ScreenShot
| Created | 2024.05.11 19:49 | Machine | s1_win7_x6403 |
| Filename | bin.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 47 detected (Common, Rozena, malicious, high confidence, score, Tedy, unsafe, TrojanX, CobaltStrike, CLASSIC, qbvcc, COBEACON, YXECEZ, Detected, ai score=85, Wacatac, Chgt, Gencirc, susgen) | ||
| md5 | ab3fff8fb136f2cbd1a5c150c57cf297 | ||
| sha256 | 516cd00b81fafacc964ed755a4e53ad7bb2ca39a3b72c8248b59bb7d336496ec | ||
| ssdeep | 192:Y+nFXDJdiMHounU1UgfMhTPpaa9DsnD2wxVpGVfcRyVlNG:xntLimFnUdM/B9D6DnxVp1yVl | ||
| imphash | 255c9886f1946bed58b0eeeb08427002 | ||
| impfuzzy | 12:BBPXJcq/TU3302XJGnhITZNbfJM2bHAM2n2h2f3uafhaFaZaNDVdg9aJ/a6haphh:BRVw02mS1kYgMUig3uihAI4Tg9KZh8hh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ntdll.dll
0x180003108 RtlIpv6StringToAddressA
KERNEL32.dll
0x180003000 SetUnhandledExceptionFilter
0x180003008 VirtualProtect
0x180003010 EnumSystemLocalesA
0x180003018 TerminateProcess
0x180003020 GetCurrentProcess
0x180003028 RtlCaptureContext
0x180003030 RtlLookupFunctionEntry
0x180003038 RtlVirtualUnwind
0x180003040 UnhandledExceptionFilter
0x180003048 IsDebuggerPresent
0x180003050 IsProcessorFeaturePresent
0x180003058 QueryPerformanceCounter
0x180003060 GetCurrentProcessId
0x180003068 GetCurrentThreadId
0x180003070 GetSystemTimeAsFileTime
0x180003078 InitializeSListHead
VCRUNTIME140.dll
0x180003088 __C_specific_handler
0x180003090 memset
0x180003098 memcpy
0x1800030a0 __std_type_info_destroy_list
api-ms-win-crt-heap-l1-1-0.dll
0x1800030b0 malloc
api-ms-win-crt-runtime-l1-1-0.dll
0x1800030c0 _initterm
0x1800030c8 _initterm_e
0x1800030d0 _seh_filter_dll
0x1800030d8 _configure_narrow_argv
0x1800030e0 _initialize_narrow_environment
0x1800030e8 _initialize_onexit_table
0x1800030f0 _execute_onexit_table
0x1800030f8 _cexit
EAT(Export Address Table) is none
ntdll.dll
0x180003108 RtlIpv6StringToAddressA
KERNEL32.dll
0x180003000 SetUnhandledExceptionFilter
0x180003008 VirtualProtect
0x180003010 EnumSystemLocalesA
0x180003018 TerminateProcess
0x180003020 GetCurrentProcess
0x180003028 RtlCaptureContext
0x180003030 RtlLookupFunctionEntry
0x180003038 RtlVirtualUnwind
0x180003040 UnhandledExceptionFilter
0x180003048 IsDebuggerPresent
0x180003050 IsProcessorFeaturePresent
0x180003058 QueryPerformanceCounter
0x180003060 GetCurrentProcessId
0x180003068 GetCurrentThreadId
0x180003070 GetSystemTimeAsFileTime
0x180003078 InitializeSListHead
VCRUNTIME140.dll
0x180003088 __C_specific_handler
0x180003090 memset
0x180003098 memcpy
0x1800030a0 __std_type_info_destroy_list
api-ms-win-crt-heap-l1-1-0.dll
0x1800030b0 malloc
api-ms-win-crt-runtime-l1-1-0.dll
0x1800030c0 _initterm
0x1800030c8 _initterm_e
0x1800030d0 _seh_filter_dll
0x1800030d8 _configure_narrow_argv
0x1800030e0 _initialize_narrow_environment
0x1800030e8 _initialize_onexit_table
0x1800030f0 _execute_onexit_table
0x1800030f8 _cexit
EAT(Export Address Table) is none