ScreenShot
| Created | 2024.11.08 17:10 | Machine | s1_win7_x6401 |
| Filename | plugin.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (lmpu, Artemis, Razy, Unsafe, malicious, moderate confidence, FlyStudio, HackTool, Generic Reputation PUA, BlackMoon, 1N7T5RZ, BScope, susgen) | ||
| md5 | c306b71fa8f0842fc860aeac4a63a048 | ||
| sha256 | f0ecadc90ef7fc8c74a94b792a2b7dd9af63bf30e6007ef38696321e73ff648f | ||
| ssdeep | 49152:QDXAqo5e07lg5+6CVWkSg+wwm0fe8UaDqg4/Qf5X81XR9h/HF4ztRfhAEu8JTmi9:6Xowqlg5+6QNwdfe8UaOgrhX81XR9h+n | ||
| imphash | e7cbcb280d90dd252c9eac58a6c29b5c | ||
| impfuzzy | 6:omRgXwzEnE3qyIBM9siJYCiBJAEHGDzyR6I92hH1w8ug3E7s2bBnaOAuliTXqVqy:omRgXSEnWDIBAs/JA/DzHbH1Rug3ERLL | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| watch | One or more of the buffers contains an embedded PE file |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | One or more processes crashed |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x125086dc RegCloseKey
AVIFIL32.dll
0x125086e4 AVIStreamInfoA
COMCTL32.dll
0x125086ec None
COMDLG32.dll
0x125086f4 ChooseFontA
GDI32.dll
0x125086fc Arc
KERNEL32.DLL
0x12508704 LoadLibraryA
0x12508708 GetProcAddress
0x1250870c VirtualProtect
MSIMG32.dll
0x12508714 GradientFill
MSVFW32.dll
0x1250871c DrawDibDraw
ole32.dll
0x12508724 OleRun
OLEAUT32.dll
0x1250872c VariantCopy
SHELL32.dll
0x12508734 DragFinish
USER32.dll
0x1250873c GetDC
WINMM.dll
0x12508744 PlaySoundA
WINSPOOL.DRV
0x1250874c OpenPrinterA
WS2_32.dll
0x12508754 recv
EAT(Export Address Table) Library
0x1203c5a1 fun0
0x1203c5ad fun1
0x1203c84a fun10
0x1203d41b fun1001
0x1203d46b fun1002
0x1203d48a fun1003
0x1203d4a9 fun1004
0x1203d4c8 fun1005
0x1203d4e7 fun1006
0x1203d506 fun1007
0x1203d544 fun1008
0x1203d525 fun1009
0x1203d563 fun1010
0x1203d582 fun1011
0x1203d5a1 fun1012
0x1203d5d5 fun1013
0x1203d621 fun1014
0x1203d655 fun1015
0x1203d6a3 fun1016
0x1203d6d7 fun1017
0x1203d725 fun1018
0x1203d771 fun1019
0x1203d7bd fun1020
0x1203d7dc fun1021
0x1203d7fb fun1022
0x1203d81a fun1023
0x1203d839 fun1024
0x1203d889 fun1025
0x1203d8a8 fun1026
0x1203d8c7 fun1027
0x1203d8e6 fun1028
0x1203d905 fun1029
0x1203d924 fun1030
0x1203d943 fun1031
0x1203d962 fun1032
0x1203d981 fun1033
0x1203d9a0 fun1034
0x1203d9bf fun1035
0x1203d9f3 fun1036
0x1203da43 fun1037
0x1203da62 fun1038
0x1203da81 fun1039
0x1203daa0 fun1040
0x1203dabf fun1041
0x1203dade fun1042
0x1203dafd fun1043
0x1203db1c fun1044
0x1203db3b fun1045
0x1203db5a fun1046
0x1203db79 fun1047
0x1203db98 fun1048
0x1203dbb7 fun1049
0x1203dbd6 fun1050
0x1203dbf5 fun1051
0x1203dc14 fun1052
0x1203dc33 fun1053
0x1203dd0c fun1054
0x1203dd40 fun1055
0x1203dc52 fun1056
0x1203dc71 fun1057
0x1203dc90 fun1058
0x1203dcaf fun1059
0x1203dcce fun1060
0x1203dced fun1061
0x1203ede3 fun1062
0x1203ee02 fun1063
0x1203c86b fun11
0x1203c8c8 fun12
0x1203c910 fun13
0x1203c944 fun14
0x1203c98c fun15
0x1203c9d4 fun16
0x1203ca1c fun17
0x1203ca74 fun18
0x1203ca93 fun19
0x1203c618 fun2
0x1203cac7 fun20
0x1203ddd8 fun2001
0x1203de28 fun2002
0x1203de72 fun2003
0x1203debe fun2004
0x1203def2 fun2005
0x1203df3e fun2006
0x1203df5d fun2007
0x1203dfa9 fun2008
0x1203e008 fun2009
0x1203e060 fun2010
0x1203e0bf fun2011
0x1203e117 fun2012
0x1203e161 fun2013
0x1203e1ad fun2014
0x1203e20c fun2015
0x1203e26b fun2016
0x1203e2b5 fun2017
0x1203e31f fun2018
0x1203e369 fun2019
0x1203e388 fun2020
0x1203e3a7 fun2021
0x1203e3c6 fun2022
0x1203e412 fun2023
0x1203cb24 fun21
0x1203cb81 fun22
0x1203cbe0 fun23
0x1203cc89 fun24
0x1203ccaa fun25
0x1203cd21 fun26
0x1203cccb fun27
0x1203cd42 fun28
0x1203cd9a fun29
0x1203c660 fun3
0x1203cdbb fun30
0x1203e460 fun3001
0x1203e47f fun3002
0x1203e4d9 fun3003
0x1203e4f8 fun3004
0x1203e517 fun3005
0x1203e536 fun3006
0x1203e555 fun3007
0x1203e574 fun3008
0x1203cdef fun31
0x1203ce39 fun32
0x1203ce91 fun33
0x1203ceb0 fun34
0x1203cecf fun35
0x1203cf03 fun36
0x1203cf22 fun37
0x1203cf41 fun38
0x1203cf60 fun39
0x1203c694 fun4
0x1203cf6c fun40
0x1203e593 fun4001
0x1203e5e3 fun4002
0x1203e62f fun4003
0x1203e64e fun4004
0x1203cf78 fun41
0x1203cfac fun42
0x1203cff8 fun43
0x1203d3a0 fun44
0x1203d04e fun45
0x1203d05a fun46
0x1203d079 fun47
0x1203d098 fun48
0x1203d0b7 fun49
0x1203c6dc fun5
0x1203d0ff fun50
0x1203e66d fun5001
0x1203e6bd fun5002
0x1203e6dc fun5003
0x1203e6fb fun5004
0x1203e726 fun5005
0x1203e745 fun5006
0x1203e779 fun5007
0x1203e7c5 fun5008
0x1203e7f9 fun5009
0x1203e843 fun5010
0x1203e862 fun5011
0x1203e881 fun5012
0x1203e8a0 fun5013
0x1203e8ec fun5014
0x1203e938 fun5015
0x1203e957 fun5016
0x1203e976 fun5017
0x1203e995 fun5018
0x1203e9b4 fun5019
0x1203e9d3 fun5020
0x1203e9f2 fun5021
0x1203ee40 fun5022
0x1203ee74 fun5023
0x1203d10b fun51
0x1203d117 fun52
0x1203d123 fun53
0x1203d12f fun54
0x1203d13b fun55
0x1203d147 fun56
0x1203d153 fun57
0x1203d15f fun58
0x1203d17e fun59
0x1203c710 fun6
0x1203d19d fun60
0x1203ea68 fun6001
0x1203eab8 fun6002
0x1203ead7 fun6003
0x1203eaf6 fun6004
0x1203eb15 fun6005
0x1203d1bc fun61
0x1203d212 fun62
0x1203d21e fun63
0x1203d23d fun64
0x1203d249 fun65
0x1203d255 fun66
0x1203d289 fun67
0x1203d2d5 fun68
0x1203d2e1 fun69
0x1203c76f fun7
0x1203dd8e fun70
0x1203eb34 fun7001
0x1203eb84 fun7002
0x1203eba3 fun7003
0x1203ebc2 fun7004
0x1203ebe1 fun7005
0x1203ec00 fun7006
0x1203ec1f fun7007
0x1203ec3e fun7008
0x1203ec72 fun7009
0x1203ecbe fun7010
0x1203ecdd fun7011
0x1203ecfc fun7012
0x1203ed1b fun7013
0x1203ed67 fun7014
0x1203ed86 fun7015
0x1203eda5 fun7016
0x1203edc4 fun7017
0x1203ee21 fun7018
0x1203dd9a fun71
0x1203ddb9 fun72
0x1203c7cc fun8
0x1203c829 fun9
0x1203d337 reg
0x1203d37f ret
0x1203eec0 vip
ADVAPI32.dll
0x125086dc RegCloseKey
AVIFIL32.dll
0x125086e4 AVIStreamInfoA
COMCTL32.dll
0x125086ec None
COMDLG32.dll
0x125086f4 ChooseFontA
GDI32.dll
0x125086fc Arc
KERNEL32.DLL
0x12508704 LoadLibraryA
0x12508708 GetProcAddress
0x1250870c VirtualProtect
MSIMG32.dll
0x12508714 GradientFill
MSVFW32.dll
0x1250871c DrawDibDraw
ole32.dll
0x12508724 OleRun
OLEAUT32.dll
0x1250872c VariantCopy
SHELL32.dll
0x12508734 DragFinish
USER32.dll
0x1250873c GetDC
WINMM.dll
0x12508744 PlaySoundA
WINSPOOL.DRV
0x1250874c OpenPrinterA
WS2_32.dll
0x12508754 recv
EAT(Export Address Table) Library
0x1203c5a1 fun0
0x1203c5ad fun1
0x1203c84a fun10
0x1203d41b fun1001
0x1203d46b fun1002
0x1203d48a fun1003
0x1203d4a9 fun1004
0x1203d4c8 fun1005
0x1203d4e7 fun1006
0x1203d506 fun1007
0x1203d544 fun1008
0x1203d525 fun1009
0x1203d563 fun1010
0x1203d582 fun1011
0x1203d5a1 fun1012
0x1203d5d5 fun1013
0x1203d621 fun1014
0x1203d655 fun1015
0x1203d6a3 fun1016
0x1203d6d7 fun1017
0x1203d725 fun1018
0x1203d771 fun1019
0x1203d7bd fun1020
0x1203d7dc fun1021
0x1203d7fb fun1022
0x1203d81a fun1023
0x1203d839 fun1024
0x1203d889 fun1025
0x1203d8a8 fun1026
0x1203d8c7 fun1027
0x1203d8e6 fun1028
0x1203d905 fun1029
0x1203d924 fun1030
0x1203d943 fun1031
0x1203d962 fun1032
0x1203d981 fun1033
0x1203d9a0 fun1034
0x1203d9bf fun1035
0x1203d9f3 fun1036
0x1203da43 fun1037
0x1203da62 fun1038
0x1203da81 fun1039
0x1203daa0 fun1040
0x1203dabf fun1041
0x1203dade fun1042
0x1203dafd fun1043
0x1203db1c fun1044
0x1203db3b fun1045
0x1203db5a fun1046
0x1203db79 fun1047
0x1203db98 fun1048
0x1203dbb7 fun1049
0x1203dbd6 fun1050
0x1203dbf5 fun1051
0x1203dc14 fun1052
0x1203dc33 fun1053
0x1203dd0c fun1054
0x1203dd40 fun1055
0x1203dc52 fun1056
0x1203dc71 fun1057
0x1203dc90 fun1058
0x1203dcaf fun1059
0x1203dcce fun1060
0x1203dced fun1061
0x1203ede3 fun1062
0x1203ee02 fun1063
0x1203c86b fun11
0x1203c8c8 fun12
0x1203c910 fun13
0x1203c944 fun14
0x1203c98c fun15
0x1203c9d4 fun16
0x1203ca1c fun17
0x1203ca74 fun18
0x1203ca93 fun19
0x1203c618 fun2
0x1203cac7 fun20
0x1203ddd8 fun2001
0x1203de28 fun2002
0x1203de72 fun2003
0x1203debe fun2004
0x1203def2 fun2005
0x1203df3e fun2006
0x1203df5d fun2007
0x1203dfa9 fun2008
0x1203e008 fun2009
0x1203e060 fun2010
0x1203e0bf fun2011
0x1203e117 fun2012
0x1203e161 fun2013
0x1203e1ad fun2014
0x1203e20c fun2015
0x1203e26b fun2016
0x1203e2b5 fun2017
0x1203e31f fun2018
0x1203e369 fun2019
0x1203e388 fun2020
0x1203e3a7 fun2021
0x1203e3c6 fun2022
0x1203e412 fun2023
0x1203cb24 fun21
0x1203cb81 fun22
0x1203cbe0 fun23
0x1203cc89 fun24
0x1203ccaa fun25
0x1203cd21 fun26
0x1203cccb fun27
0x1203cd42 fun28
0x1203cd9a fun29
0x1203c660 fun3
0x1203cdbb fun30
0x1203e460 fun3001
0x1203e47f fun3002
0x1203e4d9 fun3003
0x1203e4f8 fun3004
0x1203e517 fun3005
0x1203e536 fun3006
0x1203e555 fun3007
0x1203e574 fun3008
0x1203cdef fun31
0x1203ce39 fun32
0x1203ce91 fun33
0x1203ceb0 fun34
0x1203cecf fun35
0x1203cf03 fun36
0x1203cf22 fun37
0x1203cf41 fun38
0x1203cf60 fun39
0x1203c694 fun4
0x1203cf6c fun40
0x1203e593 fun4001
0x1203e5e3 fun4002
0x1203e62f fun4003
0x1203e64e fun4004
0x1203cf78 fun41
0x1203cfac fun42
0x1203cff8 fun43
0x1203d3a0 fun44
0x1203d04e fun45
0x1203d05a fun46
0x1203d079 fun47
0x1203d098 fun48
0x1203d0b7 fun49
0x1203c6dc fun5
0x1203d0ff fun50
0x1203e66d fun5001
0x1203e6bd fun5002
0x1203e6dc fun5003
0x1203e6fb fun5004
0x1203e726 fun5005
0x1203e745 fun5006
0x1203e779 fun5007
0x1203e7c5 fun5008
0x1203e7f9 fun5009
0x1203e843 fun5010
0x1203e862 fun5011
0x1203e881 fun5012
0x1203e8a0 fun5013
0x1203e8ec fun5014
0x1203e938 fun5015
0x1203e957 fun5016
0x1203e976 fun5017
0x1203e995 fun5018
0x1203e9b4 fun5019
0x1203e9d3 fun5020
0x1203e9f2 fun5021
0x1203ee40 fun5022
0x1203ee74 fun5023
0x1203d10b fun51
0x1203d117 fun52
0x1203d123 fun53
0x1203d12f fun54
0x1203d13b fun55
0x1203d147 fun56
0x1203d153 fun57
0x1203d15f fun58
0x1203d17e fun59
0x1203c710 fun6
0x1203d19d fun60
0x1203ea68 fun6001
0x1203eab8 fun6002
0x1203ead7 fun6003
0x1203eaf6 fun6004
0x1203eb15 fun6005
0x1203d1bc fun61
0x1203d212 fun62
0x1203d21e fun63
0x1203d23d fun64
0x1203d249 fun65
0x1203d255 fun66
0x1203d289 fun67
0x1203d2d5 fun68
0x1203d2e1 fun69
0x1203c76f fun7
0x1203dd8e fun70
0x1203eb34 fun7001
0x1203eb84 fun7002
0x1203eba3 fun7003
0x1203ebc2 fun7004
0x1203ebe1 fun7005
0x1203ec00 fun7006
0x1203ec1f fun7007
0x1203ec3e fun7008
0x1203ec72 fun7009
0x1203ecbe fun7010
0x1203ecdd fun7011
0x1203ecfc fun7012
0x1203ed1b fun7013
0x1203ed67 fun7014
0x1203ed86 fun7015
0x1203eda5 fun7016
0x1203edc4 fun7017
0x1203ee21 fun7018
0x1203dd9a fun71
0x1203ddb9 fun72
0x1203c7cc fun8
0x1203c829 fun9
0x1203d337 reg
0x1203d37f ret
0x1203eec0 vip