ScreenShot
| Created | 2023.10.10 18:46 | Machine | s1_win7_x6402 |
| Filename | usrgroup.dat.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 420a13202d271babc32bf8259cdaddf3 | ||
| sha256 | 00433ebf3b21c1c055d4ab8a599d3e84f03b328496236b54e56042cef2146b1c | ||
| ssdeep | 768:weQtV+Nia8Ol7zBOwpa5WWkZDDgAYtTKU/cY9Qvw2xHckDJXrsmgFM1xzHMyrPm:ZQt4Nl8uBOwyW/q9TKgQvw2Zhr2Avr | ||
| imphash | 0c88d36e7925fde645da2cbf38dad83c | ||
| impfuzzy | 24:UCYhqDqN7IdOovBtQz+8bjMAYlEcfPvDsJ9qHOT4e+:UpEIKtqzYecfnscJ | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x18000b000 FreeLibrary
0x18000b008 HeapAlloc
0x18000b010 HeapFree
0x18000b018 VirtualFree
0x18000b020 GetProcessHeap
0x18000b028 IsBadReadPtr
0x18000b030 GetProcAddress
0x18000b038 VirtualAlloc
0x18000b040 LoadLibraryA
0x18000b048 VirtualProtect
0x18000b050 WideCharToMultiByte
0x18000b058 Sleep
0x18000b060 ReadFile
0x18000b068 CreateFileW
0x18000b070 LocalAlloc
0x18000b078 CloseHandle
0x18000b080 LocalFree
0x18000b088 GetLastError
0x18000b090 HeapReAlloc
0x18000b098 GetSystemTimeAsFileTime
0x18000b0a0 GetCurrentThreadId
0x18000b0a8 FlsSetValue
0x18000b0b0 GetCommandLineA
0x18000b0b8 TerminateProcess
0x18000b0c0 GetCurrentProcess
0x18000b0c8 UnhandledExceptionFilter
0x18000b0d0 SetUnhandledExceptionFilter
0x18000b0d8 IsDebuggerPresent
0x18000b0e0 RtlVirtualUnwind
0x18000b0e8 RtlLookupFunctionEntry
0x18000b0f0 RtlCaptureContext
0x18000b0f8 HeapSetInformation
0x18000b100 GetVersion
0x18000b108 HeapCreate
0x18000b110 HeapDestroy
0x18000b118 EncodePointer
0x18000b120 DecodePointer
0x18000b128 GetModuleHandleW
0x18000b130 ExitProcess
0x18000b138 WriteFile
0x18000b140 GetStdHandle
0x18000b148 GetModuleFileNameW
0x18000b150 GetConsoleCP
0x18000b158 GetConsoleMode
0x18000b160 FlushFileBuffers
0x18000b168 RtlUnwindEx
0x18000b170 InitializeCriticalSectionAndSpinCount
0x18000b178 DeleteCriticalSection
0x18000b180 LeaveCriticalSection
0x18000b188 EnterCriticalSection
0x18000b190 SetStdHandle
0x18000b198 GetFileType
0x18000b1a0 SetHandleCount
0x18000b1a8 GetStartupInfoW
0x18000b1b0 MultiByteToWideChar
0x18000b1b8 SetFilePointer
0x18000b1c0 FlsGetValue
0x18000b1c8 FlsFree
0x18000b1d0 SetLastError
0x18000b1d8 FlsAlloc
0x18000b1e0 GetModuleFileNameA
0x18000b1e8 FreeEnvironmentStringsW
0x18000b1f0 GetEnvironmentStringsW
0x18000b1f8 QueryPerformanceCounter
0x18000b200 GetTickCount
0x18000b208 GetCurrentProcessId
0x18000b210 GetCPInfo
0x18000b218 LoadLibraryW
0x18000b220 WriteConsoleW
0x18000b228 GetACP
0x18000b230 GetOEMCP
0x18000b238 IsValidCodePage
0x18000b240 LCMapStringW
0x18000b248 GetStringTypeW
0x18000b250 HeapSize
EAT(Export Address Table) Library
0x1800032f0 LoadDll
0x180003300 LoadDllW
KERNEL32.dll
0x18000b000 FreeLibrary
0x18000b008 HeapAlloc
0x18000b010 HeapFree
0x18000b018 VirtualFree
0x18000b020 GetProcessHeap
0x18000b028 IsBadReadPtr
0x18000b030 GetProcAddress
0x18000b038 VirtualAlloc
0x18000b040 LoadLibraryA
0x18000b048 VirtualProtect
0x18000b050 WideCharToMultiByte
0x18000b058 Sleep
0x18000b060 ReadFile
0x18000b068 CreateFileW
0x18000b070 LocalAlloc
0x18000b078 CloseHandle
0x18000b080 LocalFree
0x18000b088 GetLastError
0x18000b090 HeapReAlloc
0x18000b098 GetSystemTimeAsFileTime
0x18000b0a0 GetCurrentThreadId
0x18000b0a8 FlsSetValue
0x18000b0b0 GetCommandLineA
0x18000b0b8 TerminateProcess
0x18000b0c0 GetCurrentProcess
0x18000b0c8 UnhandledExceptionFilter
0x18000b0d0 SetUnhandledExceptionFilter
0x18000b0d8 IsDebuggerPresent
0x18000b0e0 RtlVirtualUnwind
0x18000b0e8 RtlLookupFunctionEntry
0x18000b0f0 RtlCaptureContext
0x18000b0f8 HeapSetInformation
0x18000b100 GetVersion
0x18000b108 HeapCreate
0x18000b110 HeapDestroy
0x18000b118 EncodePointer
0x18000b120 DecodePointer
0x18000b128 GetModuleHandleW
0x18000b130 ExitProcess
0x18000b138 WriteFile
0x18000b140 GetStdHandle
0x18000b148 GetModuleFileNameW
0x18000b150 GetConsoleCP
0x18000b158 GetConsoleMode
0x18000b160 FlushFileBuffers
0x18000b168 RtlUnwindEx
0x18000b170 InitializeCriticalSectionAndSpinCount
0x18000b178 DeleteCriticalSection
0x18000b180 LeaveCriticalSection
0x18000b188 EnterCriticalSection
0x18000b190 SetStdHandle
0x18000b198 GetFileType
0x18000b1a0 SetHandleCount
0x18000b1a8 GetStartupInfoW
0x18000b1b0 MultiByteToWideChar
0x18000b1b8 SetFilePointer
0x18000b1c0 FlsGetValue
0x18000b1c8 FlsFree
0x18000b1d0 SetLastError
0x18000b1d8 FlsAlloc
0x18000b1e0 GetModuleFileNameA
0x18000b1e8 FreeEnvironmentStringsW
0x18000b1f0 GetEnvironmentStringsW
0x18000b1f8 QueryPerformanceCounter
0x18000b200 GetTickCount
0x18000b208 GetCurrentProcessId
0x18000b210 GetCPInfo
0x18000b218 LoadLibraryW
0x18000b220 WriteConsoleW
0x18000b228 GetACP
0x18000b230 GetOEMCP
0x18000b238 IsValidCodePage
0x18000b240 LCMapStringW
0x18000b248 GetStringTypeW
0x18000b250 HeapSize
EAT(Export Address Table) Library
0x1800032f0 LoadDll
0x180003300 LoadDllW