ScreenShot
| Created | 2024.09.30 11:20 | Machine | s1_win7_x6401 |
| Filename | winvnc.x86.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 56 detected (AIDetectMalware, Gimmiv, Malicious, score, Misc, HackTool, Meterpreter, Unsafe, Babar, V1rc, grayware, confidence, 100%, Windows, CobaltStrike, iupebg, zv9jVe2jqCF, dhghl, Tool, WINVNC, Static AI, Malicious PE, Detected, Malware@#208igf02pd1mq, Malgent, ABRisk, XKMB, GenericRXAA, Gencirc, VNCDll, susgen) | ||
| md5 | 719a93419dd5123b52961a076d283f21 | ||
| sha256 | c50183eed715ec2392249e334940acf66315797a740a8fe782934352fed144c6 | ||
| ssdeep | 6144:D4mXEU0AU8qYWi0BtNwG2xwC9VMEHka91rVUqS:DEUhWiqqGhs1O | ||
| imphash | fd3dbd431c841e102676ceab0d209962 | ||
| impfuzzy | 96:Fw9X1xJMz7L2ia7yf+p6Uoek8MxlRgl8XTK3KY:S9FzMzEoek8MxlRgl80X | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x1003832c WSADuplicateSocketA
0x10038330 closesocket
0x10038334 accept
0x10038338 select
0x1003833c __WSAFDIsSet
0x10038340 recv
0x10038344 send
0x10038348 WSAGetLastError
0x1003834c setsockopt
0x10038350 WSAStartup
0x10038354 WSASocketA
0x10038358 socket
0x1003835c inet_addr
0x10038360 htons
0x10038364 ind
0x10038368 listen
KERNEL32.dll
0x10038080 TlsGetValue
0x10038084 Sleep
0x10038088 GetSystemTime
0x1003808c SetThreadPriority
0x10038090 TlsSetValue
0x10038094 GetCurrentThreadId
0x10038098 DuplicateHandle
0x1003809c GetCurrentThread
0x100380a0 GetCurrentProcess
0x100380a4 TlsAlloc
0x100380a8 ResumeThread
0x100380ac UnmapViewOfFile
0x100380b0 DeleteFileA
0x100380b4 CreateDirectoryA
0x100380b8 WriteFile
0x100380bc SetFileTime
0x100380c0 CreateFileA
0x100380c4 FindClose
0x100380c8 FindNextFileA
0x100380cc FindFirstFileA
0x100380d0 SetErrorMode
0x100380d4 GetLogicalDriveStringsA
0x100380d8 GetComputerNameA
0x100380dc GetVersionExA
0x100380e0 GlobalUnlock
0x100380e4 GlobalLock
0x100380e8 GlobalAlloc
0x100380ec GlobalDeleteAtom
0x100380f0 GlobalAddAtomA
0x100380f4 SystemTimeToFileTime
0x100380f8 SetEvent
0x100380fc FreeEnvironmentStringsA
0x10038100 LCMapStringW
0x10038104 LCMapStringA
0x10038108 IsValidCodePage
0x1003810c GetOEMCP
0x10038110 GetACP
0x10038114 GetCPInfo
0x10038118 CloseHandle
0x1003811c MultiByteToWideChar
0x10038120 FlushFileBuffers
0x10038124 GetConsoleMode
0x10038128 GetConsoleCP
0x1003812c WideCharToMultiByte
0x10038130 GetModuleHandleA
0x10038134 HeapSize
0x10038138 HeapReAlloc
0x1003813c VirtualAlloc
0x10038140 VirtualFree
0x10038144 HeapDestroy
0x10038148 HeapCreate
0x1003814c GetStartupInfoA
0x10038150 GetFileType
0x10038154 SetHandleCount
0x10038158 InitializeCriticalSectionAndSpinCount
0x1003815c GetModuleFileNameA
0x10038160 GetStdHandle
0x10038164 InterlockedDecrement
0x10038168 SetLastError
0x1003816c InterlockedIncrement
0x10038170 TlsFree
0x10038174 GetCommandLineA
0x10038178 IsDebuggerPresent
0x1003817c SetUnhandledExceptionFilter
0x10038180 UnhandledExceptionFilter
0x10038184 TerminateProcess
0x10038188 CreateThread
0x1003818c RaiseException
0x10038190 HeapAlloc
0x10038194 HeapFree
0x10038198 GetEnvironmentStrings
0x1003819c ExitProcess
0x100381a0 GetModuleHandleW
0x100381a4 GetSystemTimeAsFileTime
0x100381a8 RtlUnwind
0x100381ac FreeEnvironmentStringsW
0x100381b0 GetEnvironmentStringsW
0x100381b4 QueryPerformanceCounter
0x100381b8 GetTickCount
0x100381bc CreateSemaphoreA
0x100381c0 ReleaseSemaphore
0x100381c4 GetLastError
0x100381c8 LeaveCriticalSection
0x100381cc EnterCriticalSection
0x100381d0 DeleteCriticalSection
0x100381d4 InitializeCriticalSection
0x100381d8 GetCurrentProcessId
0x100381dc CreateEventA
0x100381e0 ExitThread
0x100381e4 WaitForSingleObject
0x100381e8 LoadLibraryA
0x100381ec GetProcAddress
0x100381f0 FreeLibrary
0x100381f4 GetLocaleInfoA
0x100381f8 SetFilePointer
0x100381fc WriteConsoleA
0x10038200 GetConsoleOutputCP
0x10038204 WriteConsoleW
0x10038208 SetStdHandle
0x1003820c CompareStringA
0x10038210 CompareStringW
0x10038214 SetEnvironmentVariableA
0x10038218 GetStringTypeA
0x1003821c GetStringTypeW
0x10038220 ReadFile
USER32.dll
0x10038228 GetUserObjectInformationA
0x1003822c MessageBeep
0x10038230 ExitWindowsEx
0x10038234 VkKeyScanA
0x10038238 GetAsyncKeyState
0x1003823c MapVirtualKeyA
0x10038240 RegisterWindowMessageA
0x10038244 PeekMessageA
0x10038248 WaitMessage
0x1003824c DispatchMessageA
0x10038250 EqualRect
0x10038254 GetForegroundWindow
0x10038258 WindowFromPoint
0x1003825c RegisterClassExA
0x10038260 CreateWindowExA
0x10038264 SetWindowLongA
0x10038268 SetClipboardViewer
0x1003826c GetClipboardOwner
0x10038270 GetClipboardData
0x10038274 DefWindowProcA
0x10038278 PostQuitMessage
0x1003827c GetWindowLongA
0x10038280 GetPropA
0x10038284 IsWindowVisible
0x10038288 SetPropA
0x1003828c RemovePropA
0x10038290 ChangeClipboardChain
0x10038294 DestroyWindow
0x10038298 SendMessageA
0x1003829c KillTimer
0x100382a0 SetTimer
0x100382a4 OpenClipboard
0x100382a8 EmptyClipboard
0x100382ac SetClipboardData
0x100382b0 CloseClipboard
0x100382b4 DrawIconEx
0x100382b8 LoadCursorA
0x100382bc ChangeDisplaySettingsA
0x100382c0 OpenDesktopA
0x100382c4 EnumDesktopWindows
0x100382c8 SystemParametersInfoA
0x100382cc FindWindowA
0x100382d0 GetClassNameA
0x100382d4 PostMessageA
0x100382d8 GetCursorPos
0x100382dc GetSystemMetrics
0x100382e0 GetDesktopWindow
0x100382e4 GetWindowRect
0x100382e8 mouse_event
0x100382ec IsRectEmpty
0x100382f0 IntersectRect
0x100382f4 GetKeyboardState
0x100382f8 keybd_event
0x100382fc EnumDisplaySettingsA
0x10038300 GetThreadDesktop
0x10038304 SetThreadDesktop
0x10038308 CloseDesktop
0x1003830c GetDC
0x10038310 ReleaseDC
0x10038314 SetRect
0x10038318 GetIconInfo
0x1003831c OpenInputDesktop
0x10038320 GetProcessWindowStation
0x10038324 EnumWindows
GDI32.dll
0x10038020 DeleteDC
0x10038024 GetSystemPaletteEntries
0x10038028 DeleteObject
0x1003802c GetObjectA
0x10038030 GetBitmapBits
0x10038034 CreateDIBSection
0x10038038 ExtEscape
0x1003803c GdiFlush
0x10038040 GetStockObject
0x10038044 CombineRgn
0x10038048 CreateRectRgn
0x1003804c CreateRectRgnIndirect
0x10038050 GetRegionData
0x10038054 CreateDCA
0x10038058 GetDIBits
0x1003805c CreateCompatibleBitmap
0x10038060 GetDeviceCaps
0x10038064 CreateCompatibleDC
0x10038068 RealizePalette
0x1003806c SelectPalette
0x10038070 BitBlt
0x10038074 SelectObject
0x10038078 CreatePalette
ADVAPI32.dll
0x10038000 RevertToSelf
0x10038004 ImpersonateLoggedOnUser
0x10038008 RegDeleteValueA
0x1003800c RegSetValueExA
0x10038010 RegCreateKeyA
0x10038014 RegCloseKey
0x10038018 GetUserNameA
EAT(Export Address Table) Library
0x10001010 ?ReflectiveLoader@@YGKPAX@Z
WS2_32.dll
0x1003832c WSADuplicateSocketA
0x10038330 closesocket
0x10038334 accept
0x10038338 select
0x1003833c __WSAFDIsSet
0x10038340 recv
0x10038344 send
0x10038348 WSAGetLastError
0x1003834c setsockopt
0x10038350 WSAStartup
0x10038354 WSASocketA
0x10038358 socket
0x1003835c inet_addr
0x10038360 htons
0x10038364 ind
0x10038368 listen
KERNEL32.dll
0x10038080 TlsGetValue
0x10038084 Sleep
0x10038088 GetSystemTime
0x1003808c SetThreadPriority
0x10038090 TlsSetValue
0x10038094 GetCurrentThreadId
0x10038098 DuplicateHandle
0x1003809c GetCurrentThread
0x100380a0 GetCurrentProcess
0x100380a4 TlsAlloc
0x100380a8 ResumeThread
0x100380ac UnmapViewOfFile
0x100380b0 DeleteFileA
0x100380b4 CreateDirectoryA
0x100380b8 WriteFile
0x100380bc SetFileTime
0x100380c0 CreateFileA
0x100380c4 FindClose
0x100380c8 FindNextFileA
0x100380cc FindFirstFileA
0x100380d0 SetErrorMode
0x100380d4 GetLogicalDriveStringsA
0x100380d8 GetComputerNameA
0x100380dc GetVersionExA
0x100380e0 GlobalUnlock
0x100380e4 GlobalLock
0x100380e8 GlobalAlloc
0x100380ec GlobalDeleteAtom
0x100380f0 GlobalAddAtomA
0x100380f4 SystemTimeToFileTime
0x100380f8 SetEvent
0x100380fc FreeEnvironmentStringsA
0x10038100 LCMapStringW
0x10038104 LCMapStringA
0x10038108 IsValidCodePage
0x1003810c GetOEMCP
0x10038110 GetACP
0x10038114 GetCPInfo
0x10038118 CloseHandle
0x1003811c MultiByteToWideChar
0x10038120 FlushFileBuffers
0x10038124 GetConsoleMode
0x10038128 GetConsoleCP
0x1003812c WideCharToMultiByte
0x10038130 GetModuleHandleA
0x10038134 HeapSize
0x10038138 HeapReAlloc
0x1003813c VirtualAlloc
0x10038140 VirtualFree
0x10038144 HeapDestroy
0x10038148 HeapCreate
0x1003814c GetStartupInfoA
0x10038150 GetFileType
0x10038154 SetHandleCount
0x10038158 InitializeCriticalSectionAndSpinCount
0x1003815c GetModuleFileNameA
0x10038160 GetStdHandle
0x10038164 InterlockedDecrement
0x10038168 SetLastError
0x1003816c InterlockedIncrement
0x10038170 TlsFree
0x10038174 GetCommandLineA
0x10038178 IsDebuggerPresent
0x1003817c SetUnhandledExceptionFilter
0x10038180 UnhandledExceptionFilter
0x10038184 TerminateProcess
0x10038188 CreateThread
0x1003818c RaiseException
0x10038190 HeapAlloc
0x10038194 HeapFree
0x10038198 GetEnvironmentStrings
0x1003819c ExitProcess
0x100381a0 GetModuleHandleW
0x100381a4 GetSystemTimeAsFileTime
0x100381a8 RtlUnwind
0x100381ac FreeEnvironmentStringsW
0x100381b0 GetEnvironmentStringsW
0x100381b4 QueryPerformanceCounter
0x100381b8 GetTickCount
0x100381bc CreateSemaphoreA
0x100381c0 ReleaseSemaphore
0x100381c4 GetLastError
0x100381c8 LeaveCriticalSection
0x100381cc EnterCriticalSection
0x100381d0 DeleteCriticalSection
0x100381d4 InitializeCriticalSection
0x100381d8 GetCurrentProcessId
0x100381dc CreateEventA
0x100381e0 ExitThread
0x100381e4 WaitForSingleObject
0x100381e8 LoadLibraryA
0x100381ec GetProcAddress
0x100381f0 FreeLibrary
0x100381f4 GetLocaleInfoA
0x100381f8 SetFilePointer
0x100381fc WriteConsoleA
0x10038200 GetConsoleOutputCP
0x10038204 WriteConsoleW
0x10038208 SetStdHandle
0x1003820c CompareStringA
0x10038210 CompareStringW
0x10038214 SetEnvironmentVariableA
0x10038218 GetStringTypeA
0x1003821c GetStringTypeW
0x10038220 ReadFile
USER32.dll
0x10038228 GetUserObjectInformationA
0x1003822c MessageBeep
0x10038230 ExitWindowsEx
0x10038234 VkKeyScanA
0x10038238 GetAsyncKeyState
0x1003823c MapVirtualKeyA
0x10038240 RegisterWindowMessageA
0x10038244 PeekMessageA
0x10038248 WaitMessage
0x1003824c DispatchMessageA
0x10038250 EqualRect
0x10038254 GetForegroundWindow
0x10038258 WindowFromPoint
0x1003825c RegisterClassExA
0x10038260 CreateWindowExA
0x10038264 SetWindowLongA
0x10038268 SetClipboardViewer
0x1003826c GetClipboardOwner
0x10038270 GetClipboardData
0x10038274 DefWindowProcA
0x10038278 PostQuitMessage
0x1003827c GetWindowLongA
0x10038280 GetPropA
0x10038284 IsWindowVisible
0x10038288 SetPropA
0x1003828c RemovePropA
0x10038290 ChangeClipboardChain
0x10038294 DestroyWindow
0x10038298 SendMessageA
0x1003829c KillTimer
0x100382a0 SetTimer
0x100382a4 OpenClipboard
0x100382a8 EmptyClipboard
0x100382ac SetClipboardData
0x100382b0 CloseClipboard
0x100382b4 DrawIconEx
0x100382b8 LoadCursorA
0x100382bc ChangeDisplaySettingsA
0x100382c0 OpenDesktopA
0x100382c4 EnumDesktopWindows
0x100382c8 SystemParametersInfoA
0x100382cc FindWindowA
0x100382d0 GetClassNameA
0x100382d4 PostMessageA
0x100382d8 GetCursorPos
0x100382dc GetSystemMetrics
0x100382e0 GetDesktopWindow
0x100382e4 GetWindowRect
0x100382e8 mouse_event
0x100382ec IsRectEmpty
0x100382f0 IntersectRect
0x100382f4 GetKeyboardState
0x100382f8 keybd_event
0x100382fc EnumDisplaySettingsA
0x10038300 GetThreadDesktop
0x10038304 SetThreadDesktop
0x10038308 CloseDesktop
0x1003830c GetDC
0x10038310 ReleaseDC
0x10038314 SetRect
0x10038318 GetIconInfo
0x1003831c OpenInputDesktop
0x10038320 GetProcessWindowStation
0x10038324 EnumWindows
GDI32.dll
0x10038020 DeleteDC
0x10038024 GetSystemPaletteEntries
0x10038028 DeleteObject
0x1003802c GetObjectA
0x10038030 GetBitmapBits
0x10038034 CreateDIBSection
0x10038038 ExtEscape
0x1003803c GdiFlush
0x10038040 GetStockObject
0x10038044 CombineRgn
0x10038048 CreateRectRgn
0x1003804c CreateRectRgnIndirect
0x10038050 GetRegionData
0x10038054 CreateDCA
0x10038058 GetDIBits
0x1003805c CreateCompatibleBitmap
0x10038060 GetDeviceCaps
0x10038064 CreateCompatibleDC
0x10038068 RealizePalette
0x1003806c SelectPalette
0x10038070 BitBlt
0x10038074 SelectObject
0x10038078 CreatePalette
ADVAPI32.dll
0x10038000 RevertToSelf
0x10038004 ImpersonateLoggedOnUser
0x10038008 RegDeleteValueA
0x1003800c RegSetValueExA
0x10038010 RegCreateKeyA
0x10038014 RegCloseKey
0x10038018 GetUserNameA
EAT(Export Address Table) Library
0x10001010 ?ReflectiveLoader@@YGKPAX@Z