ScreenShot
| Created | 2024.08.12 09:57 | Machine | s1_win7_x6401 |
| Filename | Z2.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 17 detected (AIDetectMalware, malicious, high confidence, score, Save, BlackMoon, A suspicious, Tiggre, Detected, Blamon, Zegost, D@6vpf1l, Wacapew, Eldorado, Runshell) | ||
| md5 | 35d97fe4def32490e580b328c39beaa7 | ||
| sha256 | fac06e78df65d037c38a2df8d6939b069e8a231107b5e86dec241eb2b3b3920f | ||
| ssdeep | 1536:7NYgj9qG3W5jXp8m6TIzX2INMq55u/b//xHU4HMtQ:OGWjVFnYhU4HMtQ | ||
| imphash | 66a927b99d2ed944e8f631d2b176d59f | ||
| impfuzzy | 24:aBuV4WCbOov6eD0w/dzR6cQdiJsRvDYvHEbu8bFfcxMYPegTKQw39BdA3+mFQ4E2:arq5C/VwpdvDHFfcNPzTKQu3G3+ZJ2 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | Detects Virtual Machines through their custom firmware |
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | The executable uses a known packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10012018 IsBadReadPtr
0x1001201c GetTickCount
0x10012020 GetPrivateProfileStringA
0x10012024 GetCommandLineA
0x10012028 GetModuleFileNameA
0x1001202c FreeLibrary
0x10012030 GetProcAddress
0x10012034 HeapFree
0x10012038 LCMapStringA
0x1001203c HeapReAlloc
0x10012040 HeapAlloc
0x10012044 ExitProcess
0x10012048 GetModuleHandleA
0x1001204c GetProcessHeap
0x10012050 CloseHandle
0x10012054 TerminateProcess
0x10012058 OpenProcess
0x1001205c GetCurrentProcess
0x10012060 Sleep
0x10012064 LoadLibraryA
0x10012068 GetCurrentProcessId
0x1001206c FlushFileBuffers
0x10012070 GetVersionExA
0x10012074 GetLastError
0x10012078 MultiByteToWideChar
0x1001207c WideCharToMultiByte
0x10012080 GetVersion
0x10012084 RtlUnwind
0x10012088 GetCurrentThreadId
0x1001208c TlsSetValue
0x10012090 TlsAlloc
0x10012094 TlsFree
0x10012098 SetLastError
0x1001209c TlsGetValue
0x100120a0 SetHandleCount
0x100120a4 GetStdHandle
0x100120a8 GetFileType
0x100120ac GetStartupInfoA
0x100120b0 DeleteCriticalSection
0x100120b4 FreeEnvironmentStringsA
0x100120b8 FreeEnvironmentStringsW
0x100120bc GetEnvironmentStrings
0x100120c0 GetEnvironmentStringsW
0x100120c4 GetEnvironmentVariableA
0x100120c8 HeapDestroy
0x100120cc HeapCreate
0x100120d0 VirtualFree
0x100120d4 WriteFile
0x100120d8 RaiseException
0x100120dc VirtualAlloc
0x100120e0 InitializeCriticalSection
0x100120e4 EnterCriticalSection
0x100120e8 LeaveCriticalSection
0x100120ec GetCPInfo
0x100120f0 GetACP
0x100120f4 GetOEMCP
0x100120f8 InterlockedDecrement
0x100120fc InterlockedIncrement
0x10012100 SetFilePointer
0x10012104 GetStringTypeA
0x10012108 GetStringTypeW
0x1001210c SetUnhandledExceptionFilter
0x10012110 IsBadCodePtr
0x10012114 LCMapStringW
0x10012118 SetStdHandle
USER32.dll
0x10012130 DispatchMessageA
0x10012134 wsprintfA
0x10012138 MessageBoxA
0x1001213c GetAsyncKeyState
0x10012140 TranslateMessage
0x10012144 GetMessageA
0x10012148 PeekMessageA
0x1001214c GetSystemMetrics
GDI32.dll
0x10012000 DeleteObject
0x10012004 SelectObject
0x10012008 DeleteDC
0x1001200c BitBlt
0x10012010 GetDIBits
OLEAUT32.dll
0x10012120 VariantTimeToSystemTime
SHELL32.dll
0x10012128 ShellExecuteA
EAT(Export Address Table) Library
0x10005e8b zYlxoneDOf9617534816goUVVQeODN
KERNEL32.dll
0x10012018 IsBadReadPtr
0x1001201c GetTickCount
0x10012020 GetPrivateProfileStringA
0x10012024 GetCommandLineA
0x10012028 GetModuleFileNameA
0x1001202c FreeLibrary
0x10012030 GetProcAddress
0x10012034 HeapFree
0x10012038 LCMapStringA
0x1001203c HeapReAlloc
0x10012040 HeapAlloc
0x10012044 ExitProcess
0x10012048 GetModuleHandleA
0x1001204c GetProcessHeap
0x10012050 CloseHandle
0x10012054 TerminateProcess
0x10012058 OpenProcess
0x1001205c GetCurrentProcess
0x10012060 Sleep
0x10012064 LoadLibraryA
0x10012068 GetCurrentProcessId
0x1001206c FlushFileBuffers
0x10012070 GetVersionExA
0x10012074 GetLastError
0x10012078 MultiByteToWideChar
0x1001207c WideCharToMultiByte
0x10012080 GetVersion
0x10012084 RtlUnwind
0x10012088 GetCurrentThreadId
0x1001208c TlsSetValue
0x10012090 TlsAlloc
0x10012094 TlsFree
0x10012098 SetLastError
0x1001209c TlsGetValue
0x100120a0 SetHandleCount
0x100120a4 GetStdHandle
0x100120a8 GetFileType
0x100120ac GetStartupInfoA
0x100120b0 DeleteCriticalSection
0x100120b4 FreeEnvironmentStringsA
0x100120b8 FreeEnvironmentStringsW
0x100120bc GetEnvironmentStrings
0x100120c0 GetEnvironmentStringsW
0x100120c4 GetEnvironmentVariableA
0x100120c8 HeapDestroy
0x100120cc HeapCreate
0x100120d0 VirtualFree
0x100120d4 WriteFile
0x100120d8 RaiseException
0x100120dc VirtualAlloc
0x100120e0 InitializeCriticalSection
0x100120e4 EnterCriticalSection
0x100120e8 LeaveCriticalSection
0x100120ec GetCPInfo
0x100120f0 GetACP
0x100120f4 GetOEMCP
0x100120f8 InterlockedDecrement
0x100120fc InterlockedIncrement
0x10012100 SetFilePointer
0x10012104 GetStringTypeA
0x10012108 GetStringTypeW
0x1001210c SetUnhandledExceptionFilter
0x10012110 IsBadCodePtr
0x10012114 LCMapStringW
0x10012118 SetStdHandle
USER32.dll
0x10012130 DispatchMessageA
0x10012134 wsprintfA
0x10012138 MessageBoxA
0x1001213c GetAsyncKeyState
0x10012140 TranslateMessage
0x10012144 GetMessageA
0x10012148 PeekMessageA
0x1001214c GetSystemMetrics
GDI32.dll
0x10012000 DeleteObject
0x10012004 SelectObject
0x10012008 DeleteDC
0x1001200c BitBlt
0x10012010 GetDIBits
OLEAUT32.dll
0x10012120 VariantTimeToSystemTime
SHELL32.dll
0x10012128 ShellExecuteA
EAT(Export Address Table) Library
0x10005e8b zYlxoneDOf9617534816goUVVQeODN