ScreenShot
| Created | 2024.08.06 09:25 | Machine | s1_win7_x6403 |
| Filename | ann.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetectMalware, LsassDump, Artemis, Unsafe, HackTool, NanoDump, MalwareX, CobaltStrike, CLOUD, R002C0DH524, Detected, ai score=88, ABApplication, DTWH, MALICIOUS) | ||
| md5 | 4d40d90f8bb645e5af06593608a1f21d | ||
| sha256 | 091cab51d77f769c9e40adc8e2a475988f022c5d7b679bcd0aed24c4a95ef1e6 | ||
| ssdeep | 384:U14J0Ulx958Bg3o6p9U9b0wwpyuXJoJz9QMmn0r0qmMXfd+5b7If/+s9Xu1:UCaUlxoBgM943yuXJogKvY5A+ | ||
| imphash | caf38daefab29cfad89407d623eabb48 | ||
| impfuzzy | 24:8MoayI4Tg9tKAZhihDpujDpylE9JPdL4vEoS1zd:qsdyendLWS1x | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
api-ms-win-crt-string-l1-1-0.dll
0x180008178 wcsnlen
0x180008180 _wcsicmp
0x180008188 wcsncmp
0x180008190 wcsncpy
0x180008198 wcsncat
api-ms-win-crt-convert-l1-1-0.dll
0x1800080f8 mbstowcs
api-ms-win-crt-utility-l1-1-0.dll
0x1800081b8 srand
0x1800081c0 rand
api-ms-win-crt-time-l1-1-0.dll
0x1800081a8 _time64
api-ms-win-crt-runtime-l1-1-0.dll
0x180008120 terminate
0x180008128 _seh_filter_dll
0x180008130 _configure_narrow_argv
0x180008138 abort
0x180008140 _initialize_narrow_environment
0x180008148 _initterm_e
0x180008150 _initialize_onexit_table
0x180008158 _initterm
0x180008160 _cexit
0x180008168 _execute_onexit_table
KERNEL32.dll
0x180008000 RtlLookupFunctionEntry
0x180008008 GetCurrentProcess
0x180008010 LoadLibraryExW
0x180008018 GetProcAddress
0x180008020 FreeLibrary
0x180008028 TlsFree
0x180008030 TlsSetValue
0x180008038 TlsGetValue
0x180008040 TlsAlloc
0x180008048 InitializeCriticalSectionAndSpinCount
0x180008050 DeleteCriticalSection
0x180008058 SetLastError
0x180008060 InterlockedFlushSList
0x180008068 RtlUnwindEx
0x180008070 IsProcessorFeaturePresent
0x180008078 SetUnhandledExceptionFilter
0x180008080 UnhandledExceptionFilter
0x180008088 IsDebuggerPresent
0x180008090 RtlVirtualUnwind
0x180008098 TerminateProcess
0x1800080a0 RtlCaptureContext
0x1800080a8 GetLastError
0x1800080b0 HeapAlloc
0x1800080b8 HeapFree
0x1800080c0 GetProcessHeap
0x1800080c8 QueryPerformanceCounter
0x1800080d0 GetCurrentProcessId
0x1800080d8 GetCurrentThreadId
0x1800080e0 GetSystemTimeAsFileTime
0x1800080e8 InitializeSListHead
api-ms-win-crt-heap-l1-1-0.dll
0x180008108 free
0x180008110 calloc
EAT(Export Address Table) Library
0x180001000 DllMain
api-ms-win-crt-string-l1-1-0.dll
0x180008178 wcsnlen
0x180008180 _wcsicmp
0x180008188 wcsncmp
0x180008190 wcsncpy
0x180008198 wcsncat
api-ms-win-crt-convert-l1-1-0.dll
0x1800080f8 mbstowcs
api-ms-win-crt-utility-l1-1-0.dll
0x1800081b8 srand
0x1800081c0 rand
api-ms-win-crt-time-l1-1-0.dll
0x1800081a8 _time64
api-ms-win-crt-runtime-l1-1-0.dll
0x180008120 terminate
0x180008128 _seh_filter_dll
0x180008130 _configure_narrow_argv
0x180008138 abort
0x180008140 _initialize_narrow_environment
0x180008148 _initterm_e
0x180008150 _initialize_onexit_table
0x180008158 _initterm
0x180008160 _cexit
0x180008168 _execute_onexit_table
KERNEL32.dll
0x180008000 RtlLookupFunctionEntry
0x180008008 GetCurrentProcess
0x180008010 LoadLibraryExW
0x180008018 GetProcAddress
0x180008020 FreeLibrary
0x180008028 TlsFree
0x180008030 TlsSetValue
0x180008038 TlsGetValue
0x180008040 TlsAlloc
0x180008048 InitializeCriticalSectionAndSpinCount
0x180008050 DeleteCriticalSection
0x180008058 SetLastError
0x180008060 InterlockedFlushSList
0x180008068 RtlUnwindEx
0x180008070 IsProcessorFeaturePresent
0x180008078 SetUnhandledExceptionFilter
0x180008080 UnhandledExceptionFilter
0x180008088 IsDebuggerPresent
0x180008090 RtlVirtualUnwind
0x180008098 TerminateProcess
0x1800080a0 RtlCaptureContext
0x1800080a8 GetLastError
0x1800080b0 HeapAlloc
0x1800080b8 HeapFree
0x1800080c0 GetProcessHeap
0x1800080c8 QueryPerformanceCounter
0x1800080d0 GetCurrentProcessId
0x1800080d8 GetCurrentThreadId
0x1800080e0 GetSystemTimeAsFileTime
0x1800080e8 InitializeSListHead
api-ms-win-crt-heap-l1-1-0.dll
0x180008108 free
0x180008110 calloc
EAT(Export Address Table) Library
0x180001000 DllMain