ScreenShot
| Created | 2023.09.22 13:36 | Machine | s1_win7_x6401 |
| Filename | Hjm.xll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 8 detected (AIDetectMalware, Infected, Sonbokli, Artemis, OmxMTTXvMrN) | ||
| md5 | f1b91fdbcd062031687e2766ab6773b6 | ||
| sha256 | 305de78353b0d599cd40a73c7e639df7f5946d1fc36691c8f7798a99ee6835e7 | ||
| ssdeep | 1536:dZq2U5JsS6Nh5wFXscKjrtN/5zqGyiNwmHWR03VY:S9HQNh5wFXscKXHRzaiNnVFY | ||
| imphash | eb3f1099640d7d708a3042408447c005 | ||
| impfuzzy | 12:jYRJRJJoAR+hqR2qBrKHlJYasTqa91KddFQJqc6aGXZzwD3:j8fjB+kTYliHx91SDcqcfGXZzwL | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 8 AntiVirus engines on VirusTotal as malicious |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x24e4e11c8 CopyFileW
0x24e4e11d0 DeleteCriticalSection
0x24e4e11d8 EnterCriticalSection
0x24e4e11e0 GetLastError
0x24e4e11e8 InitializeCriticalSection
0x24e4e11f0 IsDBCSLeadByteEx
0x24e4e11f8 LeaveCriticalSection
0x24e4e1200 MultiByteToWideChar
0x24e4e1208 Sleep
0x24e4e1210 TlsGetValue
0x24e4e1218 VirtualProtect
0x24e4e1220 VirtualQuery
0x24e4e1228 WinExec
msvcrt.dll
0x24e4e1238 ___lc_codepage_func
0x24e4e1240 ___mb_cur_max_func
0x24e4e1248 __iob_func
0x24e4e1250 _amsg_exit
0x24e4e1258 _errno
0x24e4e1260 _initterm
0x24e4e1268 _lock
0x24e4e1270 _unlock
0x24e4e1278 abort
0x24e4e1280 calloc
0x24e4e1288 free
0x24e4e1290 fwrite
0x24e4e1298 getc
0x24e4e12a0 islower
0x24e4e12a8 isspace
0x24e4e12b0 isupper
0x24e4e12b8 isxdigit
0x24e4e12c0 localeconv
0x24e4e12c8 malloc
0x24e4e12d0 memcpy
0x24e4e12d8 memset
0x24e4e12e0 realloc
0x24e4e12e8 strcpy
0x24e4e12f0 strlen
0x24e4e12f8 strncmp
0x24e4e1300 strtol
0x24e4e1308 strtoul
0x24e4e1310 tolower
0x24e4e1318 ungetc
0x24e4e1320 vfprintf
USER32.dll
0x24e4e1330 MessageBoxA
EAT(Export Address Table) Library
0x24e4d1450 xlAutoOpen
0x24e4d13d0 xor_decrypt
KERNEL32.dll
0x24e4e11c8 CopyFileW
0x24e4e11d0 DeleteCriticalSection
0x24e4e11d8 EnterCriticalSection
0x24e4e11e0 GetLastError
0x24e4e11e8 InitializeCriticalSection
0x24e4e11f0 IsDBCSLeadByteEx
0x24e4e11f8 LeaveCriticalSection
0x24e4e1200 MultiByteToWideChar
0x24e4e1208 Sleep
0x24e4e1210 TlsGetValue
0x24e4e1218 VirtualProtect
0x24e4e1220 VirtualQuery
0x24e4e1228 WinExec
msvcrt.dll
0x24e4e1238 ___lc_codepage_func
0x24e4e1240 ___mb_cur_max_func
0x24e4e1248 __iob_func
0x24e4e1250 _amsg_exit
0x24e4e1258 _errno
0x24e4e1260 _initterm
0x24e4e1268 _lock
0x24e4e1270 _unlock
0x24e4e1278 abort
0x24e4e1280 calloc
0x24e4e1288 free
0x24e4e1290 fwrite
0x24e4e1298 getc
0x24e4e12a0 islower
0x24e4e12a8 isspace
0x24e4e12b0 isupper
0x24e4e12b8 isxdigit
0x24e4e12c0 localeconv
0x24e4e12c8 malloc
0x24e4e12d0 memcpy
0x24e4e12d8 memset
0x24e4e12e0 realloc
0x24e4e12e8 strcpy
0x24e4e12f0 strlen
0x24e4e12f8 strncmp
0x24e4e1300 strtol
0x24e4e1308 strtoul
0x24e4e1310 tolower
0x24e4e1318 ungetc
0x24e4e1320 vfprintf
USER32.dll
0x24e4e1330 MessageBoxA
EAT(Export Address Table) Library
0x24e4d1450 xlAutoOpen
0x24e4d13d0 xor_decrypt