ScreenShot
Created | 2023.09.14 19:24 | Machine | s1_win7_x6401 |
Filename | wc4aw1t506.dll | ||
Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 16 detected (AIDetectMalware, malicious, high confidence, Save, confidence, 100%, Attribute, HighConfidence, score, InjectorX, MultiPlug) | ||
md5 | e4919447b9ea5c4f02a0746ab64f8e7e | ||
sha256 | f583b43851502322a69c67f0f8f3e50f296f397e4bbb50bc646bccca6ee79215 | ||
ssdeep | 24576:gG95Qu5j6V4TYuVUKXs7U48XoKdtEiQnNst2Ua:gG9TfPUO | ||
imphash | 9881fe8bdd76fbd975354d75e7c256d2 | ||
impfuzzy | 24:Bcp1izz6jubOvyS1o0qtSfJ2pl3eDob2SHTOovbOPZVvlTjMA:BcpsMyS1YtS0ppni3Llt |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
watch | File has been identified by 16 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (7cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
info | IsDLL | (no description) | binaries (upload) |
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180010000 EnterCriticalSection
0x180010008 LeaveCriticalSection
0x180010010 InitializeCriticalSection
0x180010018 CloseHandle
0x180010020 GetLastError
0x180010028 GetCurrentActCtx
0x180010030 HeapCreate
0x180010038 TryEnterCriticalSection
0x180010040 CreateThread
0x180010048 OpenThread
0x180010050 FindFirstFileA
0x180010058 FindNextFileA
0x180010060 FindClose
0x180010068 WaitForSingleObject
0x180010070 WaitForMultipleObjects
0x180010078 GetCurrentThread
0x180010080 CreateFileMappingA
0x180010088 VirtualAlloc
0x180010090 DuplicateHandle
0x180010098 QueryPerformanceCounter
0x1800100a0 GetCurrentProcessId
0x1800100a8 GetCurrentThreadId
0x1800100b0 GetSystemTimeAsFileTime
0x1800100b8 InitializeSListHead
0x1800100c0 RtlCaptureContext
0x1800100c8 RtlLookupFunctionEntry
0x1800100d0 RtlVirtualUnwind
0x1800100d8 IsDebuggerPresent
0x1800100e0 UnhandledExceptionFilter
0x1800100e8 SetUnhandledExceptionFilter
0x1800100f0 GetStartupInfoW
0x1800100f8 IsProcessorFeaturePresent
0x180010100 GetModuleHandleW
0x180010108 RtlUnwindEx
0x180010110 InterlockedFlushSList
0x180010118 SetLastError
0x180010120 DeleteCriticalSection
0x180010128 InitializeCriticalSectionAndSpinCount
0x180010130 TlsAlloc
0x180010138 TlsGetValue
0x180010140 TlsSetValue
0x180010148 TlsFree
0x180010150 FreeLibrary
0x180010158 GetProcAddress
0x180010160 LoadLibraryExW
0x180010168 GetCurrentProcess
0x180010170 ExitProcess
0x180010178 TerminateProcess
0x180010180 GetModuleHandleExW
0x180010188 GetModuleFileNameA
0x180010190 MultiByteToWideChar
0x180010198 WideCharToMultiByte
0x1800101a0 HeapFree
0x1800101a8 HeapAlloc
0x1800101b0 LCMapStringW
0x1800101b8 FindFirstFileExA
0x1800101c0 IsValidCodePage
0x1800101c8 GetACP
0x1800101d0 GetOEMCP
0x1800101d8 GetCPInfo
0x1800101e0 GetCommandLineA
0x1800101e8 GetCommandLineW
0x1800101f0 GetEnvironmentStringsW
0x1800101f8 FreeEnvironmentStringsW
0x180010200 GetProcessHeap
0x180010208 GetStdHandle
0x180010210 GetFileType
0x180010218 GetStringTypeW
0x180010220 HeapReAlloc
0x180010228 HeapSize
0x180010230 SetStdHandle
0x180010238 RaiseException
0x180010240 WriteFile
0x180010248 FlushFileBuffers
0x180010250 GetConsoleCP
0x180010258 GetConsoleMode
0x180010260 SetFilePointerEx
0x180010268 WriteConsoleW
0x180010270 CreateFileW
EAT(Export Address Table) Library
0x18000f1b4 DllRegisterServer
KERNEL32.dll
0x180010000 EnterCriticalSection
0x180010008 LeaveCriticalSection
0x180010010 InitializeCriticalSection
0x180010018 CloseHandle
0x180010020 GetLastError
0x180010028 GetCurrentActCtx
0x180010030 HeapCreate
0x180010038 TryEnterCriticalSection
0x180010040 CreateThread
0x180010048 OpenThread
0x180010050 FindFirstFileA
0x180010058 FindNextFileA
0x180010060 FindClose
0x180010068 WaitForSingleObject
0x180010070 WaitForMultipleObjects
0x180010078 GetCurrentThread
0x180010080 CreateFileMappingA
0x180010088 VirtualAlloc
0x180010090 DuplicateHandle
0x180010098 QueryPerformanceCounter
0x1800100a0 GetCurrentProcessId
0x1800100a8 GetCurrentThreadId
0x1800100b0 GetSystemTimeAsFileTime
0x1800100b8 InitializeSListHead
0x1800100c0 RtlCaptureContext
0x1800100c8 RtlLookupFunctionEntry
0x1800100d0 RtlVirtualUnwind
0x1800100d8 IsDebuggerPresent
0x1800100e0 UnhandledExceptionFilter
0x1800100e8 SetUnhandledExceptionFilter
0x1800100f0 GetStartupInfoW
0x1800100f8 IsProcessorFeaturePresent
0x180010100 GetModuleHandleW
0x180010108 RtlUnwindEx
0x180010110 InterlockedFlushSList
0x180010118 SetLastError
0x180010120 DeleteCriticalSection
0x180010128 InitializeCriticalSectionAndSpinCount
0x180010130 TlsAlloc
0x180010138 TlsGetValue
0x180010140 TlsSetValue
0x180010148 TlsFree
0x180010150 FreeLibrary
0x180010158 GetProcAddress
0x180010160 LoadLibraryExW
0x180010168 GetCurrentProcess
0x180010170 ExitProcess
0x180010178 TerminateProcess
0x180010180 GetModuleHandleExW
0x180010188 GetModuleFileNameA
0x180010190 MultiByteToWideChar
0x180010198 WideCharToMultiByte
0x1800101a0 HeapFree
0x1800101a8 HeapAlloc
0x1800101b0 LCMapStringW
0x1800101b8 FindFirstFileExA
0x1800101c0 IsValidCodePage
0x1800101c8 GetACP
0x1800101d0 GetOEMCP
0x1800101d8 GetCPInfo
0x1800101e0 GetCommandLineA
0x1800101e8 GetCommandLineW
0x1800101f0 GetEnvironmentStringsW
0x1800101f8 FreeEnvironmentStringsW
0x180010200 GetProcessHeap
0x180010208 GetStdHandle
0x180010210 GetFileType
0x180010218 GetStringTypeW
0x180010220 HeapReAlloc
0x180010228 HeapSize
0x180010230 SetStdHandle
0x180010238 RaiseException
0x180010240 WriteFile
0x180010248 FlushFileBuffers
0x180010250 GetConsoleCP
0x180010258 GetConsoleMode
0x180010260 SetFilePointerEx
0x180010268 WriteConsoleW
0x180010270 CreateFileW
EAT(Export Address Table) Library
0x18000f1b4 DllRegisterServer