ScreenShot
| Created | 2024.08.04 13:33 | Machine | s1_win7_x6401 |
| Filename | mimilib.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (AIDetectMalware, Mimikatz, malicious, high confidence, score, HTool, Unsafe, HackTool, uwccg, Attribute, HighConfidence, Tool, CLASSIC, BAZARLOADER, SMYXBIMZ, Apteryx, Detected, ai score=84, Mikatz, R453144, GdSda, HKTL, MIMIKATZ64, Static AI, Malicious PE, confidence) | ||
| md5 | ddbd4a6269c999e0e32a2b523495ca39 | ||
| sha256 | 7fdb709e4e16ffe0bb98f6f534e49810610321dfab990fbc7354d4c0e755438f | ||
| ssdeep | 3072:ua5y53R5YygRHEUQsNKJhGcoN3ejWXvA3bWsOI1G+vejil:uKrRkANoscz3bocH | ||
| imphash | cbfe356bef0f713dd262e4f553876b6b | ||
| impfuzzy | 24:9vjzdLpB6YQo6wxvwxmDp9f0C2S1o0qtyfJnc+plmr2SwjMovi0OovbOPZJ:9vHHn950fS1Ytypc+pEyM3b | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x180017000 CreateRestrictedToken
0x180017008 OpenProcessToken
0x180017010 ConvertSidToStringSidA
0x180017018 IsTextUnicode
0x180017020 CreateProcessAsUserW
ntdll.dll
0x1800172f0 RtlFreeUnicodeString
0x1800172f8 RtlStringFromGUID
0x180017300 RtlEqualString
RPCRT4.dll
0x1800172c0 MesHandleFree
0x1800172c8 MesDecodeIncrementalHandleCreate
0x1800172d0 NdrMesTypeFree2
0x1800172d8 NdrMesTypeDecode2
0x1800172e0 MesIncrementalHandleReset
ole32.dll
0x180017310 CoCreateInstance
KERNEL32.dll
0x180017030 ReadConsoleW
0x180017038 ReadFile
0x180017040 SetEndOfFile
0x180017048 HeapReAlloc
0x180017050 HeapSize
0x180017058 WriteConsoleW
0x180017060 SetFilePointerEx
0x180017068 CreateFileW
0x180017070 GetCurrentProcess
0x180017078 CloseHandle
0x180017080 lstrlenW
0x180017088 LoadLibraryW
0x180017090 GetProcAddress
0x180017098 FreeLibrary
0x1800170a0 VirtualProtect
0x1800170a8 GetLastError
0x1800170b0 LocalAlloc
0x1800170b8 LocalFree
0x1800170c0 GetTimeFormatA
0x1800170c8 FileTimeToSystemTime
0x1800170d0 GetDateFormatA
0x1800170d8 FileTimeToLocalFileTime
0x1800170e0 RaiseException
0x1800170e8 GetSystemInfo
0x1800170f0 VirtualQuery
0x1800170f8 GetModuleHandleW
0x180017100 LoadLibraryExA
0x180017108 QueryPerformanceCounter
0x180017110 GetCurrentProcessId
0x180017118 GetCurrentThreadId
0x180017120 GetSystemTimeAsFileTime
0x180017128 InitializeSListHead
0x180017130 RtlCaptureContext
0x180017138 RtlLookupFunctionEntry
0x180017140 RtlVirtualUnwind
0x180017148 IsDebuggerPresent
0x180017150 UnhandledExceptionFilter
0x180017158 SetUnhandledExceptionFilter
0x180017160 GetStartupInfoW
0x180017168 IsProcessorFeaturePresent
0x180017170 SetStdHandle
0x180017178 RtlUnwindEx
0x180017180 InterlockedFlushSList
0x180017188 SetLastError
0x180017190 EnterCriticalSection
0x180017198 LeaveCriticalSection
0x1800171a0 DeleteCriticalSection
0x1800171a8 InitializeCriticalSectionAndSpinCount
0x1800171b0 TlsAlloc
0x1800171b8 TlsGetValue
0x1800171c0 TlsSetValue
0x1800171c8 TlsFree
0x1800171d0 LoadLibraryExW
0x1800171d8 ExitProcess
0x1800171e0 TerminateProcess
0x1800171e8 GetModuleHandleExW
0x1800171f0 GetModuleFileNameA
0x1800171f8 MultiByteToWideChar
0x180017200 WideCharToMultiByte
0x180017208 HeapFree
0x180017210 HeapAlloc
0x180017218 GetACP
0x180017220 FlushFileBuffers
0x180017228 WriteFile
0x180017230 GetConsoleCP
0x180017238 GetConsoleMode
0x180017240 GetStdHandle
0x180017248 GetFileType
0x180017250 LCMapStringW
0x180017258 FindClose
0x180017260 FindFirstFileExA
0x180017268 FindNextFileA
0x180017270 IsValidCodePage
0x180017278 GetOEMCP
0x180017280 GetCPInfo
0x180017288 GetCommandLineA
0x180017290 GetCommandLineW
0x180017298 GetEnvironmentStringsW
0x1800172a0 FreeEnvironmentStringsW
0x1800172a8 GetProcessHeap
0x1800172b0 GetStringTypeW
EAT(Export Address Table) Library
0x1800011e4 DhcpNewPktHook
0x180001134 DhcpServerCalloutEntry
0x180001b68 DllCanUnloadNow
0x180001b00 DllGetClassObject
0x180001284 DnsPluginCleanup
0x180001284 DnsPluginInitialize
0x180001288 DnsPluginQuery
0x1800031e0 ExtensionApiVersion
0x1800012e8 InitializeChangeNotify
0x180001530 Msv1_0SubAuthenticationFilter
0x180001530 Msv1_0SubAuthenticationRoutine
0x180001420 NPGetCaps
0x180001374 NPLogonNotify
0x1800012ec PasswordChangeNotify
0x180001514 SpLsaModeInitialize
0x1800031e8 WinDbgExtensionDllInit
0x18000324c coffee
0x18000325c mimikatz
0x180001000 startW
ADVAPI32.dll
0x180017000 CreateRestrictedToken
0x180017008 OpenProcessToken
0x180017010 ConvertSidToStringSidA
0x180017018 IsTextUnicode
0x180017020 CreateProcessAsUserW
ntdll.dll
0x1800172f0 RtlFreeUnicodeString
0x1800172f8 RtlStringFromGUID
0x180017300 RtlEqualString
RPCRT4.dll
0x1800172c0 MesHandleFree
0x1800172c8 MesDecodeIncrementalHandleCreate
0x1800172d0 NdrMesTypeFree2
0x1800172d8 NdrMesTypeDecode2
0x1800172e0 MesIncrementalHandleReset
ole32.dll
0x180017310 CoCreateInstance
KERNEL32.dll
0x180017030 ReadConsoleW
0x180017038 ReadFile
0x180017040 SetEndOfFile
0x180017048 HeapReAlloc
0x180017050 HeapSize
0x180017058 WriteConsoleW
0x180017060 SetFilePointerEx
0x180017068 CreateFileW
0x180017070 GetCurrentProcess
0x180017078 CloseHandle
0x180017080 lstrlenW
0x180017088 LoadLibraryW
0x180017090 GetProcAddress
0x180017098 FreeLibrary
0x1800170a0 VirtualProtect
0x1800170a8 GetLastError
0x1800170b0 LocalAlloc
0x1800170b8 LocalFree
0x1800170c0 GetTimeFormatA
0x1800170c8 FileTimeToSystemTime
0x1800170d0 GetDateFormatA
0x1800170d8 FileTimeToLocalFileTime
0x1800170e0 RaiseException
0x1800170e8 GetSystemInfo
0x1800170f0 VirtualQuery
0x1800170f8 GetModuleHandleW
0x180017100 LoadLibraryExA
0x180017108 QueryPerformanceCounter
0x180017110 GetCurrentProcessId
0x180017118 GetCurrentThreadId
0x180017120 GetSystemTimeAsFileTime
0x180017128 InitializeSListHead
0x180017130 RtlCaptureContext
0x180017138 RtlLookupFunctionEntry
0x180017140 RtlVirtualUnwind
0x180017148 IsDebuggerPresent
0x180017150 UnhandledExceptionFilter
0x180017158 SetUnhandledExceptionFilter
0x180017160 GetStartupInfoW
0x180017168 IsProcessorFeaturePresent
0x180017170 SetStdHandle
0x180017178 RtlUnwindEx
0x180017180 InterlockedFlushSList
0x180017188 SetLastError
0x180017190 EnterCriticalSection
0x180017198 LeaveCriticalSection
0x1800171a0 DeleteCriticalSection
0x1800171a8 InitializeCriticalSectionAndSpinCount
0x1800171b0 TlsAlloc
0x1800171b8 TlsGetValue
0x1800171c0 TlsSetValue
0x1800171c8 TlsFree
0x1800171d0 LoadLibraryExW
0x1800171d8 ExitProcess
0x1800171e0 TerminateProcess
0x1800171e8 GetModuleHandleExW
0x1800171f0 GetModuleFileNameA
0x1800171f8 MultiByteToWideChar
0x180017200 WideCharToMultiByte
0x180017208 HeapFree
0x180017210 HeapAlloc
0x180017218 GetACP
0x180017220 FlushFileBuffers
0x180017228 WriteFile
0x180017230 GetConsoleCP
0x180017238 GetConsoleMode
0x180017240 GetStdHandle
0x180017248 GetFileType
0x180017250 LCMapStringW
0x180017258 FindClose
0x180017260 FindFirstFileExA
0x180017268 FindNextFileA
0x180017270 IsValidCodePage
0x180017278 GetOEMCP
0x180017280 GetCPInfo
0x180017288 GetCommandLineA
0x180017290 GetCommandLineW
0x180017298 GetEnvironmentStringsW
0x1800172a0 FreeEnvironmentStringsW
0x1800172a8 GetProcessHeap
0x1800172b0 GetStringTypeW
EAT(Export Address Table) Library
0x1800011e4 DhcpNewPktHook
0x180001134 DhcpServerCalloutEntry
0x180001b68 DllCanUnloadNow
0x180001b00 DllGetClassObject
0x180001284 DnsPluginCleanup
0x180001284 DnsPluginInitialize
0x180001288 DnsPluginQuery
0x1800031e0 ExtensionApiVersion
0x1800012e8 InitializeChangeNotify
0x180001530 Msv1_0SubAuthenticationFilter
0x180001530 Msv1_0SubAuthenticationRoutine
0x180001420 NPGetCaps
0x180001374 NPLogonNotify
0x1800012ec PasswordChangeNotify
0x180001514 SpLsaModeInitialize
0x1800031e8 WinDbgExtensionDllInit
0x18000324c coffee
0x18000325c mimikatz
0x180001000 startW