ScreenShot
| Created | 2024.06.24 11:04 | Machine | s1_win7_x6401 |
| Filename | a.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 7 detected (Malicious, score, ZedlaF, Dy5@aKVkFhjb) | ||
| md5 | e543d220625ff34807f7418a638f0775 | ||
| sha256 | 1403c93a5684a9e1d597d976be03df41e5cec422cd85bf2b3f726ae507467d17 | ||
| ssdeep | 6144:2ePGSKZI3pCLkMQSWm9oseyO9jjzKf3QH5SQnYav:2euZApCLk/SWm9oseRjzKPQH3ntv | ||
| imphash | 0082e8e8d7ba0df2ef33edcc6ef81f35 | ||
| impfuzzy | 48:oKxEPceacepPcZ+DPYydF+cxhc1U1FMreRt2Blla/ZPE9tzfFZnSvECL/Kn6G4Ig:oKxQ1a3U+DPBF+cxhc1U/MreujmooYI | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1006f66c GetVersionExA
0x1006f670 GlobalFree
0x1006f674 GlobalUnlock
0x1006f678 GlobalLock
0x1006f67c GlobalAlloc
0x1006f680 GlobalSize
0x1006f684 GetDriveTypeA
0x1006f688 GetDiskFreeSpaceExA
0x1006f68c GetVolumeInformationA
0x1006f690 lstrlenA
0x1006f694 GetLogicalDriveStringsA
0x1006f698 MoveFileA
0x1006f69c FindClose
0x1006f6a0 FindFirstFileA
0x1006f6a4 WriteFile
0x1006f6a8 SetFilePointer
0x1006f6ac CreateFileA
0x1006f6b0 CreateDirectoryA
0x1006f6b4 GetFileAttributesA
0x1006f6b8 FindNextFileA
0x1006f6bc LocalReAlloc
0x1006f6c0 LocalFree
0x1006f6c4 LocalAlloc
0x1006f6c8 CreateProcessA
0x1006f6cc GetSystemDirectoryA
0x1006f6d0 CreatePipe
0x1006f6d4 ReadFile
0x1006f6d8 PeekNamedPipe
0x1006f6dc DisconnectNamedPipe
0x1006f6e0 TerminateThread
0x1006f6e4 TerminateProcess
0x1006f6e8 LocalSize
0x1006f6ec Process32Next
0x1006f6f0 OpenProcess
0x1006f6f4 Process32First
0x1006f6f8 CancelIo
0x1006f6fc GetCurrentProcess
0x1006f700 CompareStringW
0x1006f704 CompareStringA
0x1006f708 GetLocaleInfoW
0x1006f70c GetTimeZoneInformation
0x1006f710 SetStdHandle
0x1006f714 GetUserDefaultLCID
0x1006f718 EnumSystemLocalesA
0x1006f71c CreateThread
0x1006f720 IsValidCodePage
0x1006f724 IsValidLocale
0x1006f728 FlushFileBuffers
0x1006f72c LCMapStringW
0x1006f730 LCMapStringA
0x1006f734 GetOEMCP
0x1006f738 GetACP
0x1006f73c GetCPInfo
0x1006f740 GetStringTypeW
0x1006f744 GetStringTypeA
0x1006f748 MultiByteToWideChar
0x1006f74c UnhandledExceptionFilter
0x1006f750 IsBadCodePtr
0x1006f754 SetConsoleCtrlHandler
0x1006f758 GetEnvironmentStringsW
0x1006f75c GetEnvironmentStrings
0x1006f760 WideCharToMultiByte
0x1006f764 FreeEnvironmentStringsW
0x1006f768 FreeEnvironmentStringsA
0x1006f76c GetStartupInfoA
0x1006f770 GetFileType
0x1006f774 SetHandleCount
0x1006f778 HeapCreate
0x1006f77c HeapDestroy
0x1006f780 GetEnvironmentVariableA
0x1006f784 HeapReAlloc
0x1006f788 InterlockedExchange
0x1006f78c Sleep
0x1006f790 GetLastError
0x1006f794 SetEvent
0x1006f798 CreateEventA
0x1006f79c CreateToolhelp32Snapshot
0x1006f7a0 GetTickCount
0x1006f7a4 InitializeCriticalSection
0x1006f7a8 WaitForSingleObject
0x1006f7ac CloseHandle
0x1006f7b0 VirtualAlloc
0x1006f7b4 EnterCriticalSection
0x1006f7b8 LeaveCriticalSection
0x1006f7bc VirtualFree
0x1006f7c0 HeapAlloc
0x1006f7c4 SetUnhandledExceptionFilter
0x1006f7c8 HeapFree
0x1006f7cc FatalAppExitA
0x1006f7d0 GetCurrentThread
0x1006f7d4 TlsGetValue
0x1006f7d8 SetLastError
0x1006f7dc TlsFree
0x1006f7e0 TlsAlloc
0x1006f7e4 TlsSetValue
0x1006f7e8 GetCurrentThreadId
0x1006f7ec ExitProcess
0x1006f7f0 GetModuleHandleA
0x1006f7f4 GetModuleFileNameA
0x1006f7f8 InterlockedIncrement
0x1006f7fc LoadLibraryA
0x1006f800 GetProcAddress
0x1006f804 OutputDebugStringA
0x1006f808 DeleteCriticalSection
0x1006f80c GetLocaleInfoA
0x1006f810 InterlockedDecrement
0x1006f814 GetStdHandle
0x1006f818 DebugBreak
0x1006f81c GetVersion
0x1006f820 GetCommandLineA
0x1006f824 RtlUnwind
0x1006f828 RaiseException
0x1006f82c IsBadWritePtr
0x1006f830 IsBadReadPtr
0x1006f834 HeapValidate
0x1006f838 SetEnvironmentVariableA
USER32.dll
0x1006f92c BlockInput
0x1006f930 CloseClipboard
0x1006f934 SetClipboardData
0x1006f938 EmptyClipboard
0x1006f93c OpenClipboard
0x1006f940 GetClipboardData
0x1006f944 GetCursorInfo
0x1006f948 MapVirtualKeyA
0x1006f94c mouse_event
0x1006f950 SetCapture
0x1006f954 WindowFromPoint
0x1006f958 SetCursorPos
0x1006f95c GetSystemMetrics
0x1006f960 DestroyCursor
0x1006f964 keybd_event
0x1006f968 EndDialog
0x1006f96c GetWindowTextA
0x1006f970 IsWindowVisible
0x1006f974 EnumWindows
0x1006f978 ShowWindow
0x1006f97c PostMessageA
0x1006f980 GetDC
0x1006f984 KillTimer
0x1006f988 SystemParametersInfoA
0x1006f98c MoveWindow
0x1006f990 SetDlgItemTextA
0x1006f994 SetTimer
0x1006f998 DialogBoxParamA
0x1006f99c wsprintfA
0x1006f9a0 CharNextA
0x1006f9a4 GetCursorPos
0x1006f9a8 ReleaseDC
0x1006f9ac GetDesktopWindow
GDI32.dll
0x1006f624 DeleteDC
0x1006f628 DeleteObject
0x1006f62c CreateCompatibleDC
0x1006f630 CreateDIBSection
0x1006f634 SelectObject
0x1006f638 BitBlt
ADVAPI32.dll
0x1006f5ac RegQueryValueExA
0x1006f5b0 OpenProcessToken
0x1006f5b4 LookupPrivilegeValueA
0x1006f5b8 AdjustTokenPrivileges
0x1006f5bc RegOpenKeyA
0x1006f5c0 RegCloseKey
SHELL32.dll
0x1006f8f8 SHGetFileInfoA
0x1006f8fc ShellExecuteA
WS2_32.dll
0x1006fa24 WSACleanup
0x1006fa28 closesocket
0x1006fa2c WSAIoctl
0x1006fa30 setsockopt
0x1006fa34 connect
0x1006fa38 inet_addr
0x1006fa3c WSAStartup
0x1006fa40 socket
0x1006fa44 recv
0x1006fa48 select
0x1006fa4c send
0x1006fa50 getsockname
0x1006fa54 gethostname
0x1006fa58 htons
AVICAP32.dll
0x1006f5f4 capGetDriverDescriptionA
WINMM.dll
0x1006f9f4 PlaySoundA
PSAPI.DLL
0x1006f8c4 EnumProcessModules
0x1006f8c8 GetModuleFileNameExA
EAT(Export Address Table) Library
0x100010f0 TestRun
KERNEL32.dll
0x1006f66c GetVersionExA
0x1006f670 GlobalFree
0x1006f674 GlobalUnlock
0x1006f678 GlobalLock
0x1006f67c GlobalAlloc
0x1006f680 GlobalSize
0x1006f684 GetDriveTypeA
0x1006f688 GetDiskFreeSpaceExA
0x1006f68c GetVolumeInformationA
0x1006f690 lstrlenA
0x1006f694 GetLogicalDriveStringsA
0x1006f698 MoveFileA
0x1006f69c FindClose
0x1006f6a0 FindFirstFileA
0x1006f6a4 WriteFile
0x1006f6a8 SetFilePointer
0x1006f6ac CreateFileA
0x1006f6b0 CreateDirectoryA
0x1006f6b4 GetFileAttributesA
0x1006f6b8 FindNextFileA
0x1006f6bc LocalReAlloc
0x1006f6c0 LocalFree
0x1006f6c4 LocalAlloc
0x1006f6c8 CreateProcessA
0x1006f6cc GetSystemDirectoryA
0x1006f6d0 CreatePipe
0x1006f6d4 ReadFile
0x1006f6d8 PeekNamedPipe
0x1006f6dc DisconnectNamedPipe
0x1006f6e0 TerminateThread
0x1006f6e4 TerminateProcess
0x1006f6e8 LocalSize
0x1006f6ec Process32Next
0x1006f6f0 OpenProcess
0x1006f6f4 Process32First
0x1006f6f8 CancelIo
0x1006f6fc GetCurrentProcess
0x1006f700 CompareStringW
0x1006f704 CompareStringA
0x1006f708 GetLocaleInfoW
0x1006f70c GetTimeZoneInformation
0x1006f710 SetStdHandle
0x1006f714 GetUserDefaultLCID
0x1006f718 EnumSystemLocalesA
0x1006f71c CreateThread
0x1006f720 IsValidCodePage
0x1006f724 IsValidLocale
0x1006f728 FlushFileBuffers
0x1006f72c LCMapStringW
0x1006f730 LCMapStringA
0x1006f734 GetOEMCP
0x1006f738 GetACP
0x1006f73c GetCPInfo
0x1006f740 GetStringTypeW
0x1006f744 GetStringTypeA
0x1006f748 MultiByteToWideChar
0x1006f74c UnhandledExceptionFilter
0x1006f750 IsBadCodePtr
0x1006f754 SetConsoleCtrlHandler
0x1006f758 GetEnvironmentStringsW
0x1006f75c GetEnvironmentStrings
0x1006f760 WideCharToMultiByte
0x1006f764 FreeEnvironmentStringsW
0x1006f768 FreeEnvironmentStringsA
0x1006f76c GetStartupInfoA
0x1006f770 GetFileType
0x1006f774 SetHandleCount
0x1006f778 HeapCreate
0x1006f77c HeapDestroy
0x1006f780 GetEnvironmentVariableA
0x1006f784 HeapReAlloc
0x1006f788 InterlockedExchange
0x1006f78c Sleep
0x1006f790 GetLastError
0x1006f794 SetEvent
0x1006f798 CreateEventA
0x1006f79c CreateToolhelp32Snapshot
0x1006f7a0 GetTickCount
0x1006f7a4 InitializeCriticalSection
0x1006f7a8 WaitForSingleObject
0x1006f7ac CloseHandle
0x1006f7b0 VirtualAlloc
0x1006f7b4 EnterCriticalSection
0x1006f7b8 LeaveCriticalSection
0x1006f7bc VirtualFree
0x1006f7c0 HeapAlloc
0x1006f7c4 SetUnhandledExceptionFilter
0x1006f7c8 HeapFree
0x1006f7cc FatalAppExitA
0x1006f7d0 GetCurrentThread
0x1006f7d4 TlsGetValue
0x1006f7d8 SetLastError
0x1006f7dc TlsFree
0x1006f7e0 TlsAlloc
0x1006f7e4 TlsSetValue
0x1006f7e8 GetCurrentThreadId
0x1006f7ec ExitProcess
0x1006f7f0 GetModuleHandleA
0x1006f7f4 GetModuleFileNameA
0x1006f7f8 InterlockedIncrement
0x1006f7fc LoadLibraryA
0x1006f800 GetProcAddress
0x1006f804 OutputDebugStringA
0x1006f808 DeleteCriticalSection
0x1006f80c GetLocaleInfoA
0x1006f810 InterlockedDecrement
0x1006f814 GetStdHandle
0x1006f818 DebugBreak
0x1006f81c GetVersion
0x1006f820 GetCommandLineA
0x1006f824 RtlUnwind
0x1006f828 RaiseException
0x1006f82c IsBadWritePtr
0x1006f830 IsBadReadPtr
0x1006f834 HeapValidate
0x1006f838 SetEnvironmentVariableA
USER32.dll
0x1006f92c BlockInput
0x1006f930 CloseClipboard
0x1006f934 SetClipboardData
0x1006f938 EmptyClipboard
0x1006f93c OpenClipboard
0x1006f940 GetClipboardData
0x1006f944 GetCursorInfo
0x1006f948 MapVirtualKeyA
0x1006f94c mouse_event
0x1006f950 SetCapture
0x1006f954 WindowFromPoint
0x1006f958 SetCursorPos
0x1006f95c GetSystemMetrics
0x1006f960 DestroyCursor
0x1006f964 keybd_event
0x1006f968 EndDialog
0x1006f96c GetWindowTextA
0x1006f970 IsWindowVisible
0x1006f974 EnumWindows
0x1006f978 ShowWindow
0x1006f97c PostMessageA
0x1006f980 GetDC
0x1006f984 KillTimer
0x1006f988 SystemParametersInfoA
0x1006f98c MoveWindow
0x1006f990 SetDlgItemTextA
0x1006f994 SetTimer
0x1006f998 DialogBoxParamA
0x1006f99c wsprintfA
0x1006f9a0 CharNextA
0x1006f9a4 GetCursorPos
0x1006f9a8 ReleaseDC
0x1006f9ac GetDesktopWindow
GDI32.dll
0x1006f624 DeleteDC
0x1006f628 DeleteObject
0x1006f62c CreateCompatibleDC
0x1006f630 CreateDIBSection
0x1006f634 SelectObject
0x1006f638 BitBlt
ADVAPI32.dll
0x1006f5ac RegQueryValueExA
0x1006f5b0 OpenProcessToken
0x1006f5b4 LookupPrivilegeValueA
0x1006f5b8 AdjustTokenPrivileges
0x1006f5bc RegOpenKeyA
0x1006f5c0 RegCloseKey
SHELL32.dll
0x1006f8f8 SHGetFileInfoA
0x1006f8fc ShellExecuteA
WS2_32.dll
0x1006fa24 WSACleanup
0x1006fa28 closesocket
0x1006fa2c WSAIoctl
0x1006fa30 setsockopt
0x1006fa34 connect
0x1006fa38 inet_addr
0x1006fa3c WSAStartup
0x1006fa40 socket
0x1006fa44 recv
0x1006fa48 select
0x1006fa4c send
0x1006fa50 getsockname
0x1006fa54 gethostname
0x1006fa58 htons
AVICAP32.dll
0x1006f5f4 capGetDriverDescriptionA
WINMM.dll
0x1006f9f4 PlaySoundA
PSAPI.DLL
0x1006f8c4 EnumProcessModules
0x1006f8c8 GetModuleFileNameExA
EAT(Export Address Table) Library
0x100010f0 TestRun