ScreenShot
| Created | 2023.11.16 18:36 | Machine | s1_win7_x6401 |
| Filename | x86.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 95786b6c28bf8dba7bbfeeba9e1ec27a | ||
| sha256 | 2af73c8603e1d51661b0fffc09be306797558204bcbd4f95dd2dfe8363901606 | ||
| ssdeep | 3072:ShcvAheCtkw2MywuCKPuTrm4dMMmnfk7:RMrrnBKPuSPfk7 | ||
| imphash | 3b3bf55d4d03deeab01dbaeac2792edc | ||
| impfuzzy | 48:4PpVTO+QOBLtMSkJLpX/l/yt7Gy5hUgaXA:4PpVTrQetMSkJLpXdLyth | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10017050 WaitForSingleObject
0x10017054 CreateThread
0x10017058 EnterCriticalSection
0x1001705c VirtualFree
0x10017060 VirtualAlloc
0x10017064 LeaveCriticalSection
0x10017068 InitializeCriticalSection
0x1001706c MoveFileExA
0x10017070 SetFilePointer
0x10017074 SetLastError
0x10017078 lstrlenA
0x1001707c lstrcatA
0x10017080 DecodePointer
0x10017084 CreateFileW
0x10017088 GetFileTime
0x1001708c GetLastError
0x10017090 Sleep
0x10017094 ReleaseMutex
0x10017098 CreateMutexA
0x1001709c SetFileTime
0x100170a0 DeleteFileA
0x100170a4 GetSystemDirectoryA
0x100170a8 CloseHandle
0x100170ac CreateFileA
0x100170b0 WriteFile
0x100170b4 GetFileSizeEx
0x100170b8 ReadFile
0x100170bc LocalFree
0x100170c0 LocalAlloc
0x100170c4 lstrcpyA
0x100170c8 GetCurrentThreadId
0x100170cc DeleteCriticalSection
0x100170d0 WriteConsoleW
0x100170d4 SetFilePointerEx
0x100170d8 HeapReAlloc
0x100170dc HeapSize
0x100170e0 SetStdHandle
0x100170e4 GetConsoleMode
0x100170e8 GetConsoleCP
0x100170ec FlushFileBuffers
0x100170f0 GetStringTypeW
0x100170f4 GetCommandLineW
0x100170f8 GetCommandLineA
0x100170fc GetProcessHeap
0x10017100 FreeEnvironmentStringsW
0x10017104 UnhandledExceptionFilter
0x10017108 SetUnhandledExceptionFilter
0x1001710c GetCurrentProcess
0x10017110 TerminateProcess
0x10017114 IsProcessorFeaturePresent
0x10017118 QueryPerformanceCounter
0x1001711c GetCurrentProcessId
0x10017120 GetSystemTimeAsFileTime
0x10017124 InitializeSListHead
0x10017128 IsDebuggerPresent
0x1001712c GetStartupInfoW
0x10017130 GetModuleHandleW
0x10017134 EncodePointer
0x10017138 GetModuleFileNameW
0x1001713c RaiseException
0x10017140 InterlockedFlushSList
0x10017144 RtlUnwind
0x10017148 InitializeCriticalSectionAndSpinCount
0x1001714c TlsAlloc
0x10017150 TlsGetValue
0x10017154 TlsSetValue
0x10017158 TlsFree
0x1001715c FreeLibrary
0x10017160 GetProcAddress
0x10017164 LoadLibraryExW
0x10017168 ExitProcess
0x1001716c GetModuleHandleExW
0x10017170 MultiByteToWideChar
0x10017174 WideCharToMultiByte
0x10017178 HeapFree
0x1001717c HeapAlloc
0x10017180 LCMapStringW
0x10017184 GetStdHandle
0x10017188 GetFileType
0x1001718c GetACP
0x10017190 IsValidCodePage
0x10017194 GetOEMCP
0x10017198 GetCPInfo
0x1001719c GetEnvironmentStringsW
USER32.dll
0x100171a4 wsprintfA
ADVAPI32.dll
0x10017000 SystemFunction036
0x10017004 CreateServiceA
0x10017008 StartServiceA
0x1001700c RegCloseKey
0x10017010 RegQueryValueExA
0x10017014 RegCreateKeyExA
0x10017018 RegSetValueExA
0x1001701c RegOpenKeyExA
0x10017020 CloseServiceHandle
0x10017024 OpenSCManagerA
0x10017028 QueryServiceStatusEx
0x1001702c OpenServiceA
0x10017030 CryptVerifySignatureA
0x10017034 CryptAcquireContextA
0x10017038 CryptCreateHash
0x1001703c CryptHashData
0x10017040 CryptDestroyHash
0x10017044 CryptImportKey
0x10017048 CryptReleaseContext
WS2_32.dll
0x100171ac ind
0x100171b0 closesocket
0x100171b4 gethostbyname
0x100171b8 select
0x100171bc listen
0x100171c0 WSAStartup
0x100171c4 accept
0x100171c8 socket
0x100171cc connect
0x100171d0 recv
0x100171d4 htonl
0x100171d8 htons
0x100171dc setsockopt
0x100171e0 __WSAFDIsSet
0x100171e4 send
0x100171e8 WSAIoctl
EAT(Export Address Table) Library
0x100056b0 DllRegisterServer
0x100056b0 DllUnregisterServer
KERNEL32.dll
0x10017050 WaitForSingleObject
0x10017054 CreateThread
0x10017058 EnterCriticalSection
0x1001705c VirtualFree
0x10017060 VirtualAlloc
0x10017064 LeaveCriticalSection
0x10017068 InitializeCriticalSection
0x1001706c MoveFileExA
0x10017070 SetFilePointer
0x10017074 SetLastError
0x10017078 lstrlenA
0x1001707c lstrcatA
0x10017080 DecodePointer
0x10017084 CreateFileW
0x10017088 GetFileTime
0x1001708c GetLastError
0x10017090 Sleep
0x10017094 ReleaseMutex
0x10017098 CreateMutexA
0x1001709c SetFileTime
0x100170a0 DeleteFileA
0x100170a4 GetSystemDirectoryA
0x100170a8 CloseHandle
0x100170ac CreateFileA
0x100170b0 WriteFile
0x100170b4 GetFileSizeEx
0x100170b8 ReadFile
0x100170bc LocalFree
0x100170c0 LocalAlloc
0x100170c4 lstrcpyA
0x100170c8 GetCurrentThreadId
0x100170cc DeleteCriticalSection
0x100170d0 WriteConsoleW
0x100170d4 SetFilePointerEx
0x100170d8 HeapReAlloc
0x100170dc HeapSize
0x100170e0 SetStdHandle
0x100170e4 GetConsoleMode
0x100170e8 GetConsoleCP
0x100170ec FlushFileBuffers
0x100170f0 GetStringTypeW
0x100170f4 GetCommandLineW
0x100170f8 GetCommandLineA
0x100170fc GetProcessHeap
0x10017100 FreeEnvironmentStringsW
0x10017104 UnhandledExceptionFilter
0x10017108 SetUnhandledExceptionFilter
0x1001710c GetCurrentProcess
0x10017110 TerminateProcess
0x10017114 IsProcessorFeaturePresent
0x10017118 QueryPerformanceCounter
0x1001711c GetCurrentProcessId
0x10017120 GetSystemTimeAsFileTime
0x10017124 InitializeSListHead
0x10017128 IsDebuggerPresent
0x1001712c GetStartupInfoW
0x10017130 GetModuleHandleW
0x10017134 EncodePointer
0x10017138 GetModuleFileNameW
0x1001713c RaiseException
0x10017140 InterlockedFlushSList
0x10017144 RtlUnwind
0x10017148 InitializeCriticalSectionAndSpinCount
0x1001714c TlsAlloc
0x10017150 TlsGetValue
0x10017154 TlsSetValue
0x10017158 TlsFree
0x1001715c FreeLibrary
0x10017160 GetProcAddress
0x10017164 LoadLibraryExW
0x10017168 ExitProcess
0x1001716c GetModuleHandleExW
0x10017170 MultiByteToWideChar
0x10017174 WideCharToMultiByte
0x10017178 HeapFree
0x1001717c HeapAlloc
0x10017180 LCMapStringW
0x10017184 GetStdHandle
0x10017188 GetFileType
0x1001718c GetACP
0x10017190 IsValidCodePage
0x10017194 GetOEMCP
0x10017198 GetCPInfo
0x1001719c GetEnvironmentStringsW
USER32.dll
0x100171a4 wsprintfA
ADVAPI32.dll
0x10017000 SystemFunction036
0x10017004 CreateServiceA
0x10017008 StartServiceA
0x1001700c RegCloseKey
0x10017010 RegQueryValueExA
0x10017014 RegCreateKeyExA
0x10017018 RegSetValueExA
0x1001701c RegOpenKeyExA
0x10017020 CloseServiceHandle
0x10017024 OpenSCManagerA
0x10017028 QueryServiceStatusEx
0x1001702c OpenServiceA
0x10017030 CryptVerifySignatureA
0x10017034 CryptAcquireContextA
0x10017038 CryptCreateHash
0x1001703c CryptHashData
0x10017040 CryptDestroyHash
0x10017044 CryptImportKey
0x10017048 CryptReleaseContext
WS2_32.dll
0x100171ac ind
0x100171b0 closesocket
0x100171b4 gethostbyname
0x100171b8 select
0x100171bc listen
0x100171c0 WSAStartup
0x100171c4 accept
0x100171c8 socket
0x100171cc connect
0x100171d0 recv
0x100171d4 htonl
0x100171d8 htons
0x100171dc setsockopt
0x100171e0 __WSAFDIsSet
0x100171e4 send
0x100171e8 WSAIoctl
EAT(Export Address Table) Library
0x100056b0 DllRegisterServer
0x100056b0 DllUnregisterServer