ScreenShot
| Created | 2023.11.16 19:03 | Machine | s1_win7_x6402 |
| Filename | dllhostex.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | f5a7b1f998390241f5c10cbddfe88647 | ||
| sha256 | 5cd9ff29454e84923d4178484ecfb3bc48561d4401fa94b98f9d2693d47a740a | ||
| ssdeep | 24576:wOTuFoSUpzjLJrr4FtnILnSqmdoRdSeUSjguAF11N0i7TwONgV0HL1z9ChftQAg+:2oSUpzjLJYFtnILtmdoRdgSjguA30i76 | ||
| imphash | 1a898b3abef7e0f6d29858320099bf34 | ||
| impfuzzy | 96:WWon07UXzX1TIk43GpJRv9yR/rdIvo1aq4thgr:q07UjF8kSDdhB | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET POLICY Cryptocurrency Miner Checkin
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x51e2e4 gethostname
0x51e2e8 connect
0x51e2ec WSACleanup
0x51e2f0 __WSAFDIsSet
0x51e2f4 accept
0x51e2f8 send
0x51e2fc ntohs
0x51e300 recv
0x51e304 WSAPoll
0x51e308 WSASetLastError
0x51e30c WSAStartup
0x51e310 select
0x51e314 WSARecvFrom
0x51e318 ind
0x51e31c WSAIoctl
0x51e320 WSASend
0x51e324 shutdown
0x51e328 listen
0x51e32c WSASocketW
0x51e330 getsockname
0x51e334 socket
0x51e338 WSARecv
0x51e33c ioctlsocket
0x51e340 FreeAddrInfoW
0x51e344 GetAddrInfoW
0x51e348 htonl
0x51e34c closesocket
0x51e350 getsockopt
0x51e354 setsockopt
0x51e358 WSAGetLastError
0x51e35c htons
IPHLPAPI.DLL
0x51e02c GetAdaptersAddresses
KERNEL32.dll
0x51e034 ExitThread
0x51e038 SetFileAttributesW
0x51e03c GetFileAttributesExW
0x51e040 GetConsoleCP
0x51e044 SetStdHandle
0x51e048 GetCommandLineW
0x51e04c GetModuleHandleExW
0x51e050 RtlUnwind
0x51e054 ExitProcess
0x51e058 HeapFree
0x51e05c GetCommandLineA
0x51e060 HeapAlloc
0x51e064 GetStdHandle
0x51e068 SetConsoleMode
0x51e06c GetConsoleMode
0x51e070 OutputDebugStringA
0x51e074 CreateMutexA
0x51e078 ReleaseMutex
0x51e07c GetLastError
0x51e080 CloseHandle
0x51e084 FreeConsole
0x51e088 GetConsoleWindow
0x51e08c MultiByteToWideChar
0x51e090 SetThreadAffinityMask
0x51e094 SetPriorityClass
0x51e098 GetCurrentProcess
0x51e09c SetThreadPriority
0x51e0a0 GetCurrentThread
0x51e0a4 GetProcAddress
0x51e0a8 GetModuleHandleW
0x51e0ac VirtualFree
0x51e0b0 VirtualAlloc
0x51e0b4 LocalAlloc
0x51e0b8 LocalFree
0x51e0bc SetErrorMode
0x51e0c0 PostQueuedCompletionStatus
0x51e0c4 GetQueuedCompletionStatusEx
0x51e0c8 CreateIoCompletionPort
0x51e0cc GetConsoleScreenBufferInfo
0x51e0d0 SetConsoleTextAttribute
0x51e0d4 RegisterWaitForSingleObject
0x51e0d8 UnregisterWait
0x51e0dc GetConsoleCursorInfo
0x51e0e0 CreateFileW
0x51e0e4 DuplicateHandle
0x51e0e8 QueueUserWorkItem
0x51e0ec SetConsoleCursorInfo
0x51e0f0 FillConsoleOutputCharacterW
0x51e0f4 ReadConsoleInputW
0x51e0f8 CreateFileA
0x51e0fc ReadConsoleW
0x51e100 WriteConsoleInputW
0x51e104 FillConsoleOutputAttribute
0x51e108 WriteConsoleW
0x51e10c GetNumberOfConsoleInputEvents
0x51e110 WideCharToMultiByte
0x51e114 SetConsoleCursorPosition
0x51e118 GetLongPathNameW
0x51e11c GetShortPathNameW
0x51e120 GetFileAttributesW
0x51e124 GetCurrentDirectoryW
0x51e128 ReadDirectoryChangesW
0x51e12c VerifyVersionInfoA
0x51e130 EnterCriticalSection
0x51e134 GetModuleFileNameW
0x51e138 SetEnvironmentVariableW
0x51e13c LeaveCriticalSection
0x51e140 InitializeCriticalSection
0x51e144 QueryPerformanceFrequency
0x51e148 GetSystemInfo
0x51e14c VerSetConditionMask
0x51e150 GetCurrentProcessId
0x51e154 QueryPerformanceCounter
0x51e158 SetConsoleCtrlHandler
0x51e15c Sleep
0x51e160 GetFileType
0x51e164 CreateDirectoryW
0x51e168 ReadFile
0x51e16c SetLastError
0x51e170 WriteFile
0x51e174 DeviceIoControl
0x51e178 RemoveDirectoryW
0x51e17c GetFinalPathNameByHandleW
0x51e180 SetFileTime
0x51e184 ReOpenFile
0x51e188 CreateHardLinkW
0x51e18c GetFileInformationByHandle
0x51e190 SetFilePointerEx
0x51e194 MoveFileExW
0x51e198 CopyFileW
0x51e19c CreateSymbolicLinkW
0x51e1a0 FlushFileBuffers
0x51e1a4 SleepConditionVariableCS
0x51e1a8 TlsSetValue
0x51e1ac ReleaseSemaphore
0x51e1b0 WakeConditionVariable
0x51e1b4 InitializeConditionVariable
0x51e1b8 WaitForSingleObject
0x51e1bc ResumeThread
0x51e1c0 SetEvent
0x51e1c4 TlsAlloc
0x51e1c8 DeleteCriticalSection
0x51e1cc CreateSemaphoreW
0x51e1d0 TlsGetValue
0x51e1d4 TlsFree
0x51e1d8 CreateSemaphoreA
0x51e1dc CreateEventA
0x51e1e0 CancelIo
0x51e1e4 SetHandleInformation
0x51e1e8 SetFileCompletionNotificationModes
0x51e1ec SetNamedPipeHandleState
0x51e1f0 CreateNamedPipeW
0x51e1f4 PeekNamedPipe
0x51e1f8 CancelSynchronousIo
0x51e1fc GetNamedPipeHandleStateA
0x51e200 CancelIoEx
0x51e204 SwitchToThread
0x51e208 ConnectNamedPipe
0x51e20c FormatMessageA
0x51e210 DebugBreak
0x51e214 GetModuleHandleA
0x51e218 LoadLibraryA
0x51e21c TerminateProcess
0x51e220 UnregisterWaitEx
0x51e224 LCMapStringW
0x51e228 GetExitCodeProcess
0x51e22c GetStartupInfoW
0x51e230 InitializeCriticalSectionAndSpinCount
0x51e234 GetCurrentThreadId
0x51e238 GetTickCount64
0x51e23c RaiseException
0x51e240 LoadLibraryExW
0x51e244 FreeLibraryAndExitThread
0x51e248 FreeLibrary
0x51e24c GetThreadTimes
0x51e250 IsValidLocale
0x51e254 GetUserDefaultLCID
0x51e258 EnumSystemLocalesW
0x51e25c HeapReAlloc
0x51e260 GetTimeZoneInformation
0x51e264 HeapSize
0x51e268 FindClose
0x51e26c FindFirstFileExW
0x51e270 FindNextFileW
0x51e274 IsValidCodePage
0x51e278 GetACP
0x51e27c GetOEMCP
0x51e280 GetEnvironmentStringsW
0x51e284 FreeEnvironmentStringsW
0x51e288 GetProcessHeap
0x51e28c SetEndOfFile
0x51e290 CreateEventW
0x51e294 GetSystemTimeAsFileTime
0x51e298 EncodePointer
0x51e29c DecodePointer
0x51e2a0 CompareStringW
0x51e2a4 GetLocaleInfoW
0x51e2a8 GetStringTypeW
0x51e2ac GetCPInfo
0x51e2b0 UnhandledExceptionFilter
0x51e2b4 SetUnhandledExceptionFilter
0x51e2b8 IsProcessorFeaturePresent
0x51e2bc IsDebuggerPresent
0x51e2c0 InitializeSListHead
0x51e2c4 CreateThread
USER32.dll
0x51e2cc TranslateMessage
0x51e2d0 ShowWindow
0x51e2d4 DispatchMessageA
0x51e2d8 MapVirtualKeyW
0x51e2dc GetMessageA
ADVAPI32.dll
0x51e000 CryptAcquireContextA
0x51e004 CryptGenRandom
0x51e008 CryptReleaseContext
0x51e00c LookupPrivilegeValueW
0x51e010 AdjustTokenPrivileges
0x51e014 OpenProcessToken
0x51e018 LsaOpenPolicy
0x51e01c LsaAddAccountRights
0x51e020 LsaClose
0x51e024 GetTokenInformation
EAT(Export Address Table) is none
WS2_32.dll
0x51e2e4 gethostname
0x51e2e8 connect
0x51e2ec WSACleanup
0x51e2f0 __WSAFDIsSet
0x51e2f4 accept
0x51e2f8 send
0x51e2fc ntohs
0x51e300 recv
0x51e304 WSAPoll
0x51e308 WSASetLastError
0x51e30c WSAStartup
0x51e310 select
0x51e314 WSARecvFrom
0x51e318 ind
0x51e31c WSAIoctl
0x51e320 WSASend
0x51e324 shutdown
0x51e328 listen
0x51e32c WSASocketW
0x51e330 getsockname
0x51e334 socket
0x51e338 WSARecv
0x51e33c ioctlsocket
0x51e340 FreeAddrInfoW
0x51e344 GetAddrInfoW
0x51e348 htonl
0x51e34c closesocket
0x51e350 getsockopt
0x51e354 setsockopt
0x51e358 WSAGetLastError
0x51e35c htons
IPHLPAPI.DLL
0x51e02c GetAdaptersAddresses
KERNEL32.dll
0x51e034 ExitThread
0x51e038 SetFileAttributesW
0x51e03c GetFileAttributesExW
0x51e040 GetConsoleCP
0x51e044 SetStdHandle
0x51e048 GetCommandLineW
0x51e04c GetModuleHandleExW
0x51e050 RtlUnwind
0x51e054 ExitProcess
0x51e058 HeapFree
0x51e05c GetCommandLineA
0x51e060 HeapAlloc
0x51e064 GetStdHandle
0x51e068 SetConsoleMode
0x51e06c GetConsoleMode
0x51e070 OutputDebugStringA
0x51e074 CreateMutexA
0x51e078 ReleaseMutex
0x51e07c GetLastError
0x51e080 CloseHandle
0x51e084 FreeConsole
0x51e088 GetConsoleWindow
0x51e08c MultiByteToWideChar
0x51e090 SetThreadAffinityMask
0x51e094 SetPriorityClass
0x51e098 GetCurrentProcess
0x51e09c SetThreadPriority
0x51e0a0 GetCurrentThread
0x51e0a4 GetProcAddress
0x51e0a8 GetModuleHandleW
0x51e0ac VirtualFree
0x51e0b0 VirtualAlloc
0x51e0b4 LocalAlloc
0x51e0b8 LocalFree
0x51e0bc SetErrorMode
0x51e0c0 PostQueuedCompletionStatus
0x51e0c4 GetQueuedCompletionStatusEx
0x51e0c8 CreateIoCompletionPort
0x51e0cc GetConsoleScreenBufferInfo
0x51e0d0 SetConsoleTextAttribute
0x51e0d4 RegisterWaitForSingleObject
0x51e0d8 UnregisterWait
0x51e0dc GetConsoleCursorInfo
0x51e0e0 CreateFileW
0x51e0e4 DuplicateHandle
0x51e0e8 QueueUserWorkItem
0x51e0ec SetConsoleCursorInfo
0x51e0f0 FillConsoleOutputCharacterW
0x51e0f4 ReadConsoleInputW
0x51e0f8 CreateFileA
0x51e0fc ReadConsoleW
0x51e100 WriteConsoleInputW
0x51e104 FillConsoleOutputAttribute
0x51e108 WriteConsoleW
0x51e10c GetNumberOfConsoleInputEvents
0x51e110 WideCharToMultiByte
0x51e114 SetConsoleCursorPosition
0x51e118 GetLongPathNameW
0x51e11c GetShortPathNameW
0x51e120 GetFileAttributesW
0x51e124 GetCurrentDirectoryW
0x51e128 ReadDirectoryChangesW
0x51e12c VerifyVersionInfoA
0x51e130 EnterCriticalSection
0x51e134 GetModuleFileNameW
0x51e138 SetEnvironmentVariableW
0x51e13c LeaveCriticalSection
0x51e140 InitializeCriticalSection
0x51e144 QueryPerformanceFrequency
0x51e148 GetSystemInfo
0x51e14c VerSetConditionMask
0x51e150 GetCurrentProcessId
0x51e154 QueryPerformanceCounter
0x51e158 SetConsoleCtrlHandler
0x51e15c Sleep
0x51e160 GetFileType
0x51e164 CreateDirectoryW
0x51e168 ReadFile
0x51e16c SetLastError
0x51e170 WriteFile
0x51e174 DeviceIoControl
0x51e178 RemoveDirectoryW
0x51e17c GetFinalPathNameByHandleW
0x51e180 SetFileTime
0x51e184 ReOpenFile
0x51e188 CreateHardLinkW
0x51e18c GetFileInformationByHandle
0x51e190 SetFilePointerEx
0x51e194 MoveFileExW
0x51e198 CopyFileW
0x51e19c CreateSymbolicLinkW
0x51e1a0 FlushFileBuffers
0x51e1a4 SleepConditionVariableCS
0x51e1a8 TlsSetValue
0x51e1ac ReleaseSemaphore
0x51e1b0 WakeConditionVariable
0x51e1b4 InitializeConditionVariable
0x51e1b8 WaitForSingleObject
0x51e1bc ResumeThread
0x51e1c0 SetEvent
0x51e1c4 TlsAlloc
0x51e1c8 DeleteCriticalSection
0x51e1cc CreateSemaphoreW
0x51e1d0 TlsGetValue
0x51e1d4 TlsFree
0x51e1d8 CreateSemaphoreA
0x51e1dc CreateEventA
0x51e1e0 CancelIo
0x51e1e4 SetHandleInformation
0x51e1e8 SetFileCompletionNotificationModes
0x51e1ec SetNamedPipeHandleState
0x51e1f0 CreateNamedPipeW
0x51e1f4 PeekNamedPipe
0x51e1f8 CancelSynchronousIo
0x51e1fc GetNamedPipeHandleStateA
0x51e200 CancelIoEx
0x51e204 SwitchToThread
0x51e208 ConnectNamedPipe
0x51e20c FormatMessageA
0x51e210 DebugBreak
0x51e214 GetModuleHandleA
0x51e218 LoadLibraryA
0x51e21c TerminateProcess
0x51e220 UnregisterWaitEx
0x51e224 LCMapStringW
0x51e228 GetExitCodeProcess
0x51e22c GetStartupInfoW
0x51e230 InitializeCriticalSectionAndSpinCount
0x51e234 GetCurrentThreadId
0x51e238 GetTickCount64
0x51e23c RaiseException
0x51e240 LoadLibraryExW
0x51e244 FreeLibraryAndExitThread
0x51e248 FreeLibrary
0x51e24c GetThreadTimes
0x51e250 IsValidLocale
0x51e254 GetUserDefaultLCID
0x51e258 EnumSystemLocalesW
0x51e25c HeapReAlloc
0x51e260 GetTimeZoneInformation
0x51e264 HeapSize
0x51e268 FindClose
0x51e26c FindFirstFileExW
0x51e270 FindNextFileW
0x51e274 IsValidCodePage
0x51e278 GetACP
0x51e27c GetOEMCP
0x51e280 GetEnvironmentStringsW
0x51e284 FreeEnvironmentStringsW
0x51e288 GetProcessHeap
0x51e28c SetEndOfFile
0x51e290 CreateEventW
0x51e294 GetSystemTimeAsFileTime
0x51e298 EncodePointer
0x51e29c DecodePointer
0x51e2a0 CompareStringW
0x51e2a4 GetLocaleInfoW
0x51e2a8 GetStringTypeW
0x51e2ac GetCPInfo
0x51e2b0 UnhandledExceptionFilter
0x51e2b4 SetUnhandledExceptionFilter
0x51e2b8 IsProcessorFeaturePresent
0x51e2bc IsDebuggerPresent
0x51e2c0 InitializeSListHead
0x51e2c4 CreateThread
USER32.dll
0x51e2cc TranslateMessage
0x51e2d0 ShowWindow
0x51e2d4 DispatchMessageA
0x51e2d8 MapVirtualKeyW
0x51e2dc GetMessageA
ADVAPI32.dll
0x51e000 CryptAcquireContextA
0x51e004 CryptGenRandom
0x51e008 CryptReleaseContext
0x51e00c LookupPrivilegeValueW
0x51e010 AdjustTokenPrivileges
0x51e014 OpenProcessToken
0x51e018 LsaOpenPolicy
0x51e01c LsaAddAccountRights
0x51e020 LsaClose
0x51e024 GetTokenInformation
EAT(Export Address Table) is none