ScreenShot
| Created | 2024.07.04 16:59 | Machine | s1_win7_x6401 |
| Filename | UpdaterLOC.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (AIDetectMalware, Windows, Metasploit, Malicious, score, GenericRI, S28877354, FTFU, Unsafe, Marte, Save, Attribute, HighConfidence, MsfShell, Inject4, jozwdf, CobaltStrike, RDMK, cmRtazqdEd61r1DVnUxSEel0s0TY, Payload, SWRORT, SMDSA, high, FatRat, hherp, Detected, Hijacker, ai score=87, Invader, Meterpreter, M9A40B, Eldorado, R439046, ZedlaF, aq4@aS5O3Di, BScope, Genetic, qMd20PDGUj4, Static AI, Malicious PE, susgen, confidence, 100%, Rozena) | ||
| md5 | d5f8785aedca631c7c8e123dc0e6e35f | ||
| sha256 | f83bee2e9d7c8ead88c3d0b761339bfa232e14803608a17e60582516e6559ae0 | ||
| ssdeep | 48:qUr3zU9G4aNVhnX5hthMt6dO28xZMEvCHPAPb:+DIibzs | ||
| imphash | 57d6e7112c8e716cfe2eb0ff9f36763c | ||
| impfuzzy | 6:XAx27j77OkMLilQJBloFqXNWlbxXNWlbRD/rQn:o27j7SktQqsXN8XNEk | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Swrort | Trojan:Win32/Meterpreter | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10002000 CloseHandle
0x10002004 ReleaseSemaphore
0x10002008 WaitForSingleObject
0x1000200c CreateEventA
0x10002010 OpenEventA
0x10002014 ExitThread
0x10002018 ResumeThread
0x1000201c CreateProcessA
0x10002020 GetThreadContext
0x10002024 SetThreadContext
0x10002028 VirtualAllocEx
0x1000202c WriteProcessMemory
0x10002030 CreateSemaphoreA
EAT(Export Address Table) is none
KERNEL32.dll
0x10002000 CloseHandle
0x10002004 ReleaseSemaphore
0x10002008 WaitForSingleObject
0x1000200c CreateEventA
0x10002010 OpenEventA
0x10002014 ExitThread
0x10002018 ResumeThread
0x1000201c CreateProcessA
0x10002020 GetThreadContext
0x10002024 SetThreadContext
0x10002028 VirtualAllocEx
0x1000202c WriteProcessMemory
0x10002030 CreateSemaphoreA
EAT(Export Address Table) is none