ScreenShot
| Created | 2024.07.01 10:25 | Machine | s1_win7_x6401 |
| Filename | pconsnap.dll.exe | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (AIDetectMalware, NukeSped, status, Unsafe, Save, Mint, CLOUD, dggcy, Detected, ai score=99, Malware@#3q33yszf9i0vw, ABTrojan, CIXV, Lazardoor, R592967, MALICIOUS, Oqil) | ||
| md5 | 8fb5e72a31680189d9a529b49962a0b1 | ||
| sha256 | 4f9ef9f4b90d8e0928a36369e90d912b1f4a3b5afc173cddecb1790aa06cdc74 | ||
| ssdeep | 1572864:jSGOD5R6/+fkA7n5gpO6TlY0C1U9j+JsTiV/Dn5+s24M/:jpODH63A75gpNhY0Cy96Js+VLJU | ||
| imphash | 77ea498ab4c59d017cd6a85eb58a7875 | ||
| impfuzzy | 96:28b967aaOkc+focWAtoXygG3o9JXFZa8Xp+HQNTT:2wcWQaJVZ+HQNTT | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x18011c5b0 inet_ntoa
0x18011c5b8 WSACleanup
0x18011c5c0 inet_addr
KERNEL32.dll
0x18011c090 lstrcmpiW
0x18011c098 lstrlenW
0x18011c0a0 GetComputerNameW
0x18011c0a8 GetLocaleInfoW
0x18011c0b0 CreateFileA
0x18011c0b8 DeleteFileW
0x18011c0c0 WriteFile
0x18011c0c8 GlobalUnlock
0x18011c0d0 GlobalLock
0x18011c0d8 GetTickCount
0x18011c0e0 lstrcmpW
0x18011c0e8 lstrcpyW
0x18011c0f0 HeapAlloc
0x18011c0f8 HeapFree
0x18011c100 InitializeProcThreadAttributeList
0x18011c108 DeleteProcThreadAttributeList
0x18011c110 UpdateProcThreadAttribute
0x18011c118 GlobalAlloc
0x18011c120 GlobalFree
0x18011c128 WideCharToMultiByte
0x18011c130 WaitForSingleObject
0x18011c138 CreateThread
0x18011c140 GetComputerNameA
0x18011c148 SetLastError
0x18011c150 GetProcessHeap
0x18011c158 GetSystemInfo
0x18011c160 VirtualAlloc
0x18011c168 VirtualProtect
0x18011c170 VirtualFree
0x18011c178 LoadLibraryA
0x18011c180 IsBadReadPtr
0x18011c188 GetHandleInformation
0x18011c190 GetProcessId
0x18011c198 GetModuleHandleW
0x18011c1a0 CreateFileW
0x18011c1a8 ReadFile
0x18011c1b0 SetFilePointer
0x18011c1b8 SystemTimeToFileTime
0x18011c1c0 MultiByteToWideChar
0x18011c1c8 LocalFree
0x18011c1d0 GetFileSize
0x18011c1d8 GetLocalTime
0x18011c1e0 CreateFileMappingW
0x18011c1e8 MapViewOfFile
0x18011c1f0 UnmapViewOfFile
0x18011c1f8 FileTimeToSystemTime
0x18011c200 CompareStringW
0x18011c208 SetEndOfFile
0x18011c210 WriteConsoleW
0x18011c218 HeapSize
0x18011c220 SetStdHandle
0x18011c228 SetEnvironmentVariableW
0x18011c230 FreeEnvironmentStringsW
0x18011c238 GetEnvironmentStringsW
0x18011c240 GetCommandLineW
0x18011c248 GetCommandLineA
0x18011c250 GetOEMCP
0x18011c258 GetACP
0x18011c260 LocalReAlloc
0x18011c268 LocalAlloc
0x18011c270 LoadLibraryW
0x18011c278 GetProcAddress
0x18011c280 FreeLibrary
0x18011c288 GetWindowsDirectoryW
0x18011c290 GetTickCount64
0x18011c298 OpenProcess
0x18011c2a0 GetCurrentProcessId
0x18011c2a8 RtlUnwind
0x18011c2b0 Sleep
0x18011c2b8 InitializeCriticalSectionEx
0x18011c2c0 GetLastError
0x18011c2c8 CloseHandle
0x18011c2d0 LCMapStringW
0x18011c2d8 IsValidLocale
0x18011c2e0 IsValidCodePage
0x18011c2e8 FindNextFileW
0x18011c2f0 FindFirstFileExW
0x18011c2f8 GetTimeFormatW
0x18011c300 GetDateFormatW
0x18011c308 FlsFree
0x18011c310 FlsSetValue
0x18011c318 FlsGetValue
0x18011c320 FlsAlloc
0x18011c328 FindClose
0x18011c330 HeapReAlloc
0x18011c338 ReadConsoleW
0x18011c340 SetFilePointerEx
0x18011c348 GetFileSizeEx
0x18011c350 GetConsoleMode
0x18011c358 GetConsoleOutputCP
0x18011c360 FlushFileBuffers
0x18011c368 GetTimeZoneInformation
0x18011c370 GetFileType
0x18011c378 GetStdHandle
0x18011c380 GetModuleFileNameW
0x18011c388 GetModuleHandleExW
0x18011c390 GetUserDefaultLCID
0x18011c398 GetFileInformationByHandle
0x18011c3a0 GetStringTypeW
0x18011c3a8 EnterCriticalSection
0x18011c3b0 LeaveCriticalSection
0x18011c3b8 DeleteCriticalSection
0x18011c3c0 GetLocaleInfoEx
0x18011c3c8 EncodePointer
0x18011c3d0 DecodePointer
0x18011c3d8 LCMapStringEx
0x18011c3e0 CompareStringEx
0x18011c3e8 GetCPInfo
0x18011c3f0 ReleaseSRWLockExclusive
0x18011c3f8 AcquireSRWLockExclusive
0x18011c400 WakeAllConditionVariable
0x18011c408 SleepConditionVariableSRW
0x18011c410 RtlCaptureContext
0x18011c418 RtlLookupFunctionEntry
0x18011c420 RtlVirtualUnwind
0x18011c428 UnhandledExceptionFilter
0x18011c430 SetUnhandledExceptionFilter
0x18011c438 GetCurrentProcess
0x18011c440 TerminateProcess
0x18011c448 IsProcessorFeaturePresent
0x18011c450 IsDebuggerPresent
0x18011c458 GetStartupInfoW
0x18011c460 QueryPerformanceCounter
0x18011c468 GetCurrentThreadId
0x18011c470 GetSystemTimeAsFileTime
0x18011c478 InitializeSListHead
0x18011c480 RtlPcToFileHeader
0x18011c488 RaiseException
0x18011c490 RtlUnwindEx
0x18011c498 InterlockedFlushSList
0x18011c4a0 InitializeCriticalSectionAndSpinCount
0x18011c4a8 TlsAlloc
0x18011c4b0 TlsGetValue
0x18011c4b8 TlsSetValue
0x18011c4c0 TlsFree
0x18011c4c8 LoadLibraryExW
0x18011c4d0 MoveFileExW
0x18011c4d8 QueryPerformanceFrequency
0x18011c4e0 GetFileAttributesExW
0x18011c4e8 ExitProcess
0x18011c4f0 EnumSystemLocalesW
USER32.dll
0x18011c550 OpenWindowStationW
0x18011c558 EnumDisplayDevicesW
0x18011c560 EnumDisplaySettingsW
0x18011c568 OpenDesktopW
0x18011c570 OpenInputDesktop
0x18011c578 SetThreadDesktop
0x18011c580 CloseDesktop
0x18011c588 GetDesktopWindow
0x18011c590 SetProcessWindowStation
0x18011c598 GetUserObjectInformationW
0x18011c5a0 GetSystemMetrics
GDI32.dll
0x18011c048 CreateCompatibleBitmap
0x18011c050 CreateCompatibleDC
0x18011c058 SelectObject
0x18011c060 GetDeviceCaps
0x18011c068 CreateDCW
0x18011c070 BitBlt
ADVAPI32.dll
0x18011c000 EnumDependentServicesW
0x18011c008 LookupAccountSidW
0x18011c010 DeleteService
0x18011c018 QueryServiceStatus
0x18011c020 LockServiceDatabase
0x18011c028 GetServiceDisplayNameW
0x18011c030 GetServiceKeyNameW
0x18011c038 EnumServicesStatusExW
ole32.dll
0x18011c628 GetHGlobalFromStream
0x18011c630 CreateStreamOnHGlobal
OLEAUT32.dll
0x18011c518 SysAllocString
0x18011c520 OleCreatePictureIndirect
0x18011c528 SysFreeString
0x18011c530 VariantClear
0x18011c538 VariantInit
0x18011c540 VariantChangeType
gdiplus.dll
0x18011c5d0 GdipGetImageEncoders
0x18011c5d8 GdipGetImageEncodersSize
0x18011c5e0 GdipAlloc
0x18011c5e8 GdipFree
0x18011c5f0 GdiplusStartup
0x18011c5f8 GdiplusShutdown
0x18011c600 GdipLoadImageFromFile
0x18011c608 GdipSaveImageToFile
0x18011c610 GdipCloneImage
0x18011c618 GdipDisposeImage
NETAPI32.dll
0x18011c500 NetConnectionEnum
0x18011c508 NetServerEnum
IPHLPAPI.DLL
0x18011c080 DeleteIpNetEntry
EAT(Export Address Table) is none
WS2_32.dll
0x18011c5b0 inet_ntoa
0x18011c5b8 WSACleanup
0x18011c5c0 inet_addr
KERNEL32.dll
0x18011c090 lstrcmpiW
0x18011c098 lstrlenW
0x18011c0a0 GetComputerNameW
0x18011c0a8 GetLocaleInfoW
0x18011c0b0 CreateFileA
0x18011c0b8 DeleteFileW
0x18011c0c0 WriteFile
0x18011c0c8 GlobalUnlock
0x18011c0d0 GlobalLock
0x18011c0d8 GetTickCount
0x18011c0e0 lstrcmpW
0x18011c0e8 lstrcpyW
0x18011c0f0 HeapAlloc
0x18011c0f8 HeapFree
0x18011c100 InitializeProcThreadAttributeList
0x18011c108 DeleteProcThreadAttributeList
0x18011c110 UpdateProcThreadAttribute
0x18011c118 GlobalAlloc
0x18011c120 GlobalFree
0x18011c128 WideCharToMultiByte
0x18011c130 WaitForSingleObject
0x18011c138 CreateThread
0x18011c140 GetComputerNameA
0x18011c148 SetLastError
0x18011c150 GetProcessHeap
0x18011c158 GetSystemInfo
0x18011c160 VirtualAlloc
0x18011c168 VirtualProtect
0x18011c170 VirtualFree
0x18011c178 LoadLibraryA
0x18011c180 IsBadReadPtr
0x18011c188 GetHandleInformation
0x18011c190 GetProcessId
0x18011c198 GetModuleHandleW
0x18011c1a0 CreateFileW
0x18011c1a8 ReadFile
0x18011c1b0 SetFilePointer
0x18011c1b8 SystemTimeToFileTime
0x18011c1c0 MultiByteToWideChar
0x18011c1c8 LocalFree
0x18011c1d0 GetFileSize
0x18011c1d8 GetLocalTime
0x18011c1e0 CreateFileMappingW
0x18011c1e8 MapViewOfFile
0x18011c1f0 UnmapViewOfFile
0x18011c1f8 FileTimeToSystemTime
0x18011c200 CompareStringW
0x18011c208 SetEndOfFile
0x18011c210 WriteConsoleW
0x18011c218 HeapSize
0x18011c220 SetStdHandle
0x18011c228 SetEnvironmentVariableW
0x18011c230 FreeEnvironmentStringsW
0x18011c238 GetEnvironmentStringsW
0x18011c240 GetCommandLineW
0x18011c248 GetCommandLineA
0x18011c250 GetOEMCP
0x18011c258 GetACP
0x18011c260 LocalReAlloc
0x18011c268 LocalAlloc
0x18011c270 LoadLibraryW
0x18011c278 GetProcAddress
0x18011c280 FreeLibrary
0x18011c288 GetWindowsDirectoryW
0x18011c290 GetTickCount64
0x18011c298 OpenProcess
0x18011c2a0 GetCurrentProcessId
0x18011c2a8 RtlUnwind
0x18011c2b0 Sleep
0x18011c2b8 InitializeCriticalSectionEx
0x18011c2c0 GetLastError
0x18011c2c8 CloseHandle
0x18011c2d0 LCMapStringW
0x18011c2d8 IsValidLocale
0x18011c2e0 IsValidCodePage
0x18011c2e8 FindNextFileW
0x18011c2f0 FindFirstFileExW
0x18011c2f8 GetTimeFormatW
0x18011c300 GetDateFormatW
0x18011c308 FlsFree
0x18011c310 FlsSetValue
0x18011c318 FlsGetValue
0x18011c320 FlsAlloc
0x18011c328 FindClose
0x18011c330 HeapReAlloc
0x18011c338 ReadConsoleW
0x18011c340 SetFilePointerEx
0x18011c348 GetFileSizeEx
0x18011c350 GetConsoleMode
0x18011c358 GetConsoleOutputCP
0x18011c360 FlushFileBuffers
0x18011c368 GetTimeZoneInformation
0x18011c370 GetFileType
0x18011c378 GetStdHandle
0x18011c380 GetModuleFileNameW
0x18011c388 GetModuleHandleExW
0x18011c390 GetUserDefaultLCID
0x18011c398 GetFileInformationByHandle
0x18011c3a0 GetStringTypeW
0x18011c3a8 EnterCriticalSection
0x18011c3b0 LeaveCriticalSection
0x18011c3b8 DeleteCriticalSection
0x18011c3c0 GetLocaleInfoEx
0x18011c3c8 EncodePointer
0x18011c3d0 DecodePointer
0x18011c3d8 LCMapStringEx
0x18011c3e0 CompareStringEx
0x18011c3e8 GetCPInfo
0x18011c3f0 ReleaseSRWLockExclusive
0x18011c3f8 AcquireSRWLockExclusive
0x18011c400 WakeAllConditionVariable
0x18011c408 SleepConditionVariableSRW
0x18011c410 RtlCaptureContext
0x18011c418 RtlLookupFunctionEntry
0x18011c420 RtlVirtualUnwind
0x18011c428 UnhandledExceptionFilter
0x18011c430 SetUnhandledExceptionFilter
0x18011c438 GetCurrentProcess
0x18011c440 TerminateProcess
0x18011c448 IsProcessorFeaturePresent
0x18011c450 IsDebuggerPresent
0x18011c458 GetStartupInfoW
0x18011c460 QueryPerformanceCounter
0x18011c468 GetCurrentThreadId
0x18011c470 GetSystemTimeAsFileTime
0x18011c478 InitializeSListHead
0x18011c480 RtlPcToFileHeader
0x18011c488 RaiseException
0x18011c490 RtlUnwindEx
0x18011c498 InterlockedFlushSList
0x18011c4a0 InitializeCriticalSectionAndSpinCount
0x18011c4a8 TlsAlloc
0x18011c4b0 TlsGetValue
0x18011c4b8 TlsSetValue
0x18011c4c0 TlsFree
0x18011c4c8 LoadLibraryExW
0x18011c4d0 MoveFileExW
0x18011c4d8 QueryPerformanceFrequency
0x18011c4e0 GetFileAttributesExW
0x18011c4e8 ExitProcess
0x18011c4f0 EnumSystemLocalesW
USER32.dll
0x18011c550 OpenWindowStationW
0x18011c558 EnumDisplayDevicesW
0x18011c560 EnumDisplaySettingsW
0x18011c568 OpenDesktopW
0x18011c570 OpenInputDesktop
0x18011c578 SetThreadDesktop
0x18011c580 CloseDesktop
0x18011c588 GetDesktopWindow
0x18011c590 SetProcessWindowStation
0x18011c598 GetUserObjectInformationW
0x18011c5a0 GetSystemMetrics
GDI32.dll
0x18011c048 CreateCompatibleBitmap
0x18011c050 CreateCompatibleDC
0x18011c058 SelectObject
0x18011c060 GetDeviceCaps
0x18011c068 CreateDCW
0x18011c070 BitBlt
ADVAPI32.dll
0x18011c000 EnumDependentServicesW
0x18011c008 LookupAccountSidW
0x18011c010 DeleteService
0x18011c018 QueryServiceStatus
0x18011c020 LockServiceDatabase
0x18011c028 GetServiceDisplayNameW
0x18011c030 GetServiceKeyNameW
0x18011c038 EnumServicesStatusExW
ole32.dll
0x18011c628 GetHGlobalFromStream
0x18011c630 CreateStreamOnHGlobal
OLEAUT32.dll
0x18011c518 SysAllocString
0x18011c520 OleCreatePictureIndirect
0x18011c528 SysFreeString
0x18011c530 VariantClear
0x18011c538 VariantInit
0x18011c540 VariantChangeType
gdiplus.dll
0x18011c5d0 GdipGetImageEncoders
0x18011c5d8 GdipGetImageEncodersSize
0x18011c5e0 GdipAlloc
0x18011c5e8 GdipFree
0x18011c5f0 GdiplusStartup
0x18011c5f8 GdiplusShutdown
0x18011c600 GdipLoadImageFromFile
0x18011c608 GdipSaveImageToFile
0x18011c610 GdipCloneImage
0x18011c618 GdipDisposeImage
NETAPI32.dll
0x18011c500 NetConnectionEnum
0x18011c508 NetServerEnum
IPHLPAPI.DLL
0x18011c080 DeleteIpNetEntry
EAT(Export Address Table) is none