ScreenShot
| Created | 2024.01.13 19:37 | Machine | s1_win7_x6403 |
| Filename | shell.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 470e404c0132733c3df4895672dbd282 | ||
| sha256 | c03efa6ab0422798b5bf1be4dd4d56c813e060a110bdbdbbdd1820cd8c673232 | ||
| ssdeep | 98304:Pt6PB0pqcxVbMpn2u3S4VaAf9sOs5V0ioedhDmznjVAMx8+k29D6v2Y:PMB0YEQpnLSqf8+iP/DO+Mx8+k66V | ||
| imphash | ae9bb001ca3ddbc8de1e83725c753daf | ||
| impfuzzy | 24:YYuS1o0qtB7BgOJeDc+pl3eDovdavUjM5SOovbOPZdEQ4ERTnXU52QwU4q4ud:YhS1YtBBgDc+ppK338QRTXawU4q4ud | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180018000 ExitProcess
0x180018008 AllocConsole
0x180018010 FreeConsole
0x180018018 AttachConsole
0x180018020 ReadConsoleW
0x180018028 ReadFile
0x180018030 SetEndOfFile
0x180018038 WriteConsoleW
0x180018040 HeapReAlloc
0x180018048 HeapSize
0x180018050 GetStringTypeW
0x180018058 CreateFileW
0x180018060 CloseHandle
0x180018068 SetFilePointerEx
0x180018070 SetStdHandle
0x180018078 GetProcessHeap
0x180018080 QueryPerformanceCounter
0x180018088 GetCurrentProcessId
0x180018090 GetCurrentThreadId
0x180018098 GetSystemTimeAsFileTime
0x1800180a0 InitializeSListHead
0x1800180a8 RtlCaptureContext
0x1800180b0 RtlLookupFunctionEntry
0x1800180b8 RtlVirtualUnwind
0x1800180c0 IsDebuggerPresent
0x1800180c8 UnhandledExceptionFilter
0x1800180d0 SetUnhandledExceptionFilter
0x1800180d8 GetStartupInfoW
0x1800180e0 IsProcessorFeaturePresent
0x1800180e8 GetModuleHandleW
0x1800180f0 GetLastError
0x1800180f8 MultiByteToWideChar
0x180018100 WideCharToMultiByte
0x180018108 LocalFree
0x180018110 RtlUnwindEx
0x180018118 RtlPcToFileHeader
0x180018120 RaiseException
0x180018128 InterlockedFlushSList
0x180018130 SetLastError
0x180018138 EncodePointer
0x180018140 EnterCriticalSection
0x180018148 LeaveCriticalSection
0x180018150 DeleteCriticalSection
0x180018158 InitializeCriticalSectionAndSpinCount
0x180018160 TlsAlloc
0x180018168 TlsGetValue
0x180018170 TlsSetValue
0x180018178 TlsFree
0x180018180 FreeLibrary
0x180018188 GetProcAddress
0x180018190 LoadLibraryExW
0x180018198 GetCurrentProcess
0x1800181a0 TerminateProcess
0x1800181a8 GetModuleHandleExW
0x1800181b0 GetModuleFileNameW
0x1800181b8 HeapAlloc
0x1800181c0 HeapFree
0x1800181c8 LCMapStringW
0x1800181d0 GetStdHandle
0x1800181d8 GetFileType
0x1800181e0 FlushFileBuffers
0x1800181e8 WriteFile
0x1800181f0 GetConsoleCP
0x1800181f8 GetConsoleMode
0x180018200 FindClose
0x180018208 FindFirstFileExW
0x180018210 FindNextFileW
0x180018218 IsValidCodePage
0x180018220 GetACP
0x180018228 GetOEMCP
0x180018230 GetCPInfo
0x180018238 GetCommandLineA
0x180018240 GetCommandLineW
0x180018248 GetEnvironmentStringsW
0x180018250 FreeEnvironmentStringsW
OLEAUT32.dll
0x180018260 VariantClear
0x180018268 VariantInit
0x180018270 SafeArrayCreateVector
0x180018278 SafeArrayUnlock
0x180018280 SafeArrayLock
0x180018288 SafeArrayDestroy
0x180018290 SafeArrayCreate
0x180018298 SysFreeString
0x1800182a0 SysAllocString
0x1800182a8 SafeArrayPutElement
mscoree.dll
0x1800182b8 CLRCreateInstance
0x1800182c0 CorBindToRuntimeEx
EAT(Export Address Table) Library
0x180001100 ?ReflectiveLoader@@YA_KPEAX@Z
0x180001068 Run
KERNEL32.dll
0x180018000 ExitProcess
0x180018008 AllocConsole
0x180018010 FreeConsole
0x180018018 AttachConsole
0x180018020 ReadConsoleW
0x180018028 ReadFile
0x180018030 SetEndOfFile
0x180018038 WriteConsoleW
0x180018040 HeapReAlloc
0x180018048 HeapSize
0x180018050 GetStringTypeW
0x180018058 CreateFileW
0x180018060 CloseHandle
0x180018068 SetFilePointerEx
0x180018070 SetStdHandle
0x180018078 GetProcessHeap
0x180018080 QueryPerformanceCounter
0x180018088 GetCurrentProcessId
0x180018090 GetCurrentThreadId
0x180018098 GetSystemTimeAsFileTime
0x1800180a0 InitializeSListHead
0x1800180a8 RtlCaptureContext
0x1800180b0 RtlLookupFunctionEntry
0x1800180b8 RtlVirtualUnwind
0x1800180c0 IsDebuggerPresent
0x1800180c8 UnhandledExceptionFilter
0x1800180d0 SetUnhandledExceptionFilter
0x1800180d8 GetStartupInfoW
0x1800180e0 IsProcessorFeaturePresent
0x1800180e8 GetModuleHandleW
0x1800180f0 GetLastError
0x1800180f8 MultiByteToWideChar
0x180018100 WideCharToMultiByte
0x180018108 LocalFree
0x180018110 RtlUnwindEx
0x180018118 RtlPcToFileHeader
0x180018120 RaiseException
0x180018128 InterlockedFlushSList
0x180018130 SetLastError
0x180018138 EncodePointer
0x180018140 EnterCriticalSection
0x180018148 LeaveCriticalSection
0x180018150 DeleteCriticalSection
0x180018158 InitializeCriticalSectionAndSpinCount
0x180018160 TlsAlloc
0x180018168 TlsGetValue
0x180018170 TlsSetValue
0x180018178 TlsFree
0x180018180 FreeLibrary
0x180018188 GetProcAddress
0x180018190 LoadLibraryExW
0x180018198 GetCurrentProcess
0x1800181a0 TerminateProcess
0x1800181a8 GetModuleHandleExW
0x1800181b0 GetModuleFileNameW
0x1800181b8 HeapAlloc
0x1800181c0 HeapFree
0x1800181c8 LCMapStringW
0x1800181d0 GetStdHandle
0x1800181d8 GetFileType
0x1800181e0 FlushFileBuffers
0x1800181e8 WriteFile
0x1800181f0 GetConsoleCP
0x1800181f8 GetConsoleMode
0x180018200 FindClose
0x180018208 FindFirstFileExW
0x180018210 FindNextFileW
0x180018218 IsValidCodePage
0x180018220 GetACP
0x180018228 GetOEMCP
0x180018230 GetCPInfo
0x180018238 GetCommandLineA
0x180018240 GetCommandLineW
0x180018248 GetEnvironmentStringsW
0x180018250 FreeEnvironmentStringsW
OLEAUT32.dll
0x180018260 VariantClear
0x180018268 VariantInit
0x180018270 SafeArrayCreateVector
0x180018278 SafeArrayUnlock
0x180018280 SafeArrayLock
0x180018288 SafeArrayDestroy
0x180018290 SafeArrayCreate
0x180018298 SysFreeString
0x1800182a0 SysAllocString
0x1800182a8 SafeArrayPutElement
mscoree.dll
0x1800182b8 CLRCreateInstance
0x1800182c0 CorBindToRuntimeEx
EAT(Export Address Table) Library
0x180001100 ?ReflectiveLoader@@YA_KPEAX@Z
0x180001068 Run