ScreenShot
| Created | 2024.07.11 13:26 | Machine | s1_win7_x6401 |
| Filename | cldapi.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 7 detected (AIDetectMalware, Malicious, score, DCRat, confidence) | ||
| md5 | 01616e91c5618d727f6a8110a582e3ff | ||
| sha256 | 96c2370487439e8893bed1bfde2c2a96e1605151e01e4818272f29e875bc2a48 | ||
| ssdeep | 1536:5iJM8nswqA16+4QkrhS5xageP6zsFM5wD8foEGQReErSn8SG2g:5iJ6A1zRDjxePUsfJEGDyS8SG2 | ||
| imphash | dbd2cf4e72a93457ba687ec4bfc994e8 | ||
| impfuzzy | 48:hWVQCV9FK1DMhC8OxoIYUumJ6FSz29n3MRzCaqTUg7G75Zn:hWVQCVrK1DMhC8OxoIzJ6FSK9n3MRzCw | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180015960 AcquireSRWLockExclusive
0x180015968 CloseHandle
0x180015970 CreateToolhelp32Snapshot
0x180015978 DecodePointer
0x180015980 DeleteCriticalSection
0x180015988 EncodePointer
0x180015990 EnterCriticalSection
0x180015998 ExitProcess
0x1800159a0 FormatMessageW
0x1800159a8 FreeLibrary
0x1800159b0 GetCurrentProcess
0x1800159b8 GetCurrentProcessId
0x1800159c0 GetCurrentThreadId
0x1800159c8 GetLastError
0x1800159d0 GetLocaleInfoEx
0x1800159d8 GetModuleHandleA
0x1800159e0 GetModuleHandleExW
0x1800159e8 GetModuleHandleW
0x1800159f0 GetProcAddress
0x1800159f8 GetStringTypeW
0x180015a00 GetSystemTimeAsFileTime
0x180015a08 InitializeCriticalSectionEx
0x180015a10 InitializeSListHead
0x180015a18 InterlockedFlushSList
0x180015a20 IsDebuggerPresent
0x180015a28 IsProcessorFeaturePresent
0x180015a30 LCIDToLocaleName
0x180015a38 LCMapStringEx
0x180015a40 LeaveCriticalSection
0x180015a48 LocalFree
0x180015a50 MultiByteToWideChar
0x180015a58 Process32FirstW
0x180015a60 Process32NextW
0x180015a68 QueryPerformanceCounter
0x180015a70 RaiseException
0x180015a78 ReleaseSRWLockExclusive
0x180015a80 RtlCaptureContext
0x180015a88 RtlLookupFunctionEntry
0x180015a90 RtlUnwindEx
0x180015a98 RtlVirtualUnwind
0x180015aa0 SetUnhandledExceptionFilter
0x180015aa8 Sleep
0x180015ab0 SleepConditionVariableSRW
0x180015ab8 TerminateProcess
0x180015ac0 UnhandledExceptionFilter
0x180015ac8 VirtualAlloc
0x180015ad0 VirtualFree
0x180015ad8 VirtualProtect
0x180015ae0 VirtualQuery
0x180015ae8 WakeAllConditionVariable
0x180015af0 WideCharToMultiByte
USER32.dll
0x180015b00 MessageBoxA
WININET.dll
0x180015b10 HttpQueryInfoW
0x180015b18 InternetCloseHandle
0x180015b20 InternetOpenUrlA
0x180015b28 InternetOpenW
0x180015b30 InternetReadFile
msvcrt.dll
0x180015b40 ?terminate@@YAXXZ
0x180015b48 _CxxThrowException
0x180015b50 __C_specific_handler
0x180015b58 __CppXcptFilter
0x180015b60 __CxxFrameHandler3
0x180015b68 __DestructExceptionObject
0x180015b70 ___lc_codepage_func
0x180015b78 ___lc_handle_func
0x180015b80 ___mb_cur_max_func
0x180015b88 __getmainargs
0x180015b90 __pctype_func
0x180015b98 __uncaught_exception
0x180015ba0 _amsg_exit
0x180015ba8 _callnewh
0x180015bb0 _clearfp
0x180015bb8 _errno
0x180015bc0 _fileno
0x180015bc8 _fseeki64
0x180015bd0 _initterm
0x180015bd8 _initterm_e
0x180015be0 _iob
0x180015be8 _isatty
0x180015bf0 _local_unwind
0x180015bf8 _lock
0x180015c00 _msize
0x180015c08 _unlock
0x180015c10 _wcsdup
0x180015c18 abort
0x180015c20 calloc
0x180015c28 ceil
0x180015c30 fclose
0x180015c38 fflush
0x180015c40 fgetc
0x180015c48 fgetpos
0x180015c50 fgetwc
0x180015c58 free
0x180015c60 fsetpos
0x180015c68 log10
0x180015c70 malloc
0x180015c78 memcpy
0x180015c80 memmove
0x180015c88 memset
0x180015c90 perror
0x180015c98 realloc
0x180015ca0 setvbuf
0x180015ca8 strchr
0x180015cb0 strcmp
0x180015cb8 strcpy_s
0x180015cc0 strlen
0x180015cc8 strnlen
0x180015cd0 strrchr
0x180015cd8 strtol
0x180015ce0 tolower
0x180015ce8 ungetc
0x180015cf0 ungetwc
0x180015cf8 wcslen
0x180015d00 wcsnlen
0x180015d08 wcsrchr
0x180015d10 wctomb_s
EAT(Export Address Table) is none
KERNEL32.dll
0x180015960 AcquireSRWLockExclusive
0x180015968 CloseHandle
0x180015970 CreateToolhelp32Snapshot
0x180015978 DecodePointer
0x180015980 DeleteCriticalSection
0x180015988 EncodePointer
0x180015990 EnterCriticalSection
0x180015998 ExitProcess
0x1800159a0 FormatMessageW
0x1800159a8 FreeLibrary
0x1800159b0 GetCurrentProcess
0x1800159b8 GetCurrentProcessId
0x1800159c0 GetCurrentThreadId
0x1800159c8 GetLastError
0x1800159d0 GetLocaleInfoEx
0x1800159d8 GetModuleHandleA
0x1800159e0 GetModuleHandleExW
0x1800159e8 GetModuleHandleW
0x1800159f0 GetProcAddress
0x1800159f8 GetStringTypeW
0x180015a00 GetSystemTimeAsFileTime
0x180015a08 InitializeCriticalSectionEx
0x180015a10 InitializeSListHead
0x180015a18 InterlockedFlushSList
0x180015a20 IsDebuggerPresent
0x180015a28 IsProcessorFeaturePresent
0x180015a30 LCIDToLocaleName
0x180015a38 LCMapStringEx
0x180015a40 LeaveCriticalSection
0x180015a48 LocalFree
0x180015a50 MultiByteToWideChar
0x180015a58 Process32FirstW
0x180015a60 Process32NextW
0x180015a68 QueryPerformanceCounter
0x180015a70 RaiseException
0x180015a78 ReleaseSRWLockExclusive
0x180015a80 RtlCaptureContext
0x180015a88 RtlLookupFunctionEntry
0x180015a90 RtlUnwindEx
0x180015a98 RtlVirtualUnwind
0x180015aa0 SetUnhandledExceptionFilter
0x180015aa8 Sleep
0x180015ab0 SleepConditionVariableSRW
0x180015ab8 TerminateProcess
0x180015ac0 UnhandledExceptionFilter
0x180015ac8 VirtualAlloc
0x180015ad0 VirtualFree
0x180015ad8 VirtualProtect
0x180015ae0 VirtualQuery
0x180015ae8 WakeAllConditionVariable
0x180015af0 WideCharToMultiByte
USER32.dll
0x180015b00 MessageBoxA
WININET.dll
0x180015b10 HttpQueryInfoW
0x180015b18 InternetCloseHandle
0x180015b20 InternetOpenUrlA
0x180015b28 InternetOpenW
0x180015b30 InternetReadFile
msvcrt.dll
0x180015b40 ?terminate@@YAXXZ
0x180015b48 _CxxThrowException
0x180015b50 __C_specific_handler
0x180015b58 __CppXcptFilter
0x180015b60 __CxxFrameHandler3
0x180015b68 __DestructExceptionObject
0x180015b70 ___lc_codepage_func
0x180015b78 ___lc_handle_func
0x180015b80 ___mb_cur_max_func
0x180015b88 __getmainargs
0x180015b90 __pctype_func
0x180015b98 __uncaught_exception
0x180015ba0 _amsg_exit
0x180015ba8 _callnewh
0x180015bb0 _clearfp
0x180015bb8 _errno
0x180015bc0 _fileno
0x180015bc8 _fseeki64
0x180015bd0 _initterm
0x180015bd8 _initterm_e
0x180015be0 _iob
0x180015be8 _isatty
0x180015bf0 _local_unwind
0x180015bf8 _lock
0x180015c00 _msize
0x180015c08 _unlock
0x180015c10 _wcsdup
0x180015c18 abort
0x180015c20 calloc
0x180015c28 ceil
0x180015c30 fclose
0x180015c38 fflush
0x180015c40 fgetc
0x180015c48 fgetpos
0x180015c50 fgetwc
0x180015c58 free
0x180015c60 fsetpos
0x180015c68 log10
0x180015c70 malloc
0x180015c78 memcpy
0x180015c80 memmove
0x180015c88 memset
0x180015c90 perror
0x180015c98 realloc
0x180015ca0 setvbuf
0x180015ca8 strchr
0x180015cb0 strcmp
0x180015cb8 strcpy_s
0x180015cc0 strlen
0x180015cc8 strnlen
0x180015cd0 strrchr
0x180015cd8 strtol
0x180015ce0 tolower
0x180015ce8 ungetc
0x180015cf0 ungetwc
0x180015cf8 wcslen
0x180015d00 wcsnlen
0x180015d08 wcsrchr
0x180015d10 wctomb_s
EAT(Export Address Table) is none