ScreenShot
| Created | 2024.09.13 09:33 | Machine | s1_win7_x6401 |
| Filename | useraccount.aspx | ||
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (Windows, Matanbuchus, Malicious, score, GenericKD, Vxj5, MalwareX, ShellCodeLoader, CLASSIC, YXEHKZ, Generic Reputation PUA, Static AI, Suspicious PE, Detected, ai score=88, Wacatac, ABTrojan, GTQY, ZedlaF, 3q4@ayb4Vdj, susgen, PossibleThreat) | ||
| md5 | 5fb15984b6312b2de010679b77c2e3b4 | ||
| sha256 | 5cde683048593333b3dee736f8b160675c981f497ed0d680d596e9b34c2a174b | ||
| ssdeep | 24576:0yt4lxbRvESj873+qNIAh4xhlP0PFTvisj01z6CKCCYzuRdMY:0yt4nbRvESj873h2q4xhF0dTvisj012X | ||
| imphash | ac7eca71889735031853fb6927703bcb | ||
| impfuzzy | 48:Xlx9Ckr+rZZ9EXjX9e/CfHGtmSplSQMAByzhrz2/nD/gESeS5EA0bir6CRzDzGSo:Vx9Ckr+rjwX9e6fHGtmS6xyJaqvD | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x100a6010 RemoveDirectoryW
0x100a6014 DebugActiveProcessStop
0x100a6018 EncodePointer
0x100a601c CloseHandle
0x100a6020 GetLastError
0x100a6024 SetLastError
0x100a6028 HeapAlloc
0x100a602c HeapReAlloc
0x100a6030 GetProcessHeap
0x100a6034 ExitProcess
0x100a6038 GetCurrentThreadId
0x100a603c TerminateThread
0x100a6040 CreateProcessA
0x100a6044 CreateProcessW
0x100a6048 GetCurrentProcessorNumber
0x100a604c GetTickCount
0x100a6050 GetTickCount64
0x100a6054 GetWindowsDirectoryW
0x100a6058 VirtualFree
0x100a605c GetLargePageMinimum
0x100a6060 GetModuleHandleA
0x100a6064 lstrcmpA
0x100a6068 lstrlenA
0x100a606c lstrlenW
0x100a6070 MoveFileA
0x100a6074 IsBadReadPtr
0x100a6078 IsValidCodePage
0x100a607c GetACP
0x100a6080 GetOEMCP
0x100a6084 GetSystemDefaultUILanguage
0x100a6088 GetUserDefaultLangID
0x100a608c GetSystemDefaultLangID
0x100a6090 GetSystemDefaultLCID
0x100a6094 GetThreadUILanguage
0x100a6098 GetCommandLineA
0x100a609c WriteConsoleW
0x100a60a0 CreateFileW
0x100a60a4 FileTimeToLocalFileTime
0x100a60a8 GetConsoleMode
0x100a60ac GetConsoleOutputCP
0x100a60b0 WriteFile
0x100a60b4 FlushFileBuffers
0x100a60b8 HeapSize
0x100a60bc GetStringTypeW
0x100a60c0 GetFileType
0x100a60c4 GetStdHandle
0x100a60c8 LCMapStringW
0x100a60cc FreeEnvironmentStringsW
0x100a60d0 GetEnvironmentStringsW
0x100a60d4 WideCharToMultiByte
0x100a60d8 MultiByteToWideChar
0x100a60dc GetCPInfo
0x100a60e0 FindNextFileW
0x100a60e4 FindFirstFileExW
0x100a60e8 FindClose
0x100a60ec HeapFree
0x100a60f0 GetModuleFileNameW
0x100a60f4 GetModuleHandleExW
0x100a60f8 RaiseException
0x100a60fc LoadLibraryExW
0x100a6100 GetProcAddress
0x100a6104 FreeLibrary
0x100a6108 DecodePointer
0x100a610c TlsFree
0x100a6110 TlsSetValue
0x100a6114 TlsGetValue
0x100a6118 TlsAlloc
0x100a611c InitializeCriticalSectionAndSpinCount
0x100a6120 DeleteCriticalSection
0x100a6124 GetEnvironmentVariableW
0x100a6128 SetEnvironmentVariableW
0x100a612c GetEnvironmentStrings
0x100a6130 GetCommandLineW
0x100a6134 SetFilePointerEx
0x100a6138 SetStdHandle
0x100a613c LeaveCriticalSection
0x100a6140 EnterCriticalSection
0x100a6144 InterlockedFlushSList
0x100a6148 RtlUnwind
0x100a614c IsProcessorFeaturePresent
0x100a6150 IsDebuggerPresent
0x100a6154 UnhandledExceptionFilter
0x100a6158 SetUnhandledExceptionFilter
0x100a615c GetStartupInfoW
0x100a6160 GetModuleHandleW
0x100a6164 QueryPerformanceCounter
0x100a6168 GetCurrentProcessId
0x100a616c GetSystemTimeAsFileTime
0x100a6170 InitializeSListHead
0x100a6174 GetCurrentProcess
0x100a6178 TerminateProcess
USER32.dll
0x100a6194 GetShellWindow
0x100a6198 EndMenu
0x100a619c DestroyMenu
0x100a61a0 IsWindowEnabled
0x100a61a4 ArrangeIconicWindows
0x100a61a8 GetTopWindow
0x100a61ac GetParent
0x100a61b0 GetDesktopWindow
0x100a61b4 GetCaretPos
0x100a61b8 GetCaretBlinkTime
0x100a61bc GetCursor
0x100a61c0 GetCursorPos
0x100a61c4 MessageBoxW
0x100a61c8 GetWindowTextLengthA
0x100a61cc GetUpdateRect
0x100a61d0 EndPaint
0x100a61d4 BeginPaint
0x100a61d8 GetWindowDC
0x100a61dc GetForegroundWindow
0x100a61e0 GetSubMenu
0x100a61e4 GetSystemMenu
0x100a61e8 GetMenu
0x100a61ec IsWindowUnicode
0x100a61f0 GetCapture
0x100a61f4 GetFocus
0x100a61f8 GetActiveWindow
0x100a61fc GetDialogBaseUnits
0x100a6200 GetDlgCtrlID
0x100a6204 EndDialog
0x100a6208 IsZoomed
0x100a620c AnyPopup
0x100a6210 IsIconic
0x100a6214 IsWindowVisible
0x100a6218 EndDeferWindowPos
0x100a621c BeginDeferWindowPos
0x100a6220 OpenIcon
0x100a6224 DestroyWindow
0x100a6228 IsWindow
0x100a622c GetDoubleClickTime
0x100a6230 IsWow64Message
0x100a6234 GetMessageExtraInfo
0x100a6238 GetMessageTime
0x100a623c GetMessagePos
0x100a6240 wsprintfW
0x100a6244 GetLastActivePopup
ADVAPI32.dll
0x100a6000 RegCreateKeyExW
0x100a6004 RegCloseKey
0x100a6008 RegSetValueExW
SHELL32.dll
0x100a6180 SHCreateDirectoryExW
SHLWAPI.dll
0x100a6188 StrCmpIW
0x100a618c PathAppendW
EAT(Export Address Table) Library
0x100993a0 CheckLicense
0x10061720 DllInitialize
0x10061780 DllInstall
0x1006a5f0 Export
0x1006a640 GetDllVersion
0x10099460 Init
0x1006a660 InitDll
0x1006a710 RegisterDll
0x1006a770 ThreadFunction
0x1006d370 curl_easy_cleanup
0x1006fc20 curl_easy_init
0x100702a0 curl_easy_perform
0x10072090 curl_easy_setopt
KERNEL32.dll
0x100a6010 RemoveDirectoryW
0x100a6014 DebugActiveProcessStop
0x100a6018 EncodePointer
0x100a601c CloseHandle
0x100a6020 GetLastError
0x100a6024 SetLastError
0x100a6028 HeapAlloc
0x100a602c HeapReAlloc
0x100a6030 GetProcessHeap
0x100a6034 ExitProcess
0x100a6038 GetCurrentThreadId
0x100a603c TerminateThread
0x100a6040 CreateProcessA
0x100a6044 CreateProcessW
0x100a6048 GetCurrentProcessorNumber
0x100a604c GetTickCount
0x100a6050 GetTickCount64
0x100a6054 GetWindowsDirectoryW
0x100a6058 VirtualFree
0x100a605c GetLargePageMinimum
0x100a6060 GetModuleHandleA
0x100a6064 lstrcmpA
0x100a6068 lstrlenA
0x100a606c lstrlenW
0x100a6070 MoveFileA
0x100a6074 IsBadReadPtr
0x100a6078 IsValidCodePage
0x100a607c GetACP
0x100a6080 GetOEMCP
0x100a6084 GetSystemDefaultUILanguage
0x100a6088 GetUserDefaultLangID
0x100a608c GetSystemDefaultLangID
0x100a6090 GetSystemDefaultLCID
0x100a6094 GetThreadUILanguage
0x100a6098 GetCommandLineA
0x100a609c WriteConsoleW
0x100a60a0 CreateFileW
0x100a60a4 FileTimeToLocalFileTime
0x100a60a8 GetConsoleMode
0x100a60ac GetConsoleOutputCP
0x100a60b0 WriteFile
0x100a60b4 FlushFileBuffers
0x100a60b8 HeapSize
0x100a60bc GetStringTypeW
0x100a60c0 GetFileType
0x100a60c4 GetStdHandle
0x100a60c8 LCMapStringW
0x100a60cc FreeEnvironmentStringsW
0x100a60d0 GetEnvironmentStringsW
0x100a60d4 WideCharToMultiByte
0x100a60d8 MultiByteToWideChar
0x100a60dc GetCPInfo
0x100a60e0 FindNextFileW
0x100a60e4 FindFirstFileExW
0x100a60e8 FindClose
0x100a60ec HeapFree
0x100a60f0 GetModuleFileNameW
0x100a60f4 GetModuleHandleExW
0x100a60f8 RaiseException
0x100a60fc LoadLibraryExW
0x100a6100 GetProcAddress
0x100a6104 FreeLibrary
0x100a6108 DecodePointer
0x100a610c TlsFree
0x100a6110 TlsSetValue
0x100a6114 TlsGetValue
0x100a6118 TlsAlloc
0x100a611c InitializeCriticalSectionAndSpinCount
0x100a6120 DeleteCriticalSection
0x100a6124 GetEnvironmentVariableW
0x100a6128 SetEnvironmentVariableW
0x100a612c GetEnvironmentStrings
0x100a6130 GetCommandLineW
0x100a6134 SetFilePointerEx
0x100a6138 SetStdHandle
0x100a613c LeaveCriticalSection
0x100a6140 EnterCriticalSection
0x100a6144 InterlockedFlushSList
0x100a6148 RtlUnwind
0x100a614c IsProcessorFeaturePresent
0x100a6150 IsDebuggerPresent
0x100a6154 UnhandledExceptionFilter
0x100a6158 SetUnhandledExceptionFilter
0x100a615c GetStartupInfoW
0x100a6160 GetModuleHandleW
0x100a6164 QueryPerformanceCounter
0x100a6168 GetCurrentProcessId
0x100a616c GetSystemTimeAsFileTime
0x100a6170 InitializeSListHead
0x100a6174 GetCurrentProcess
0x100a6178 TerminateProcess
USER32.dll
0x100a6194 GetShellWindow
0x100a6198 EndMenu
0x100a619c DestroyMenu
0x100a61a0 IsWindowEnabled
0x100a61a4 ArrangeIconicWindows
0x100a61a8 GetTopWindow
0x100a61ac GetParent
0x100a61b0 GetDesktopWindow
0x100a61b4 GetCaretPos
0x100a61b8 GetCaretBlinkTime
0x100a61bc GetCursor
0x100a61c0 GetCursorPos
0x100a61c4 MessageBoxW
0x100a61c8 GetWindowTextLengthA
0x100a61cc GetUpdateRect
0x100a61d0 EndPaint
0x100a61d4 BeginPaint
0x100a61d8 GetWindowDC
0x100a61dc GetForegroundWindow
0x100a61e0 GetSubMenu
0x100a61e4 GetSystemMenu
0x100a61e8 GetMenu
0x100a61ec IsWindowUnicode
0x100a61f0 GetCapture
0x100a61f4 GetFocus
0x100a61f8 GetActiveWindow
0x100a61fc GetDialogBaseUnits
0x100a6200 GetDlgCtrlID
0x100a6204 EndDialog
0x100a6208 IsZoomed
0x100a620c AnyPopup
0x100a6210 IsIconic
0x100a6214 IsWindowVisible
0x100a6218 EndDeferWindowPos
0x100a621c BeginDeferWindowPos
0x100a6220 OpenIcon
0x100a6224 DestroyWindow
0x100a6228 IsWindow
0x100a622c GetDoubleClickTime
0x100a6230 IsWow64Message
0x100a6234 GetMessageExtraInfo
0x100a6238 GetMessageTime
0x100a623c GetMessagePos
0x100a6240 wsprintfW
0x100a6244 GetLastActivePopup
ADVAPI32.dll
0x100a6000 RegCreateKeyExW
0x100a6004 RegCloseKey
0x100a6008 RegSetValueExW
SHELL32.dll
0x100a6180 SHCreateDirectoryExW
SHLWAPI.dll
0x100a6188 StrCmpIW
0x100a618c PathAppendW
EAT(Export Address Table) Library
0x100993a0 CheckLicense
0x10061720 DllInitialize
0x10061780 DllInstall
0x1006a5f0 Export
0x1006a640 GetDllVersion
0x10099460 Init
0x1006a660 InitDll
0x1006a710 RegisterDll
0x1006a770 ThreadFunction
0x1006d370 curl_easy_cleanup
0x1006fc20 curl_easy_init
0x100702a0 curl_easy_perform
0x10072090 curl_easy_setopt