ScreenShot
Created | 2023.12.23 18:22 | Machine | s1_win7_x6403 |
Filename | setup294.dll | ||
Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 28 detected (AIDetectMalware, Zusy, Artemis, unsafe, Save, malicious, confidence, 100%, ZedlaF, jE8@auXoM0m, high confidence, score, Zenpak, Static AI, Malicious PE, Kryptik, Eldorado, Detected, ai score=83, Generic@AI, RDML, Zd2Onkga3C2zdksF4tWtLQ, HUEI) | ||
md5 | f8da2527550d3cd4ace397705dcfc72d | ||
sha256 | 62f90dc9cb5575d3147335e7e16b4d116cb3daf1b28ce7626e576d4099a3e956 | ||
ssdeep | 49152:v2OQ9V8A4lQhbb2rR6JQ0f1uK7px2j2kHAxUQLPUa:Ai/Q5mF0f1uK7px2j24AxXPU | ||
imphash | 738834b838cf7255e21940704e341a34 | ||
impfuzzy | 12:Es6KQAzaEjKdKntJ5kyCAnm4rxMgWtdSnKbbCaxC3SVAGWjdWh3gRxWuVAsDlp54:EszQANKmtJKyLr+t2nYA0WjYCxTzlp54 |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
info | IsDLL | (no description) | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x1000407c InvalidateRgn
0x10004080 LookupIconIdFromDirectory
0x10004084 GetGUIThreadInfo
0x10004088 GetScrollBarInfo
0x1000408c SetCaretPos
0x10004090 GetMenuItemCount
0x10004094 DrawStateA
0x10004098 ShowWindow
0x1000409c EnumDisplayDevicesA
0x100040a0 DestroyIcon
ole32.dll
0x100040b8 CoGetCallerTID
WS2_32.dll
0x100040a8 WSAGetLastError
OLEAUT32.dll
0x10004058 SafeArrayCreate
0x1000405c GetRecordInfoFromGuids
RPCRT4.dll
0x10004064 I_RpcGetExtendedError
SHLWAPI.dll
0x10004074 StrCpyNW
KERNEL32.dll
0x10004020 GetStringTypeW
0x10004024 GetCommModemStatus
0x10004028 DebugBreak
0x1000402c GetBinaryTypeA
0x10004030 LoadLibraryW
0x10004034 WaitForSingleObjectEx
0x10004038 GetModuleFileNameA
0x1000403c QueryPerformanceCounter
0x10004040 SetStdHandle
0x10004044 CreateEventA
0x10004048 DeleteCriticalSection
0x1000404c GetConsoleDisplayMode
0x10004050 LoadLibraryExA
GDI32.dll
0x10004000 CopyEnhMetaFileW
0x10004004 WidenPath
0x10004008 LPtoDP
0x1000400c ExcludeClipRect
0x10004010 PlayMetaFileRecord
0x10004014 SetRectRgn
0x10004018 ArcTo
msvcrt.dll
0x100040b0 memset
SETUPAPI.dll
0x1000406c SetupDiEnumDeviceInfo
EAT(Export Address Table) is none
USER32.dll
0x1000407c InvalidateRgn
0x10004080 LookupIconIdFromDirectory
0x10004084 GetGUIThreadInfo
0x10004088 GetScrollBarInfo
0x1000408c SetCaretPos
0x10004090 GetMenuItemCount
0x10004094 DrawStateA
0x10004098 ShowWindow
0x1000409c EnumDisplayDevicesA
0x100040a0 DestroyIcon
ole32.dll
0x100040b8 CoGetCallerTID
WS2_32.dll
0x100040a8 WSAGetLastError
OLEAUT32.dll
0x10004058 SafeArrayCreate
0x1000405c GetRecordInfoFromGuids
RPCRT4.dll
0x10004064 I_RpcGetExtendedError
SHLWAPI.dll
0x10004074 StrCpyNW
KERNEL32.dll
0x10004020 GetStringTypeW
0x10004024 GetCommModemStatus
0x10004028 DebugBreak
0x1000402c GetBinaryTypeA
0x10004030 LoadLibraryW
0x10004034 WaitForSingleObjectEx
0x10004038 GetModuleFileNameA
0x1000403c QueryPerformanceCounter
0x10004040 SetStdHandle
0x10004044 CreateEventA
0x10004048 DeleteCriticalSection
0x1000404c GetConsoleDisplayMode
0x10004050 LoadLibraryExA
GDI32.dll
0x10004000 CopyEnhMetaFileW
0x10004004 WidenPath
0x10004008 LPtoDP
0x1000400c ExcludeClipRect
0x10004010 PlayMetaFileRecord
0x10004014 SetRectRgn
0x10004018 ArcTo
msvcrt.dll
0x100040b0 memset
SETUPAPI.dll
0x1000406c SetupDiEnumDeviceInfo
EAT(Export Address Table) is none