ScreenShot
| Created | 2024.07.11 13:18 | Machine | s1_win7_x6403 |
| Filename | gg.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (Mimikatz, malicious, high confidence, score, Tedy, Vro2, GenericKD, Attribute, HighConfidence, PWSX, TrojanPSW, CLOUD, BAZARLOADER, SMYXBIMZ, Detected, Wacapew, ABRisk, TGTV, Chgt, QQPass, QQRob, Rgil, ai score=85, PossibleThreat, confidence, HackTool) | ||
| md5 | fb440753675363fa570a94c2f907034f | ||
| sha256 | 3e55b8f83888876023896576cc5849a86a0e5d9828df89e93de2d6e7e0e037e9 | ||
| ssdeep | 3072:VUlkXjDlAZ9s1GOSPZhegBka+zfkUlm58nIJnJlrotSIMX2aDgsL0GZa:XlAQmPZIgeBfXW8ax0GZ | ||
| imphash | bb1af4e72f3febeea3c9df6f82042a0e | ||
| impfuzzy | 24:9vjzdLpB6YQo6wxvWSmDp9f0C2S1o0qtWfJnc+plmr2C6GMovRSOovbO9Zf:9vHHnA50fS1YtWpc+pEhj37 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x180018000 CreateRestrictedToken
0x180018008 OpenProcessToken
0x180018010 ConvertSidToStringSidA
0x180018018 IsTextUnicode
0x180018020 CreateProcessAsUserW
ntdll.dll
0x1800182f8 RtlFreeUnicodeString
0x180018300 RtlStringFromGUID
0x180018308 RtlEqualString
RPCRT4.dll
0x1800182c8 MesHandleFree
0x1800182d0 MesDecodeIncrementalHandleCreate
0x1800182d8 NdrMesTypeFree2
0x1800182e0 NdrMesTypeDecode2
0x1800182e8 MesIncrementalHandleReset
ole32.dll
0x180018318 CoCreateInstance
KERNEL32.dll
0x180018030 WriteConsoleW
0x180018038 SetEndOfFile
0x180018040 HeapReAlloc
0x180018048 HeapSize
0x180018050 GetFileSizeEx
0x180018058 ReadConsoleW
0x180018060 ReadFile
0x180018068 SetFilePointerEx
0x180018070 GetStringTypeW
0x180018078 CreateFileW
0x180018080 SetStdHandle
0x180018088 GetCurrentProcess
0x180018090 CloseHandle
0x180018098 lstrlenW
0x1800180a0 LoadLibraryW
0x1800180a8 GetProcAddress
0x1800180b0 FreeLibrary
0x1800180b8 VirtualProtect
0x1800180c0 GetLastError
0x1800180c8 LocalAlloc
0x1800180d0 LocalFree
0x1800180d8 GetTimeFormatA
0x1800180e0 FileTimeToSystemTime
0x1800180e8 GetDateFormatA
0x1800180f0 FileTimeToLocalFileTime
0x1800180f8 RaiseException
0x180018100 GetSystemInfo
0x180018108 VirtualQuery
0x180018110 GetModuleHandleW
0x180018118 LoadLibraryExA
0x180018120 QueryPerformanceCounter
0x180018128 GetCurrentProcessId
0x180018130 GetCurrentThreadId
0x180018138 GetSystemTimeAsFileTime
0x180018140 InitializeSListHead
0x180018148 RtlCaptureContext
0x180018150 RtlLookupFunctionEntry
0x180018158 RtlVirtualUnwind
0x180018160 IsDebuggerPresent
0x180018168 UnhandledExceptionFilter
0x180018170 SetUnhandledExceptionFilter
0x180018178 GetStartupInfoW
0x180018180 IsProcessorFeaturePresent
0x180018188 GetProcessHeap
0x180018190 RtlUnwindEx
0x180018198 InterlockedFlushSList
0x1800181a0 SetLastError
0x1800181a8 EnterCriticalSection
0x1800181b0 LeaveCriticalSection
0x1800181b8 DeleteCriticalSection
0x1800181c0 InitializeCriticalSectionAndSpinCount
0x1800181c8 TlsAlloc
0x1800181d0 TlsGetValue
0x1800181d8 TlsSetValue
0x1800181e0 TlsFree
0x1800181e8 LoadLibraryExW
0x1800181f0 ExitProcess
0x1800181f8 TerminateProcess
0x180018200 GetModuleHandleExW
0x180018208 GetModuleFileNameW
0x180018210 HeapFree
0x180018218 HeapAlloc
0x180018220 FlushFileBuffers
0x180018228 WriteFile
0x180018230 GetConsoleOutputCP
0x180018238 GetConsoleMode
0x180018240 GetStdHandle
0x180018248 GetFileType
0x180018250 FindClose
0x180018258 FindFirstFileExW
0x180018260 FindNextFileW
0x180018268 IsValidCodePage
0x180018270 GetACP
0x180018278 GetOEMCP
0x180018280 GetCPInfo
0x180018288 GetCommandLineA
0x180018290 GetCommandLineW
0x180018298 MultiByteToWideChar
0x1800182a0 WideCharToMultiByte
0x1800182a8 GetEnvironmentStringsW
0x1800182b0 FreeEnvironmentStringsW
0x1800182b8 LCMapStringW
EAT(Export Address Table) Library
0x1800011e4 DhcpNewPktHook
0x180001134 DhcpServerCalloutEntry
0x180001ba4 DllCanUnloadNow
0x180001b3c DllGetClassObject
0x180001284 DnsPluginCleanup
0x180001284 DnsPluginInitialize
0x180001288 DnsPluginQuery
0x1800031c8 ExtensionApiVersion
0x1800012e8 InitializeChangeNotify
0x18000154c Msv1_0SubAuthenticationFilter
0x18000154c Msv1_0SubAuthenticationRoutine
0x180001420 NPGetCaps
0x180001374 NPLogonNotify
0x1800012ec PasswordChangeNotify
0x180001530 SpLsaModeInitialize
0x1800031d0 WinDbgExtensionDllInit
0x18000321c coffee
0x180001000 startW
0x180003220 zzzkatz
ADVAPI32.dll
0x180018000 CreateRestrictedToken
0x180018008 OpenProcessToken
0x180018010 ConvertSidToStringSidA
0x180018018 IsTextUnicode
0x180018020 CreateProcessAsUserW
ntdll.dll
0x1800182f8 RtlFreeUnicodeString
0x180018300 RtlStringFromGUID
0x180018308 RtlEqualString
RPCRT4.dll
0x1800182c8 MesHandleFree
0x1800182d0 MesDecodeIncrementalHandleCreate
0x1800182d8 NdrMesTypeFree2
0x1800182e0 NdrMesTypeDecode2
0x1800182e8 MesIncrementalHandleReset
ole32.dll
0x180018318 CoCreateInstance
KERNEL32.dll
0x180018030 WriteConsoleW
0x180018038 SetEndOfFile
0x180018040 HeapReAlloc
0x180018048 HeapSize
0x180018050 GetFileSizeEx
0x180018058 ReadConsoleW
0x180018060 ReadFile
0x180018068 SetFilePointerEx
0x180018070 GetStringTypeW
0x180018078 CreateFileW
0x180018080 SetStdHandle
0x180018088 GetCurrentProcess
0x180018090 CloseHandle
0x180018098 lstrlenW
0x1800180a0 LoadLibraryW
0x1800180a8 GetProcAddress
0x1800180b0 FreeLibrary
0x1800180b8 VirtualProtect
0x1800180c0 GetLastError
0x1800180c8 LocalAlloc
0x1800180d0 LocalFree
0x1800180d8 GetTimeFormatA
0x1800180e0 FileTimeToSystemTime
0x1800180e8 GetDateFormatA
0x1800180f0 FileTimeToLocalFileTime
0x1800180f8 RaiseException
0x180018100 GetSystemInfo
0x180018108 VirtualQuery
0x180018110 GetModuleHandleW
0x180018118 LoadLibraryExA
0x180018120 QueryPerformanceCounter
0x180018128 GetCurrentProcessId
0x180018130 GetCurrentThreadId
0x180018138 GetSystemTimeAsFileTime
0x180018140 InitializeSListHead
0x180018148 RtlCaptureContext
0x180018150 RtlLookupFunctionEntry
0x180018158 RtlVirtualUnwind
0x180018160 IsDebuggerPresent
0x180018168 UnhandledExceptionFilter
0x180018170 SetUnhandledExceptionFilter
0x180018178 GetStartupInfoW
0x180018180 IsProcessorFeaturePresent
0x180018188 GetProcessHeap
0x180018190 RtlUnwindEx
0x180018198 InterlockedFlushSList
0x1800181a0 SetLastError
0x1800181a8 EnterCriticalSection
0x1800181b0 LeaveCriticalSection
0x1800181b8 DeleteCriticalSection
0x1800181c0 InitializeCriticalSectionAndSpinCount
0x1800181c8 TlsAlloc
0x1800181d0 TlsGetValue
0x1800181d8 TlsSetValue
0x1800181e0 TlsFree
0x1800181e8 LoadLibraryExW
0x1800181f0 ExitProcess
0x1800181f8 TerminateProcess
0x180018200 GetModuleHandleExW
0x180018208 GetModuleFileNameW
0x180018210 HeapFree
0x180018218 HeapAlloc
0x180018220 FlushFileBuffers
0x180018228 WriteFile
0x180018230 GetConsoleOutputCP
0x180018238 GetConsoleMode
0x180018240 GetStdHandle
0x180018248 GetFileType
0x180018250 FindClose
0x180018258 FindFirstFileExW
0x180018260 FindNextFileW
0x180018268 IsValidCodePage
0x180018270 GetACP
0x180018278 GetOEMCP
0x180018280 GetCPInfo
0x180018288 GetCommandLineA
0x180018290 GetCommandLineW
0x180018298 MultiByteToWideChar
0x1800182a0 WideCharToMultiByte
0x1800182a8 GetEnvironmentStringsW
0x1800182b0 FreeEnvironmentStringsW
0x1800182b8 LCMapStringW
EAT(Export Address Table) Library
0x1800011e4 DhcpNewPktHook
0x180001134 DhcpServerCalloutEntry
0x180001ba4 DllCanUnloadNow
0x180001b3c DllGetClassObject
0x180001284 DnsPluginCleanup
0x180001284 DnsPluginInitialize
0x180001288 DnsPluginQuery
0x1800031c8 ExtensionApiVersion
0x1800012e8 InitializeChangeNotify
0x18000154c Msv1_0SubAuthenticationFilter
0x18000154c Msv1_0SubAuthenticationRoutine
0x180001420 NPGetCaps
0x180001374 NPLogonNotify
0x1800012ec PasswordChangeNotify
0x180001530 SpLsaModeInitialize
0x1800031d0 WinDbgExtensionDllInit
0x18000321c coffee
0x180001000 startW
0x180003220 zzzkatz