ScreenShot
| Created | 2024.07.12 09:24 | Machine | s1_win7_x6402 |
| Filename | Tan.jpg.dll | ||
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 21 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Vq70, Attribute, HighConfidence, DLLhijack, YzY0Ops8AVTXoyrz, Casdet, ZedlaF, 1u5@aqtNtEcb, Static AI, Malicious PE, confidence) | ||
| md5 | d8402908a8e78bb04f0745c963d4b1c1 | ||
| sha256 | de07814ec61330a24f6408f8aefd40aa9b381902b44985c223cb7f540be812b0 | ||
| ssdeep | 24576:vxA4sT9DOnCt9JwJKXPzHlwVIH06iyB6L2n:v2DgCOKXLHmIU6i86yn | ||
| imphash | 42de1a379f1bbbfbb6e3b36c2d26d244 | ||
| impfuzzy | 24:+OjCL+cpVWjstMS17MYlJBl3eDoVPtxvigGM2ZpjOpOovbOPZQM:bcpVwstMS17MSpptREZP3SM | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1004b000 VirtualProtect
0x1004b004 VirtualFree
0x1004b008 VirtualAlloc
0x1004b00c WaitForSingleObject
0x1004b010 GetModuleHandleA
0x1004b014 CloseHandle
0x1004b018 CreateThread
0x1004b01c GetConsoleWindow
0x1004b020 CreateFileW
0x1004b024 SetStdHandle
0x1004b028 EnterCriticalSection
0x1004b02c LeaveCriticalSection
0x1004b030 InitializeCriticalSectionEx
0x1004b034 DeleteCriticalSection
0x1004b038 EncodePointer
0x1004b03c DecodePointer
0x1004b040 MultiByteToWideChar
0x1004b044 WideCharToMultiByte
0x1004b048 LCMapStringEx
0x1004b04c GetStringTypeW
0x1004b050 GetCPInfo
0x1004b054 UnhandledExceptionFilter
0x1004b058 SetUnhandledExceptionFilter
0x1004b05c GetCurrentProcess
0x1004b060 TerminateProcess
0x1004b064 IsProcessorFeaturePresent
0x1004b068 QueryPerformanceCounter
0x1004b06c GetCurrentProcessId
0x1004b070 GetCurrentThreadId
0x1004b074 GetSystemTimeAsFileTime
0x1004b078 InitializeSListHead
0x1004b07c IsDebuggerPresent
0x1004b080 GetStartupInfoW
0x1004b084 GetModuleHandleW
0x1004b088 RtlUnwind
0x1004b08c RaiseException
0x1004b090 InterlockedFlushSList
0x1004b094 GetLastError
0x1004b098 SetLastError
0x1004b09c InitializeCriticalSectionAndSpinCount
0x1004b0a0 TlsAlloc
0x1004b0a4 TlsGetValue
0x1004b0a8 TlsSetValue
0x1004b0ac TlsFree
0x1004b0b0 FreeLibrary
0x1004b0b4 GetProcAddress
0x1004b0b8 LoadLibraryExW
0x1004b0bc GetModuleFileNameW
0x1004b0c0 GetModuleHandleExW
0x1004b0c4 HeapAlloc
0x1004b0c8 HeapValidate
0x1004b0cc GetSystemInfo
0x1004b0d0 ExitProcess
0x1004b0d4 GetStdHandle
0x1004b0d8 GetFileType
0x1004b0dc WriteFile
0x1004b0e0 OutputDebugStringW
0x1004b0e4 WriteConsoleW
0x1004b0e8 GetFileSizeEx
0x1004b0ec SetFilePointerEx
0x1004b0f0 FlushFileBuffers
0x1004b0f4 GetConsoleOutputCP
0x1004b0f8 GetConsoleMode
0x1004b0fc LCMapStringW
0x1004b100 GetLocaleInfoW
0x1004b104 IsValidLocale
0x1004b108 GetUserDefaultLCID
0x1004b10c EnumSystemLocalesW
0x1004b110 HeapFree
0x1004b114 HeapReAlloc
0x1004b118 HeapSize
0x1004b11c HeapQueryInformation
0x1004b120 GetProcessHeap
0x1004b124 ReadFile
0x1004b128 ReadConsoleW
0x1004b12c FindClose
0x1004b130 FindFirstFileExW
0x1004b134 FindNextFileW
0x1004b138 IsValidCodePage
0x1004b13c GetACP
0x1004b140 GetOEMCP
0x1004b144 GetCommandLineA
0x1004b148 GetCommandLineW
0x1004b14c GetEnvironmentStringsW
0x1004b150 FreeEnvironmentStringsW
0x1004b154 SetEndOfFile
USER32.dll
0x1004b15c ShowWindow
EAT(Export Address Table) Library
0x100026f0 Netpas_Init
0x100026f0 Netpas_Start
0x100026f0 Netpas_Stop
KERNEL32.dll
0x1004b000 VirtualProtect
0x1004b004 VirtualFree
0x1004b008 VirtualAlloc
0x1004b00c WaitForSingleObject
0x1004b010 GetModuleHandleA
0x1004b014 CloseHandle
0x1004b018 CreateThread
0x1004b01c GetConsoleWindow
0x1004b020 CreateFileW
0x1004b024 SetStdHandle
0x1004b028 EnterCriticalSection
0x1004b02c LeaveCriticalSection
0x1004b030 InitializeCriticalSectionEx
0x1004b034 DeleteCriticalSection
0x1004b038 EncodePointer
0x1004b03c DecodePointer
0x1004b040 MultiByteToWideChar
0x1004b044 WideCharToMultiByte
0x1004b048 LCMapStringEx
0x1004b04c GetStringTypeW
0x1004b050 GetCPInfo
0x1004b054 UnhandledExceptionFilter
0x1004b058 SetUnhandledExceptionFilter
0x1004b05c GetCurrentProcess
0x1004b060 TerminateProcess
0x1004b064 IsProcessorFeaturePresent
0x1004b068 QueryPerformanceCounter
0x1004b06c GetCurrentProcessId
0x1004b070 GetCurrentThreadId
0x1004b074 GetSystemTimeAsFileTime
0x1004b078 InitializeSListHead
0x1004b07c IsDebuggerPresent
0x1004b080 GetStartupInfoW
0x1004b084 GetModuleHandleW
0x1004b088 RtlUnwind
0x1004b08c RaiseException
0x1004b090 InterlockedFlushSList
0x1004b094 GetLastError
0x1004b098 SetLastError
0x1004b09c InitializeCriticalSectionAndSpinCount
0x1004b0a0 TlsAlloc
0x1004b0a4 TlsGetValue
0x1004b0a8 TlsSetValue
0x1004b0ac TlsFree
0x1004b0b0 FreeLibrary
0x1004b0b4 GetProcAddress
0x1004b0b8 LoadLibraryExW
0x1004b0bc GetModuleFileNameW
0x1004b0c0 GetModuleHandleExW
0x1004b0c4 HeapAlloc
0x1004b0c8 HeapValidate
0x1004b0cc GetSystemInfo
0x1004b0d0 ExitProcess
0x1004b0d4 GetStdHandle
0x1004b0d8 GetFileType
0x1004b0dc WriteFile
0x1004b0e0 OutputDebugStringW
0x1004b0e4 WriteConsoleW
0x1004b0e8 GetFileSizeEx
0x1004b0ec SetFilePointerEx
0x1004b0f0 FlushFileBuffers
0x1004b0f4 GetConsoleOutputCP
0x1004b0f8 GetConsoleMode
0x1004b0fc LCMapStringW
0x1004b100 GetLocaleInfoW
0x1004b104 IsValidLocale
0x1004b108 GetUserDefaultLCID
0x1004b10c EnumSystemLocalesW
0x1004b110 HeapFree
0x1004b114 HeapReAlloc
0x1004b118 HeapSize
0x1004b11c HeapQueryInformation
0x1004b120 GetProcessHeap
0x1004b124 ReadFile
0x1004b128 ReadConsoleW
0x1004b12c FindClose
0x1004b130 FindFirstFileExW
0x1004b134 FindNextFileW
0x1004b138 IsValidCodePage
0x1004b13c GetACP
0x1004b140 GetOEMCP
0x1004b144 GetCommandLineA
0x1004b148 GetCommandLineW
0x1004b14c GetEnvironmentStringsW
0x1004b150 FreeEnvironmentStringsW
0x1004b154 SetEndOfFile
USER32.dll
0x1004b15c ShowWindow
EAT(Export Address Table) Library
0x100026f0 Netpas_Init
0x100026f0 Netpas_Start
0x100026f0 Netpas_Stop