ScreenShot
| Created | 2024.08.04 13:37 | Machine | s1_win7_x6401 |
| Filename | mimispool.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 44 detected (Mimikatz, malicious, high confidence, score, Unsafe, Attribute, HighConfidence, CVE-2021-1675, TrojanPSW, Z7hKCBfrpcB, Tool, HKTL, MIMIKATZ64, Outbreak, Hacktool, Detected, Mimispoolz, ABTrojan, UQBP, R439082, GdSda, EnXYkTDFmc, ai score=87, confidence) | ||
| md5 | 7185df3dbaa4049c26fe2d6962528577 | ||
| sha256 | 8cb1ac82f4ec631b5d1121a01dd15c2815c46b989db83c156172338e9968fd37 | ||
| ssdeep | 1536:rPIIhUDRDCEaL7ml62agJ4pRz1TBTr1vxxCNoysWQ+1LJUdc9dlDgl1QNwP0uol:rPIIyDdS7mQ2NJ4rJBTr1zCo9+1LwUxB | ||
| imphash | f41da4b94d694d1773335d690e8c3ce8 | ||
| impfuzzy | 24:AzLKDHMAJMLk65LJpS1o0qtmVnc+pl3eDoTY2CUaOovbOPZVv2jMA:M+PJEk65XS1Ytm1c+pp/Ym3LW | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x18000b000 CreateProcessAsUserW
0x18000b008 OpenProcessToken
0x18000b010 SetTokenInformation
0x18000b018 DuplicateTokenEx
USERENV.dll
0x18000b240 CreateEnvironmentBlock
0x18000b248 DestroyEnvironmentBlock
WINSTA.dll
0x18000b258 WinStationEnumerateW
0x18000b260 WinStationFreeMemory
KERNEL32.dll
0x18000b028 CreateFileW
0x18000b030 WriteConsoleW
0x18000b038 SetLastError
0x18000b040 GetCurrentProcess
0x18000b048 CloseHandle
0x18000b050 QueryPerformanceCounter
0x18000b058 GetCurrentProcessId
0x18000b060 GetCurrentThreadId
0x18000b068 GetSystemTimeAsFileTime
0x18000b070 InitializeSListHead
0x18000b078 RtlCaptureContext
0x18000b080 RtlLookupFunctionEntry
0x18000b088 RtlVirtualUnwind
0x18000b090 IsDebuggerPresent
0x18000b098 UnhandledExceptionFilter
0x18000b0a0 SetUnhandledExceptionFilter
0x18000b0a8 GetStartupInfoW
0x18000b0b0 IsProcessorFeaturePresent
0x18000b0b8 GetModuleHandleW
0x18000b0c0 SetFilePointerEx
0x18000b0c8 RtlUnwindEx
0x18000b0d0 InterlockedFlushSList
0x18000b0d8 GetLastError
0x18000b0e0 EnterCriticalSection
0x18000b0e8 LeaveCriticalSection
0x18000b0f0 DeleteCriticalSection
0x18000b0f8 InitializeCriticalSectionAndSpinCount
0x18000b100 TlsAlloc
0x18000b108 TlsGetValue
0x18000b110 TlsSetValue
0x18000b118 TlsFree
0x18000b120 FreeLibrary
0x18000b128 GetProcAddress
0x18000b130 LoadLibraryExW
0x18000b138 RaiseException
0x18000b140 ExitProcess
0x18000b148 TerminateProcess
0x18000b150 GetModuleHandleExW
0x18000b158 GetModuleFileNameA
0x18000b160 MultiByteToWideChar
0x18000b168 WideCharToMultiByte
0x18000b170 LCMapStringW
0x18000b178 HeapAlloc
0x18000b180 HeapFree
0x18000b188 FindClose
0x18000b190 FindFirstFileExA
0x18000b198 FindNextFileA
0x18000b1a0 IsValidCodePage
0x18000b1a8 GetACP
0x18000b1b0 GetOEMCP
0x18000b1b8 GetCPInfo
0x18000b1c0 GetCommandLineA
0x18000b1c8 GetCommandLineW
0x18000b1d0 GetEnvironmentStringsW
0x18000b1d8 FreeEnvironmentStringsW
0x18000b1e0 GetProcessHeap
0x18000b1e8 GetStdHandle
0x18000b1f0 GetFileType
0x18000b1f8 GetStringTypeW
0x18000b200 HeapSize
0x18000b208 HeapReAlloc
0x18000b210 SetStdHandle
0x18000b218 WriteFile
0x18000b220 FlushFileBuffers
0x18000b228 GetConsoleCP
0x18000b230 GetConsoleMode
EAT(Export Address Table) Library
0x180001018 DrvDisableDriver
0x18000105c DrvEnableDriver
0x18000101c DrvQueryDriverInfo
0x180001018 DrvResetConfigCache
0x180001094 GenerateCopyFilePaths
0x180001098 SpoolerCopyFileEvent
ADVAPI32.dll
0x18000b000 CreateProcessAsUserW
0x18000b008 OpenProcessToken
0x18000b010 SetTokenInformation
0x18000b018 DuplicateTokenEx
USERENV.dll
0x18000b240 CreateEnvironmentBlock
0x18000b248 DestroyEnvironmentBlock
WINSTA.dll
0x18000b258 WinStationEnumerateW
0x18000b260 WinStationFreeMemory
KERNEL32.dll
0x18000b028 CreateFileW
0x18000b030 WriteConsoleW
0x18000b038 SetLastError
0x18000b040 GetCurrentProcess
0x18000b048 CloseHandle
0x18000b050 QueryPerformanceCounter
0x18000b058 GetCurrentProcessId
0x18000b060 GetCurrentThreadId
0x18000b068 GetSystemTimeAsFileTime
0x18000b070 InitializeSListHead
0x18000b078 RtlCaptureContext
0x18000b080 RtlLookupFunctionEntry
0x18000b088 RtlVirtualUnwind
0x18000b090 IsDebuggerPresent
0x18000b098 UnhandledExceptionFilter
0x18000b0a0 SetUnhandledExceptionFilter
0x18000b0a8 GetStartupInfoW
0x18000b0b0 IsProcessorFeaturePresent
0x18000b0b8 GetModuleHandleW
0x18000b0c0 SetFilePointerEx
0x18000b0c8 RtlUnwindEx
0x18000b0d0 InterlockedFlushSList
0x18000b0d8 GetLastError
0x18000b0e0 EnterCriticalSection
0x18000b0e8 LeaveCriticalSection
0x18000b0f0 DeleteCriticalSection
0x18000b0f8 InitializeCriticalSectionAndSpinCount
0x18000b100 TlsAlloc
0x18000b108 TlsGetValue
0x18000b110 TlsSetValue
0x18000b118 TlsFree
0x18000b120 FreeLibrary
0x18000b128 GetProcAddress
0x18000b130 LoadLibraryExW
0x18000b138 RaiseException
0x18000b140 ExitProcess
0x18000b148 TerminateProcess
0x18000b150 GetModuleHandleExW
0x18000b158 GetModuleFileNameA
0x18000b160 MultiByteToWideChar
0x18000b168 WideCharToMultiByte
0x18000b170 LCMapStringW
0x18000b178 HeapAlloc
0x18000b180 HeapFree
0x18000b188 FindClose
0x18000b190 FindFirstFileExA
0x18000b198 FindNextFileA
0x18000b1a0 IsValidCodePage
0x18000b1a8 GetACP
0x18000b1b0 GetOEMCP
0x18000b1b8 GetCPInfo
0x18000b1c0 GetCommandLineA
0x18000b1c8 GetCommandLineW
0x18000b1d0 GetEnvironmentStringsW
0x18000b1d8 FreeEnvironmentStringsW
0x18000b1e0 GetProcessHeap
0x18000b1e8 GetStdHandle
0x18000b1f0 GetFileType
0x18000b1f8 GetStringTypeW
0x18000b200 HeapSize
0x18000b208 HeapReAlloc
0x18000b210 SetStdHandle
0x18000b218 WriteFile
0x18000b220 FlushFileBuffers
0x18000b228 GetConsoleCP
0x18000b230 GetConsoleMode
EAT(Export Address Table) Library
0x180001018 DrvDisableDriver
0x18000105c DrvEnableDriver
0x18000101c DrvQueryDriverInfo
0x180001018 DrvResetConfigCache
0x180001094 GenerateCopyFilePaths
0x180001098 SpoolerCopyFileEvent