ScreenShot
| Created | 2023.11.16 18:57 | Machine | s1_win7_x6401 |
| Filename | tucl-1.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 83076104ae977d850d1e015704e5730a | ||
| sha256 | cf25bdc6711a72713d80a4a860df724a79042be210930dcbfc522da72b39bb12 | ||
| ssdeep | 192:EXTHmlw2IjGFKL6rBbnbO8slVnZp7snHQNv8uU4l5XLIb/p2:yHm218DrB768mFZxsKv8v4/cF2 | ||
| imphash | b0f67a582b3891cfaf10698b6300d855 | ||
| impfuzzy | 12:QTZBzhPPXJ1XJwdwTdYwd9+VB9iJqCZSG6lcjKiHHT8:Q1Bz9LDRdc/9qqCZSGocxz8 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10002000 GetCurrentProcessId
0x10002004 GetCurrentThreadId
0x10002008 GetTickCount
0x1000200c QueryPerformanceCounter
0x10002010 SetUnhandledExceptionFilter
0x10002014 UnhandledExceptionFilter
0x10002018 GetCurrentProcess
0x1000201c TerminateProcess
0x10002020 InterlockedCompareExchange
0x10002024 Sleep
0x10002028 InterlockedExchange
0x1000202c RtlUnwind
0x10002030 GetSystemTimeAsFileTime
msvcrt.dll
0x10002038 _iob
0x1000203c memmove
0x10002040 malloc
0x10002044 strlen
0x10002048 fflush
0x1000204c vfprintf
0x10002050 isprint
0x10002054 memcpy
0x10002058 sprintf
0x1000205c memset
0x10002060 fprintf
0x10002064 fclose
0x10002068 free
0x1000206c fopen
0x10002070 calloc
0x10002074 _XcptFilter
0x10002078 _initterm
0x1000207c _amsg_exit
0x10002080 _adjust_fdiv
0x10002084 _errno
0x10002088 perror
EAT(Export Address Table) Library
0x100010cb DEBUG_TcLog
0x1000102d TcLog
0x10001115 TcLogBuffer
0x1000132b TcLogClose
0x10001376 TcLogOpen
0x10001356 TcLogSetMask
KERNEL32.dll
0x10002000 GetCurrentProcessId
0x10002004 GetCurrentThreadId
0x10002008 GetTickCount
0x1000200c QueryPerformanceCounter
0x10002010 SetUnhandledExceptionFilter
0x10002014 UnhandledExceptionFilter
0x10002018 GetCurrentProcess
0x1000201c TerminateProcess
0x10002020 InterlockedCompareExchange
0x10002024 Sleep
0x10002028 InterlockedExchange
0x1000202c RtlUnwind
0x10002030 GetSystemTimeAsFileTime
msvcrt.dll
0x10002038 _iob
0x1000203c memmove
0x10002040 malloc
0x10002044 strlen
0x10002048 fflush
0x1000204c vfprintf
0x10002050 isprint
0x10002054 memcpy
0x10002058 sprintf
0x1000205c memset
0x10002060 fprintf
0x10002064 fclose
0x10002068 free
0x1000206c fopen
0x10002070 calloc
0x10002074 _XcptFilter
0x10002078 _initterm
0x1000207c _amsg_exit
0x10002080 _adjust_fdiv
0x10002084 _errno
0x10002088 perror
EAT(Export Address Table) Library
0x100010cb DEBUG_TcLog
0x1000102d TcLog
0x10001115 TcLogBuffer
0x1000132b TcLogClose
0x10001376 TcLogOpen
0x10001356 TcLogSetMask