ScreenShot
| Created | 2023.12.24 16:17 | Machine | s1_win7_x6401 |
| Filename | DisplayDriverExt.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 1d509cbad17fe9bc39563956aadf5d3f | ||
| sha256 | fd7ed4415e91eb248322a890e47c52d8ef842f9842f8fa5b630d6dafcc4ca8f8 | ||
| ssdeep | 49152:ENxGBlrBuTUESmDLIn7Ud3RjhFuYVIVkqS:ccBqUESmg7ijH | ||
| imphash | 076d82855c5f31f297e07e8c8d959d31 | ||
| impfuzzy | 96:nNk6SZEELAX0N6LafkpzEisL9nlwKHQWbVDLlVhN3PV1Pcv:nNRelXh5w0NVhN9+v | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
crypt.dll
0x10130414 BCryptOpenAlgorithmProvider
0x10130418 BCryptCloseAlgorithmProvider
0x1013041c BCryptDestroyKey
0x10130420 BCryptImportKeyPair
0x10130424 BCryptEncrypt
0x10130428 BCryptDecrypt
WINTRUST.dll
0x1013040c WinVerifyTrust
PSAPI.DLL
0x1013034c GetProcessImageFileNameW
KERNEL32.dll
0x10130090 GetFileSizeEx
0x10130094 ReleaseMutex
0x10130098 WaitForSingleObject
0x1013009c GetCurrentProcessId
0x101300a0 GetTempPathW
0x101300a4 VerifyVersionInfoW
0x101300a8 VerSetConditionMask
0x101300ac SetLastError
0x101300b0 Sleep
0x101300b4 GetModuleHandleW
0x101300b8 GetProcAddress
0x101300bc GetVersionExW
0x101300c0 lstrlenW
0x101300c4 MultiByteToWideChar
0x101300c8 GetExitCodeThread
0x101300cc ResumeThread
0x101300d0 RaiseException
0x101300d4 GetFileSize
0x101300d8 ReadFile
0x101300dc SetEndOfFile
0x101300e0 SetFilePointerEx
0x101300e4 InitializeCriticalSectionAndSpinCount
0x101300e8 LocalAlloc
0x101300ec GetCurrentDirectoryW
0x101300f0 CreateDirectoryW
0x101300f4 DeleteFileW
0x101300f8 FindClose
0x101300fc FindFirstFileW
0x10130100 FindNextFileW
0x10130104 GetFileAttributesW
0x10130108 QueryDosDeviceW
0x1013010c RemoveDirectoryW
0x10130110 SetFileAttributesW
0x10130114 ExpandEnvironmentStringsW
0x10130118 GetCurrentThread
0x1013011c GetSystemDirectoryW
0x10130120 GetWindowsDirectoryW
0x10130124 GetSystemWindowsDirectoryW
0x10130128 CreateFileMappingW
0x1013012c MapViewOfFile
0x10130130 UnmapViewOfFile
0x10130134 lstrcmpW
0x10130138 CopyFileW
0x1013013c MoveFileExW
0x10130140 GetSystemInfo
0x10130144 FreeLibrary
0x10130148 GetModuleHandleExW
0x1013014c LoadLibraryW
0x10130150 DuplicateHandle
0x10130154 TerminateProcess
0x10130158 GetExitCodeProcess
0x1013015c CreateProcessW
0x10130160 GetProcessId
0x10130164 OpenProcess
0x10130168 FileTimeToSystemTime
0x1013016c OpenEventW
0x10130170 LocalFree
0x10130174 FormatMessageW
0x10130178 SystemTimeToFileTime
0x1013017c CompareFileTime
0x10130180 GetFullPathNameW
0x10130184 GetModuleHandleA
0x10130188 LoadLibraryExW
0x1013018c lstrcmpA
0x10130190 GetModuleFileNameW
0x10130194 CreateFileW
0x10130198 CloseHandle
0x1013019c CreateMutexW
0x101301a0 GetCurrentThreadId
0x101301a4 WaitForSingleObjectEx
0x101301a8 SetEvent
0x101301ac CreateEventA
0x101301b0 OutputDebugStringW
0x101301b4 GetCurrentProcess
0x101301b8 GetProcessTimes
0x101301bc GetSystemTimeAsFileTime
0x101301c0 QueryPerformanceFrequency
0x101301c4 QueryPerformanceCounter
0x101301c8 WideCharToMultiByte
0x101301cc GetProcessHeap
0x101301d0 HeapAlloc
0x101301d4 HeapFree
0x101301d8 HeapReAlloc
0x101301dc HeapSize
0x101301e0 HeapDestroy
0x101301e4 FindResourceExW
0x101301e8 FindResourceW
0x101301ec LoadResource
0x101301f0 LockResource
0x101301f4 SizeofResource
0x101301f8 LeaveCriticalSection
0x101301fc EnterCriticalSection
0x10130200 EncodePointer
0x10130204 DecodePointer
0x10130208 DeleteCriticalSection
0x1013020c InitializeCriticalSectionEx
0x10130210 GetLastError
0x10130214 WriteFile
0x10130218 OpenEventA
0x1013021c DeviceIoControl
0x10130220 WriteConsoleW
0x10130224 ReadConsoleW
0x10130228 SetStdHandle
0x1013022c SetEnvironmentVariableA
0x10130230 FreeEnvironmentStringsW
0x10130234 GetEnvironmentStringsW
0x10130238 GetCommandLineW
0x1013023c GetCommandLineA
0x10130240 GetOEMCP
0x10130244 IsValidCodePage
0x10130248 FindNextFileA
0x1013024c FindFirstFileExA
0x10130250 GetConsoleMode
0x10130254 GetConsoleCP
0x10130258 FlushFileBuffers
0x1013025c GetFileType
0x10130260 GetStdHandle
0x10130264 GetACP
0x10130268 EnumSystemLocalesW
0x1013026c GetUserDefaultLCID
0x10130270 IsValidLocale
0x10130274 GetTimeFormatW
0x10130278 GetDateFormatW
0x1013027c GetTimeZoneInformation
0x10130280 GetModuleFileNameA
0x10130284 ExitProcess
0x10130288 FreeLibraryAndExitThread
0x1013028c ExitThread
0x10130290 CreateThread
0x10130294 InterlockedFlushSList
0x10130298 InterlockedPushEntrySList
0x1013029c RtlUnwind
0x101302a0 GetStartupInfoW
0x101302a4 IsProcessorFeaturePresent
0x101302a8 SetUnhandledExceptionFilter
0x101302ac UnhandledExceptionFilter
0x101302b0 InitializeSListHead
0x101302b4 ResetEvent
0x101302b8 IsDebuggerPresent
0x101302bc AreFileApisANSI
0x101302c0 FormatMessageA
0x101302c4 GetCPInfo
0x101302c8 GetLocaleInfoW
0x101302cc LCMapStringW
0x101302d0 CompareStringW
0x101302d4 TlsFree
0x101302d8 TlsSetValue
0x101302dc TlsGetValue
0x101302e0 TlsAlloc
0x101302e4 CreateEventW
0x101302e8 GetStringTypeW
ADVAPI32.dll
0x10130000 QueryServiceStatusEx
0x10130004 QueryServiceConfig2W
0x10130008 OpenServiceW
0x1013000c OpenSCManagerW
0x10130010 EnumDependentServicesW
0x10130014 DeleteService
0x10130018 LsaNtStatusToWinError
0x1013001c IsTextUnicode
0x10130020 MapGenericMask
0x10130024 GetFileSecurityW
0x10130028 DuplicateToken
0x1013002c AccessCheck
0x10130030 OpenThreadToken
0x10130034 RegSetValueExW
0x10130038 RegQueryInfoKeyW
0x1013003c RegEnumKeyExW
0x10130040 RegDeleteValueW
0x10130044 RegDeleteKeyW
0x10130048 RegOpenCurrentUser
0x1013004c LookupPrivilegeValueW
0x10130050 AdjustTokenPrivileges
0x10130054 SetNamedSecurityInfoW
0x10130058 SetEntriesInAclW
0x1013005c AllocateAndInitializeSid
0x10130060 OpenProcessToken
0x10130064 GetTokenInformation
0x10130068 RegEnumValueW
0x1013006c RegCreateKeyExW
0x10130070 RegCloseKey
0x10130074 RegOpenKeyExW
0x10130078 RegQueryValueExW
0x1013007c ChangeServiceConfigW
0x10130080 ChangeServiceConfig2W
0x10130084 CloseServiceHandle
0x10130088 ControlService
SHELL32.dll
0x101303e0 ShellExecuteExW
0x101303e4 SHGetFolderPathW
ole32.dll
0x10130430 CoCreateInstance
0x10130434 CoInitializeEx
0x10130438 CoUninitialize
OLEAUT32.dll
0x101302f0 SafeArrayGetLBound
0x101302f4 SafeArrayGetUBound
0x101302f8 VariantCopy
0x101302fc SafeArrayUnlock
0x10130300 SafeArrayCreate
0x10130304 SafeArrayRedim
0x10130308 SafeArrayLock
0x1013030c SysAllocStringByteLen
0x10130310 SysStringByteLen
0x10130314 SafeArrayCopy
0x10130318 SafeArrayGetVartype
0x1013031c SafeArrayGetDim
0x10130320 SysAllocStringLen
0x10130324 VariantChangeType
0x10130328 SysStringLen
0x1013032c VariantInit
0x10130330 VariantClear
0x10130334 LoadRegTypeLib
0x10130338 SafeArrayDestroy
0x1013033c SysFreeString
0x10130340 LoadTypeLib
0x10130344 SysAllocString
SHLWAPI.dll
0x101303ec PathFindFileNameW
RPCRT4.dll
0x10130354 RpcStringFreeW
0x10130358 UuidFromStringW
0x1013035c UuidToStringW
VERSION.dll
0x101303fc GetFileVersionInfoSizeW
0x10130400 VerQueryValueW
0x10130404 GetFileVersionInfoW
SETUPAPI.dll
0x10130364 SetupDiCreateDeviceInfoList
0x10130368 SetupGetIntField
0x1013036c SetupGetStringFieldW
0x10130370 SetupGetFieldCount
0x10130374 SetupGetLineTextW
0x10130378 SetupFindNextLine
0x1013037c SetupFindFirstLineW
0x10130380 SetupOpenAppendInfFileW
0x10130384 SetupDiOpenDeviceInfoW
0x10130388 SetupDiSetSelectedDevice
0x1013038c SetupCloseInfFile
0x10130390 SetupOpenInfFileW
0x10130394 CM_Get_Device_IDW
0x10130398 SetupDiGetClassDevsW
0x1013039c SetupDiDestroyDeviceInfoList
0x101303a0 SetupDiGetActualSectionToInstallExW
0x101303a4 SetupDiSetDeviceInstallParamsW
0x101303a8 SetupDiGetDeviceInstanceIdW
0x101303ac CM_Get_DevNode_Status
0x101303b0 SetupDiDeleteDeviceInfo
0x101303b4 SetupDiGetDeviceInstallParamsW
0x101303b8 SetupDiGetDeviceRegistryPropertyW
0x101303bc SetupDiOpenDevRegKey
0x101303c0 SetupDiGetINFClassW
0x101303c4 SetupDiGetDriverInfoDetailW
0x101303c8 SetupDiSetSelectedDriverW
0x101303cc SetupDiEnumDriverInfoW
0x101303d0 SetupDiBuildDriverInfoList
0x101303d4 SetupFindNextMatchLineW
0x101303d8 SetupDiEnumDeviceInfo
USERENV.dll
0x101303f4 UnloadUserProfile
EAT(Export Address Table) Library
0x10001950 DllCanUnloadNow
0x10001990 DllGetClassObject
0x100019e0 DllInstall
0x100019d0 DllRegisterServer
0x100019d0 DllUnregisterServer
crypt.dll
0x10130414 BCryptOpenAlgorithmProvider
0x10130418 BCryptCloseAlgorithmProvider
0x1013041c BCryptDestroyKey
0x10130420 BCryptImportKeyPair
0x10130424 BCryptEncrypt
0x10130428 BCryptDecrypt
WINTRUST.dll
0x1013040c WinVerifyTrust
PSAPI.DLL
0x1013034c GetProcessImageFileNameW
KERNEL32.dll
0x10130090 GetFileSizeEx
0x10130094 ReleaseMutex
0x10130098 WaitForSingleObject
0x1013009c GetCurrentProcessId
0x101300a0 GetTempPathW
0x101300a4 VerifyVersionInfoW
0x101300a8 VerSetConditionMask
0x101300ac SetLastError
0x101300b0 Sleep
0x101300b4 GetModuleHandleW
0x101300b8 GetProcAddress
0x101300bc GetVersionExW
0x101300c0 lstrlenW
0x101300c4 MultiByteToWideChar
0x101300c8 GetExitCodeThread
0x101300cc ResumeThread
0x101300d0 RaiseException
0x101300d4 GetFileSize
0x101300d8 ReadFile
0x101300dc SetEndOfFile
0x101300e0 SetFilePointerEx
0x101300e4 InitializeCriticalSectionAndSpinCount
0x101300e8 LocalAlloc
0x101300ec GetCurrentDirectoryW
0x101300f0 CreateDirectoryW
0x101300f4 DeleteFileW
0x101300f8 FindClose
0x101300fc FindFirstFileW
0x10130100 FindNextFileW
0x10130104 GetFileAttributesW
0x10130108 QueryDosDeviceW
0x1013010c RemoveDirectoryW
0x10130110 SetFileAttributesW
0x10130114 ExpandEnvironmentStringsW
0x10130118 GetCurrentThread
0x1013011c GetSystemDirectoryW
0x10130120 GetWindowsDirectoryW
0x10130124 GetSystemWindowsDirectoryW
0x10130128 CreateFileMappingW
0x1013012c MapViewOfFile
0x10130130 UnmapViewOfFile
0x10130134 lstrcmpW
0x10130138 CopyFileW
0x1013013c MoveFileExW
0x10130140 GetSystemInfo
0x10130144 FreeLibrary
0x10130148 GetModuleHandleExW
0x1013014c LoadLibraryW
0x10130150 DuplicateHandle
0x10130154 TerminateProcess
0x10130158 GetExitCodeProcess
0x1013015c CreateProcessW
0x10130160 GetProcessId
0x10130164 OpenProcess
0x10130168 FileTimeToSystemTime
0x1013016c OpenEventW
0x10130170 LocalFree
0x10130174 FormatMessageW
0x10130178 SystemTimeToFileTime
0x1013017c CompareFileTime
0x10130180 GetFullPathNameW
0x10130184 GetModuleHandleA
0x10130188 LoadLibraryExW
0x1013018c lstrcmpA
0x10130190 GetModuleFileNameW
0x10130194 CreateFileW
0x10130198 CloseHandle
0x1013019c CreateMutexW
0x101301a0 GetCurrentThreadId
0x101301a4 WaitForSingleObjectEx
0x101301a8 SetEvent
0x101301ac CreateEventA
0x101301b0 OutputDebugStringW
0x101301b4 GetCurrentProcess
0x101301b8 GetProcessTimes
0x101301bc GetSystemTimeAsFileTime
0x101301c0 QueryPerformanceFrequency
0x101301c4 QueryPerformanceCounter
0x101301c8 WideCharToMultiByte
0x101301cc GetProcessHeap
0x101301d0 HeapAlloc
0x101301d4 HeapFree
0x101301d8 HeapReAlloc
0x101301dc HeapSize
0x101301e0 HeapDestroy
0x101301e4 FindResourceExW
0x101301e8 FindResourceW
0x101301ec LoadResource
0x101301f0 LockResource
0x101301f4 SizeofResource
0x101301f8 LeaveCriticalSection
0x101301fc EnterCriticalSection
0x10130200 EncodePointer
0x10130204 DecodePointer
0x10130208 DeleteCriticalSection
0x1013020c InitializeCriticalSectionEx
0x10130210 GetLastError
0x10130214 WriteFile
0x10130218 OpenEventA
0x1013021c DeviceIoControl
0x10130220 WriteConsoleW
0x10130224 ReadConsoleW
0x10130228 SetStdHandle
0x1013022c SetEnvironmentVariableA
0x10130230 FreeEnvironmentStringsW
0x10130234 GetEnvironmentStringsW
0x10130238 GetCommandLineW
0x1013023c GetCommandLineA
0x10130240 GetOEMCP
0x10130244 IsValidCodePage
0x10130248 FindNextFileA
0x1013024c FindFirstFileExA
0x10130250 GetConsoleMode
0x10130254 GetConsoleCP
0x10130258 FlushFileBuffers
0x1013025c GetFileType
0x10130260 GetStdHandle
0x10130264 GetACP
0x10130268 EnumSystemLocalesW
0x1013026c GetUserDefaultLCID
0x10130270 IsValidLocale
0x10130274 GetTimeFormatW
0x10130278 GetDateFormatW
0x1013027c GetTimeZoneInformation
0x10130280 GetModuleFileNameA
0x10130284 ExitProcess
0x10130288 FreeLibraryAndExitThread
0x1013028c ExitThread
0x10130290 CreateThread
0x10130294 InterlockedFlushSList
0x10130298 InterlockedPushEntrySList
0x1013029c RtlUnwind
0x101302a0 GetStartupInfoW
0x101302a4 IsProcessorFeaturePresent
0x101302a8 SetUnhandledExceptionFilter
0x101302ac UnhandledExceptionFilter
0x101302b0 InitializeSListHead
0x101302b4 ResetEvent
0x101302b8 IsDebuggerPresent
0x101302bc AreFileApisANSI
0x101302c0 FormatMessageA
0x101302c4 GetCPInfo
0x101302c8 GetLocaleInfoW
0x101302cc LCMapStringW
0x101302d0 CompareStringW
0x101302d4 TlsFree
0x101302d8 TlsSetValue
0x101302dc TlsGetValue
0x101302e0 TlsAlloc
0x101302e4 CreateEventW
0x101302e8 GetStringTypeW
ADVAPI32.dll
0x10130000 QueryServiceStatusEx
0x10130004 QueryServiceConfig2W
0x10130008 OpenServiceW
0x1013000c OpenSCManagerW
0x10130010 EnumDependentServicesW
0x10130014 DeleteService
0x10130018 LsaNtStatusToWinError
0x1013001c IsTextUnicode
0x10130020 MapGenericMask
0x10130024 GetFileSecurityW
0x10130028 DuplicateToken
0x1013002c AccessCheck
0x10130030 OpenThreadToken
0x10130034 RegSetValueExW
0x10130038 RegQueryInfoKeyW
0x1013003c RegEnumKeyExW
0x10130040 RegDeleteValueW
0x10130044 RegDeleteKeyW
0x10130048 RegOpenCurrentUser
0x1013004c LookupPrivilegeValueW
0x10130050 AdjustTokenPrivileges
0x10130054 SetNamedSecurityInfoW
0x10130058 SetEntriesInAclW
0x1013005c AllocateAndInitializeSid
0x10130060 OpenProcessToken
0x10130064 GetTokenInformation
0x10130068 RegEnumValueW
0x1013006c RegCreateKeyExW
0x10130070 RegCloseKey
0x10130074 RegOpenKeyExW
0x10130078 RegQueryValueExW
0x1013007c ChangeServiceConfigW
0x10130080 ChangeServiceConfig2W
0x10130084 CloseServiceHandle
0x10130088 ControlService
SHELL32.dll
0x101303e0 ShellExecuteExW
0x101303e4 SHGetFolderPathW
ole32.dll
0x10130430 CoCreateInstance
0x10130434 CoInitializeEx
0x10130438 CoUninitialize
OLEAUT32.dll
0x101302f0 SafeArrayGetLBound
0x101302f4 SafeArrayGetUBound
0x101302f8 VariantCopy
0x101302fc SafeArrayUnlock
0x10130300 SafeArrayCreate
0x10130304 SafeArrayRedim
0x10130308 SafeArrayLock
0x1013030c SysAllocStringByteLen
0x10130310 SysStringByteLen
0x10130314 SafeArrayCopy
0x10130318 SafeArrayGetVartype
0x1013031c SafeArrayGetDim
0x10130320 SysAllocStringLen
0x10130324 VariantChangeType
0x10130328 SysStringLen
0x1013032c VariantInit
0x10130330 VariantClear
0x10130334 LoadRegTypeLib
0x10130338 SafeArrayDestroy
0x1013033c SysFreeString
0x10130340 LoadTypeLib
0x10130344 SysAllocString
SHLWAPI.dll
0x101303ec PathFindFileNameW
RPCRT4.dll
0x10130354 RpcStringFreeW
0x10130358 UuidFromStringW
0x1013035c UuidToStringW
VERSION.dll
0x101303fc GetFileVersionInfoSizeW
0x10130400 VerQueryValueW
0x10130404 GetFileVersionInfoW
SETUPAPI.dll
0x10130364 SetupDiCreateDeviceInfoList
0x10130368 SetupGetIntField
0x1013036c SetupGetStringFieldW
0x10130370 SetupGetFieldCount
0x10130374 SetupGetLineTextW
0x10130378 SetupFindNextLine
0x1013037c SetupFindFirstLineW
0x10130380 SetupOpenAppendInfFileW
0x10130384 SetupDiOpenDeviceInfoW
0x10130388 SetupDiSetSelectedDevice
0x1013038c SetupCloseInfFile
0x10130390 SetupOpenInfFileW
0x10130394 CM_Get_Device_IDW
0x10130398 SetupDiGetClassDevsW
0x1013039c SetupDiDestroyDeviceInfoList
0x101303a0 SetupDiGetActualSectionToInstallExW
0x101303a4 SetupDiSetDeviceInstallParamsW
0x101303a8 SetupDiGetDeviceInstanceIdW
0x101303ac CM_Get_DevNode_Status
0x101303b0 SetupDiDeleteDeviceInfo
0x101303b4 SetupDiGetDeviceInstallParamsW
0x101303b8 SetupDiGetDeviceRegistryPropertyW
0x101303bc SetupDiOpenDevRegKey
0x101303c0 SetupDiGetINFClassW
0x101303c4 SetupDiGetDriverInfoDetailW
0x101303c8 SetupDiSetSelectedDriverW
0x101303cc SetupDiEnumDriverInfoW
0x101303d0 SetupDiBuildDriverInfoList
0x101303d4 SetupFindNextMatchLineW
0x101303d8 SetupDiEnumDeviceInfo
USERENV.dll
0x101303f4 UnloadUserProfile
EAT(Export Address Table) Library
0x10001950 DllCanUnloadNow
0x10001990 DllGetClassObject
0x100019e0 DllInstall
0x100019d0 DllRegisterServer
0x100019d0 DllUnregisterServer