Report - libemb.dll

Generic Malware Malicious Library Malicious Packer UPX PE File DLL PE32 OS Processor Check
ScreenShot
Created 2024.10.26 17:26 Machine s1_win7_x6403
Filename libemb.dll
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score
3
Behavior Score
3.2
ZERO API file : clean
VT API (file) 51 detected (Common, DLLhijack, Malicious, score, Jaik, Unsafe, SilverFox, swkbu, grayware, confidence, Attribute, HighConfidence, moderate confidence, ETRZ, MalwareX, Loader, ktawhr, CLASSIC, ofrty, Detected, Phonzy, R656658, Artemis, Chgt, R002H09JO24, Runshell)
md5 14ff2a275e6994ba792d2733f35c410f
sha256 ab67f9b2aba675e29dfde3beb40683ffdceb70b1237f43093aa94a20855d2e87
ssdeep 12288:MSB6YObJN3d0aH+5lR35CTxzcTo6cNs6IQy/lOljXtF9EO:MSE5JN3dVS/cTps19Olbt7EO
imphash 56b6595b1315c0d123745ab0902e6aad
impfuzzy 48:/GuxE8wcgEztPdc3X1xFfysX+89NspbwTJMKy9uFZ63c:/FxE8wcgEztPS3X17fysX+809wTJMKhj
  Network IP location

Signature (7cnts)

Level Description
danger File has been identified by 51 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Foreign language identified in PE resource
notice Moves the original executable to a new location
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks if process is being debugged by a debugger
info One or more processes crashed

Rules (8cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

USER32.dll
 0x10080210 wsprintfW
CRYPT32.dll
 0x10080008 CryptStringToBinaryA
KERNEL32.dll
 0x10080010 IsDebuggerPresent
 0x10080014 GetCurrentProcess
 0x10080018 FreeLibrary
 0x1008001c GetProcAddress
 0x10080020 LoadLibraryW
 0x10080024 VirtualProtect
 0x10080028 CreateFileW
 0x1008002c GetFileSize
 0x10080030 ReadFile
 0x10080034 CloseHandle
 0x10080038 SetLastError
 0x1008003c GetLastError
 0x10080040 GetModuleHandleW
 0x10080044 GetModuleHandleA
 0x10080048 GetNativeSystemInfo
 0x1008004c VirtualAlloc
 0x10080050 LoadLibraryA
 0x10080054 VirtualFree
 0x10080058 GetThreadLocale
 0x1008005c lstrlenW
 0x10080060 QueryPerformanceCounter
 0x10080064 QueryPerformanceFrequency
 0x10080068 DuplicateHandle
 0x1008006c WaitForSingleObjectEx
 0x10080070 Sleep
 0x10080074 GetCurrentThread
 0x10080078 GetCurrentThreadId
 0x1008007c GetExitCodeThread
 0x10080080 InitializeCriticalSectionAndSpinCount
 0x10080084 CreateEventW
 0x10080088 TlsAlloc
 0x1008008c TlsGetValue
 0x10080090 TlsSetValue
 0x10080094 TlsFree
 0x10080098 GetSystemTimeAsFileTime
 0x1008009c GetTickCount
 0x100800a0 EnterCriticalSection
 0x100800a4 LeaveCriticalSection
 0x100800a8 TryEnterCriticalSection
 0x100800ac RtlCaptureStackBackTrace
 0x100800b0 SetEvent
 0x100800b4 ResetEvent
 0x100800b8 UnhandledExceptionFilter
 0x100800bc SetUnhandledExceptionFilter
 0x100800c0 TerminateProcess
 0x100800c4 IsProcessorFeaturePresent
 0x100800c8 GetCurrentProcessId
 0x100800cc InitializeSListHead
 0x100800d0 GetStartupInfoW
 0x100800d4 CreateTimerQueue
 0x100800d8 SignalObjectAndWait
 0x100800dc SwitchToThread
 0x100800e0 CreateThread
 0x100800e4 SetThreadPriority
 0x100800e8 GetThreadPriority
 0x100800ec GetLogicalProcessorInformation
 0x100800f0 CreateTimerQueueTimer
 0x100800f4 ChangeTimerQueueTimer
 0x100800f8 DeleteTimerQueueTimer
 0x100800fc GetNumaHighestNodeNumber
 0x10080100 GetProcessAffinityMask
 0x10080104 SetThreadAffinityMask
 0x10080108 RegisterWaitForSingleObject
 0x1008010c FormatMessageW
 0x10080110 OutputDebugStringW
 0x10080114 EncodePointer
 0x10080118 GetThreadTimes
 0x1008011c FreeLibraryAndExitThread
 0x10080120 GetModuleFileNameW
 0x10080124 LoadLibraryExW
 0x10080128 GetVersionExW
 0x1008012c SetProcessAffinityMask
 0x10080130 ReleaseSemaphore
 0x10080134 InterlockedPopEntrySList
 0x10080138 InterlockedPushEntrySList
 0x1008013c InterlockedFlushSList
 0x10080140 QueryDepthSList
 0x10080144 UnregisterWaitEx
 0x10080148 WaitForMultipleObjectsEx
 0x1008014c WaitForSingleObject
 0x10080150 DeleteCriticalSection
 0x10080154 UnregisterWait
 0x10080158 RtlUnwind
 0x1008015c RaiseException
 0x10080160 VirtualQuery
 0x10080164 MultiByteToWideChar
 0x10080168 ExitThread
 0x1008016c ResumeThread
 0x10080170 GetModuleHandleExW
 0x10080174 HeapAlloc
 0x10080178 HeapFree
 0x1008017c ExitProcess
 0x10080180 WideCharToMultiByte
 0x10080184 GetACP
 0x10080188 GetStdHandle
 0x1008018c GetFileType
 0x10080190 GetStringTypeW
 0x10080194 SetConsoleCtrlHandler
 0x10080198 GetDateFormatW
 0x1008019c GetTimeFormatW
 0x100801a0 CompareStringW
 0x100801a4 LCMapStringW
 0x100801a8 GetLocaleInfoW
 0x100801ac IsValidLocale
 0x100801b0 GetUserDefaultLCID
 0x100801b4 EnumSystemLocalesW
 0x100801b8 GetProcessHeap
 0x100801bc IsValidCodePage
 0x100801c0 GetOEMCP
 0x100801c4 GetCPInfo
 0x100801c8 GetEnvironmentStringsW
 0x100801cc FreeEnvironmentStringsW
 0x100801d0 SetEnvironmentVariableA
 0x100801d4 SetEnvironmentVariableW
 0x100801d8 GetCommandLineA
 0x100801dc GetCommandLineW
 0x100801e0 FlushFileBuffers
 0x100801e4 WriteFile
 0x100801e8 GetConsoleCP
 0x100801ec GetConsoleMode
 0x100801f0 SetStdHandle
 0x100801f4 SetFilePointerEx
 0x100801f8 HeapSize
 0x100801fc HeapReAlloc
 0x10080200 WriteConsoleW
 0x10080204 DecodePointer
 0x10080208 OutputDebugStringA
ADVAPI32.dll
 0x10080000 SystemFunction036

EAT(Export Address Table) Library

0x10004dd0 FreeLibraryMemoryAndExitThread
0x10004dd0 NtUnloadDllMemoryAndExitThread


Similarity measure (PE file only) - Checking for service failure