ScreenShot
| Created | 2023.09.14 19:22 | Machine | s1_win7_x6401 |
| Filename | i9ien8gksg.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 15 detected (AIDetectMalware, malicious, high confidence, Save, confidence, 100%, Attribute, HighConfidence, score, BumbleBee, InjectorX, PinkSbot) | ||
| md5 | fcbb53724b1df93a5d1fc45bb55b9069 | ||
| sha256 | 33e80e854c0959e28b1f94cdcd67e28298dcfa3d80d160bc2042f00047a81922 | ||
| ssdeep | 24576:IzGpwBNRQH5EcGOgDhb0fHgrak/05JROMdw8+:gGSBis4 | ||
| imphash | 660e4ba65070c42e55f04efddf5f7d78 | ||
| impfuzzy | 24:Bcp1izz6jPbOvyS1o0qtSfJ2pl3eDob2SHTOovbOPZuvlTjMA:BcpsVyS1YtS0ppni3qlt | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180010000 EnterCriticalSection
0x180010008 LeaveCriticalSection
0x180010010 InitializeCriticalSection
0x180010018 CloseHandle
0x180010020 GetLastError
0x180010028 GetCurrentActCtx
0x180010030 HeapCreate
0x180010038 TryEnterCriticalSection
0x180010040 CreateThread
0x180010048 OpenThread
0x180010050 FindFirstFileA
0x180010058 FindNextFileA
0x180010060 FindClose
0x180010068 WaitForSingleObject
0x180010070 GetStdHandle
0x180010078 WaitForMultipleObjects
0x180010080 GetCurrentThread
0x180010088 CreateFileMappingA
0x180010090 VirtualAlloc
0x180010098 DuplicateHandle
0x1800100a0 QueryPerformanceCounter
0x1800100a8 GetCurrentProcessId
0x1800100b0 GetCurrentThreadId
0x1800100b8 GetSystemTimeAsFileTime
0x1800100c0 InitializeSListHead
0x1800100c8 RtlCaptureContext
0x1800100d0 RtlLookupFunctionEntry
0x1800100d8 RtlVirtualUnwind
0x1800100e0 IsDebuggerPresent
0x1800100e8 UnhandledExceptionFilter
0x1800100f0 SetUnhandledExceptionFilter
0x1800100f8 GetStartupInfoW
0x180010100 IsProcessorFeaturePresent
0x180010108 GetModuleHandleW
0x180010110 RtlUnwindEx
0x180010118 InterlockedFlushSList
0x180010120 SetLastError
0x180010128 DeleteCriticalSection
0x180010130 InitializeCriticalSectionAndSpinCount
0x180010138 TlsAlloc
0x180010140 TlsGetValue
0x180010148 TlsSetValue
0x180010150 TlsFree
0x180010158 FreeLibrary
0x180010160 GetProcAddress
0x180010168 LoadLibraryExW
0x180010170 GetCurrentProcess
0x180010178 ExitProcess
0x180010180 TerminateProcess
0x180010188 GetModuleHandleExW
0x180010190 GetModuleFileNameA
0x180010198 MultiByteToWideChar
0x1800101a0 WideCharToMultiByte
0x1800101a8 HeapFree
0x1800101b0 HeapAlloc
0x1800101b8 LCMapStringW
0x1800101c0 FindFirstFileExA
0x1800101c8 IsValidCodePage
0x1800101d0 GetACP
0x1800101d8 GetOEMCP
0x1800101e0 GetCPInfo
0x1800101e8 GetCommandLineA
0x1800101f0 GetCommandLineW
0x1800101f8 GetEnvironmentStringsW
0x180010200 FreeEnvironmentStringsW
0x180010208 GetProcessHeap
0x180010210 GetFileType
0x180010218 GetStringTypeW
0x180010220 HeapReAlloc
0x180010228 HeapSize
0x180010230 SetStdHandle
0x180010238 RaiseException
0x180010240 WriteFile
0x180010248 FlushFileBuffers
0x180010250 GetConsoleCP
0x180010258 GetConsoleMode
0x180010260 SetFilePointerEx
0x180010268 WriteConsoleW
0x180010270 CreateFileW
EAT(Export Address Table) Library
0x18000f244 DllRegisterServer
KERNEL32.dll
0x180010000 EnterCriticalSection
0x180010008 LeaveCriticalSection
0x180010010 InitializeCriticalSection
0x180010018 CloseHandle
0x180010020 GetLastError
0x180010028 GetCurrentActCtx
0x180010030 HeapCreate
0x180010038 TryEnterCriticalSection
0x180010040 CreateThread
0x180010048 OpenThread
0x180010050 FindFirstFileA
0x180010058 FindNextFileA
0x180010060 FindClose
0x180010068 WaitForSingleObject
0x180010070 GetStdHandle
0x180010078 WaitForMultipleObjects
0x180010080 GetCurrentThread
0x180010088 CreateFileMappingA
0x180010090 VirtualAlloc
0x180010098 DuplicateHandle
0x1800100a0 QueryPerformanceCounter
0x1800100a8 GetCurrentProcessId
0x1800100b0 GetCurrentThreadId
0x1800100b8 GetSystemTimeAsFileTime
0x1800100c0 InitializeSListHead
0x1800100c8 RtlCaptureContext
0x1800100d0 RtlLookupFunctionEntry
0x1800100d8 RtlVirtualUnwind
0x1800100e0 IsDebuggerPresent
0x1800100e8 UnhandledExceptionFilter
0x1800100f0 SetUnhandledExceptionFilter
0x1800100f8 GetStartupInfoW
0x180010100 IsProcessorFeaturePresent
0x180010108 GetModuleHandleW
0x180010110 RtlUnwindEx
0x180010118 InterlockedFlushSList
0x180010120 SetLastError
0x180010128 DeleteCriticalSection
0x180010130 InitializeCriticalSectionAndSpinCount
0x180010138 TlsAlloc
0x180010140 TlsGetValue
0x180010148 TlsSetValue
0x180010150 TlsFree
0x180010158 FreeLibrary
0x180010160 GetProcAddress
0x180010168 LoadLibraryExW
0x180010170 GetCurrentProcess
0x180010178 ExitProcess
0x180010180 TerminateProcess
0x180010188 GetModuleHandleExW
0x180010190 GetModuleFileNameA
0x180010198 MultiByteToWideChar
0x1800101a0 WideCharToMultiByte
0x1800101a8 HeapFree
0x1800101b0 HeapAlloc
0x1800101b8 LCMapStringW
0x1800101c0 FindFirstFileExA
0x1800101c8 IsValidCodePage
0x1800101d0 GetACP
0x1800101d8 GetOEMCP
0x1800101e0 GetCPInfo
0x1800101e8 GetCommandLineA
0x1800101f0 GetCommandLineW
0x1800101f8 GetEnvironmentStringsW
0x180010200 FreeEnvironmentStringsW
0x180010208 GetProcessHeap
0x180010210 GetFileType
0x180010218 GetStringTypeW
0x180010220 HeapReAlloc
0x180010228 HeapSize
0x180010230 SetStdHandle
0x180010238 RaiseException
0x180010240 WriteFile
0x180010248 FlushFileBuffers
0x180010250 GetConsoleCP
0x180010258 GetConsoleMode
0x180010260 SetFilePointerEx
0x180010268 WriteConsoleW
0x180010270 CreateFileW
EAT(Export Address Table) Library
0x18000f244 DllRegisterServer