ScreenShot
| Created | 2024.10.21 14:47 | Machine | s1_win7_x6403 |
| Filename | scbronkz09.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 42 detected (AIDetectMalware, Malicious, score, Ulise, Artemis, Unsafe, confidence, Attribute, HighConfidence, TrojanX, CLOUD, zhdld, GenCBL, Detected, GrayWare, Wacapew, Phonzy, Chgt, R002H09IU24, Gencirc, susgen, PossibleThreat) | ||
| md5 | c32e01ebaec0c994672b56bfa5410962 | ||
| sha256 | 9502bccba5c8855d2b4e95197624d31a67d8f52e01b8957bdddb1f9d612a3faf | ||
| ssdeep | 3072:p/eb5wQUp+tZWiO2Gg7EZ8StYmijRAaCeu9CMRM:8uQUp+tZWiO2G4VStpijmM | ||
| imphash | df620f979ba0cd2f5c2b9f00c7e19cc4 | ||
| impfuzzy | 24:XaFS1o0qtSBgYlJeDc+pl3eDoJodUSOovbO9ZWqvwGMCO:XaFS1YtSBgbc+ppFr3THO | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x18001a000 lstrlenA
0x18001a008 Beep
0x18001a010 WriteConsoleW
0x18001a018 CloseHandle
0x18001a020 CreateFileW
0x18001a028 QueryPerformanceCounter
0x18001a030 GetCurrentProcessId
0x18001a038 GetCurrentThreadId
0x18001a040 GetSystemTimeAsFileTime
0x18001a048 InitializeSListHead
0x18001a050 RtlCaptureContext
0x18001a058 RtlLookupFunctionEntry
0x18001a060 RtlVirtualUnwind
0x18001a068 IsDebuggerPresent
0x18001a070 UnhandledExceptionFilter
0x18001a078 SetUnhandledExceptionFilter
0x18001a080 GetStartupInfoW
0x18001a088 IsProcessorFeaturePresent
0x18001a090 GetModuleHandleW
0x18001a098 RtlUnwindEx
0x18001a0a0 RtlPcToFileHeader
0x18001a0a8 RaiseException
0x18001a0b0 InterlockedFlushSList
0x18001a0b8 GetLastError
0x18001a0c0 SetLastError
0x18001a0c8 EncodePointer
0x18001a0d0 EnterCriticalSection
0x18001a0d8 LeaveCriticalSection
0x18001a0e0 DeleteCriticalSection
0x18001a0e8 InitializeCriticalSectionAndSpinCount
0x18001a0f0 TlsAlloc
0x18001a0f8 TlsGetValue
0x18001a100 TlsSetValue
0x18001a108 TlsFree
0x18001a110 FreeLibrary
0x18001a118 GetProcAddress
0x18001a120 LoadLibraryExW
0x18001a128 GetCurrentProcess
0x18001a130 TerminateProcess
0x18001a138 ExitProcess
0x18001a140 GetModuleHandleExW
0x18001a148 GetModuleFileNameW
0x18001a150 HeapAlloc
0x18001a158 HeapFree
0x18001a160 FindClose
0x18001a168 FindFirstFileExW
0x18001a170 FindNextFileW
0x18001a178 IsValidCodePage
0x18001a180 GetACP
0x18001a188 GetOEMCP
0x18001a190 GetCPInfo
0x18001a198 GetCommandLineA
0x18001a1a0 GetCommandLineW
0x18001a1a8 MultiByteToWideChar
0x18001a1b0 WideCharToMultiByte
0x18001a1b8 GetEnvironmentStringsW
0x18001a1c0 FreeEnvironmentStringsW
0x18001a1c8 FlsAlloc
0x18001a1d0 FlsGetValue
0x18001a1d8 FlsSetValue
0x18001a1e0 FlsFree
0x18001a1e8 LCMapStringW
0x18001a1f0 GetProcessHeap
0x18001a1f8 GetStdHandle
0x18001a200 GetFileType
0x18001a208 GetStringTypeW
0x18001a210 HeapSize
0x18001a218 HeapReAlloc
0x18001a220 SetStdHandle
0x18001a228 FlushFileBuffers
0x18001a230 WriteFile
0x18001a238 GetConsoleOutputCP
0x18001a240 GetConsoleMode
0x18001a248 SetFilePointerEx
USER32.dll
0x18001a258 CallNextHookEx
EAT(Export Address Table) Library
0x180004e30 Joking
0x180004e30 NextHook
KERNEL32.dll
0x18001a000 lstrlenA
0x18001a008 Beep
0x18001a010 WriteConsoleW
0x18001a018 CloseHandle
0x18001a020 CreateFileW
0x18001a028 QueryPerformanceCounter
0x18001a030 GetCurrentProcessId
0x18001a038 GetCurrentThreadId
0x18001a040 GetSystemTimeAsFileTime
0x18001a048 InitializeSListHead
0x18001a050 RtlCaptureContext
0x18001a058 RtlLookupFunctionEntry
0x18001a060 RtlVirtualUnwind
0x18001a068 IsDebuggerPresent
0x18001a070 UnhandledExceptionFilter
0x18001a078 SetUnhandledExceptionFilter
0x18001a080 GetStartupInfoW
0x18001a088 IsProcessorFeaturePresent
0x18001a090 GetModuleHandleW
0x18001a098 RtlUnwindEx
0x18001a0a0 RtlPcToFileHeader
0x18001a0a8 RaiseException
0x18001a0b0 InterlockedFlushSList
0x18001a0b8 GetLastError
0x18001a0c0 SetLastError
0x18001a0c8 EncodePointer
0x18001a0d0 EnterCriticalSection
0x18001a0d8 LeaveCriticalSection
0x18001a0e0 DeleteCriticalSection
0x18001a0e8 InitializeCriticalSectionAndSpinCount
0x18001a0f0 TlsAlloc
0x18001a0f8 TlsGetValue
0x18001a100 TlsSetValue
0x18001a108 TlsFree
0x18001a110 FreeLibrary
0x18001a118 GetProcAddress
0x18001a120 LoadLibraryExW
0x18001a128 GetCurrentProcess
0x18001a130 TerminateProcess
0x18001a138 ExitProcess
0x18001a140 GetModuleHandleExW
0x18001a148 GetModuleFileNameW
0x18001a150 HeapAlloc
0x18001a158 HeapFree
0x18001a160 FindClose
0x18001a168 FindFirstFileExW
0x18001a170 FindNextFileW
0x18001a178 IsValidCodePage
0x18001a180 GetACP
0x18001a188 GetOEMCP
0x18001a190 GetCPInfo
0x18001a198 GetCommandLineA
0x18001a1a0 GetCommandLineW
0x18001a1a8 MultiByteToWideChar
0x18001a1b0 WideCharToMultiByte
0x18001a1b8 GetEnvironmentStringsW
0x18001a1c0 FreeEnvironmentStringsW
0x18001a1c8 FlsAlloc
0x18001a1d0 FlsGetValue
0x18001a1d8 FlsSetValue
0x18001a1e0 FlsFree
0x18001a1e8 LCMapStringW
0x18001a1f0 GetProcessHeap
0x18001a1f8 GetStdHandle
0x18001a200 GetFileType
0x18001a208 GetStringTypeW
0x18001a210 HeapSize
0x18001a218 HeapReAlloc
0x18001a220 SetStdHandle
0x18001a228 FlushFileBuffers
0x18001a230 WriteFile
0x18001a238 GetConsoleOutputCP
0x18001a240 GetConsoleMode
0x18001a248 SetFilePointerEx
USER32.dll
0x18001a258 CallNextHookEx
EAT(Export Address Table) Library
0x180004e30 Joking
0x180004e30 NextHook