ScreenShot
| Created | 2023.10.16 11:08 | Machine | s1_win7_x6403 |
| Filename | cred64.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (malicious, high confidence, Zusy, Emotet, Amadey, V55f, confidence, 100%, score, ewuw, kcgcns, PWSX, Uwhl, Redcap, vbflx, SpyBot, R06CC0DJC23, ABRisk, BYIW, Malware@#1x39hojvzwj79, Detected, Artemis, ai score=89, unsafe, CLOUD, susgen) | ||
| md5 | 7d6c819c7accbd9abe8f6c4eb087eea2 | ||
| sha256 | 2d93ffc4f232bcc5f7c2a19d8fcbaa50884e60a027804fcecc3c40d120eedc8c | ||
| ssdeep | 24576:Qc6T3/YiaASvUn+J35XBMZZ9+xyc30w/tDMJIy:1iaASvUnI5XAZ9iyET | ||
| imphash | c1660912b726baa5dac8bf47e5fa01c9 | ||
| impfuzzy | 96:gZtu7Ze6BF1V5g4uL0aR6x5uDtQ8Bg99tFQRNTk:Gtu7Z3F/ar+7+Tk | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
| info | Tries to locate where the browsers are installed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
CRYPT32.dll
0x1800e6068 CryptUnprotectData
KERNEL32.dll
0x1800e6078 SetFilePointer
0x1800e6080 GetFullPathNameA
0x1800e6088 SetEndOfFile
0x1800e6090 UnlockFileEx
0x1800e6098 GetTempPathW
0x1800e60a0 CreateMutexW
0x1800e60a8 WaitForSingleObject
0x1800e60b0 CreateFileW
0x1800e60b8 GetFileAttributesW
0x1800e60c0 GetCurrentThreadId
0x1800e60c8 UnmapViewOfFile
0x1800e60d0 HeapValidate
0x1800e60d8 HeapSize
0x1800e60e0 MultiByteToWideChar
0x1800e60e8 Sleep
0x1800e60f0 GetTempPathA
0x1800e60f8 FormatMessageW
0x1800e6100 GetDiskFreeSpaceA
0x1800e6108 GetLastError
0x1800e6110 GetFileAttributesA
0x1800e6118 GetFileAttributesExW
0x1800e6120 OutputDebugStringW
0x1800e6128 CreateFileA
0x1800e6130 LoadLibraryA
0x1800e6138 WaitForSingleObjectEx
0x1800e6140 DeleteFileA
0x1800e6148 DeleteFileW
0x1800e6150 HeapReAlloc
0x1800e6158 CloseHandle
0x1800e6160 GetSystemInfo
0x1800e6168 LoadLibraryW
0x1800e6170 HeapAlloc
0x1800e6178 HeapCompact
0x1800e6180 HeapDestroy
0x1800e6188 UnlockFile
0x1800e6190 GetProcAddress
0x1800e6198 CreateFileMappingA
0x1800e61a0 LocalFree
0x1800e61a8 LockFileEx
0x1800e61b0 GetFileSize
0x1800e61b8 DeleteCriticalSection
0x1800e61c0 GetCurrentProcessId
0x1800e61c8 GetProcessHeap
0x1800e61d0 SystemTimeToFileTime
0x1800e61d8 FreeLibrary
0x1800e61e0 WideCharToMultiByte
0x1800e61e8 GetSystemTimeAsFileTime
0x1800e61f0 GetSystemTime
0x1800e61f8 FormatMessageA
0x1800e6200 CreateFileMappingW
0x1800e6208 MapViewOfFile
0x1800e6210 QueryPerformanceCounter
0x1800e6218 GetTickCount
0x1800e6220 FlushFileBuffers
0x1800e6228 SetHandleInformation
0x1800e6230 FindFirstFileA
0x1800e6238 Wow64DisableWow64FsRedirection
0x1800e6240 K32GetModuleFileNameExW
0x1800e6248 FindNextFileA
0x1800e6250 CreatePipe
0x1800e6258 PeekNamedPipe
0x1800e6260 lstrlenA
0x1800e6268 FindClose
0x1800e6270 GetCurrentDirectoryA
0x1800e6278 lstrcatA
0x1800e6280 OpenProcess
0x1800e6288 SetCurrentDirectoryA
0x1800e6290 CreateToolhelp32Snapshot
0x1800e6298 ProcessIdToSessionId
0x1800e62a0 CopyFileA
0x1800e62a8 Wow64RevertWow64FsRedirection
0x1800e62b0 Process32NextW
0x1800e62b8 Process32FirstW
0x1800e62c0 CreateThread
0x1800e62c8 CreateProcessA
0x1800e62d0 CreateDirectoryA
0x1800e62d8 WriteConsoleW
0x1800e62e0 LeaveCriticalSection
0x1800e62e8 LockFile
0x1800e62f0 OutputDebugStringA
0x1800e62f8 GetDiskFreeSpaceW
0x1800e6300 WriteFile
0x1800e6308 GetFullPathNameW
0x1800e6310 EnterCriticalSection
0x1800e6318 HeapFree
0x1800e6320 HeapCreate
0x1800e6328 TryEnterCriticalSection
0x1800e6330 ReadFile
0x1800e6338 AreFileApisANSI
0x1800e6340 InitializeCriticalSection
0x1800e6348 ReadConsoleW
0x1800e6350 SetFilePointerEx
0x1800e6358 GetFileSizeEx
0x1800e6360 GetConsoleMode
0x1800e6368 GetConsoleCP
0x1800e6370 SetEnvironmentVariableW
0x1800e6378 FreeEnvironmentStringsW
0x1800e6380 GetEnvironmentStringsW
0x1800e6388 GetCommandLineW
0x1800e6390 GetCommandLineA
0x1800e6398 GetOEMCP
0x1800e63a0 GetACP
0x1800e63a8 IsValidCodePage
0x1800e63b0 FindNextFileW
0x1800e63b8 FindFirstFileExW
0x1800e63c0 SetStdHandle
0x1800e63c8 GetCurrentDirectoryW
0x1800e63d0 RtlCaptureContext
0x1800e63d8 RtlLookupFunctionEntry
0x1800e63e0 RtlVirtualUnwind
0x1800e63e8 IsDebuggerPresent
0x1800e63f0 UnhandledExceptionFilter
0x1800e63f8 SetUnhandledExceptionFilter
0x1800e6400 GetStartupInfoW
0x1800e6408 IsProcessorFeaturePresent
0x1800e6410 GetModuleHandleW
0x1800e6418 InitializeSListHead
0x1800e6420 SetLastError
0x1800e6428 InitializeCriticalSectionAndSpinCount
0x1800e6430 SwitchToThread
0x1800e6438 TlsAlloc
0x1800e6440 TlsGetValue
0x1800e6448 TlsSetValue
0x1800e6450 TlsFree
0x1800e6458 EncodePointer
0x1800e6460 DecodePointer
0x1800e6468 GetCPInfo
0x1800e6470 CompareStringW
0x1800e6478 LCMapStringW
0x1800e6480 GetLocaleInfoW
0x1800e6488 GetStringTypeW
0x1800e6490 RtlUnwindEx
0x1800e6498 RtlPcToFileHeader
0x1800e64a0 RaiseException
0x1800e64a8 InterlockedFlushSList
0x1800e64b0 LoadLibraryExW
0x1800e64b8 ExitThread
0x1800e64c0 FreeLibraryAndExitThread
0x1800e64c8 GetModuleHandleExW
0x1800e64d0 GetDriveTypeW
0x1800e64d8 GetFileInformationByHandle
0x1800e64e0 GetFileType
0x1800e64e8 SystemTimeToTzSpecificLocalTime
0x1800e64f0 FileTimeToSystemTime
0x1800e64f8 GetCurrentProcess
0x1800e6500 TerminateProcess
0x1800e6508 ExitProcess
0x1800e6510 GetModuleFileNameW
0x1800e6518 IsValidLocale
0x1800e6520 GetUserDefaultLCID
0x1800e6528 EnumSystemLocalesW
0x1800e6530 GetTimeZoneInformation
0x1800e6538 GetStdHandle
ADVAPI32.dll
0x1800e6000 RegQueryValueExA
0x1800e6008 RegEnumValueW
0x1800e6010 RegEnumKeyA
0x1800e6018 RegCloseKey
0x1800e6020 RegQueryInfoKeyW
0x1800e6028 RegOpenKeyA
0x1800e6030 RegOpenKeyExA
0x1800e6038 GetSidSubAuthorityCount
0x1800e6040 GetSidSubAuthority
0x1800e6048 GetUserNameA
0x1800e6050 LookupAccountNameA
0x1800e6058 GetSidIdentifierAuthority
SHELL32.dll
0x1800e6548 SHGetFolderPathA
0x1800e6550 SHFileOperationA
WININET.dll
0x1800e6560 HttpOpenRequestA
0x1800e6568 InternetWriteFile
0x1800e6570 InternetReadFile
0x1800e6578 InternetConnectA
0x1800e6580 HttpSendRequestA
0x1800e6588 InternetCloseHandle
0x1800e6590 InternetOpenA
0x1800e6598 HttpAddRequestHeadersA
0x1800e65a0 HttpSendRequestExW
0x1800e65a8 HttpEndRequestA
0x1800e65b0 InternetOpenW
crypt.dll
0x1800e65c0 BCryptOpenAlgorithmProvider
0x1800e65c8 BCryptSetProperty
0x1800e65d0 BCryptGenerateSymmetricKey
0x1800e65d8 BCryptDecrypt
EAT(Export Address Table) Library
0x1800b30f0 Main
0x1800b37f0 Save
CRYPT32.dll
0x1800e6068 CryptUnprotectData
KERNEL32.dll
0x1800e6078 SetFilePointer
0x1800e6080 GetFullPathNameA
0x1800e6088 SetEndOfFile
0x1800e6090 UnlockFileEx
0x1800e6098 GetTempPathW
0x1800e60a0 CreateMutexW
0x1800e60a8 WaitForSingleObject
0x1800e60b0 CreateFileW
0x1800e60b8 GetFileAttributesW
0x1800e60c0 GetCurrentThreadId
0x1800e60c8 UnmapViewOfFile
0x1800e60d0 HeapValidate
0x1800e60d8 HeapSize
0x1800e60e0 MultiByteToWideChar
0x1800e60e8 Sleep
0x1800e60f0 GetTempPathA
0x1800e60f8 FormatMessageW
0x1800e6100 GetDiskFreeSpaceA
0x1800e6108 GetLastError
0x1800e6110 GetFileAttributesA
0x1800e6118 GetFileAttributesExW
0x1800e6120 OutputDebugStringW
0x1800e6128 CreateFileA
0x1800e6130 LoadLibraryA
0x1800e6138 WaitForSingleObjectEx
0x1800e6140 DeleteFileA
0x1800e6148 DeleteFileW
0x1800e6150 HeapReAlloc
0x1800e6158 CloseHandle
0x1800e6160 GetSystemInfo
0x1800e6168 LoadLibraryW
0x1800e6170 HeapAlloc
0x1800e6178 HeapCompact
0x1800e6180 HeapDestroy
0x1800e6188 UnlockFile
0x1800e6190 GetProcAddress
0x1800e6198 CreateFileMappingA
0x1800e61a0 LocalFree
0x1800e61a8 LockFileEx
0x1800e61b0 GetFileSize
0x1800e61b8 DeleteCriticalSection
0x1800e61c0 GetCurrentProcessId
0x1800e61c8 GetProcessHeap
0x1800e61d0 SystemTimeToFileTime
0x1800e61d8 FreeLibrary
0x1800e61e0 WideCharToMultiByte
0x1800e61e8 GetSystemTimeAsFileTime
0x1800e61f0 GetSystemTime
0x1800e61f8 FormatMessageA
0x1800e6200 CreateFileMappingW
0x1800e6208 MapViewOfFile
0x1800e6210 QueryPerformanceCounter
0x1800e6218 GetTickCount
0x1800e6220 FlushFileBuffers
0x1800e6228 SetHandleInformation
0x1800e6230 FindFirstFileA
0x1800e6238 Wow64DisableWow64FsRedirection
0x1800e6240 K32GetModuleFileNameExW
0x1800e6248 FindNextFileA
0x1800e6250 CreatePipe
0x1800e6258 PeekNamedPipe
0x1800e6260 lstrlenA
0x1800e6268 FindClose
0x1800e6270 GetCurrentDirectoryA
0x1800e6278 lstrcatA
0x1800e6280 OpenProcess
0x1800e6288 SetCurrentDirectoryA
0x1800e6290 CreateToolhelp32Snapshot
0x1800e6298 ProcessIdToSessionId
0x1800e62a0 CopyFileA
0x1800e62a8 Wow64RevertWow64FsRedirection
0x1800e62b0 Process32NextW
0x1800e62b8 Process32FirstW
0x1800e62c0 CreateThread
0x1800e62c8 CreateProcessA
0x1800e62d0 CreateDirectoryA
0x1800e62d8 WriteConsoleW
0x1800e62e0 LeaveCriticalSection
0x1800e62e8 LockFile
0x1800e62f0 OutputDebugStringA
0x1800e62f8 GetDiskFreeSpaceW
0x1800e6300 WriteFile
0x1800e6308 GetFullPathNameW
0x1800e6310 EnterCriticalSection
0x1800e6318 HeapFree
0x1800e6320 HeapCreate
0x1800e6328 TryEnterCriticalSection
0x1800e6330 ReadFile
0x1800e6338 AreFileApisANSI
0x1800e6340 InitializeCriticalSection
0x1800e6348 ReadConsoleW
0x1800e6350 SetFilePointerEx
0x1800e6358 GetFileSizeEx
0x1800e6360 GetConsoleMode
0x1800e6368 GetConsoleCP
0x1800e6370 SetEnvironmentVariableW
0x1800e6378 FreeEnvironmentStringsW
0x1800e6380 GetEnvironmentStringsW
0x1800e6388 GetCommandLineW
0x1800e6390 GetCommandLineA
0x1800e6398 GetOEMCP
0x1800e63a0 GetACP
0x1800e63a8 IsValidCodePage
0x1800e63b0 FindNextFileW
0x1800e63b8 FindFirstFileExW
0x1800e63c0 SetStdHandle
0x1800e63c8 GetCurrentDirectoryW
0x1800e63d0 RtlCaptureContext
0x1800e63d8 RtlLookupFunctionEntry
0x1800e63e0 RtlVirtualUnwind
0x1800e63e8 IsDebuggerPresent
0x1800e63f0 UnhandledExceptionFilter
0x1800e63f8 SetUnhandledExceptionFilter
0x1800e6400 GetStartupInfoW
0x1800e6408 IsProcessorFeaturePresent
0x1800e6410 GetModuleHandleW
0x1800e6418 InitializeSListHead
0x1800e6420 SetLastError
0x1800e6428 InitializeCriticalSectionAndSpinCount
0x1800e6430 SwitchToThread
0x1800e6438 TlsAlloc
0x1800e6440 TlsGetValue
0x1800e6448 TlsSetValue
0x1800e6450 TlsFree
0x1800e6458 EncodePointer
0x1800e6460 DecodePointer
0x1800e6468 GetCPInfo
0x1800e6470 CompareStringW
0x1800e6478 LCMapStringW
0x1800e6480 GetLocaleInfoW
0x1800e6488 GetStringTypeW
0x1800e6490 RtlUnwindEx
0x1800e6498 RtlPcToFileHeader
0x1800e64a0 RaiseException
0x1800e64a8 InterlockedFlushSList
0x1800e64b0 LoadLibraryExW
0x1800e64b8 ExitThread
0x1800e64c0 FreeLibraryAndExitThread
0x1800e64c8 GetModuleHandleExW
0x1800e64d0 GetDriveTypeW
0x1800e64d8 GetFileInformationByHandle
0x1800e64e0 GetFileType
0x1800e64e8 SystemTimeToTzSpecificLocalTime
0x1800e64f0 FileTimeToSystemTime
0x1800e64f8 GetCurrentProcess
0x1800e6500 TerminateProcess
0x1800e6508 ExitProcess
0x1800e6510 GetModuleFileNameW
0x1800e6518 IsValidLocale
0x1800e6520 GetUserDefaultLCID
0x1800e6528 EnumSystemLocalesW
0x1800e6530 GetTimeZoneInformation
0x1800e6538 GetStdHandle
ADVAPI32.dll
0x1800e6000 RegQueryValueExA
0x1800e6008 RegEnumValueW
0x1800e6010 RegEnumKeyA
0x1800e6018 RegCloseKey
0x1800e6020 RegQueryInfoKeyW
0x1800e6028 RegOpenKeyA
0x1800e6030 RegOpenKeyExA
0x1800e6038 GetSidSubAuthorityCount
0x1800e6040 GetSidSubAuthority
0x1800e6048 GetUserNameA
0x1800e6050 LookupAccountNameA
0x1800e6058 GetSidIdentifierAuthority
SHELL32.dll
0x1800e6548 SHGetFolderPathA
0x1800e6550 SHFileOperationA
WININET.dll
0x1800e6560 HttpOpenRequestA
0x1800e6568 InternetWriteFile
0x1800e6570 InternetReadFile
0x1800e6578 InternetConnectA
0x1800e6580 HttpSendRequestA
0x1800e6588 InternetCloseHandle
0x1800e6590 InternetOpenA
0x1800e6598 HttpAddRequestHeadersA
0x1800e65a0 HttpSendRequestExW
0x1800e65a8 HttpEndRequestA
0x1800e65b0 InternetOpenW
crypt.dll
0x1800e65c0 BCryptOpenAlgorithmProvider
0x1800e65c8 BCryptSetProperty
0x1800e65d0 BCryptGenerateSymmetricKey
0x1800e65d8 BCryptDecrypt
EAT(Export Address Table) Library
0x1800b30f0 Main
0x1800b37f0 Save