Report - mi.dll

Generic Malware PE File DLL PE32

ScreenShot

Info
Location map


Created	2024.07.16 14:11	Machine	s1_win7_x6403
Filename	mi.dll
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
AI Score	Not founds	Behavior Score	2.0
ZERO API	file : clean
VT API (file)	10 detected (AIDetectMalware, malicious, moderate confidence, score, Unsafe, VMProtect, BC suspicious, Kryptik, GYKdcmG8yzF, Static AI, Suspicious PE, confidence)
md5	e6743e380f2418b616dca113dbbc93cb
sha256	eb7183f807b13b4524393b8da4cc242d96283a13ecd7331db1fcefd43986d0c9
ssdeep	196608:DDErb7pO6pV9Mqhdq3PusYB8NggX4WR+2EZ1hggBMY+gj7LWWtYH4c3nUOTBDAaX:DmUSDBYSBIoM5Shgg+dW64cXUoBDAaX
imphash	6c871eb5afcc648e749d578ab8277277
impfuzzy	3:s3rAVMQWmJIWgI/:4rAmC

Network IP location

Signature (6cnts)

Level	Description
watch	File has been identified by 10 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	Checks if process is being debugged by a debugger
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (4cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x6d150000 AddVectoredExceptionHandler
msvcrt.dll
0x6d150008 __mb_cur_max

EAT(Export Address Table) Library

0x6c7a6460 MainFunc
0x6cabf64c _cgo_dummy_export

Similarity measure (PE file only) - Checking for service failure