ScreenShot
| Created | 2024.07.11 13:40 | Machine | s1_win7_x6403 |
| Filename | kdump64.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 5 detected (Yephiler, MalCert, CLASSIC, MALICIOUS) | ||
| md5 | 66b7b831afb6360516d46ffd93324c52 | ||
| sha256 | 358532b32d4b6b7ccd624279a0b546610048fc92fb0117d6cbfced7970b2e6fc | ||
| ssdeep | 3072:pBVv3NkJUajOcwfLduBZq8H3HL+OdM170OqLtsSg8IjWZO9ZBXFQbmdi1AsrYJ2M:pBJUwfWnXLPL7gwwZBXFQbfdr9NCX | ||
| imphash | 280e18cbbc6672ccd058d48a6bd8b6d0 | ||
| impfuzzy | 24:CjIOp02teS17VlJnc+pl3eDo/CuYodUSOovbO9ZWqvwGM9:LYteS17Fc+ppmuYr3TI | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180031000 Sleep
0x180031008 CloseHandle
0x180031010 lstrlenW
0x180031018 GetCurrentProcess
0x180031020 WaitForSingleObject
0x180031028 DisableThreadLibraryCalls
0x180031030 CreateFileW
0x180031038 RtlCaptureContext
0x180031040 RtlLookupFunctionEntry
0x180031048 RtlVirtualUnwind
0x180031050 UnhandledExceptionFilter
0x180031058 SetUnhandledExceptionFilter
0x180031060 TerminateProcess
0x180031068 IsProcessorFeaturePresent
0x180031070 QueryPerformanceCounter
0x180031078 GetCurrentProcessId
0x180031080 GetCurrentThreadId
0x180031088 GetSystemTimeAsFileTime
0x180031090 InitializeSListHead
0x180031098 IsDebuggerPresent
0x1800310a0 GetStartupInfoW
0x1800310a8 GetModuleHandleW
0x1800310b0 RtlUnwindEx
0x1800310b8 InterlockedFlushSList
0x1800310c0 GetLastError
0x1800310c8 SetLastError
0x1800310d0 EnterCriticalSection
0x1800310d8 LeaveCriticalSection
0x1800310e0 DeleteCriticalSection
0x1800310e8 InitializeCriticalSectionAndSpinCount
0x1800310f0 TlsAlloc
0x1800310f8 TlsGetValue
0x180031100 TlsSetValue
0x180031108 TlsFree
0x180031110 FreeLibrary
0x180031118 GetProcAddress
0x180031120 LoadLibraryExW
0x180031128 EncodePointer
0x180031130 RaiseException
0x180031138 RtlPcToFileHeader
0x180031140 ExitProcess
0x180031148 GetModuleHandleExW
0x180031150 GetModuleFileNameW
0x180031158 HeapAlloc
0x180031160 HeapFree
0x180031168 FindClose
0x180031170 FindFirstFileExW
0x180031178 FindNextFileW
0x180031180 IsValidCodePage
0x180031188 GetACP
0x180031190 GetOEMCP
0x180031198 GetCPInfo
0x1800311a0 GetCommandLineA
0x1800311a8 GetCommandLineW
0x1800311b0 MultiByteToWideChar
0x1800311b8 WideCharToMultiByte
0x1800311c0 GetEnvironmentStringsW
0x1800311c8 FreeEnvironmentStringsW
0x1800311d0 FlsAlloc
0x1800311d8 FlsGetValue
0x1800311e0 FlsSetValue
0x1800311e8 FlsFree
0x1800311f0 LCMapStringW
0x1800311f8 GetProcessHeap
0x180031200 GetStdHandle
0x180031208 GetFileType
0x180031210 GetStringTypeW
0x180031218 HeapSize
0x180031220 HeapReAlloc
0x180031228 SetStdHandle
0x180031230 FlushFileBuffers
0x180031238 WriteFile
0x180031240 GetConsoleOutputCP
0x180031248 GetConsoleMode
0x180031250 SetFilePointerEx
0x180031258 WriteConsoleW
EAT(Export Address Table) Library
0x180003120 KxEOpenDumpMonitorEx2
KERNEL32.dll
0x180031000 Sleep
0x180031008 CloseHandle
0x180031010 lstrlenW
0x180031018 GetCurrentProcess
0x180031020 WaitForSingleObject
0x180031028 DisableThreadLibraryCalls
0x180031030 CreateFileW
0x180031038 RtlCaptureContext
0x180031040 RtlLookupFunctionEntry
0x180031048 RtlVirtualUnwind
0x180031050 UnhandledExceptionFilter
0x180031058 SetUnhandledExceptionFilter
0x180031060 TerminateProcess
0x180031068 IsProcessorFeaturePresent
0x180031070 QueryPerformanceCounter
0x180031078 GetCurrentProcessId
0x180031080 GetCurrentThreadId
0x180031088 GetSystemTimeAsFileTime
0x180031090 InitializeSListHead
0x180031098 IsDebuggerPresent
0x1800310a0 GetStartupInfoW
0x1800310a8 GetModuleHandleW
0x1800310b0 RtlUnwindEx
0x1800310b8 InterlockedFlushSList
0x1800310c0 GetLastError
0x1800310c8 SetLastError
0x1800310d0 EnterCriticalSection
0x1800310d8 LeaveCriticalSection
0x1800310e0 DeleteCriticalSection
0x1800310e8 InitializeCriticalSectionAndSpinCount
0x1800310f0 TlsAlloc
0x1800310f8 TlsGetValue
0x180031100 TlsSetValue
0x180031108 TlsFree
0x180031110 FreeLibrary
0x180031118 GetProcAddress
0x180031120 LoadLibraryExW
0x180031128 EncodePointer
0x180031130 RaiseException
0x180031138 RtlPcToFileHeader
0x180031140 ExitProcess
0x180031148 GetModuleHandleExW
0x180031150 GetModuleFileNameW
0x180031158 HeapAlloc
0x180031160 HeapFree
0x180031168 FindClose
0x180031170 FindFirstFileExW
0x180031178 FindNextFileW
0x180031180 IsValidCodePage
0x180031188 GetACP
0x180031190 GetOEMCP
0x180031198 GetCPInfo
0x1800311a0 GetCommandLineA
0x1800311a8 GetCommandLineW
0x1800311b0 MultiByteToWideChar
0x1800311b8 WideCharToMultiByte
0x1800311c0 GetEnvironmentStringsW
0x1800311c8 FreeEnvironmentStringsW
0x1800311d0 FlsAlloc
0x1800311d8 FlsGetValue
0x1800311e0 FlsSetValue
0x1800311e8 FlsFree
0x1800311f0 LCMapStringW
0x1800311f8 GetProcessHeap
0x180031200 GetStdHandle
0x180031208 GetFileType
0x180031210 GetStringTypeW
0x180031218 HeapSize
0x180031220 HeapReAlloc
0x180031228 SetStdHandle
0x180031230 FlushFileBuffers
0x180031238 WriteFile
0x180031240 GetConsoleOutputCP
0x180031248 GetConsoleMode
0x180031250 SetFilePointerEx
0x180031258 WriteConsoleW
EAT(Export Address Table) Library
0x180003120 KxEOpenDumpMonitorEx2