ScreenShot
| Created | 2024.09.30 09:34 | Machine | s1_win7_x6401 |
| Filename | dyreg.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 14 detected (AIDetectMalware, Malicious, score, RiskTool, IMEStartup, Detected, Artemis, Outbreak, Genetic, GenAsa, YEwep1xVQ94) | ||
| md5 | bab4d119880ede651e1edb7d5d891599 | ||
| sha256 | 2fe5db59a191c7a857c5863344e1293724ac64b79ae3c89dda5fe172fd181243 | ||
| ssdeep | 768:1jY5P1mAzVOBuiPn5EnsiWGFwlHZB8QACoOOy8:1GPNTA5n/lHwQdory8 | ||
| imphash | a6401b477c5abcd084d69b0577575fd8 | ||
| impfuzzy | 24:nvMghnnxB6yBcdXmqq99qbYcIRDpdS/SSX0osJV5cgk:nvMghn7bAXZqvq8cIzQSSXZ1gk | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | The executable uses a known packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
MFC42u.DLL
0x1000707c None
0x10007080 None
0x10007084 None
0x10007088 None
0x1000708c None
0x10007090 None
0x10007094 None
0x10007098 None
0x1000709c None
0x100070a0 None
0x100070a4 None
0x100070a8 None
0x100070ac None
0x100070b0 None
0x100070b4 None
0x100070b8 None
0x100070bc None
0x100070c0 None
0x100070c4 None
0x100070c8 None
0x100070cc None
0x100070d0 None
0x100070d4 None
0x100070d8 None
0x100070dc None
0x100070e0 None
0x100070e4 None
0x100070e8 None
0x100070ec None
0x100070f0 None
0x100070f4 None
0x100070f8 None
0x100070fc None
0x10007100 None
0x10007104 None
0x10007108 None
0x1000710c None
0x10007110 None
0x10007114 None
0x10007118 None
0x1000711c None
0x10007120 None
0x10007124 None
0x10007128 None
0x1000712c None
0x10007130 None
0x10007134 None
0x10007138 None
0x1000713c None
0x10007140 None
0x10007144 None
0x10007148 None
0x1000714c None
0x10007150 None
0x10007154 None
0x10007158 None
0x1000715c None
0x10007160 None
0x10007164 None
0x10007168 None
0x1000716c None
0x10007170 None
0x10007174 None
0x10007178 None
0x1000717c None
0x10007180 None
MSVCRT.dll
0x10007194 _except_handler3
0x10007198 ftell
0x1000719c fopen
0x100071a0 strchr
0x100071a4 sprintf
0x100071a8 ??1type_info@@UAE@XZ
0x100071ac _adjust_fdiv
0x100071b0 malloc
0x100071b4 _initterm
0x100071b8 free
0x100071bc _onexit
0x100071c0 __dllonexit
0x100071c4 memmove
0x100071c8 fseek
0x100071cc fread
0x100071d0 fclose
0x100071d4 wcscat
0x100071d8 wcscpy
0x100071dc wcslen
0x100071e0 _wcsicmp
0x100071e4 __CxxFrameHandler
0x100071e8 _wfopen
KERNEL32.dll
0x10007000 CreateFileA
0x10007004 LocalAlloc
0x10007008 LocalFree
0x1000700c MultiByteToWideChar
0x10007010 GetModuleHandleW
0x10007014 EnterCriticalSection
0x10007018 LeaveCriticalSection
0x1000701c GetCurrentThread
0x10007020 InitializeCriticalSection
0x10007024 GetModuleHandleA
0x10007028 GetCurrentProcess
0x1000702c GetProcAddress
0x10007030 FreeLibrary
0x10007034 GetModuleFileNameW
0x10007038 LoadLibraryW
0x1000703c VirtualQuery
0x10007040 InterlockedCompareExchange
0x10007044 GetCurrentThreadId
0x10007048 ResumeThread
0x1000704c FlushInstructionCache
0x10007050 GetThreadContext
0x10007054 SetThreadContext
0x10007058 GetLastError
0x1000705c SuspendThread
0x10007060 VirtualAlloc
0x10007064 SetLastError
0x10007068 GetSystemDirectoryA
0x1000706c VirtualFree
0x10007070 CloseHandle
0x10007074 WriteFile
MSVCP60.dll
0x10007188 ?_Xran@std@@YAXXZ
0x1000718c ?_Xlen@std@@YAXXZ
EAT(Export Address Table) Library
0x100031b0 SetDllPathA
0x100027e0 SetDllPathW
MFC42u.DLL
0x1000707c None
0x10007080 None
0x10007084 None
0x10007088 None
0x1000708c None
0x10007090 None
0x10007094 None
0x10007098 None
0x1000709c None
0x100070a0 None
0x100070a4 None
0x100070a8 None
0x100070ac None
0x100070b0 None
0x100070b4 None
0x100070b8 None
0x100070bc None
0x100070c0 None
0x100070c4 None
0x100070c8 None
0x100070cc None
0x100070d0 None
0x100070d4 None
0x100070d8 None
0x100070dc None
0x100070e0 None
0x100070e4 None
0x100070e8 None
0x100070ec None
0x100070f0 None
0x100070f4 None
0x100070f8 None
0x100070fc None
0x10007100 None
0x10007104 None
0x10007108 None
0x1000710c None
0x10007110 None
0x10007114 None
0x10007118 None
0x1000711c None
0x10007120 None
0x10007124 None
0x10007128 None
0x1000712c None
0x10007130 None
0x10007134 None
0x10007138 None
0x1000713c None
0x10007140 None
0x10007144 None
0x10007148 None
0x1000714c None
0x10007150 None
0x10007154 None
0x10007158 None
0x1000715c None
0x10007160 None
0x10007164 None
0x10007168 None
0x1000716c None
0x10007170 None
0x10007174 None
0x10007178 None
0x1000717c None
0x10007180 None
MSVCRT.dll
0x10007194 _except_handler3
0x10007198 ftell
0x1000719c fopen
0x100071a0 strchr
0x100071a4 sprintf
0x100071a8 ??1type_info@@UAE@XZ
0x100071ac _adjust_fdiv
0x100071b0 malloc
0x100071b4 _initterm
0x100071b8 free
0x100071bc _onexit
0x100071c0 __dllonexit
0x100071c4 memmove
0x100071c8 fseek
0x100071cc fread
0x100071d0 fclose
0x100071d4 wcscat
0x100071d8 wcscpy
0x100071dc wcslen
0x100071e0 _wcsicmp
0x100071e4 __CxxFrameHandler
0x100071e8 _wfopen
KERNEL32.dll
0x10007000 CreateFileA
0x10007004 LocalAlloc
0x10007008 LocalFree
0x1000700c MultiByteToWideChar
0x10007010 GetModuleHandleW
0x10007014 EnterCriticalSection
0x10007018 LeaveCriticalSection
0x1000701c GetCurrentThread
0x10007020 InitializeCriticalSection
0x10007024 GetModuleHandleA
0x10007028 GetCurrentProcess
0x1000702c GetProcAddress
0x10007030 FreeLibrary
0x10007034 GetModuleFileNameW
0x10007038 LoadLibraryW
0x1000703c VirtualQuery
0x10007040 InterlockedCompareExchange
0x10007044 GetCurrentThreadId
0x10007048 ResumeThread
0x1000704c FlushInstructionCache
0x10007050 GetThreadContext
0x10007054 SetThreadContext
0x10007058 GetLastError
0x1000705c SuspendThread
0x10007060 VirtualAlloc
0x10007064 SetLastError
0x10007068 GetSystemDirectoryA
0x1000706c VirtualFree
0x10007070 CloseHandle
0x10007074 WriteFile
MSVCP60.dll
0x10007188 ?_Xran@std@@YAXXZ
0x1000718c ?_Xlen@std@@YAXXZ
EAT(Export Address Table) Library
0x100031b0 SetDllPathA
0x100027e0 SetDllPathW