ScreenShot
| Created | 2024.09.30 11:20 | Machine | s1_win7_x6403 |
| Filename | winvnc.x64.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 58 detected (AIDetectMalware, Hacktool, Meterpreter, Malicious, score, NetLoader, Misc, Unsafe, Tedy, Vijo, grayware, confidence, 100%, Windows, Threat, CobaltStrike, iw1lVS3f5fU, PrivacyRisk, Tool, WINVNC, Harmony Loader, Static AI, Malicious PE, Detected, Malware@#262v94zt9ji48, ABApplication, QKNU, R635405, Generic PUP, Gencirc, Igent, bUAavR, VNCDll, susgen) | ||
| md5 | bc9fd6c5621c3fa5a16489db19746112 | ||
| sha256 | 13feaa32e4b03ede8799e5bee6f8d54c3af715a6488ad32f6287d8f504c7078b | ||
| ssdeep | 6144:Vsj5MHZ/yacp9dK/WT8W/WUuLdrX64ajx0HLC1UsrTAhwwU8qc2kPoV0jp7:VW5Mwacp9dKeIdezlMCusJzV0 | ||
| imphash | 8d947d8266d1e96ff10ab0c505eb32cf | ||
| impfuzzy | 96:sZ+ThQ1LIuL0ShyX1ph+M2rvNvh3zybKXRs0KQ:pULUF+M2rvNvh3zybKJl | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x18003f648 recv
0x18003f650 ind
0x18003f658 closesocket
0x18003f660 htons
0x18003f668 WSASocketA
0x18003f670 WSAGetLastError
0x18003f678 setsockopt
0x18003f680 send
0x18003f688 select
0x18003f690 accept
0x18003f698 __WSAFDIsSet
0x18003f6a0 WSADuplicateSocketA
0x18003f6a8 WSAStartup
0x18003f6b0 socket
0x18003f6b8 listen
0x18003f6c0 inet_addr
KERNEL32.dll
0x18003f100 LeaveCriticalSection
0x18003f108 DeleteCriticalSection
0x18003f110 ReleaseSemaphore
0x18003f118 Sleep
0x18003f120 CloseHandle
0x18003f128 DuplicateHandle
0x18003f130 GetSystemTime
0x18003f138 TlsAlloc
0x18003f140 TlsGetValue
0x18003f148 TlsSetValue
0x18003f150 CreateSemaphoreA
0x18003f158 UnmapViewOfFile
0x18003f160 SetErrorMode
0x18003f168 WriteFile
0x18003f170 FindClose
0x18003f178 SetFileTime
0x18003f180 GetLogicalDriveStringsA
0x18003f188 CreateDirectoryA
0x18003f190 CreateFileA
0x18003f198 DeleteFileA
0x18003f1a0 FindFirstFileA
0x18003f1a8 FindNextFileA
0x18003f1b0 GetComputerNameA
0x18003f1b8 GlobalAlloc
0x18003f1c0 GlobalLock
0x18003f1c8 GlobalUnlock
0x18003f1d0 GlobalDeleteAtom
0x18003f1d8 SystemTimeToFileTime
0x18003f1e0 GlobalAddAtomA
0x18003f1e8 GetVersionExA
0x18003f1f0 SetEvent
0x18003f1f8 GetConsoleCP
0x18003f200 FlushFileBuffers
0x18003f208 HeapSize
0x18003f210 GetProcessHeap
0x18003f218 GetFileType
0x18003f220 GetCPInfo
0x18003f228 GetOEMCP
0x18003f230 EnterCriticalSection
0x18003f238 IsValidCodePage
0x18003f240 GetModuleFileNameW
0x18003f248 GetStdHandle
0x18003f250 GetModuleHandleW
0x18003f258 GetStartupInfoW
0x18003f260 TlsFree
0x18003f268 TerminateProcess
0x18003f270 InitializeCriticalSectionAndSpinCount
0x18003f278 SetUnhandledExceptionFilter
0x18003f280 UnhandledExceptionFilter
0x18003f288 RtlVirtualUnwind
0x18003f290 RtlCaptureContext
0x18003f298 IsProcessorFeaturePresent
0x18003f2a0 IsDebuggerPresent
0x18003f2a8 SetLastError
0x18003f2b0 GetCommandLineA
0x18003f2b8 RaiseException
0x18003f2c0 RtlPcToFileHeader
0x18003f2c8 LoadLibraryExW
0x18003f2d0 CreateThread
0x18003f2d8 HeapAlloc
0x18003f2e0 HeapFree
0x18003f2e8 GetSystemTimeAsFileTime
0x18003f2f0 WideCharToMultiByte
0x18003f2f8 MultiByteToWideChar
0x18003f300 GetModuleHandleExW
0x18003f308 ExitProcess
0x18003f310 DecodePointer
0x18003f318 GetConsoleMode
0x18003f320 EncodePointer
0x18003f328 RtlUnwindEx
0x18003f330 RtlLookupFunctionEntry
0x18003f338 ReadFile
0x18003f340 ReadConsoleW
0x18003f348 GetModuleFileNameA
0x18003f350 QueryPerformanceCounter
0x18003f358 InitializeCriticalSection
0x18003f360 ResumeThread
0x18003f368 GetLastError
0x18003f370 SetThreadPriority
0x18003f378 GetCurrentThreadId
0x18003f380 GetCurrentThread
0x18003f388 GetCurrentProcess
0x18003f390 LoadLibraryA
0x18003f398 CreateEventA
0x18003f3a0 WaitForSingleObject
0x18003f3a8 ExitThread
0x18003f3b0 GetCurrentProcessId
0x18003f3b8 GetProcAddress
0x18003f3c0 FreeLibrary
0x18003f3c8 GetEnvironmentStringsW
0x18003f3d0 FreeEnvironmentStringsW
0x18003f3d8 OutputDebugStringW
0x18003f3e0 HeapReAlloc
0x18003f3e8 CompareStringW
0x18003f3f0 LCMapStringW
0x18003f3f8 GetStringTypeW
0x18003f400 SetStdHandle
0x18003f408 SetFilePointerEx
0x18003f410 WriteConsoleW
0x18003f418 SetEnvironmentVariableA
0x18003f420 GetACP
0x18003f428 CreateFileW
USER32.dll
0x18003f438 GetUserObjectInformationA
0x18003f440 MessageBeep
0x18003f448 ExitWindowsEx
0x18003f450 MapVirtualKeyA
0x18003f458 VkKeyScanA
0x18003f460 GetAsyncKeyState
0x18003f468 SystemParametersInfoA
0x18003f470 ChangeDisplaySettingsA
0x18003f478 DrawIconEx
0x18003f480 LoadCursorA
0x18003f488 GetClassNameA
0x18003f490 EnumWindows
0x18003f498 FindWindowA
0x18003f4a0 SetWindowLongPtrA
0x18003f4a8 GetWindowLongPtrA
0x18003f4b0 GetWindowLongA
0x18003f4b8 EqualRect
0x18003f4c0 WindowFromPoint
0x18003f4c8 RemovePropA
0x18003f4d0 GetPropA
0x18003f4d8 SetPropA
0x18003f4e0 GetForegroundWindow
0x18003f4e8 SetTimer
0x18003f4f0 EmptyClipboard
0x18003f4f8 GetClipboardData
0x18003f500 SetClipboardData
0x18003f508 ChangeClipboardChain
0x18003f510 SetClipboardViewer
0x18003f518 GetClipboardOwner
0x18003f520 CloseClipboard
0x18003f528 OpenClipboard
0x18003f530 IsWindowVisible
0x18003f538 DestroyWindow
0x18003f540 CreateWindowExA
0x18003f548 RegisterClassExA
0x18003f550 PostQuitMessage
0x18003f558 DefWindowProcA
0x18003f560 WaitMessage
0x18003f568 PostMessageA
0x18003f570 SendMessageA
0x18003f578 PeekMessageA
0x18003f580 DispatchMessageA
0x18003f588 RegisterWindowMessageA
0x18003f590 EnumDesktopWindows
0x18003f598 OpenDesktopA
0x18003f5a0 GetDesktopWindow
0x18003f5a8 IsRectEmpty
0x18003f5b0 IntersectRect
0x18003f5b8 GetCursorPos
0x18003f5c0 GetWindowRect
0x18003f5c8 GetSystemMetrics
0x18003f5d0 mouse_event
0x18003f5d8 keybd_event
0x18003f5e0 GetKeyboardState
0x18003f5e8 EnumDisplaySettingsA
0x18003f5f0 GetThreadDesktop
0x18003f5f8 CloseDesktop
0x18003f600 SetThreadDesktop
0x18003f608 ReleaseDC
0x18003f610 GetDC
0x18003f618 SetRect
0x18003f620 GetIconInfo
0x18003f628 GetProcessWindowStation
0x18003f630 OpenInputDesktop
0x18003f638 KillTimer
GDI32.dll
0x18003f040 GetObjectA
0x18003f048 GetBitmapBits
0x18003f050 DeleteObject
0x18003f058 GetStockObject
0x18003f060 RealizePalette
0x18003f068 SelectObject
0x18003f070 GetSystemPaletteEntries
0x18003f078 CreateDIBSection
0x18003f080 GdiFlush
0x18003f088 CombineRgn
0x18003f090 CreateRectRgn
0x18003f098 CreateRectRgnIndirect
0x18003f0a0 GetRegionData
0x18003f0a8 CreateDCA
0x18003f0b0 DeleteDC
0x18003f0b8 ExtEscape
0x18003f0c0 BitBlt
0x18003f0c8 CreateCompatibleBitmap
0x18003f0d0 CreateCompatibleDC
0x18003f0d8 CreatePalette
0x18003f0e0 SelectPalette
0x18003f0e8 GetDIBits
0x18003f0f0 GetDeviceCaps
ADVAPI32.dll
0x18003f000 GetUserNameA
0x18003f008 RevertToSelf
0x18003f010 RegSetValueExA
0x18003f018 RegDeleteValueA
0x18003f020 RegCreateKeyA
0x18003f028 RegCloseKey
0x18003f030 ImpersonateLoggedOnUser
EAT(Export Address Table) Library
0x180001320 ?ReflectiveLoader@@YA_KPEAX@Z
WS2_32.dll
0x18003f648 recv
0x18003f650 ind
0x18003f658 closesocket
0x18003f660 htons
0x18003f668 WSASocketA
0x18003f670 WSAGetLastError
0x18003f678 setsockopt
0x18003f680 send
0x18003f688 select
0x18003f690 accept
0x18003f698 __WSAFDIsSet
0x18003f6a0 WSADuplicateSocketA
0x18003f6a8 WSAStartup
0x18003f6b0 socket
0x18003f6b8 listen
0x18003f6c0 inet_addr
KERNEL32.dll
0x18003f100 LeaveCriticalSection
0x18003f108 DeleteCriticalSection
0x18003f110 ReleaseSemaphore
0x18003f118 Sleep
0x18003f120 CloseHandle
0x18003f128 DuplicateHandle
0x18003f130 GetSystemTime
0x18003f138 TlsAlloc
0x18003f140 TlsGetValue
0x18003f148 TlsSetValue
0x18003f150 CreateSemaphoreA
0x18003f158 UnmapViewOfFile
0x18003f160 SetErrorMode
0x18003f168 WriteFile
0x18003f170 FindClose
0x18003f178 SetFileTime
0x18003f180 GetLogicalDriveStringsA
0x18003f188 CreateDirectoryA
0x18003f190 CreateFileA
0x18003f198 DeleteFileA
0x18003f1a0 FindFirstFileA
0x18003f1a8 FindNextFileA
0x18003f1b0 GetComputerNameA
0x18003f1b8 GlobalAlloc
0x18003f1c0 GlobalLock
0x18003f1c8 GlobalUnlock
0x18003f1d0 GlobalDeleteAtom
0x18003f1d8 SystemTimeToFileTime
0x18003f1e0 GlobalAddAtomA
0x18003f1e8 GetVersionExA
0x18003f1f0 SetEvent
0x18003f1f8 GetConsoleCP
0x18003f200 FlushFileBuffers
0x18003f208 HeapSize
0x18003f210 GetProcessHeap
0x18003f218 GetFileType
0x18003f220 GetCPInfo
0x18003f228 GetOEMCP
0x18003f230 EnterCriticalSection
0x18003f238 IsValidCodePage
0x18003f240 GetModuleFileNameW
0x18003f248 GetStdHandle
0x18003f250 GetModuleHandleW
0x18003f258 GetStartupInfoW
0x18003f260 TlsFree
0x18003f268 TerminateProcess
0x18003f270 InitializeCriticalSectionAndSpinCount
0x18003f278 SetUnhandledExceptionFilter
0x18003f280 UnhandledExceptionFilter
0x18003f288 RtlVirtualUnwind
0x18003f290 RtlCaptureContext
0x18003f298 IsProcessorFeaturePresent
0x18003f2a0 IsDebuggerPresent
0x18003f2a8 SetLastError
0x18003f2b0 GetCommandLineA
0x18003f2b8 RaiseException
0x18003f2c0 RtlPcToFileHeader
0x18003f2c8 LoadLibraryExW
0x18003f2d0 CreateThread
0x18003f2d8 HeapAlloc
0x18003f2e0 HeapFree
0x18003f2e8 GetSystemTimeAsFileTime
0x18003f2f0 WideCharToMultiByte
0x18003f2f8 MultiByteToWideChar
0x18003f300 GetModuleHandleExW
0x18003f308 ExitProcess
0x18003f310 DecodePointer
0x18003f318 GetConsoleMode
0x18003f320 EncodePointer
0x18003f328 RtlUnwindEx
0x18003f330 RtlLookupFunctionEntry
0x18003f338 ReadFile
0x18003f340 ReadConsoleW
0x18003f348 GetModuleFileNameA
0x18003f350 QueryPerformanceCounter
0x18003f358 InitializeCriticalSection
0x18003f360 ResumeThread
0x18003f368 GetLastError
0x18003f370 SetThreadPriority
0x18003f378 GetCurrentThreadId
0x18003f380 GetCurrentThread
0x18003f388 GetCurrentProcess
0x18003f390 LoadLibraryA
0x18003f398 CreateEventA
0x18003f3a0 WaitForSingleObject
0x18003f3a8 ExitThread
0x18003f3b0 GetCurrentProcessId
0x18003f3b8 GetProcAddress
0x18003f3c0 FreeLibrary
0x18003f3c8 GetEnvironmentStringsW
0x18003f3d0 FreeEnvironmentStringsW
0x18003f3d8 OutputDebugStringW
0x18003f3e0 HeapReAlloc
0x18003f3e8 CompareStringW
0x18003f3f0 LCMapStringW
0x18003f3f8 GetStringTypeW
0x18003f400 SetStdHandle
0x18003f408 SetFilePointerEx
0x18003f410 WriteConsoleW
0x18003f418 SetEnvironmentVariableA
0x18003f420 GetACP
0x18003f428 CreateFileW
USER32.dll
0x18003f438 GetUserObjectInformationA
0x18003f440 MessageBeep
0x18003f448 ExitWindowsEx
0x18003f450 MapVirtualKeyA
0x18003f458 VkKeyScanA
0x18003f460 GetAsyncKeyState
0x18003f468 SystemParametersInfoA
0x18003f470 ChangeDisplaySettingsA
0x18003f478 DrawIconEx
0x18003f480 LoadCursorA
0x18003f488 GetClassNameA
0x18003f490 EnumWindows
0x18003f498 FindWindowA
0x18003f4a0 SetWindowLongPtrA
0x18003f4a8 GetWindowLongPtrA
0x18003f4b0 GetWindowLongA
0x18003f4b8 EqualRect
0x18003f4c0 WindowFromPoint
0x18003f4c8 RemovePropA
0x18003f4d0 GetPropA
0x18003f4d8 SetPropA
0x18003f4e0 GetForegroundWindow
0x18003f4e8 SetTimer
0x18003f4f0 EmptyClipboard
0x18003f4f8 GetClipboardData
0x18003f500 SetClipboardData
0x18003f508 ChangeClipboardChain
0x18003f510 SetClipboardViewer
0x18003f518 GetClipboardOwner
0x18003f520 CloseClipboard
0x18003f528 OpenClipboard
0x18003f530 IsWindowVisible
0x18003f538 DestroyWindow
0x18003f540 CreateWindowExA
0x18003f548 RegisterClassExA
0x18003f550 PostQuitMessage
0x18003f558 DefWindowProcA
0x18003f560 WaitMessage
0x18003f568 PostMessageA
0x18003f570 SendMessageA
0x18003f578 PeekMessageA
0x18003f580 DispatchMessageA
0x18003f588 RegisterWindowMessageA
0x18003f590 EnumDesktopWindows
0x18003f598 OpenDesktopA
0x18003f5a0 GetDesktopWindow
0x18003f5a8 IsRectEmpty
0x18003f5b0 IntersectRect
0x18003f5b8 GetCursorPos
0x18003f5c0 GetWindowRect
0x18003f5c8 GetSystemMetrics
0x18003f5d0 mouse_event
0x18003f5d8 keybd_event
0x18003f5e0 GetKeyboardState
0x18003f5e8 EnumDisplaySettingsA
0x18003f5f0 GetThreadDesktop
0x18003f5f8 CloseDesktop
0x18003f600 SetThreadDesktop
0x18003f608 ReleaseDC
0x18003f610 GetDC
0x18003f618 SetRect
0x18003f620 GetIconInfo
0x18003f628 GetProcessWindowStation
0x18003f630 OpenInputDesktop
0x18003f638 KillTimer
GDI32.dll
0x18003f040 GetObjectA
0x18003f048 GetBitmapBits
0x18003f050 DeleteObject
0x18003f058 GetStockObject
0x18003f060 RealizePalette
0x18003f068 SelectObject
0x18003f070 GetSystemPaletteEntries
0x18003f078 CreateDIBSection
0x18003f080 GdiFlush
0x18003f088 CombineRgn
0x18003f090 CreateRectRgn
0x18003f098 CreateRectRgnIndirect
0x18003f0a0 GetRegionData
0x18003f0a8 CreateDCA
0x18003f0b0 DeleteDC
0x18003f0b8 ExtEscape
0x18003f0c0 BitBlt
0x18003f0c8 CreateCompatibleBitmap
0x18003f0d0 CreateCompatibleDC
0x18003f0d8 CreatePalette
0x18003f0e0 SelectPalette
0x18003f0e8 GetDIBits
0x18003f0f0 GetDeviceCaps
ADVAPI32.dll
0x18003f000 GetUserNameA
0x18003f008 RevertToSelf
0x18003f010 RegSetValueExA
0x18003f018 RegDeleteValueA
0x18003f020 RegCreateKeyA
0x18003f028 RegCloseKey
0x18003f030 ImpersonateLoggedOnUser
EAT(Export Address Table) Library
0x180001320 ?ReflectiveLoader@@YA_KPEAX@Z