ScreenShot
| Created | 2024.06.29 15:17 | Machine | s1_win7_x6403 |
| Filename | ffucore.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 44 detected (AIDetectMalware, malicious, high confidence, score, Fragtor, Infected, Unsafe, SilverFox, swkbu, Attribute, HighConfidence, ETRZ, Artemis, CLASSIC, dxafd, Loader, moderate, Detected, ai score=80, Casdet, R656658, R002H09FP24, susgen, confidence, 100%) | ||
| md5 | fc5857b45516cd1decae5dbd68d59924 | ||
| sha256 | 09dd0de52154c82e85335ebbaae98e4d8d750d826171da9c7bea2ba9033c4551 | ||
| ssdeep | 6144:zaU22ravSWBqQK62sZ4XDPwtLKtr616/Z8xUgK:zaR2raq0p5Z4XziGD/W2gK | ||
| imphash | 92dd8a57c388fde2670d2599076670d6 | ||
| impfuzzy | 24:d2OxDaaxWlKbcpVWZttlS1IJ0iJvjMPlmroBjvuZjGMXpOovbOPZ+2AGkL:EMWUcpVettlS1kJbMPEGuZa3k2ANL | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Moves the original executable to a new location |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1003d000 GetModuleFileNameW
0x1003d004 GetLastError
0x1003d008 DisableThreadLibraryCalls
0x1003d00c MoveFileExW
0x1003d010 VirtualProtect
0x1003d014 GetProcAddress
0x1003d018 ReadFile
0x1003d01c VirtualFree
0x1003d020 VirtualAlloc
0x1003d024 CreateFileW
0x1003d028 CloseHandle
0x1003d02c GetFileSize
0x1003d030 WakeAllConditionVariable
0x1003d034 AcquireSRWLockExclusive
0x1003d038 ReleaseSRWLockExclusive
0x1003d03c WriteConsoleW
0x1003d040 WideCharToMultiByte
0x1003d044 MultiByteToWideChar
0x1003d048 GetStringTypeW
0x1003d04c EnterCriticalSection
0x1003d050 LeaveCriticalSection
0x1003d054 InitializeCriticalSectionEx
0x1003d058 DeleteCriticalSection
0x1003d05c EncodePointer
0x1003d060 DecodePointer
0x1003d064 LCMapStringEx
0x1003d068 GetCPInfo
0x1003d06c IsProcessorFeaturePresent
0x1003d070 UnhandledExceptionFilter
0x1003d074 SetUnhandledExceptionFilter
0x1003d078 GetCurrentProcess
0x1003d07c TerminateProcess
0x1003d080 QueryPerformanceCounter
0x1003d084 GetCurrentProcessId
0x1003d088 GetCurrentThreadId
0x1003d08c GetSystemTimeAsFileTime
0x1003d090 InitializeSListHead
0x1003d094 IsDebuggerPresent
0x1003d098 GetStartupInfoW
0x1003d09c GetModuleHandleW
0x1003d0a0 SetLastError
0x1003d0a4 GetModuleHandleA
0x1003d0a8 GetNativeSystemInfo
0x1003d0ac LoadLibraryA
0x1003d0b0 FreeLibrary
0x1003d0b4 GetThreadLocale
0x1003d0b8 lstrlenW
0x1003d0bc RtlUnwind
0x1003d0c0 RaiseException
0x1003d0c4 InterlockedFlushSList
0x1003d0c8 VirtualQuery
0x1003d0cc InitializeCriticalSectionAndSpinCount
0x1003d0d0 TlsAlloc
0x1003d0d4 TlsGetValue
0x1003d0d8 TlsSetValue
0x1003d0dc TlsFree
0x1003d0e0 LoadLibraryExW
0x1003d0e4 ExitProcess
0x1003d0e8 GetModuleHandleExW
0x1003d0ec HeapAlloc
0x1003d0f0 HeapFree
0x1003d0f4 GetStdHandle
0x1003d0f8 GetFileType
0x1003d0fc LCMapStringW
0x1003d100 GetLocaleInfoW
0x1003d104 IsValidLocale
0x1003d108 GetUserDefaultLCID
0x1003d10c EnumSystemLocalesW
0x1003d110 FlushFileBuffers
0x1003d114 WriteFile
0x1003d118 GetConsoleOutputCP
0x1003d11c GetConsoleMode
0x1003d120 GetFileSizeEx
0x1003d124 SetFilePointerEx
0x1003d128 ReadConsoleW
0x1003d12c HeapReAlloc
0x1003d130 FindClose
0x1003d134 FindFirstFileExW
0x1003d138 FindNextFileW
0x1003d13c IsValidCodePage
0x1003d140 GetACP
0x1003d144 GetOEMCP
0x1003d148 GetCommandLineA
0x1003d14c GetCommandLineW
0x1003d150 GetEnvironmentStringsW
0x1003d154 FreeEnvironmentStringsW
0x1003d158 GetProcessHeap
0x1003d15c SetStdHandle
0x1003d160 HeapSize
0x1003d164 SleepConditionVariableSRW
SHLWAPI.dll
0x1003d16c PathAppendW
0x1003d170 PathFileExistsW
0x1003d174 PathRemoveFileSpecW
USER32.dll
0x1003d17c wsprintfW
EAT(Export Address Table) Library
0x1001a6e0 CreateUpdateSession
0x10004dd0 FreeLibraryMemoryAndExitThread
0x1001a6e6 InitLog
0x10004dd0 NtUnloadDllMemoryAndExitThread
0x1001a6ec SDDnsQuery
0x1001a6f2 SDDownloadFile
KERNEL32.dll
0x1003d000 GetModuleFileNameW
0x1003d004 GetLastError
0x1003d008 DisableThreadLibraryCalls
0x1003d00c MoveFileExW
0x1003d010 VirtualProtect
0x1003d014 GetProcAddress
0x1003d018 ReadFile
0x1003d01c VirtualFree
0x1003d020 VirtualAlloc
0x1003d024 CreateFileW
0x1003d028 CloseHandle
0x1003d02c GetFileSize
0x1003d030 WakeAllConditionVariable
0x1003d034 AcquireSRWLockExclusive
0x1003d038 ReleaseSRWLockExclusive
0x1003d03c WriteConsoleW
0x1003d040 WideCharToMultiByte
0x1003d044 MultiByteToWideChar
0x1003d048 GetStringTypeW
0x1003d04c EnterCriticalSection
0x1003d050 LeaveCriticalSection
0x1003d054 InitializeCriticalSectionEx
0x1003d058 DeleteCriticalSection
0x1003d05c EncodePointer
0x1003d060 DecodePointer
0x1003d064 LCMapStringEx
0x1003d068 GetCPInfo
0x1003d06c IsProcessorFeaturePresent
0x1003d070 UnhandledExceptionFilter
0x1003d074 SetUnhandledExceptionFilter
0x1003d078 GetCurrentProcess
0x1003d07c TerminateProcess
0x1003d080 QueryPerformanceCounter
0x1003d084 GetCurrentProcessId
0x1003d088 GetCurrentThreadId
0x1003d08c GetSystemTimeAsFileTime
0x1003d090 InitializeSListHead
0x1003d094 IsDebuggerPresent
0x1003d098 GetStartupInfoW
0x1003d09c GetModuleHandleW
0x1003d0a0 SetLastError
0x1003d0a4 GetModuleHandleA
0x1003d0a8 GetNativeSystemInfo
0x1003d0ac LoadLibraryA
0x1003d0b0 FreeLibrary
0x1003d0b4 GetThreadLocale
0x1003d0b8 lstrlenW
0x1003d0bc RtlUnwind
0x1003d0c0 RaiseException
0x1003d0c4 InterlockedFlushSList
0x1003d0c8 VirtualQuery
0x1003d0cc InitializeCriticalSectionAndSpinCount
0x1003d0d0 TlsAlloc
0x1003d0d4 TlsGetValue
0x1003d0d8 TlsSetValue
0x1003d0dc TlsFree
0x1003d0e0 LoadLibraryExW
0x1003d0e4 ExitProcess
0x1003d0e8 GetModuleHandleExW
0x1003d0ec HeapAlloc
0x1003d0f0 HeapFree
0x1003d0f4 GetStdHandle
0x1003d0f8 GetFileType
0x1003d0fc LCMapStringW
0x1003d100 GetLocaleInfoW
0x1003d104 IsValidLocale
0x1003d108 GetUserDefaultLCID
0x1003d10c EnumSystemLocalesW
0x1003d110 FlushFileBuffers
0x1003d114 WriteFile
0x1003d118 GetConsoleOutputCP
0x1003d11c GetConsoleMode
0x1003d120 GetFileSizeEx
0x1003d124 SetFilePointerEx
0x1003d128 ReadConsoleW
0x1003d12c HeapReAlloc
0x1003d130 FindClose
0x1003d134 FindFirstFileExW
0x1003d138 FindNextFileW
0x1003d13c IsValidCodePage
0x1003d140 GetACP
0x1003d144 GetOEMCP
0x1003d148 GetCommandLineA
0x1003d14c GetCommandLineW
0x1003d150 GetEnvironmentStringsW
0x1003d154 FreeEnvironmentStringsW
0x1003d158 GetProcessHeap
0x1003d15c SetStdHandle
0x1003d160 HeapSize
0x1003d164 SleepConditionVariableSRW
SHLWAPI.dll
0x1003d16c PathAppendW
0x1003d170 PathFileExistsW
0x1003d174 PathRemoveFileSpecW
USER32.dll
0x1003d17c wsprintfW
EAT(Export Address Table) Library
0x1001a6e0 CreateUpdateSession
0x10004dd0 FreeLibraryMemoryAndExitThread
0x1001a6e6 InitLog
0x10004dd0 NtUnloadDllMemoryAndExitThread
0x1001a6ec SDDnsQuery
0x1001a6f2 SDDownloadFile