ScreenShot
| Created | 2023.12.15 15:06 | Machine | s1_win7_x6403 |
| Filename | OnlineFix64.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (AIDetectMalware, VMProtect, GenericKD, PWSZbot, Hacktool, V78e, grayware, confidence, 100%, malicious, moderate confidence, AC suspicious, score, MiscX, Generic Reputation PUA, Tool, ABRisk, ORWK, ai score=84, GameHack, Detected, Artemis, unsafe, Chgt, R002H0CKM23, susgen) | ||
| md5 | 0cccdd04b47dfcd6d20b4d1e21738cca | ||
| sha256 | a188ff24aec863479408cee54b337a2fce25b9372ba5573595f7a54b784c65f8 | ||
| ssdeep | 196608:g3giiPVCn+q0Xa8YNUAu9weVbiGEL92ZjSnzo2+pIyis:gQ9VC9oeUAYgpzmph | ||
| imphash | 10c1b70987e42d05f256c6e82924ec7e | ||
| impfuzzy | 3:sUx2AEJtAcP0WY4MKLvsYbWmAgYbRWcWX6RRGO/sXSaR9CByt:nEJtAcPh/MKjsYbK10X6RcO0XSHwt | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1807f1000 GetModuleHandleA
USER32.dll
0x1807f1010 GetUserObjectInformationW
SHELL32.dll
0x1807f1020 SHGetSpecialFolderPathA
WS2_32.dll
0x1807f1030 ioctlsocket
WLDAP32.dll
0x1807f1040 None
ADVAPI32.dll
0x1807f1050 RegisterEventSourceW
EAT(Export Address Table) Library
0x18005e620 Breakpad_SteamMiniDumpInit
0x18005e630 Breakpad_SteamSetAppID
0x18005e640 Breakpad_SteamSetSteamID
0x18005e650 Breakpad_SteamWriteMiniDumpSetComment
0x18005e660 Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
0x18005e2a0 CreateInterface
0x18005e0f0 OnlineFix
0x18005e100 ShellExecuteA
0x18005e160 ShellExecuteW
0x18005e7a0 Steam_BConnected
0x18005e1c0 Steam_BGetCallback
0x18005e7b0 Steam_BLoggedOn
0x18005e7c0 Steam_BReleaseSteamPipe
0x18005e7d0 Steam_ConnectToGlobalUser
0x18005e7e0 Steam_CreateGlobalUser
0x18005e7f0 Steam_CreateLocalUser
0x18005e800 Steam_CreateSteamPipe
0x18005e260 Steam_FreeLastCallback
0x18005e820 Steam_GSBLoggedOn
0x18005e830 Steam_GSBSecure
0x18005e840 Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
0x18005e850 Steam_GSGetSteamID
0x18005e860 Steam_GSLogOff
0x18005e870 Steam_GSLogOn
0x18005e880 Steam_GSRemoveUserConnect
0x18005e890 Steam_GSSendSteam2UserConnect
0x18005e8a0 Steam_GSSendSteam3UserConnect
0x18005e8b0 Steam_GSSendUserDisconnect
0x18005e8c0 Steam_GSSendUserStatusResponse
0x18005e8d0 Steam_GSSetServerType
0x18005e8e0 Steam_GSSetSpawnCount
0x18005e8f0 Steam_GSUpdateStatus
0x18005e210 Steam_GetAPICallResult
0x18005e810 Steam_GetGSHandle
0x18005e900 Steam_InitiateGameConnection
0x18005e910 Steam_LogOff
0x18005e920 Steam_LogOn
0x18005e930 Steam_ReleaseThreadLocalMemory
0x18005e940 Steam_ReleaseUser
0x18005e950 Steam_SetLocalIPBinding
0x18005e960 Steam_TerminateGameConnection
0x18005e670 hid_close
0x18005e680 hid_enumerate
0x18005e690 hid_error
0x18005e6a0 hid_exit
0x18005e6b0 hid_free_enumeration
0x18005e6c0 hid_get_feature_report
0x18005e6d0 hid_get_indexed_string
0x18005e6e0 hid_get_manufacturer_string
0x18005e6f0 hid_get_product_string
0x18005e700 hid_get_serial_number_string
0x18005e710 hid_init
0x18005e720 hid_open
0x18005e730 hid_open_path
0x18005e740 hid_read
0x18005e750 hid_read_timeout
0x18005e760 hid_send_feature_report
0x18005e770 hid_set_nonblocking
0x18005e780 hid_write
0x18005e790 hid_write_output_report
KERNEL32.dll
0x1807f1000 GetModuleHandleA
USER32.dll
0x1807f1010 GetUserObjectInformationW
SHELL32.dll
0x1807f1020 SHGetSpecialFolderPathA
WS2_32.dll
0x1807f1030 ioctlsocket
WLDAP32.dll
0x1807f1040 None
ADVAPI32.dll
0x1807f1050 RegisterEventSourceW
EAT(Export Address Table) Library
0x18005e620 Breakpad_SteamMiniDumpInit
0x18005e630 Breakpad_SteamSetAppID
0x18005e640 Breakpad_SteamSetSteamID
0x18005e650 Breakpad_SteamWriteMiniDumpSetComment
0x18005e660 Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
0x18005e2a0 CreateInterface
0x18005e0f0 OnlineFix
0x18005e100 ShellExecuteA
0x18005e160 ShellExecuteW
0x18005e7a0 Steam_BConnected
0x18005e1c0 Steam_BGetCallback
0x18005e7b0 Steam_BLoggedOn
0x18005e7c0 Steam_BReleaseSteamPipe
0x18005e7d0 Steam_ConnectToGlobalUser
0x18005e7e0 Steam_CreateGlobalUser
0x18005e7f0 Steam_CreateLocalUser
0x18005e800 Steam_CreateSteamPipe
0x18005e260 Steam_FreeLastCallback
0x18005e820 Steam_GSBLoggedOn
0x18005e830 Steam_GSBSecure
0x18005e840 Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
0x18005e850 Steam_GSGetSteamID
0x18005e860 Steam_GSLogOff
0x18005e870 Steam_GSLogOn
0x18005e880 Steam_GSRemoveUserConnect
0x18005e890 Steam_GSSendSteam2UserConnect
0x18005e8a0 Steam_GSSendSteam3UserConnect
0x18005e8b0 Steam_GSSendUserDisconnect
0x18005e8c0 Steam_GSSendUserStatusResponse
0x18005e8d0 Steam_GSSetServerType
0x18005e8e0 Steam_GSSetSpawnCount
0x18005e8f0 Steam_GSUpdateStatus
0x18005e210 Steam_GetAPICallResult
0x18005e810 Steam_GetGSHandle
0x18005e900 Steam_InitiateGameConnection
0x18005e910 Steam_LogOff
0x18005e920 Steam_LogOn
0x18005e930 Steam_ReleaseThreadLocalMemory
0x18005e940 Steam_ReleaseUser
0x18005e950 Steam_SetLocalIPBinding
0x18005e960 Steam_TerminateGameConnection
0x18005e670 hid_close
0x18005e680 hid_enumerate
0x18005e690 hid_error
0x18005e6a0 hid_exit
0x18005e6b0 hid_free_enumeration
0x18005e6c0 hid_get_feature_report
0x18005e6d0 hid_get_indexed_string
0x18005e6e0 hid_get_manufacturer_string
0x18005e6f0 hid_get_product_string
0x18005e700 hid_get_serial_number_string
0x18005e710 hid_init
0x18005e720 hid_open
0x18005e730 hid_open_path
0x18005e740 hid_read
0x18005e750 hid_read_timeout
0x18005e760 hid_send_feature_report
0x18005e770 hid_set_nonblocking
0x18005e780 hid_write
0x18005e790 hid_write_output_report