ScreenShot
| Created | 2024.08.04 14:01 | Machine | s1_win7_x6401 |
| Filename | x64.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (AIDetectMalware, malicious, high confidence, score, Midie, Unsafe, Save, Attribute, HighConfidence, GenericRXQX, MalwareX, Wacatac, CLASSIC, AGEN, R002C0PDB24, Real Protect, high, Detected, ai score=87, Zusy, Eldorado, R353801, ZedlaF, Qu8@aq2H2Wfj, Chgt, Gencirc, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | b96f469d875c7fa8c2f913e906dde0e6 | ||
| sha256 | 48b32782c958f12b4ac603eedeb02f6a864ec4fa7368c079560a8fd9c4d04a74 | ||
| ssdeep | 12288:zw3SCFxnSVunwBJSX35zZKjh6WuKA/d/qi12OTYT6VC8Myxto1Rj0:XC6iwiX3NwZQ/BqigOih0toP0 | ||
| imphash | 503675ed4e0eeb5c3949bdcfdd2a8fd0 | ||
| impfuzzy | 48:SOFVdgWm3thZ9XGcZz42/nHTFEIeLDweAXXyIp+:SkVd5m3th/XGcZzNfHTFjeLDwnnhp+ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10010038 GetModuleHandleW
0x1001003c WriteFile
0x10010040 GetWindowsDirectoryW
0x10010044 DeleteFileW
0x10010048 DisableThreadLibraryCalls
0x1001004c VirtualProtect
0x10010050 GetLastError
0x10010054 GetTickCount64
0x10010058 CreateThread
0x1001005c GetCurrentProcessId
0x10010060 CloseHandle
0x10010064 GetModuleHandleA
0x10010068 DeviceIoControl
0x1001006c GetProcAddress
0x10010070 MultiByteToWideChar
0x10010074 CreateFileW
0x10010078 Sleep
0x1001007c WriteConsoleW
0x10010080 SetStdHandle
0x10010084 GetStringTypeW
0x10010088 LCMapStringW
0x1001008c HeapSize
0x10010090 HeapReAlloc
0x10010094 RtlUnwind
0x10010098 SetFilePointerEx
0x1001009c GetProcessHeap
0x100100a0 GetTickCount
0x100100a4 GetConsoleMode
0x100100a8 GetConsoleCP
0x100100ac OutputDebugStringW
0x100100b0 GetCPInfo
0x100100b4 GetOEMCP
0x100100b8 HeapFree
0x100100bc HeapAlloc
0x100100c0 IsDebuggerPresent
0x100100c4 IsProcessorFeaturePresent
0x100100c8 GetCommandLineA
0x100100cc GetCurrentThreadId
0x100100d0 EncodePointer
0x100100d4 DecodePointer
0x100100d8 ExitProcess
0x100100dc GetModuleHandleExW
0x100100e0 WideCharToMultiByte
0x100100e4 GetStdHandle
0x100100e8 GetModuleFileNameW
0x100100ec UnhandledExceptionFilter
0x100100f0 SetUnhandledExceptionFilter
0x100100f4 SetLastError
0x100100f8 InitializeCriticalSectionAndSpinCount
0x100100fc GetCurrentProcess
0x10010100 TerminateProcess
0x10010104 TlsAlloc
0x10010108 TlsGetValue
0x1001010c TlsSetValue
0x10010110 TlsFree
0x10010114 GetStartupInfoW
0x10010118 GetFileType
0x1001011c DeleteCriticalSection
0x10010120 GetModuleFileNameA
0x10010124 QueryPerformanceCounter
0x10010128 GetSystemTimeAsFileTime
0x1001012c GetEnvironmentStringsW
0x10010130 FreeEnvironmentStringsW
0x10010134 EnterCriticalSection
0x10010138 LeaveCriticalSection
0x1001013c LoadLibraryExW
0x10010140 IsValidCodePage
0x10010144 GetACP
0x10010148 FlushFileBuffers
ADVAPI32.dll
0x10010000 QueryServiceStatusEx
0x10010004 OpenSCManagerW
0x10010008 OpenServiceW
0x1001000c StartServiceW
0x10010010 ChangeServiceConfigW
0x10010014 CreateServiceW
0x10010018 QueryServiceConfigW
0x1001001c CloseServiceHandle
SHELL32.dll
0x10010150 SHGetFolderPathA
fwpuclnt.dll
0x1001016c FwpmCalloutDestroyEnumHandle0
0x10010170 FwpmFilterCreateEnumHandle0
0x10010174 FwpmFilterEnum0
0x10010178 FwpmEngineOpen0
0x1001017c FwpmFilterDestroyEnumHandle0
0x10010180 FwpmEngineClose0
0x10010184 FwpmFreeMemory0
0x10010188 FwpmFilterDeleteById0
0x1001018c FwpmCalloutEnum0
0x10010190 FwpmCalloutCreateEnumHandle0
CRYPT32.dll
0x10010024 CertOpenStore
0x10010028 CertAddEncodedCertificateToStore
WS2_32.dll
0x10010158 gethostbyname
0x1001015c WSACleanup
0x10010160 WSAStartup
0x10010164 gethostname
IPHLPAPI.DLL
0x10010030 GetAdaptersInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x10010038 GetModuleHandleW
0x1001003c WriteFile
0x10010040 GetWindowsDirectoryW
0x10010044 DeleteFileW
0x10010048 DisableThreadLibraryCalls
0x1001004c VirtualProtect
0x10010050 GetLastError
0x10010054 GetTickCount64
0x10010058 CreateThread
0x1001005c GetCurrentProcessId
0x10010060 CloseHandle
0x10010064 GetModuleHandleA
0x10010068 DeviceIoControl
0x1001006c GetProcAddress
0x10010070 MultiByteToWideChar
0x10010074 CreateFileW
0x10010078 Sleep
0x1001007c WriteConsoleW
0x10010080 SetStdHandle
0x10010084 GetStringTypeW
0x10010088 LCMapStringW
0x1001008c HeapSize
0x10010090 HeapReAlloc
0x10010094 RtlUnwind
0x10010098 SetFilePointerEx
0x1001009c GetProcessHeap
0x100100a0 GetTickCount
0x100100a4 GetConsoleMode
0x100100a8 GetConsoleCP
0x100100ac OutputDebugStringW
0x100100b0 GetCPInfo
0x100100b4 GetOEMCP
0x100100b8 HeapFree
0x100100bc HeapAlloc
0x100100c0 IsDebuggerPresent
0x100100c4 IsProcessorFeaturePresent
0x100100c8 GetCommandLineA
0x100100cc GetCurrentThreadId
0x100100d0 EncodePointer
0x100100d4 DecodePointer
0x100100d8 ExitProcess
0x100100dc GetModuleHandleExW
0x100100e0 WideCharToMultiByte
0x100100e4 GetStdHandle
0x100100e8 GetModuleFileNameW
0x100100ec UnhandledExceptionFilter
0x100100f0 SetUnhandledExceptionFilter
0x100100f4 SetLastError
0x100100f8 InitializeCriticalSectionAndSpinCount
0x100100fc GetCurrentProcess
0x10010100 TerminateProcess
0x10010104 TlsAlloc
0x10010108 TlsGetValue
0x1001010c TlsSetValue
0x10010110 TlsFree
0x10010114 GetStartupInfoW
0x10010118 GetFileType
0x1001011c DeleteCriticalSection
0x10010120 GetModuleFileNameA
0x10010124 QueryPerformanceCounter
0x10010128 GetSystemTimeAsFileTime
0x1001012c GetEnvironmentStringsW
0x10010130 FreeEnvironmentStringsW
0x10010134 EnterCriticalSection
0x10010138 LeaveCriticalSection
0x1001013c LoadLibraryExW
0x10010140 IsValidCodePage
0x10010144 GetACP
0x10010148 FlushFileBuffers
ADVAPI32.dll
0x10010000 QueryServiceStatusEx
0x10010004 OpenSCManagerW
0x10010008 OpenServiceW
0x1001000c StartServiceW
0x10010010 ChangeServiceConfigW
0x10010014 CreateServiceW
0x10010018 QueryServiceConfigW
0x1001001c CloseServiceHandle
SHELL32.dll
0x10010150 SHGetFolderPathA
fwpuclnt.dll
0x1001016c FwpmCalloutDestroyEnumHandle0
0x10010170 FwpmFilterCreateEnumHandle0
0x10010174 FwpmFilterEnum0
0x10010178 FwpmEngineOpen0
0x1001017c FwpmFilterDestroyEnumHandle0
0x10010180 FwpmEngineClose0
0x10010184 FwpmFreeMemory0
0x10010188 FwpmFilterDeleteById0
0x1001018c FwpmCalloutEnum0
0x10010190 FwpmCalloutCreateEnumHandle0
CRYPT32.dll
0x10010024 CertOpenStore
0x10010028 CertAddEncodedCertificateToStore
WS2_32.dll
0x10010158 gethostbyname
0x1001015c WSACleanup
0x10010160 WSAStartup
0x10010164 gethostname
IPHLPAPI.DLL
0x10010030 GetAdaptersInfo
EAT(Export Address Table) is none