz
0x180047af0 OarYXdaVMs
0x1800482f0 OuaaSMDdKAHJBSI
0x180047fb0 OxtFZQuvLvXO
0x180047990 PJPUWySrtcFnoU
0x1800479d0 PkrxWwd
0x180047630 QBzgDamuPMHnmBmxqsemB
0x180048130 QIPgSlrJ
0x180047b00 QdXiEwjVRvwsA
0x180047fd0 QkJCVvrpO
0x1800483d0 QlKOChPtGkCgueNfMfmE
0x180047de0 RgpZIjoS
0x180048190 RyWPRDWAZokSpgjdX
0x1800477b0 RzInNvLFbXSrZs
0x180048020 SBVACGqdL
0x180047ea0 SEXaxJE
0x180048320 SRIMcYcgmQzv
0x180047fc0 SVExPilkWeEdOmPKxmE
0x180047590 SshJfgldnoPmDiuzthDwd
0x180047ab0 SvDHpIXg
0x1800477f0 THleRyMKuvcwAptfFoQK
0x180047f10 TTMslvZRPDHsOsrU
0x180047580 TYDISaLzbh
0x180047780 UCcbUfpvn
0x180047860 USnHmXWDgJkTuRXnXRjn
0x180047850 UUHotoQypbMRPBbQhwXJ
0x180047750 UViPeuVtuJLKc
0x180048470 VBkQTrbKGhVfQhRTgXMjbrfiaA
0x180047980 VFhGvlPGsQhxHtTvhSxKcY
0x1800482e0 VMzeZLRonjcnd
0x180047c00 VvcxTjnHmbhTuwSu
0x180048450 WNjGlSlYPJjasDjMnceJuoqnOl
0x180047c10 WOmHhVXU
0x180047820 WWcFKCS
0x180047520 WghExnDSDsHbsIsQUpcOxNq
0x180047b50 WxdatBbzivhjgPXiraHxWOM
0x180047e30 XAcTVarCmGzF
0x180047950 XAqsrMHoZFRaFCiaysvzy
0x180047d20 XIXyiQCQ
0x1800476a0 XQVwoczNAXAPbeZcjruIA
0x180047dc0 XatHkgeISNp
0x180048000 XpoUhKqoThkn
0x180047b90 YDFhjgerDlMLHVuXkSGEv
0x180047f60 YDKNGzOAPZlebFJpomRMxWNWg
0x180048050 YFhZJoLhPOxEKBaBTzdVAs
0x180048040 YMAJlulpbXVSpmjWQoONYi
0x180048070 YQhjFQTZKDC
0x1800482b0 YVgAZYazoRsKAdHqUTqkgZq
0x1800483e0 YkervHFfkUmQ
0x180048220 ZlZscmMrWi
0x180048350 ZmdBIuhvLHIhsHYfrVvyNMOd
0x1800480a0 aWbGhfFeswwmRPshquqsl
0x180047650 aloTparayLO
0x1800479e0 amdrEpsU
0x1800478a0 bQQBvUQww
0x180047db0 bVWsKcmDpbKTsnGSXiKxM
0x1800475d0 beHDhlBgUZsmJPexvSQKWCSKnW
0x1800477a0 brphqpZlLTLruTZptc
0x180047a00 bwgKjSDuHKhDy
0x1800476e0 cEmuUSbtGzsPAWGLdEauFU
0x1800475c0 cZCtvLKOxGXeuQWS
0x180047bd0 ccdfvrWFVeOtkqurRNVLro
0x180047b70 ceebsfNkbprRYc
0x180048010 cjGWSR
0x180047e50 cnuLgsUOwrPiw
0x180047930 dKIpmirT
0x180047540 dWSStgetesFZgKWUlQPKU
0x180048140 dnXDSBiTBWy
0x180047ef0 doAVSHUlJOFKbCQnzEW
0x180048390 dsZUCLcbYUzqmmD
0x180047c80 eGrZsXv
0x180047a10 fFODoRkFUnPhPoFzbafui
0x180048180 fZITkvmvMdUvysq
0x1800479f0 fnQaoYOUVI
0x180048150 fobQqObMbQikgyImDguWIsSqjW
0x1800480d0 fvnKblUjOPABvhy
0x180047940 gHaJYcXzizzOUSXyHhzXij
0x180047c20 gVVLvY
0x180047720 gYsqbdDRcVuEYq
0x180048410 gkKTzQjnWeBVBmdNP
0x180047a30 hYVSsGvvkQKPjqcuHGhHnYbA
0x1800480b0 hdCnmtITRRiwGbqpRVNVj
0x180048030 hgmXlQGHxqVCPqrOlJgdTzKjmy
0x180047a70 hmUYZEkqsD
0x180047cf0 hnPgQMKxfZHj
0x180047c70 hrxRKGrcsUQAxyvDxBdrVDpeiV
0x1800475a0 hyuMoli
0x180047c60 hzuYAENAOWXcCMPPwupdAT
0x180047660 iDKwhD
0x180047910 iLpIoCoOGqSLknWShpOrXAuKw
0x180047d90 iYwAhnXpbSUzlmHnmKQLjmmXK
0x180047900 idYAJoIIJgaqEeHFdg
0x180047870 ifPZCTSHPzCTdOekgUaxrQHYuc
0x180047c40 ixhaskjGAZPmibXdKZvYtk
0x180047fe0 ixlbCgxrYjUWwQkziPixAHKEBS
0x1800478c0 jKcyyPRaYIKARbKLutjxMJNS
0x180048370 jNWPvYbBEhWjWSkVPtU
0x180047770 jfNeLGJbrBNgcJglu
0x180047a80 jlLkWHkPXzdlBWKxH
0x180048260 kOjPaBJwhKOkyyEkfyJDAZvEgX
0x1800478b0 kSACSUJ
0x180047ec0 keQAVKXtmULHuOImJnBpdef
0x180048360 lErkuJeOFVOTsm
0x1800480c0 lhaXGZqTpNIGy
0x180048100 meuEhwBKCbfkejUqzTJjdKD
0x180047e90 mfNRni
0x180048240 mhUamrXpNTQoqAXBAOdni
0x180047cb0 mnIEDKk
0x180047890 mrDsuVk
0x180047510 nEGgbfNwyEuu
0x180047610 nGvRmUygfURBUP
0x180047fa0 oqvDWjwIAJzWpnG
0x180048300 osgOmxsPqdsdPKyVAAI
0x1800479c0 oxavVlwWCBrupyASASSutRHKF
0x1800480f0 pEJxpRWmhWgptnfFGEVk
0x180047970 pUkHWIGVsMnGAg
0x180048250 pfTZxt
0x180047d80 qDYXLQXI
0x180047ae0 qNjfExouMwyiEVRAxF
0x180047a20 qWDwMV
0x180047bb0 qapxTEwK
0x180047ad0 qhNODbIuKwAidWpM
0x180047cc0 qndJteadmvKtwtX
0x180047a40 rBfJGBNajQh
0x1800474f0 rSkbfbenMNaD
0x180048430 rZemjjNLjMchLkQfeDUbbzpm
0x1800477c0 rcIMrQ
0x1800482d0 rlylMbEyTzmhBhMnsDWGjHrGZm
0x180047f40 skxWqECeFacKy
0x180048280 tEUCHIYiCUXq
0x1800479a0 tGglDMKXeMQhJtvQKRDRYth
0x180047530 tiZBMlcH
0x180047560 tuTdavYyrkmrqttj
0x1800482c0 tusJWJatGAjHQ
0x180047960 uAYOOXzsVtedIEB
0x180048400 uITvpyYWxWdxFIyrNcapZqG
0x1800483c0 uNuWYXNzTxyYiYCxISZFREssT
0x180047b30 uYqFfsiZigpJTLvHeRJSzRJ
0x180047810 uisBqJhQtDhrUvJXqoNzC
0x180047e60 ulGorqIa
0x1800482a0 ulLWzRKIaihpUWldzULuQvs
0x180047ed0 uxWnjhMRdalMeIJVVXvepyLQST
0x180047550 uzhPwfneAafRTwZNOMlbtoLv
0x180047640 vzJKCHMTTJNRLftltdRzpgG
0x180047700 wXfbObReo
0x1800476f0 wdgRqjrlxLcZ
0x180047d30 woilPxqxjb
0x1800476d0 xFhlmQwlqWlunaXSAGTJZgm
0x180047e00 xpkNqPyEjlUhxYeMh
0x180047f30 yMJBOjjpGcaArcbwYVksQ
0x180047880 yQMmxxuzvesyFjnQWZeF
0x180047eb0 ySqQLXYBVIeML
0x1800480e0 ybQKUWgVxypfnYzfV
0x180048120 yjlEMfeHtJJufvAhijuftNF
0x180047ee0 ymFmaPktGszCn
0x180048230 yshKYdVQRI
0x180047f80 zJRSMdlcrlWvknxiExxY
0x1800479b0 zOroUYHqtGnEfcUvuhlrsOvr


Similarity measure (PE file only) - Checking for service failure