ScreenShot
| Created | 2024.09.13 09:38 | Machine | s1_win7_x6401 |
| Filename | useraccount.aspx | ||
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 40 detected (AIDetectMalware, Windows, Matanbuchus, Malicious, score, Fragtor, Unsafe, V5ro, Attribute, HighConfidence, DropperX, Jimmy, Matanbuch, ShellCodeLoader, CLASSIC, moderate, ABApplication, AUBK, Artemis, BScope, Palevo, GdSda, YXEILZ, Oader, Tdkl, PossibleThreat, confidence, PM8PHU) | ||
| md5 | b61f507b24ebcab3ea69135a21e18df5 | ||
| sha256 | 8af97d1537988d11e5efd0fe227289278b243663fe06aa34438a15896043719e | ||
| ssdeep | 12288:YXWc7yBJK3iqs5t6jr3i/da1buPTYupzedqkyOXEem:2Wc7yBc3iqsbyS/E1b2JZK0 | ||
| imphash | d99296399554c9c4f9947ff988397392 | ||
| impfuzzy | 48:C3FVgmWErZZ9VYVPyGGBcEmRBtdyzlh2DESeS5EASQbiMr6CRzDzGV+cZALS5i25:cVgmWErjzWPyGGBcEmhg6+L | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10086000 GetCommandLineA
0x10086004 GetCommandLineW
0x10086008 GetEnvironmentStrings
0x1008600c DecodePointer
0x10086010 GetLastError
0x10086014 SetLastError
0x10086018 HeapAlloc
0x1008601c HeapReAlloc
0x10086020 HeapFree
0x10086024 HeapSize
0x10086028 GetProcessHeap
0x1008602c InitializeCriticalSectionEx
0x10086030 DeleteCriticalSection
0x10086034 GetCurrentProcess
0x10086038 GetCurrentProcessId
0x1008603c GetCurrentThread
0x10086040 GetCurrentThreadId
0x10086044 GetCurrentProcessorNumber
0x10086048 GetTickCount
0x1008604c GetTickCount64
0x10086050 GetLargePageMinimum
0x10086054 GetModuleHandleA
0x10086058 lstrlenA
0x1008605c lstrlenW
0x10086060 IsValidCodePage
0x10086064 GetACP
0x10086068 GetOEMCP
0x1008606c GetSystemDefaultLangID
0x10086070 GetSystemDefaultLCID
0x10086074 GetThreadUILanguage
0x10086078 SetUnhandledExceptionFilter
0x1008607c MultiByteToWideChar
0x10086080 CreateFileW
0x10086084 CloseHandle
0x10086088 GetConsoleMode
0x1008608c GetConsoleOutputCP
0x10086090 WriteFile
0x10086094 FlushFileBuffers
0x10086098 SetStdHandle
0x1008609c GetStringTypeW
0x100860a0 SetFilePointerEx
0x100860a4 LCMapStringW
0x100860a8 FreeEnvironmentStringsW
0x100860ac GetEnvironmentStringsW
0x100860b0 WideCharToMultiByte
0x100860b4 GetCPInfo
0x100860b8 FindNextFileW
0x100860bc FindFirstFileExW
0x100860c0 FindClose
0x100860c4 GetFileType
0x100860c8 GetStdHandle
0x100860cc GetModuleFileNameW
0x100860d0 WriteConsoleW
0x100860d4 GetModuleHandleExW
0x100860d8 ExitProcess
0x100860dc LoadLibraryExW
0x100860e0 GetProcAddress
0x100860e4 FreeLibrary
0x100860e8 TlsFree
0x100860ec TlsSetValue
0x100860f0 TlsGetValue
0x100860f4 TlsAlloc
0x100860f8 InitializeCriticalSectionAndSpinCount
0x100860fc EncodePointer
0x10086100 InterlockedFlushSList
0x10086104 RtlUnwind
0x10086108 IsDebuggerPresent
0x1008610c OutputDebugStringW
0x10086110 RaiseException
0x10086114 EnterCriticalSection
0x10086118 LeaveCriticalSection
0x1008611c IsProcessorFeaturePresent
0x10086120 UnhandledExceptionFilter
0x10086124 GetStartupInfoW
0x10086128 GetModuleHandleW
0x1008612c QueryPerformanceCounter
0x10086130 GetSystemTimeAsFileTime
0x10086134 InitializeSListHead
0x10086138 TerminateProcess
USER32.dll
0x1008614c ArrangeIconicWindows
0x10086150 GetLastActivePopup
0x10086154 GetTopWindow
0x10086158 GetShellWindow
0x1008615c GetParent
0x10086160 GetCaretPos
0x10086164 GetCursorPos
0x10086168 GetWindowTextLengthA
0x1008616c GetUpdateRect
0x10086170 EndPaint
0x10086174 BeginPaint
0x10086178 GetWindowDC
0x1008617c EndMenu
0x10086180 GetSubMenu
0x10086184 DestroyMenu
0x10086188 GetSystemMenu
0x1008618c GetMenu
0x10086190 IsWindowUnicode
0x10086194 GetCapture
0x10086198 GetFocus
0x1008619c GetActiveWindow
0x100861a0 GetDialogBaseUnits
0x100861a4 GetDlgCtrlID
0x100861a8 IsZoomed
0x100861ac AnyPopup
0x100861b0 IsIconic
0x100861b4 IsWindowVisible
0x100861b8 EndDeferWindowPos
0x100861bc BeginDeferWindowPos
0x100861c0 OpenIcon
0x100861c4 IsWindow
0x100861c8 GetDoubleClickTime
0x100861cc IsWow64Message
0x100861d0 GetMessageExtraInfo
0x100861d4 GetMessageTime
0x100861d8 GetMessagePos
0x100861dc GetCursor
SHLWAPI.dll
0x10086140 StrSpnA
0x10086144 StrCmpIW
EAT(Export Address Table) Library
0x10004cb0 CPlApplet
0x1004a520 DllRegisterServer
0x1004a8e0 DllUnregisterServer
0x10073040 _DllUninitialize@8
0x10073070 _DllUpdate@12
0x100717a0 _DllUpdate@16
0x100717c0 _Export@16
0x100730c0 _GetDllVersion@20
0x100717e0 _InitDll@20
0x10073110 _RegisterDll@8
0x10071810 _UnregisterDll@16
0x100731c0 _UnregisterDll@4
KERNEL32.dll
0x10086000 GetCommandLineA
0x10086004 GetCommandLineW
0x10086008 GetEnvironmentStrings
0x1008600c DecodePointer
0x10086010 GetLastError
0x10086014 SetLastError
0x10086018 HeapAlloc
0x1008601c HeapReAlloc
0x10086020 HeapFree
0x10086024 HeapSize
0x10086028 GetProcessHeap
0x1008602c InitializeCriticalSectionEx
0x10086030 DeleteCriticalSection
0x10086034 GetCurrentProcess
0x10086038 GetCurrentProcessId
0x1008603c GetCurrentThread
0x10086040 GetCurrentThreadId
0x10086044 GetCurrentProcessorNumber
0x10086048 GetTickCount
0x1008604c GetTickCount64
0x10086050 GetLargePageMinimum
0x10086054 GetModuleHandleA
0x10086058 lstrlenA
0x1008605c lstrlenW
0x10086060 IsValidCodePage
0x10086064 GetACP
0x10086068 GetOEMCP
0x1008606c GetSystemDefaultLangID
0x10086070 GetSystemDefaultLCID
0x10086074 GetThreadUILanguage
0x10086078 SetUnhandledExceptionFilter
0x1008607c MultiByteToWideChar
0x10086080 CreateFileW
0x10086084 CloseHandle
0x10086088 GetConsoleMode
0x1008608c GetConsoleOutputCP
0x10086090 WriteFile
0x10086094 FlushFileBuffers
0x10086098 SetStdHandle
0x1008609c GetStringTypeW
0x100860a0 SetFilePointerEx
0x100860a4 LCMapStringW
0x100860a8 FreeEnvironmentStringsW
0x100860ac GetEnvironmentStringsW
0x100860b0 WideCharToMultiByte
0x100860b4 GetCPInfo
0x100860b8 FindNextFileW
0x100860bc FindFirstFileExW
0x100860c0 FindClose
0x100860c4 GetFileType
0x100860c8 GetStdHandle
0x100860cc GetModuleFileNameW
0x100860d0 WriteConsoleW
0x100860d4 GetModuleHandleExW
0x100860d8 ExitProcess
0x100860dc LoadLibraryExW
0x100860e0 GetProcAddress
0x100860e4 FreeLibrary
0x100860e8 TlsFree
0x100860ec TlsSetValue
0x100860f0 TlsGetValue
0x100860f4 TlsAlloc
0x100860f8 InitializeCriticalSectionAndSpinCount
0x100860fc EncodePointer
0x10086100 InterlockedFlushSList
0x10086104 RtlUnwind
0x10086108 IsDebuggerPresent
0x1008610c OutputDebugStringW
0x10086110 RaiseException
0x10086114 EnterCriticalSection
0x10086118 LeaveCriticalSection
0x1008611c IsProcessorFeaturePresent
0x10086120 UnhandledExceptionFilter
0x10086124 GetStartupInfoW
0x10086128 GetModuleHandleW
0x1008612c QueryPerformanceCounter
0x10086130 GetSystemTimeAsFileTime
0x10086134 InitializeSListHead
0x10086138 TerminateProcess
USER32.dll
0x1008614c ArrangeIconicWindows
0x10086150 GetLastActivePopup
0x10086154 GetTopWindow
0x10086158 GetShellWindow
0x1008615c GetParent
0x10086160 GetCaretPos
0x10086164 GetCursorPos
0x10086168 GetWindowTextLengthA
0x1008616c GetUpdateRect
0x10086170 EndPaint
0x10086174 BeginPaint
0x10086178 GetWindowDC
0x1008617c EndMenu
0x10086180 GetSubMenu
0x10086184 DestroyMenu
0x10086188 GetSystemMenu
0x1008618c GetMenu
0x10086190 IsWindowUnicode
0x10086194 GetCapture
0x10086198 GetFocus
0x1008619c GetActiveWindow
0x100861a0 GetDialogBaseUnits
0x100861a4 GetDlgCtrlID
0x100861a8 IsZoomed
0x100861ac AnyPopup
0x100861b0 IsIconic
0x100861b4 IsWindowVisible
0x100861b8 EndDeferWindowPos
0x100861bc BeginDeferWindowPos
0x100861c0 OpenIcon
0x100861c4 IsWindow
0x100861c8 GetDoubleClickTime
0x100861cc IsWow64Message
0x100861d0 GetMessageExtraInfo
0x100861d4 GetMessageTime
0x100861d8 GetMessagePos
0x100861dc GetCursor
SHLWAPI.dll
0x10086140 StrSpnA
0x10086144 StrCmpIW
EAT(Export Address Table) Library
0x10004cb0 CPlApplet
0x1004a520 DllRegisterServer
0x1004a8e0 DllUnregisterServer
0x10073040 _DllUninitialize@8
0x10073070 _DllUpdate@12
0x100717a0 _DllUpdate@16
0x100717c0 _Export@16
0x100730c0 _GetDllVersion@20
0x100717e0 _InitDll@20
0x10073110 _RegisterDll@8
0x10071810 _UnregisterDll@16
0x100731c0 _UnregisterDll@4