ScreenShot
| Created | 2024.07.11 13:24 | Machine | s1_win7_x6403 |
| Filename | krpt.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 18 detected (AIDetectMalware, V6q1, malicious, confidence, Attribute, HighConfidence, high confidence, a variant of Generik, MHJYVPM, score, CobaltStrike, Yephiler, R002H01GA24, susgen, ESQQ) | ||
| md5 | d4ef22f79c607984534fb8a21fce15ac | ||
| sha256 | 4957a62e019c30c0a79e4d2d4dd854f6e8f6e0aadb606e157525d98ee0ac5096 | ||
| ssdeep | 1536:OQeso/1HQ6QAthRk/qi4jCv+yUF/5RdsuAxASqnsANNmsWHcdyPZGOj1qx5VqH:loBUAt8qiY++nF/5RAANryPZVC5VqH | ||
| imphash | 7e64ae9fbd088b11acefdbb7871cab42 | ||
| impfuzzy | 24:mDLsjtlrX5twS1ihlJnc+pl39/CTsocMwv2XSOovbO9Zus:8wrX5twS1i5c+ppQgXe3D | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x10011000 GetProcAddress
0x10011004 WriteProcessMemory
0x10011008 GetCurrentProcess
0x1001100c VirtualAlloc
0x10011010 TerminateProcess
0x10011014 WaitForSingleObject
0x10011018 ResumeThread
0x1001101c CreateEventW
0x10011020 SetEvent
0x10011024 CloseHandle
0x10011028 GetThreadContext
0x1001102c VirtualAllocEx
0x10011030 CreateProcessA
0x10011034 SetThreadContext
0x10011038 WriteConsoleW
0x1001103c UnhandledExceptionFilter
0x10011040 SetUnhandledExceptionFilter
0x10011044 IsProcessorFeaturePresent
0x10011048 QueryPerformanceCounter
0x1001104c GetCurrentProcessId
0x10011050 GetCurrentThreadId
0x10011054 GetSystemTimeAsFileTime
0x10011058 InitializeSListHead
0x1001105c IsDebuggerPresent
0x10011060 GetStartupInfoW
0x10011064 GetModuleHandleW
0x10011068 InterlockedFlushSList
0x1001106c RtlUnwind
0x10011070 GetLastError
0x10011074 SetLastError
0x10011078 EnterCriticalSection
0x1001107c LeaveCriticalSection
0x10011080 DeleteCriticalSection
0x10011084 InitializeCriticalSectionAndSpinCount
0x10011088 TlsAlloc
0x1001108c TlsGetValue
0x10011090 TlsSetValue
0x10011094 TlsFree
0x10011098 FreeLibrary
0x1001109c LoadLibraryExW
0x100110a0 EncodePointer
0x100110a4 RaiseException
0x100110a8 ReadFile
0x100110ac ExitProcess
0x100110b0 GetModuleHandleExW
0x100110b4 GetModuleFileNameW
0x100110b8 SetFilePointerEx
0x100110bc GetConsoleMode
0x100110c0 ReadConsoleW
0x100110c4 GetStdHandle
0x100110c8 GetFileType
0x100110cc HeapFree
0x100110d0 HeapAlloc
0x100110d4 FindClose
0x100110d8 FindFirstFileExW
0x100110dc FindNextFileW
0x100110e0 IsValidCodePage
0x100110e4 GetACP
0x100110e8 GetOEMCP
0x100110ec GetCPInfo
0x100110f0 GetCommandLineA
0x100110f4 GetCommandLineW
0x100110f8 MultiByteToWideChar
0x100110fc WideCharToMultiByte
0x10011100 GetEnvironmentStringsW
0x10011104 FreeEnvironmentStringsW
0x10011108 LCMapStringW
0x1001110c GetProcessHeap
0x10011110 SetStdHandle
0x10011114 GetStringTypeW
0x10011118 CreateFileW
0x1001111c FlushFileBuffers
0x10011120 WriteFile
0x10011124 GetConsoleOutputCP
0x10011128 HeapSize
0x1001112c HeapReAlloc
0x10011130 SetEndOfFile
0x10011134 DecodePointer
EAT(Export Address Table) Library
0x10001230 ?_force_link_krpt@@YGXXZ
0x10001230 krpt_RegisterWERHandler
0x10001230 krpt_RemoveDllFilterProtectDetour
0x10001230 krpt_RemoveRuntimeProtectDetour
0x10001230 krpt_RuntimeProtect
0x10001230 krpt_UnRegisterWERHandler
kernel32.dll
0x10011000 GetProcAddress
0x10011004 WriteProcessMemory
0x10011008 GetCurrentProcess
0x1001100c VirtualAlloc
0x10011010 TerminateProcess
0x10011014 WaitForSingleObject
0x10011018 ResumeThread
0x1001101c CreateEventW
0x10011020 SetEvent
0x10011024 CloseHandle
0x10011028 GetThreadContext
0x1001102c VirtualAllocEx
0x10011030 CreateProcessA
0x10011034 SetThreadContext
0x10011038 WriteConsoleW
0x1001103c UnhandledExceptionFilter
0x10011040 SetUnhandledExceptionFilter
0x10011044 IsProcessorFeaturePresent
0x10011048 QueryPerformanceCounter
0x1001104c GetCurrentProcessId
0x10011050 GetCurrentThreadId
0x10011054 GetSystemTimeAsFileTime
0x10011058 InitializeSListHead
0x1001105c IsDebuggerPresent
0x10011060 GetStartupInfoW
0x10011064 GetModuleHandleW
0x10011068 InterlockedFlushSList
0x1001106c RtlUnwind
0x10011070 GetLastError
0x10011074 SetLastError
0x10011078 EnterCriticalSection
0x1001107c LeaveCriticalSection
0x10011080 DeleteCriticalSection
0x10011084 InitializeCriticalSectionAndSpinCount
0x10011088 TlsAlloc
0x1001108c TlsGetValue
0x10011090 TlsSetValue
0x10011094 TlsFree
0x10011098 FreeLibrary
0x1001109c LoadLibraryExW
0x100110a0 EncodePointer
0x100110a4 RaiseException
0x100110a8 ReadFile
0x100110ac ExitProcess
0x100110b0 GetModuleHandleExW
0x100110b4 GetModuleFileNameW
0x100110b8 SetFilePointerEx
0x100110bc GetConsoleMode
0x100110c0 ReadConsoleW
0x100110c4 GetStdHandle
0x100110c8 GetFileType
0x100110cc HeapFree
0x100110d0 HeapAlloc
0x100110d4 FindClose
0x100110d8 FindFirstFileExW
0x100110dc FindNextFileW
0x100110e0 IsValidCodePage
0x100110e4 GetACP
0x100110e8 GetOEMCP
0x100110ec GetCPInfo
0x100110f0 GetCommandLineA
0x100110f4 GetCommandLineW
0x100110f8 MultiByteToWideChar
0x100110fc WideCharToMultiByte
0x10011100 GetEnvironmentStringsW
0x10011104 FreeEnvironmentStringsW
0x10011108 LCMapStringW
0x1001110c GetProcessHeap
0x10011110 SetStdHandle
0x10011114 GetStringTypeW
0x10011118 CreateFileW
0x1001111c FlushFileBuffers
0x10011120 WriteFile
0x10011124 GetConsoleOutputCP
0x10011128 HeapSize
0x1001112c HeapReAlloc
0x10011130 SetEndOfFile
0x10011134 DecodePointer
EAT(Export Address Table) Library
0x10001230 ?_force_link_krpt@@YGXXZ
0x10001230 krpt_RegisterWERHandler
0x10001230 krpt_RemoveDllFilterProtectDetour
0x10001230 krpt_RemoveRuntimeProtectDetour
0x10001230 krpt_RuntimeProtect
0x10001230 krpt_UnRegisterWERHandler