ScreenShot
| Created | 2023.09.01 09:07 | Machine | s1_win7_x6403 |
| Filename | wwlib | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 17 detected (AIDetectMalware, GenericKD, malicious, moderate confidence, score, VSNTHV23, Artemis, Malgent, Detected, ai score=85, Generic@AI, RDML, RS1qAjKSsBMqIKRa8mOJcQ, ZedlaF, ru4@aO1tPddj) | ||
| md5 | aa1188eb63e988676a78adf858d8a887 | ||
| sha256 | 361fb5ed35b901790a30f51bc7d1898069c2acd2f374be0d151ba61d9f50967e | ||
| ssdeep | 3072:TpH5xq5twOiQI9g++sleBLfG/Y+FI4LS4MGhp:TpZGjiDq4LSXGhp | ||
| imphash | 1635b12f32fa43215582b6309fdbaf9f | ||
| impfuzzy | 24:3bDoVtMS1ihlJnc+pl39/CYodUSOovbO9ZsvwGM3AGE:YtMS1i5c+ppQYr360AT | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1000e000 CreateFileA
0x1000e004 GetFileSize
0x1000e008 ReadFile
0x1000e00c CloseHandle
0x1000e010 Sleep
0x1000e014 GetModuleFileNameA
0x1000e018 GetProcAddress
0x1000e01c LoadLibraryA
0x1000e020 lstrcatA
0x1000e024 WriteConsoleW
0x1000e028 CreateFileW
0x1000e02c UnhandledExceptionFilter
0x1000e030 SetUnhandledExceptionFilter
0x1000e034 GetCurrentProcess
0x1000e038 TerminateProcess
0x1000e03c IsProcessorFeaturePresent
0x1000e040 QueryPerformanceCounter
0x1000e044 GetCurrentProcessId
0x1000e048 GetCurrentThreadId
0x1000e04c GetSystemTimeAsFileTime
0x1000e050 InitializeSListHead
0x1000e054 IsDebuggerPresent
0x1000e058 GetStartupInfoW
0x1000e05c GetModuleHandleW
0x1000e060 InterlockedFlushSList
0x1000e064 RtlUnwind
0x1000e068 GetLastError
0x1000e06c SetLastError
0x1000e070 EnterCriticalSection
0x1000e074 LeaveCriticalSection
0x1000e078 DeleteCriticalSection
0x1000e07c InitializeCriticalSectionAndSpinCount
0x1000e080 TlsAlloc
0x1000e084 TlsGetValue
0x1000e088 TlsSetValue
0x1000e08c TlsFree
0x1000e090 FreeLibrary
0x1000e094 LoadLibraryExW
0x1000e098 EncodePointer
0x1000e09c RaiseException
0x1000e0a0 ExitProcess
0x1000e0a4 GetModuleHandleExW
0x1000e0a8 GetModuleFileNameW
0x1000e0ac HeapAlloc
0x1000e0b0 HeapFree
0x1000e0b4 FindClose
0x1000e0b8 FindFirstFileExW
0x1000e0bc FindNextFileW
0x1000e0c0 IsValidCodePage
0x1000e0c4 GetACP
0x1000e0c8 GetOEMCP
0x1000e0cc GetCPInfo
0x1000e0d0 GetCommandLineA
0x1000e0d4 GetCommandLineW
0x1000e0d8 MultiByteToWideChar
0x1000e0dc WideCharToMultiByte
0x1000e0e0 GetEnvironmentStringsW
0x1000e0e4 FreeEnvironmentStringsW
0x1000e0e8 LCMapStringW
0x1000e0ec GetProcessHeap
0x1000e0f0 GetStdHandle
0x1000e0f4 GetFileType
0x1000e0f8 GetStringTypeW
0x1000e0fc HeapSize
0x1000e100 HeapReAlloc
0x1000e104 SetStdHandle
0x1000e108 FlushFileBuffers
0x1000e10c WriteFile
0x1000e110 GetConsoleOutputCP
0x1000e114 GetConsoleMode
0x1000e118 SetFilePointerEx
0x1000e11c DecodePointer
SHLWAPI.dll
0x1000e124 PathRemoveFileSpecA
EAT(Export Address Table) Library
0x10001370 FMain
0x100013a0 wdCommandDispatch
0x100013a0 wdGetApplicationObject
KERNEL32.dll
0x1000e000 CreateFileA
0x1000e004 GetFileSize
0x1000e008 ReadFile
0x1000e00c CloseHandle
0x1000e010 Sleep
0x1000e014 GetModuleFileNameA
0x1000e018 GetProcAddress
0x1000e01c LoadLibraryA
0x1000e020 lstrcatA
0x1000e024 WriteConsoleW
0x1000e028 CreateFileW
0x1000e02c UnhandledExceptionFilter
0x1000e030 SetUnhandledExceptionFilter
0x1000e034 GetCurrentProcess
0x1000e038 TerminateProcess
0x1000e03c IsProcessorFeaturePresent
0x1000e040 QueryPerformanceCounter
0x1000e044 GetCurrentProcessId
0x1000e048 GetCurrentThreadId
0x1000e04c GetSystemTimeAsFileTime
0x1000e050 InitializeSListHead
0x1000e054 IsDebuggerPresent
0x1000e058 GetStartupInfoW
0x1000e05c GetModuleHandleW
0x1000e060 InterlockedFlushSList
0x1000e064 RtlUnwind
0x1000e068 GetLastError
0x1000e06c SetLastError
0x1000e070 EnterCriticalSection
0x1000e074 LeaveCriticalSection
0x1000e078 DeleteCriticalSection
0x1000e07c InitializeCriticalSectionAndSpinCount
0x1000e080 TlsAlloc
0x1000e084 TlsGetValue
0x1000e088 TlsSetValue
0x1000e08c TlsFree
0x1000e090 FreeLibrary
0x1000e094 LoadLibraryExW
0x1000e098 EncodePointer
0x1000e09c RaiseException
0x1000e0a0 ExitProcess
0x1000e0a4 GetModuleHandleExW
0x1000e0a8 GetModuleFileNameW
0x1000e0ac HeapAlloc
0x1000e0b0 HeapFree
0x1000e0b4 FindClose
0x1000e0b8 FindFirstFileExW
0x1000e0bc FindNextFileW
0x1000e0c0 IsValidCodePage
0x1000e0c4 GetACP
0x1000e0c8 GetOEMCP
0x1000e0cc GetCPInfo
0x1000e0d0 GetCommandLineA
0x1000e0d4 GetCommandLineW
0x1000e0d8 MultiByteToWideChar
0x1000e0dc WideCharToMultiByte
0x1000e0e0 GetEnvironmentStringsW
0x1000e0e4 FreeEnvironmentStringsW
0x1000e0e8 LCMapStringW
0x1000e0ec GetProcessHeap
0x1000e0f0 GetStdHandle
0x1000e0f4 GetFileType
0x1000e0f8 GetStringTypeW
0x1000e0fc HeapSize
0x1000e100 HeapReAlloc
0x1000e104 SetStdHandle
0x1000e108 FlushFileBuffers
0x1000e10c WriteFile
0x1000e110 GetConsoleOutputCP
0x1000e114 GetConsoleMode
0x1000e118 SetFilePointerEx
0x1000e11c DecodePointer
SHLWAPI.dll
0x1000e124 PathRemoveFileSpecA
EAT(Export Address Table) Library
0x10001370 FMain
0x100013a0 wdCommandDispatch
0x100013a0 wdGetApplicationObject