ScreenShot
| Created | 2024.05.31 10:25 | Machine | s1_win7_x6403 |
| Filename | NimDllLoader.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 15 detected (malicious, high confidence, Save, Detected, PossibleThreat, PALLAS, confidence) | ||
| md5 | 8960bb93e3796d6fdd8d637d54bc2d24 | ||
| sha256 | 41dfa864f8603937bc72ac9f9f9eca22dae0fed561e54c8f27675e75e43a2d63 | ||
| ssdeep | 12288:NUAc/V3MutnA3kXIK4y8SBUghSBvzmVDIbX:qAQV3Mu9A3OZ4y8SBUghSVzYDIbX | ||
| imphash | d980032757258196e9c35f2cfd546175 | ||
| impfuzzy | 24:DfjcDq+kLQYJd53jIlMblR95XG6qKZ8dd1TomvlxcqK06Zy:Dfn+kbSslTJG6qA8dd1T1vkqd7 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140051264 CreateSemaphoreW
0x14005126c DeleteCriticalSection
0x140051274 EnterCriticalSection
0x14005127c GetLastError
0x140051284 GetProcAddress
0x14005128c GetStartupInfoA
0x140051294 InitializeCriticalSection
0x14005129c IsDBCSLeadByteEx
0x1400512a4 LeaveCriticalSection
0x1400512ac LoadLibraryA
0x1400512b4 MultiByteToWideChar
0x1400512bc ReleaseSemaphore
0x1400512c4 SetLastError
0x1400512cc SetUnhandledExceptionFilter
0x1400512d4 Sleep
0x1400512dc TlsAlloc
0x1400512e4 TlsGetValue
0x1400512ec TlsSetValue
0x1400512f4 VirtualAlloc
0x1400512fc VirtualFree
0x140051304 VirtualProtect
0x14005130c VirtualQuery
0x140051314 WaitForSingleObject
0x14005131c WideCharToMultiByte
msvcrt.dll
0x14005132c __C_specific_handler
0x140051334 ___lc_codepage_func
0x14005133c ___mb_cur_max_func
0x140051344 __getmainargs
0x14005134c __initenv
0x140051354 __iob_func
0x14005135c __lconv_init
0x140051364 __set_app_type
0x14005136c __setusermatherr
0x140051374 _acmdln
0x14005137c _amsg_exit
0x140051384 _cexit
0x14005138c _commode
0x140051394 _errno
0x14005139c _fileno
0x1400513a4 _fmode
0x1400513ac _initterm
0x1400513b4 _lock
0x1400513bc _onexit
0x1400513c4 _setmode
0x1400513cc _unlock
0x1400513d4 abort
0x1400513dc calloc
0x1400513e4 exit
0x1400513ec fflush
0x1400513f4 fprintf
0x1400513fc fputc
0x140051404 free
0x14005140c fwrite
0x140051414 localeconv
0x14005141c malloc
0x140051424 memchr
0x14005142c memcmp
0x140051434 memcpy
0x14005143c memset
0x140051444 realloc
0x14005144c signal
0x140051454 strcmp
0x14005145c strerror
0x140051464 strlen
0x14005146c strncmp
0x140051474 vfprintf
0x14005147c wcslen
EAT(Export Address Table) is none
KERNEL32.dll
0x140051264 CreateSemaphoreW
0x14005126c DeleteCriticalSection
0x140051274 EnterCriticalSection
0x14005127c GetLastError
0x140051284 GetProcAddress
0x14005128c GetStartupInfoA
0x140051294 InitializeCriticalSection
0x14005129c IsDBCSLeadByteEx
0x1400512a4 LeaveCriticalSection
0x1400512ac LoadLibraryA
0x1400512b4 MultiByteToWideChar
0x1400512bc ReleaseSemaphore
0x1400512c4 SetLastError
0x1400512cc SetUnhandledExceptionFilter
0x1400512d4 Sleep
0x1400512dc TlsAlloc
0x1400512e4 TlsGetValue
0x1400512ec TlsSetValue
0x1400512f4 VirtualAlloc
0x1400512fc VirtualFree
0x140051304 VirtualProtect
0x14005130c VirtualQuery
0x140051314 WaitForSingleObject
0x14005131c WideCharToMultiByte
msvcrt.dll
0x14005132c __C_specific_handler
0x140051334 ___lc_codepage_func
0x14005133c ___mb_cur_max_func
0x140051344 __getmainargs
0x14005134c __initenv
0x140051354 __iob_func
0x14005135c __lconv_init
0x140051364 __set_app_type
0x14005136c __setusermatherr
0x140051374 _acmdln
0x14005137c _amsg_exit
0x140051384 _cexit
0x14005138c _commode
0x140051394 _errno
0x14005139c _fileno
0x1400513a4 _fmode
0x1400513ac _initterm
0x1400513b4 _lock
0x1400513bc _onexit
0x1400513c4 _setmode
0x1400513cc _unlock
0x1400513d4 abort
0x1400513dc calloc
0x1400513e4 exit
0x1400513ec fflush
0x1400513f4 fprintf
0x1400513fc fputc
0x140051404 free
0x14005140c fwrite
0x140051414 localeconv
0x14005141c malloc
0x140051424 memchr
0x14005142c memcmp
0x140051434 memcpy
0x14005143c memset
0x140051444 realloc
0x14005144c signal
0x140051454 strcmp
0x14005145c strerror
0x140051464 strlen
0x14005146c strncmp
0x140051474 vfprintf
0x14005147c wcslen
EAT(Export Address Table) is none