ScreenShot
| Created | 2023.09.14 14:47 | Machine | s1_win7_x6401 |
| Filename | 13loader_p1_dll_64_n1_x64_inf.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | e2e6dae8a6dc0297fa05621ab32a1217 | ||
| sha256 | 4d10e1d9ea1bdca465b1be0940f1d5e30aaf75cdb962df344fa7ae4aa497ff10 | ||
| ssdeep | 6144:IOXtutuAZoWIn7Csid4BXGeg6QquQkCpj:B9u4AKWIn7eFounE | ||
| imphash | c56f1dbe4ba57067106de2d65bb08668 | ||
| impfuzzy | 12:RO5SPGDlstl0qUObYZ8vhU43YPXJ1XJr9TiJjA/DaGI+j7kPyVL+05fz:xPulstqOU8vaLp9sj0De+jcyVL+0B | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x18002f150 ind
0x18002f158 closesocket
0x18002f160 select
0x18002f168 listen
0x18002f170 inet_pton
0x18002f178 getaddrinfo
0x18002f180 socket
0x18002f188 recv
0x18002f190 setsockopt
0x18002f198 send
KERNEL32.dll
0x18002f000 VirtualProtect
0x18002f008 DisableThreadLibraryCalls
0x18002f010 GetSystemTimeAsFileTime
0x18002f018 GetCurrentThreadId
0x18002f020 GetCurrentProcessId
0x18002f028 QueryPerformanceCounter
0x18002f030 IsProcessorFeaturePresent
0x18002f038 TerminateProcess
0x18002f040 GetCurrentProcess
0x18002f048 SetUnhandledExceptionFilter
0x18002f050 UnhandledExceptionFilter
0x18002f058 IsDebuggerPresent
0x18002f060 FormatMessageA
0x18002f068 GetLastError
0x18002f070 LoadLibraryA
0x18002f078 GetProcAddress
0x18002f080 LocalFree
0x18002f088 FreeLibrary
0x18002f090 WaitForSingleObject
0x18002f098 ExitThread
0x18002f0a0 CancelSynchronousIo
0x18002f0a8 TerminateThread
0x18002f0b0 CreateThread
0x18002f0b8 GetConsoleScreenBufferInfo
0x18002f0c0 GetStdHandle
0x18002f0c8 RtlVirtualUnwind
0x18002f0d0 RtlCaptureContext
0x18002f0d8 RtlLookupFunctionEntry
0x18002f0e0 InitializeSListHead
EAT(Export Address Table) Library
0x180001100 qPENSSL_Applink
0x180019bd0 qphpdbg_asprintf
0x180019bb0 qphpdbg_xml_asprintf
0x18001aa90 qhpdbg_activate_err_buf
0x18000d040 qhpdbg_ask_user_permission
0x18002a960 qhpdbg_check_caught_ex
0x180008830 qhpdbg_clear_breakpoints
0x18000a910 qhpdbg_clear_param
0x180012b00 qhpdbg_close_socket
0x1800122b0 qhpdbg_consume_bytes
0x180012000 qhpdbg_consume_stdin_line
0x18000aae0 qhpdbg_copy_param
0x180012830 qhpdbg_create_listenable_socket
0x180028850 qhpdbg_current_file
0x180008560 qhpdbg_delete_breakpoint
0x1800015b0 qhpdbg_destroy_input
0x180008ff0 qhpdbg_disable_breakpoint
0x180009040 qhpdbg_disable_breakpoints
0x180008fd0 qhpdbg_enable_breakpoint
0x180009010 qhpdbg_enable_breakpoints
0x180003d30 qhpdbg_export_breakpoints
0x180003d60 qhpdbg_export_breakpoints_to_string
0x180009070 qhpdbg_find_breakbase
0x1800090f0 qhpdbg_find_breakbase_ex
0x180008100 qhpdbg_find_breakpoint
0x18001a9a0 qhpdbg_free_err_buf
0x180028b40 qhpdbg_get_color
0x180028ca0 qhpdbg_get_colors
0x180028cb0 qhpdbg_get_element
0x1800288b0 qhpdbg_get_function
0x18000a870 qhpdbg_get_param_type
0x180028e30 qhpdbg_get_prompt
0x1800290a0 qhpdbg_get_terminal_height
0x180029050 qhpdbg_get_terminal_width
0x18000ac40 qhpdbg_hash_param
0x180008a10 qhpdbg_hit_breakpoint
0x1800286d0 qhpdbg_is_addr
0x1800286f0 qhpdbg_is_class_method
0x180028690 qhpdbg_is_empty
0x180028640 qhpdbg_is_numeric
0x180023bd0 qhpdbg_load_module_or_extension
0x18001aeb0 qhpdbg_log_internal
0x18000b570 qhpdbg_match_param
0x180012450 qhpdbg_mixed_read
0x180012680 qhpdbg_mixed_write
0x1800127b0 qhpdbg_open_socket
0x18001afa0 qhpdbg_out_internal
0x18001aac0 qhpdbg_output_err_buf
0x18000b760 qhpdbg_param_debug
0x18000a970 qhpdbg_param_tostring
0x1800293f0 qhpdbg_parse_variable
0x180029430 qhpdbg_parse_variable_with_arg
0x18001ac20 qhpdbg_print
0x180008a20 qhpdbg_print_breakpoint
0x1800091b0 qhpdbg_print_breakpoints
0x18001f0f0 qhpdbg_print_opcodes
0x18000cd90 qhpdbg_read_input
0x180003c90 qhpdbg_reset_breakpoints
0x180005820 qhpdbg_resolve_op_array_break
0x180005a60 qhpdbg_resolve_op_array_breaks
0x180005d00 qhpdbg_resolve_opline_break
0x1800287e0 qhpdbg_resolve_path
0x180004c40 qhpdbg_resolve_pending_file_break
0x1800048d0 qhpdbg_resolve_pending_file_break_ex
0x18001b200 qhpdbg_rlog_internal
0x1800123e0 qhpdbg_send_bytes
0x180003120 qhpdbg_set_async_io
0x180007620 qhpdbg_set_breakpoint_at
0x180007090 qhpdbg_set_breakpoint_expression
0x1800042e0 qhpdbg_set_breakpoint_file
0x1800042f0 qhpdbg_set_breakpoint_file_ex
0x180006870 qhpdbg_set_breakpoint_file_opline
0x1800064c0 qhpdbg_set_breakpoint_function_opline
0x180005290 qhpdbg_set_breakpoint_method
0x180006020 qhpdbg_set_breakpoint_method_opline
0x180006c10 qhpdbg_set_breakpoint_opcode
0x1800055e0 qhpdbg_set_breakpoint_opline
0x180006e60 qhpdbg_set_breakpoint_opline_ex
0x180005040 qhpdbg_set_breakpoint_symbol
0x180028bb0 qhpdbg_set_color
0x180028bf0 qhpdbg_set_color_ex
0x180028d20 qhpdbg_set_prompt
0x18000ca70 qhpdbg_stack_execute
0x18000b970 qhpdbg_stack_free
0x18000ba90 qhpdbg_stack_push
0x18000c770 qhpdbg_stack_resolve
0x18000bb30 qhpdbg_stack_separate
0x18000bb70 qhpdbg_stack_verify
0x180028a90 qhpdbg_trim
0x18001a670 qhpdbg_vprint
0x18002c180 qhpdbg_watchpoint_parse_input
0x18001aca0 qhpdbg_xml_internal
0x18002a320 qhpdbg_xml_var_dump
0x1800255e0 scab
WS2_32.dll
0x18002f150 ind
0x18002f158 closesocket
0x18002f160 select
0x18002f168 listen
0x18002f170 inet_pton
0x18002f178 getaddrinfo
0x18002f180 socket
0x18002f188 recv
0x18002f190 setsockopt
0x18002f198 send
KERNEL32.dll
0x18002f000 VirtualProtect
0x18002f008 DisableThreadLibraryCalls
0x18002f010 GetSystemTimeAsFileTime
0x18002f018 GetCurrentThreadId
0x18002f020 GetCurrentProcessId
0x18002f028 QueryPerformanceCounter
0x18002f030 IsProcessorFeaturePresent
0x18002f038 TerminateProcess
0x18002f040 GetCurrentProcess
0x18002f048 SetUnhandledExceptionFilter
0x18002f050 UnhandledExceptionFilter
0x18002f058 IsDebuggerPresent
0x18002f060 FormatMessageA
0x18002f068 GetLastError
0x18002f070 LoadLibraryA
0x18002f078 GetProcAddress
0x18002f080 LocalFree
0x18002f088 FreeLibrary
0x18002f090 WaitForSingleObject
0x18002f098 ExitThread
0x18002f0a0 CancelSynchronousIo
0x18002f0a8 TerminateThread
0x18002f0b0 CreateThread
0x18002f0b8 GetConsoleScreenBufferInfo
0x18002f0c0 GetStdHandle
0x18002f0c8 RtlVirtualUnwind
0x18002f0d0 RtlCaptureContext
0x18002f0d8 RtlLookupFunctionEntry
0x18002f0e0 InitializeSListHead
EAT(Export Address Table) Library
0x180001100 qPENSSL_Applink
0x180019bd0 qphpdbg_asprintf
0x180019bb0 qphpdbg_xml_asprintf
0x18001aa90 qhpdbg_activate_err_buf
0x18000d040 qhpdbg_ask_user_permission
0x18002a960 qhpdbg_check_caught_ex
0x180008830 qhpdbg_clear_breakpoints
0x18000a910 qhpdbg_clear_param
0x180012b00 qhpdbg_close_socket
0x1800122b0 qhpdbg_consume_bytes
0x180012000 qhpdbg_consume_stdin_line
0x18000aae0 qhpdbg_copy_param
0x180012830 qhpdbg_create_listenable_socket
0x180028850 qhpdbg_current_file
0x180008560 qhpdbg_delete_breakpoint
0x1800015b0 qhpdbg_destroy_input
0x180008ff0 qhpdbg_disable_breakpoint
0x180009040 qhpdbg_disable_breakpoints
0x180008fd0 qhpdbg_enable_breakpoint
0x180009010 qhpdbg_enable_breakpoints
0x180003d30 qhpdbg_export_breakpoints
0x180003d60 qhpdbg_export_breakpoints_to_string
0x180009070 qhpdbg_find_breakbase
0x1800090f0 qhpdbg_find_breakbase_ex
0x180008100 qhpdbg_find_breakpoint
0x18001a9a0 qhpdbg_free_err_buf
0x180028b40 qhpdbg_get_color
0x180028ca0 qhpdbg_get_colors
0x180028cb0 qhpdbg_get_element
0x1800288b0 qhpdbg_get_function
0x18000a870 qhpdbg_get_param_type
0x180028e30 qhpdbg_get_prompt
0x1800290a0 qhpdbg_get_terminal_height
0x180029050 qhpdbg_get_terminal_width
0x18000ac40 qhpdbg_hash_param
0x180008a10 qhpdbg_hit_breakpoint
0x1800286d0 qhpdbg_is_addr
0x1800286f0 qhpdbg_is_class_method
0x180028690 qhpdbg_is_empty
0x180028640 qhpdbg_is_numeric
0x180023bd0 qhpdbg_load_module_or_extension
0x18001aeb0 qhpdbg_log_internal
0x18000b570 qhpdbg_match_param
0x180012450 qhpdbg_mixed_read
0x180012680 qhpdbg_mixed_write
0x1800127b0 qhpdbg_open_socket
0x18001afa0 qhpdbg_out_internal
0x18001aac0 qhpdbg_output_err_buf
0x18000b760 qhpdbg_param_debug
0x18000a970 qhpdbg_param_tostring
0x1800293f0 qhpdbg_parse_variable
0x180029430 qhpdbg_parse_variable_with_arg
0x18001ac20 qhpdbg_print
0x180008a20 qhpdbg_print_breakpoint
0x1800091b0 qhpdbg_print_breakpoints
0x18001f0f0 qhpdbg_print_opcodes
0x18000cd90 qhpdbg_read_input
0x180003c90 qhpdbg_reset_breakpoints
0x180005820 qhpdbg_resolve_op_array_break
0x180005a60 qhpdbg_resolve_op_array_breaks
0x180005d00 qhpdbg_resolve_opline_break
0x1800287e0 qhpdbg_resolve_path
0x180004c40 qhpdbg_resolve_pending_file_break
0x1800048d0 qhpdbg_resolve_pending_file_break_ex
0x18001b200 qhpdbg_rlog_internal
0x1800123e0 qhpdbg_send_bytes
0x180003120 qhpdbg_set_async_io
0x180007620 qhpdbg_set_breakpoint_at
0x180007090 qhpdbg_set_breakpoint_expression
0x1800042e0 qhpdbg_set_breakpoint_file
0x1800042f0 qhpdbg_set_breakpoint_file_ex
0x180006870 qhpdbg_set_breakpoint_file_opline
0x1800064c0 qhpdbg_set_breakpoint_function_opline
0x180005290 qhpdbg_set_breakpoint_method
0x180006020 qhpdbg_set_breakpoint_method_opline
0x180006c10 qhpdbg_set_breakpoint_opcode
0x1800055e0 qhpdbg_set_breakpoint_opline
0x180006e60 qhpdbg_set_breakpoint_opline_ex
0x180005040 qhpdbg_set_breakpoint_symbol
0x180028bb0 qhpdbg_set_color
0x180028bf0 qhpdbg_set_color_ex
0x180028d20 qhpdbg_set_prompt
0x18000ca70 qhpdbg_stack_execute
0x18000b970 qhpdbg_stack_free
0x18000ba90 qhpdbg_stack_push
0x18000c770 qhpdbg_stack_resolve
0x18000bb30 qhpdbg_stack_separate
0x18000bb70 qhpdbg_stack_verify
0x180028a90 qhpdbg_trim
0x18001a670 qhpdbg_vprint
0x18002c180 qhpdbg_watchpoint_parse_input
0x18001aca0 qhpdbg_xml_internal
0x18002a320 qhpdbg_xml_var_dump
0x1800255e0 scab