ScreenShot
| Created | 2024.08.15 10:36 | Machine | s1_win7_x6401 |
| Filename | e93629b052f25d25c92a4afaee51cc81 | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 8 detected (Windows, WarmCookie, Malicious, score, Lazy, DllInject, S2mcB0MBV6U, Detected) | ||
| md5 | 7a799f4f9aa63745a75b901a392aff29 | ||
| sha256 | f4d2c9470b322af29b9188a3a590cbe85bacb9cc8fcd7c2e94d82271ded3f659 | ||
| ssdeep | 3072:0lCt2jrijQEjnMUWzsjhVPbuGHUluQj6vkZD4vP5iZWyLr:QCIrijNMv6XPbr0kuNr | ||
| imphash | 4e07c2fd62376d20191892e1e1215fcd | ||
| impfuzzy | 24:dlJT/2McJOBDOjXQrZ91mD4NLMUl02tyS1G3l39Gc+Cogvi0OovbOPZj1/mIpikm:xNcJOx7NttyS1G3pwc+CbM3L/0km | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | Deletes a large number of files from the system indicative of ransomware |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 8 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180019038 GetLastError
0x180019040 SetLastError
0x180019048 ExpandEnvironmentStringsW
0x180019050 SetCurrentDirectoryW
0x180019058 GetCurrentDirectoryW
0x180019060 CreateFileW
0x180019068 DeleteFileW
0x180019070 GetVolumeInformationW
0x180019078 ReadFile
0x180019080 RemoveDirectoryW
0x180019088 SetFilePointer
0x180019090 WriteFile
0x180019098 SetHandleInformation
0x1800190a0 CreatePipe
0x1800190a8 PeekNamedPipe
0x1800190b0 WaitForSingleObject
0x1800190b8 CreateMutexW
0x1800190c0 CreateThread
0x1800190c8 TerminateProcess
0x1800190d0 CreateProcessW
0x1800190d8 GlobalMemoryStatusEx
0x1800190e0 GetTickCount
0x1800190e8 GetComputerNameExW
0x1800190f0 GetModuleFileNameW
0x1800190f8 GetComputerNameW
0x180019100 MultiByteToWideChar
0x180019108 WideCharToMultiByte
0x180019110 HeapAlloc
0x180019118 HeapReAlloc
0x180019120 HeapFree
0x180019128 GetProcessHeap
0x180019130 GetTempFileNameW
0x180019138 GetTempPathW
0x180019140 GetSystemDirectoryW
0x180019148 LocalFree
0x180019150 Sleep
0x180019158 CloseHandle
0x180019160 LoadLibraryW
0x180019168 GetProcAddress
0x180019170 GetModuleHandleW
0x180019178 OpenMutexW
0x180019180 RaiseException
0x180019188 WriteConsoleW
0x180019190 FlushFileBuffers
0x180019198 SetFilePointerEx
0x1800191a0 GetConsoleMode
0x1800191a8 GetConsoleCP
0x1800191b0 HeapSize
0x1800191b8 RtlCaptureContext
0x1800191c0 RtlLookupFunctionEntry
0x1800191c8 RtlVirtualUnwind
0x1800191d0 UnhandledExceptionFilter
0x1800191d8 SetUnhandledExceptionFilter
0x1800191e0 GetCurrentProcess
0x1800191e8 IsProcessorFeaturePresent
0x1800191f0 QueryPerformanceCounter
0x1800191f8 GetCurrentProcessId
0x180019200 GetCurrentThreadId
0x180019208 GetSystemTimeAsFileTime
0x180019210 InitializeSListHead
0x180019218 IsDebuggerPresent
0x180019220 GetStartupInfoW
0x180019228 RtlUnwindEx
0x180019230 InterlockedFlushSList
0x180019238 InitializeCriticalSectionAndSpinCount
0x180019240 TlsAlloc
0x180019248 TlsGetValue
0x180019250 TlsSetValue
0x180019258 TlsFree
0x180019260 FreeLibrary
0x180019268 LoadLibraryExW
0x180019270 EnterCriticalSection
0x180019278 LeaveCriticalSection
0x180019280 DeleteCriticalSection
0x180019288 ExitProcess
0x180019290 GetModuleHandleExW
0x180019298 GetModuleFileNameA
0x1800192a0 GetACP
0x1800192a8 GetStdHandle
0x1800192b0 GetFileType
0x1800192b8 LCMapStringW
0x1800192c0 FindClose
0x1800192c8 FindFirstFileExA
0x1800192d0 FindNextFileA
0x1800192d8 IsValidCodePage
0x1800192e0 GetOEMCP
0x1800192e8 GetCPInfo
0x1800192f0 GetCommandLineA
0x1800192f8 GetCommandLineW
0x180019300 GetEnvironmentStringsW
0x180019308 FreeEnvironmentStringsW
0x180019310 GetStringTypeW
0x180019318 SetStdHandle
0x180019320 GetSystemInfo
ADVAPI32.dll
0x180019000 SystemFunction036
0x180019008 GetUserNameW
0x180019010 RegQueryValueExW
0x180019018 RegOpenKeyExW
0x180019020 RegEnumKeyExW
0x180019028 RegCloseKey
SHELL32.dll
0x180019330 SHGetFolderPathW
ole32.dll
0x180019370 CoTaskMemFree
WS2_32.dll
0x180019340 gethostbyname
0x180019348 inet_ntoa
0x180019350 gethostname
0x180019358 WSAStartup
0x180019360 WSACleanup
EAT(Export Address Table) Library
0x180001dd0 DllGetClassObject
0x180001e90 DllRegisterServer
0x180001e70 DllRegisterServerEx
0x180001e90 DllUnregisterServer
0x180001ea0 Start
KERNEL32.dll
0x180019038 GetLastError
0x180019040 SetLastError
0x180019048 ExpandEnvironmentStringsW
0x180019050 SetCurrentDirectoryW
0x180019058 GetCurrentDirectoryW
0x180019060 CreateFileW
0x180019068 DeleteFileW
0x180019070 GetVolumeInformationW
0x180019078 ReadFile
0x180019080 RemoveDirectoryW
0x180019088 SetFilePointer
0x180019090 WriteFile
0x180019098 SetHandleInformation
0x1800190a0 CreatePipe
0x1800190a8 PeekNamedPipe
0x1800190b0 WaitForSingleObject
0x1800190b8 CreateMutexW
0x1800190c0 CreateThread
0x1800190c8 TerminateProcess
0x1800190d0 CreateProcessW
0x1800190d8 GlobalMemoryStatusEx
0x1800190e0 GetTickCount
0x1800190e8 GetComputerNameExW
0x1800190f0 GetModuleFileNameW
0x1800190f8 GetComputerNameW
0x180019100 MultiByteToWideChar
0x180019108 WideCharToMultiByte
0x180019110 HeapAlloc
0x180019118 HeapReAlloc
0x180019120 HeapFree
0x180019128 GetProcessHeap
0x180019130 GetTempFileNameW
0x180019138 GetTempPathW
0x180019140 GetSystemDirectoryW
0x180019148 LocalFree
0x180019150 Sleep
0x180019158 CloseHandle
0x180019160 LoadLibraryW
0x180019168 GetProcAddress
0x180019170 GetModuleHandleW
0x180019178 OpenMutexW
0x180019180 RaiseException
0x180019188 WriteConsoleW
0x180019190 FlushFileBuffers
0x180019198 SetFilePointerEx
0x1800191a0 GetConsoleMode
0x1800191a8 GetConsoleCP
0x1800191b0 HeapSize
0x1800191b8 RtlCaptureContext
0x1800191c0 RtlLookupFunctionEntry
0x1800191c8 RtlVirtualUnwind
0x1800191d0 UnhandledExceptionFilter
0x1800191d8 SetUnhandledExceptionFilter
0x1800191e0 GetCurrentProcess
0x1800191e8 IsProcessorFeaturePresent
0x1800191f0 QueryPerformanceCounter
0x1800191f8 GetCurrentProcessId
0x180019200 GetCurrentThreadId
0x180019208 GetSystemTimeAsFileTime
0x180019210 InitializeSListHead
0x180019218 IsDebuggerPresent
0x180019220 GetStartupInfoW
0x180019228 RtlUnwindEx
0x180019230 InterlockedFlushSList
0x180019238 InitializeCriticalSectionAndSpinCount
0x180019240 TlsAlloc
0x180019248 TlsGetValue
0x180019250 TlsSetValue
0x180019258 TlsFree
0x180019260 FreeLibrary
0x180019268 LoadLibraryExW
0x180019270 EnterCriticalSection
0x180019278 LeaveCriticalSection
0x180019280 DeleteCriticalSection
0x180019288 ExitProcess
0x180019290 GetModuleHandleExW
0x180019298 GetModuleFileNameA
0x1800192a0 GetACP
0x1800192a8 GetStdHandle
0x1800192b0 GetFileType
0x1800192b8 LCMapStringW
0x1800192c0 FindClose
0x1800192c8 FindFirstFileExA
0x1800192d0 FindNextFileA
0x1800192d8 IsValidCodePage
0x1800192e0 GetOEMCP
0x1800192e8 GetCPInfo
0x1800192f0 GetCommandLineA
0x1800192f8 GetCommandLineW
0x180019300 GetEnvironmentStringsW
0x180019308 FreeEnvironmentStringsW
0x180019310 GetStringTypeW
0x180019318 SetStdHandle
0x180019320 GetSystemInfo
ADVAPI32.dll
0x180019000 SystemFunction036
0x180019008 GetUserNameW
0x180019010 RegQueryValueExW
0x180019018 RegOpenKeyExW
0x180019020 RegEnumKeyExW
0x180019028 RegCloseKey
SHELL32.dll
0x180019330 SHGetFolderPathW
ole32.dll
0x180019370 CoTaskMemFree
WS2_32.dll
0x180019340 gethostbyname
0x180019348 inet_ntoa
0x180019350 gethostname
0x180019358 WSAStartup
0x180019360 WSACleanup
EAT(Export Address Table) Library
0x180001dd0 DllGetClassObject
0x180001e90 DllRegisterServer
0x180001e70 DllRegisterServerEx
0x180001e90 DllUnregisterServer
0x180001ea0 Start