ScreenShot
| Created | 2024.08.17 22:34 | Machine | s1_win7_x6403 |
| Filename | d204.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Zusy, V5fd, Attribute, HighConfidence, TrojanX, EYixwlG4JKF, ntqft, R06CC0PED24, Detected, ai score=83, Wacatac, ABDownloader, QPNA, DropperX, R632765, ZedlaF, fu4@aKF, TPdi, Chgt, Oader, Gajl, confidence) | ||
| md5 | b9a842469a9ef4ad634afd464133d43b | ||
| sha256 | 5bb165dfb9bd16e63a3ac437506b3ae5db3d7932b2ad752ec0ba6d7dbd1dde6e | ||
| ssdeep | 1536:JRrnxLh5fU5qkLfxcc/lSJfQn+vFk1DQQvZ:zrnL2RLfSmlSPUDQQR | ||
| imphash | 4087f5d3690670cb16a20c7e230d8dfa | ||
| impfuzzy | 24:BSXVY+An8MUG4sdDLPOov+MLthT/JYnlyvp6HOT43fLBrvwx/1EQD1E16N:BSXjA3mFMLth+Kpbc3fFrcmV16N | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | Queries for the computername |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1000f000 GetThreadContext
0x1000f004 SetThreadContext
0x1000f008 VirtualFree
0x1000f00c VirtualFreeEx
0x1000f010 CreateProcessA
0x1000f014 TerminateProcess
0x1000f018 VirtualAlloc
0x1000f01c VirtualAllocEx
0x1000f020 CloseHandle
0x1000f024 WriteProcessMemory
0x1000f028 ResumeThread
0x1000f02c lstrlenA
0x1000f030 InterlockedDecrement
0x1000f034 MultiByteToWideChar
0x1000f038 GetLocalTime
0x1000f03c FlushFileBuffers
0x1000f040 CreateFileW
0x1000f044 GetStringTypeW
0x1000f048 LCMapStringW
0x1000f04c WriteConsoleW
0x1000f050 SetStdHandle
0x1000f054 IsValidCodePage
0x1000f058 GetOEMCP
0x1000f05c GetACP
0x1000f060 GetCPInfo
0x1000f064 GetConsoleMode
0x1000f068 GetConsoleCP
0x1000f06c SetFilePointer
0x1000f070 GetLastError
0x1000f074 WideCharToMultiByte
0x1000f078 LocalFree
0x1000f07c EncodePointer
0x1000f080 DecodePointer
0x1000f084 HeapFree
0x1000f088 HeapAlloc
0x1000f08c VirtualProtect
0x1000f090 GetProcAddress
0x1000f094 GetModuleHandleW
0x1000f098 GetSystemInfo
0x1000f09c VirtualQuery
0x1000f0a0 GetCurrentThreadId
0x1000f0a4 GetCommandLineA
0x1000f0a8 RtlUnwind
0x1000f0ac RaiseException
0x1000f0b0 GetCurrentProcess
0x1000f0b4 UnhandledExceptionFilter
0x1000f0b8 SetUnhandledExceptionFilter
0x1000f0bc IsDebuggerPresent
0x1000f0c0 IsProcessorFeaturePresent
0x1000f0c4 Sleep
0x1000f0c8 HeapSize
0x1000f0cc ExitProcess
0x1000f0d0 HeapCreate
0x1000f0d4 HeapDestroy
0x1000f0d8 WriteFile
0x1000f0dc GetStdHandle
0x1000f0e0 GetModuleFileNameW
0x1000f0e4 TlsAlloc
0x1000f0e8 TlsGetValue
0x1000f0ec TlsSetValue
0x1000f0f0 TlsFree
0x1000f0f4 InterlockedIncrement
0x1000f0f8 SetLastError
0x1000f0fc SetHandleCount
0x1000f100 InitializeCriticalSectionAndSpinCount
0x1000f104 GetFileType
0x1000f108 GetStartupInfoW
0x1000f10c DeleteCriticalSection
0x1000f110 GetModuleFileNameA
0x1000f114 FreeEnvironmentStringsW
0x1000f118 GetEnvironmentStringsW
0x1000f11c QueryPerformanceCounter
0x1000f120 GetTickCount
0x1000f124 GetCurrentProcessId
0x1000f128 GetSystemTimeAsFileTime
0x1000f12c HeapReAlloc
0x1000f130 LeaveCriticalSection
0x1000f134 EnterCriticalSection
0x1000f138 LoadLibraryW
USER32.dll
0x1000f154 EnumDesktopsW
ole32.dll
0x1000f174 CoInitialize
0x1000f178 CoUninitialize
0x1000f17c CoCreateInstance
OLEAUT32.dll
0x1000f140 SysAllocString
0x1000f144 VariantClear
0x1000f148 SysFreeString
0x1000f14c VariantInit
WININET.dll
0x1000f15c InternetReadFile
0x1000f160 InternetQueryDataAvailable
0x1000f164 InternetCloseHandle
0x1000f168 InternetOpenUrlA
0x1000f16c InternetOpenW
EAT(Export Address Table) Library
0x10001430 Delete
0x10001440 DeleteFolder
0x100014a0 IsEnable
0x10001480 IsExist
0x10001490 IsTaskValid
0x100014b0 Run
0x100014d0 SetEnable
0x10001450 Task
KERNEL32.dll
0x1000f000 GetThreadContext
0x1000f004 SetThreadContext
0x1000f008 VirtualFree
0x1000f00c VirtualFreeEx
0x1000f010 CreateProcessA
0x1000f014 TerminateProcess
0x1000f018 VirtualAlloc
0x1000f01c VirtualAllocEx
0x1000f020 CloseHandle
0x1000f024 WriteProcessMemory
0x1000f028 ResumeThread
0x1000f02c lstrlenA
0x1000f030 InterlockedDecrement
0x1000f034 MultiByteToWideChar
0x1000f038 GetLocalTime
0x1000f03c FlushFileBuffers
0x1000f040 CreateFileW
0x1000f044 GetStringTypeW
0x1000f048 LCMapStringW
0x1000f04c WriteConsoleW
0x1000f050 SetStdHandle
0x1000f054 IsValidCodePage
0x1000f058 GetOEMCP
0x1000f05c GetACP
0x1000f060 GetCPInfo
0x1000f064 GetConsoleMode
0x1000f068 GetConsoleCP
0x1000f06c SetFilePointer
0x1000f070 GetLastError
0x1000f074 WideCharToMultiByte
0x1000f078 LocalFree
0x1000f07c EncodePointer
0x1000f080 DecodePointer
0x1000f084 HeapFree
0x1000f088 HeapAlloc
0x1000f08c VirtualProtect
0x1000f090 GetProcAddress
0x1000f094 GetModuleHandleW
0x1000f098 GetSystemInfo
0x1000f09c VirtualQuery
0x1000f0a0 GetCurrentThreadId
0x1000f0a4 GetCommandLineA
0x1000f0a8 RtlUnwind
0x1000f0ac RaiseException
0x1000f0b0 GetCurrentProcess
0x1000f0b4 UnhandledExceptionFilter
0x1000f0b8 SetUnhandledExceptionFilter
0x1000f0bc IsDebuggerPresent
0x1000f0c0 IsProcessorFeaturePresent
0x1000f0c4 Sleep
0x1000f0c8 HeapSize
0x1000f0cc ExitProcess
0x1000f0d0 HeapCreate
0x1000f0d4 HeapDestroy
0x1000f0d8 WriteFile
0x1000f0dc GetStdHandle
0x1000f0e0 GetModuleFileNameW
0x1000f0e4 TlsAlloc
0x1000f0e8 TlsGetValue
0x1000f0ec TlsSetValue
0x1000f0f0 TlsFree
0x1000f0f4 InterlockedIncrement
0x1000f0f8 SetLastError
0x1000f0fc SetHandleCount
0x1000f100 InitializeCriticalSectionAndSpinCount
0x1000f104 GetFileType
0x1000f108 GetStartupInfoW
0x1000f10c DeleteCriticalSection
0x1000f110 GetModuleFileNameA
0x1000f114 FreeEnvironmentStringsW
0x1000f118 GetEnvironmentStringsW
0x1000f11c QueryPerformanceCounter
0x1000f120 GetTickCount
0x1000f124 GetCurrentProcessId
0x1000f128 GetSystemTimeAsFileTime
0x1000f12c HeapReAlloc
0x1000f130 LeaveCriticalSection
0x1000f134 EnterCriticalSection
0x1000f138 LoadLibraryW
USER32.dll
0x1000f154 EnumDesktopsW
ole32.dll
0x1000f174 CoInitialize
0x1000f178 CoUninitialize
0x1000f17c CoCreateInstance
OLEAUT32.dll
0x1000f140 SysAllocString
0x1000f144 VariantClear
0x1000f148 SysFreeString
0x1000f14c VariantInit
WININET.dll
0x1000f15c InternetReadFile
0x1000f160 InternetQueryDataAvailable
0x1000f164 InternetCloseHandle
0x1000f168 InternetOpenUrlA
0x1000f16c InternetOpenW
EAT(Export Address Table) Library
0x10001430 Delete
0x10001440 DeleteFolder
0x100014a0 IsEnable
0x10001480 IsExist
0x10001490 IsTaskValid
0x100014b0 Run
0x100014d0 SetEnable
0x10001450 Task