ScreenShot
| Created | 2024.07.11 13:31 | Machine | s1_win7_x6403 |
| Filename | version.dll | ||
| Type | PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 5 detected (Generic@AI, RDMK, cmRtazolOkQUuT0n0oFAwkOD6aAa, Cometer, Detected, MALICIOUS) | ||
| md5 | 80f0d5b317e64595f1faaf57bee5587b | ||
| sha256 | 6fd1b1c8e7b60935b648ffa6be50b3ce3b1144bd2d3e3d514ab86fa51e732bf3 | ||
| ssdeep | 49152:Aiw2EoWjSZXPb91f+kK2MiwtvLKzzFodCuo1F3JfRQd50bv2mqdC/L0B1A0vCexi:Aiw4WSXPbGKzzF/uotS/4SsZ | ||
| imphash | c7dfe3c39b46de597be31f9762a78986 | ||
| impfuzzy | 24:nJ614djMCutrMh1uqlDNQka6AncLLbCcTydX8JOmHO3bVjP9J91DoDqiLZn:nJbFMCgO1GA4cmjdX8JOmHgJ91Doqi9 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Appends a known multi-family ransomware file extension to files that have been encrypted |
| watch | Detects the presence of Wine emulator |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 5 AntiVirus engines on VirusTotal as malicious |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x7008f170 AddVectoredExceptionHandler
0x7008f174 CloseHandle
0x7008f178 CreateEventA
0x7008f17c CreateFileA
0x7008f180 CreateIoCompletionPort
0x7008f184 CreateThread
0x7008f188 CreateWaitableTimerExW
0x7008f18c DeleteCriticalSection
0x7008f190 DuplicateHandle
0x7008f194 EnterCriticalSection
0x7008f198 ExitProcess
0x7008f19c FreeEnvironmentStringsW
0x7008f1a0 FreeLibrary
0x7008f1a4 GetConsoleMode
0x7008f1a8 GetCurrentProcess
0x7008f1ac GetCurrentProcessId
0x7008f1b0 GetCurrentThreadId
0x7008f1b4 GetEnvironmentStringsW
0x7008f1b8 GetLastError
0x7008f1bc GetModuleHandleA
0x7008f1c0 GetProcAddress
0x7008f1c4 GetProcessAffinityMask
0x7008f1c8 GetQueuedCompletionStatusEx
0x7008f1cc GetStdHandle
0x7008f1d0 GetSystemDirectoryA
0x7008f1d4 GetSystemInfo
0x7008f1d8 GetSystemTimeAsFileTime
0x7008f1dc GetThreadContext
0x7008f1e0 GetTickCount
0x7008f1e4 InitializeCriticalSection
0x7008f1e8 LeaveCriticalSection
0x7008f1ec LoadLibraryA
0x7008f1f0 LoadLibraryW
0x7008f1f4 PostQueuedCompletionStatus
0x7008f1f8 QueryPerformanceCounter
0x7008f1fc ResumeThread
0x7008f200 SetConsoleCtrlHandler
0x7008f204 SetErrorMode
0x7008f208 SetEvent
0x7008f20c SetProcessPriorityBoost
0x7008f210 SetThreadContext
0x7008f214 SetUnhandledExceptionFilter
0x7008f218 SetWaitableTimer
0x7008f21c Sleep
0x7008f220 SuspendThread
0x7008f224 SwitchToThread
0x7008f228 TerminateProcess
0x7008f22c TlsGetValue
0x7008f230 UnhandledExceptionFilter
0x7008f234 VirtualAlloc
0x7008f238 VirtualFree
0x7008f23c VirtualProtect
0x7008f240 VirtualQuery
0x7008f244 WaitForMultipleObjects
0x7008f248 WaitForSingleObject
0x7008f24c WriteConsoleW
0x7008f250 WriteFile
0x7008f254 lstrcatA
msvcrt.dll
0x7008f25c _amsg_exit
0x7008f260 _beginthread
0x7008f264 _errno
0x7008f268 _initterm
0x7008f26c _iob
0x7008f270 _lock
0x7008f274 _unlock
0x7008f278 abort
0x7008f27c calloc
0x7008f280 fprintf
0x7008f284 free
0x7008f288 fwrite
0x7008f28c malloc
0x7008f290 realloc
0x7008f294 strlen
0x7008f298 strncmp
0x7008f29c vfprintf
EAT(Export Address Table) Library
0x6fe34370 GetFileVersionInfoA
0x6fe340d0 GetFileVersionInfoByHandle
0x6fe34470 GetFileVersionInfoExA
0x6fe344c0 GetFileVersionInfoExW
0x6fe34310 GetFileVersionInfoSizeA
0x6fe343f0 GetFileVersionInfoSizeExA
0x6fe34430 GetFileVersionInfoSizeExW
0x6fe34340 GetFileVersionInfoSizeW
0x6fe343b0 GetFileVersionInfoW
0x6fe34110 VerFindFileA
0x6fe34190 VerFindFileW
0x6fe34210 VerInstallFileA
0x6fe34290 VerInstallFileW
0x6fe34510 VerLanguageNameA
0x6fe34550 VerLanguageNameW
0x6fe34590 VerQueryValueA
0x6fe345d0 VerQueryValueW
KERNEL32.dll
0x7008f170 AddVectoredExceptionHandler
0x7008f174 CloseHandle
0x7008f178 CreateEventA
0x7008f17c CreateFileA
0x7008f180 CreateIoCompletionPort
0x7008f184 CreateThread
0x7008f188 CreateWaitableTimerExW
0x7008f18c DeleteCriticalSection
0x7008f190 DuplicateHandle
0x7008f194 EnterCriticalSection
0x7008f198 ExitProcess
0x7008f19c FreeEnvironmentStringsW
0x7008f1a0 FreeLibrary
0x7008f1a4 GetConsoleMode
0x7008f1a8 GetCurrentProcess
0x7008f1ac GetCurrentProcessId
0x7008f1b0 GetCurrentThreadId
0x7008f1b4 GetEnvironmentStringsW
0x7008f1b8 GetLastError
0x7008f1bc GetModuleHandleA
0x7008f1c0 GetProcAddress
0x7008f1c4 GetProcessAffinityMask
0x7008f1c8 GetQueuedCompletionStatusEx
0x7008f1cc GetStdHandle
0x7008f1d0 GetSystemDirectoryA
0x7008f1d4 GetSystemInfo
0x7008f1d8 GetSystemTimeAsFileTime
0x7008f1dc GetThreadContext
0x7008f1e0 GetTickCount
0x7008f1e4 InitializeCriticalSection
0x7008f1e8 LeaveCriticalSection
0x7008f1ec LoadLibraryA
0x7008f1f0 LoadLibraryW
0x7008f1f4 PostQueuedCompletionStatus
0x7008f1f8 QueryPerformanceCounter
0x7008f1fc ResumeThread
0x7008f200 SetConsoleCtrlHandler
0x7008f204 SetErrorMode
0x7008f208 SetEvent
0x7008f20c SetProcessPriorityBoost
0x7008f210 SetThreadContext
0x7008f214 SetUnhandledExceptionFilter
0x7008f218 SetWaitableTimer
0x7008f21c Sleep
0x7008f220 SuspendThread
0x7008f224 SwitchToThread
0x7008f228 TerminateProcess
0x7008f22c TlsGetValue
0x7008f230 UnhandledExceptionFilter
0x7008f234 VirtualAlloc
0x7008f238 VirtualFree
0x7008f23c VirtualProtect
0x7008f240 VirtualQuery
0x7008f244 WaitForMultipleObjects
0x7008f248 WaitForSingleObject
0x7008f24c WriteConsoleW
0x7008f250 WriteFile
0x7008f254 lstrcatA
msvcrt.dll
0x7008f25c _amsg_exit
0x7008f260 _beginthread
0x7008f264 _errno
0x7008f268 _initterm
0x7008f26c _iob
0x7008f270 _lock
0x7008f274 _unlock
0x7008f278 abort
0x7008f27c calloc
0x7008f280 fprintf
0x7008f284 free
0x7008f288 fwrite
0x7008f28c malloc
0x7008f290 realloc
0x7008f294 strlen
0x7008f298 strncmp
0x7008f29c vfprintf
EAT(Export Address Table) Library
0x6fe34370 GetFileVersionInfoA
0x6fe340d0 GetFileVersionInfoByHandle
0x6fe34470 GetFileVersionInfoExA
0x6fe344c0 GetFileVersionInfoExW
0x6fe34310 GetFileVersionInfoSizeA
0x6fe343f0 GetFileVersionInfoSizeExA
0x6fe34430 GetFileVersionInfoSizeExW
0x6fe34340 GetFileVersionInfoSizeW
0x6fe343b0 GetFileVersionInfoW
0x6fe34110 VerFindFileA
0x6fe34190 VerFindFileW
0x6fe34210 VerInstallFileA
0x6fe34290 VerInstallFileW
0x6fe34510 VerLanguageNameA
0x6fe34550 VerLanguageNameW
0x6fe34590 VerQueryValueA
0x6fe345d0 VerQueryValueW