ScreenShot
| Created | 2024.11.11 10:18 | Machine | s1_win7_x6401 |
| Filename | tpsvcBase.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 46 detected (Loader, Malicious, score, GenericKD, Unsafe, confidence, 100%, Attribute, HighConfidence, high confidence, ShellcodeRunner, MalwareX, CLOUD, puxxv, Detected, Malware@#1y6xttockp9mp, Wacatac, ABTrojan, CFHX, R675877, Artemis, Chgt, Zolw, susgen) | ||
| md5 | e49624fdefe90d426e67d821094e6b3b | ||
| sha256 | b1631299df6798f0e80bfe1a5fe38edb345722e042fdf614bddc17cc72128ae5 | ||
| ssdeep | 1536:ahupteOe1FzWrSN+ie8uI/HE3nMlgOHS8uVsWJkcdSytaWbLnbTP9:NptczUSN+l+HEGbuDSiaWbLbTP | ||
| imphash | 0966ec256ca7448da6318b6291c44568 | ||
| impfuzzy | 24:ZWMD+tMS1ihlJnc+pl39/CYoBUSOovbO9ZsvwGMXuKmIe:KtMS1i5c+ppQYX36fKK | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1000e010 CreateFileW
0x1000e014 GetFileSize
0x1000e018 ReadFile
0x1000e01c lstrcatW
0x1000e020 Sleep
0x1000e024 lstrlenW
0x1000e028 WriteConsoleW
0x1000e02c GetModuleFileNameW
0x1000e030 LoadLibraryW
0x1000e034 CloseHandle
0x1000e038 GetProcAddress
0x1000e03c UnhandledExceptionFilter
0x1000e040 SetUnhandledExceptionFilter
0x1000e044 GetCurrentProcess
0x1000e048 TerminateProcess
0x1000e04c IsProcessorFeaturePresent
0x1000e050 QueryPerformanceCounter
0x1000e054 GetCurrentProcessId
0x1000e058 GetCurrentThreadId
0x1000e05c GetSystemTimeAsFileTime
0x1000e060 InitializeSListHead
0x1000e064 IsDebuggerPresent
0x1000e068 GetStartupInfoW
0x1000e06c GetModuleHandleW
0x1000e070 InterlockedFlushSList
0x1000e074 RtlUnwind
0x1000e078 GetLastError
0x1000e07c SetLastError
0x1000e080 EnterCriticalSection
0x1000e084 LeaveCriticalSection
0x1000e088 DeleteCriticalSection
0x1000e08c InitializeCriticalSectionAndSpinCount
0x1000e090 TlsAlloc
0x1000e094 TlsGetValue
0x1000e098 TlsSetValue
0x1000e09c TlsFree
0x1000e0a0 FreeLibrary
0x1000e0a4 LoadLibraryExW
0x1000e0a8 EncodePointer
0x1000e0ac RaiseException
0x1000e0b0 ExitProcess
0x1000e0b4 GetModuleHandleExW
0x1000e0b8 HeapAlloc
0x1000e0bc HeapFree
0x1000e0c0 FindClose
0x1000e0c4 FindFirstFileExW
0x1000e0c8 FindNextFileW
0x1000e0cc IsValidCodePage
0x1000e0d0 GetACP
0x1000e0d4 GetOEMCP
0x1000e0d8 GetCPInfo
0x1000e0dc GetCommandLineA
0x1000e0e0 GetCommandLineW
0x1000e0e4 MultiByteToWideChar
0x1000e0e8 WideCharToMultiByte
0x1000e0ec GetEnvironmentStringsW
0x1000e0f0 FreeEnvironmentStringsW
0x1000e0f4 LCMapStringW
0x1000e0f8 GetProcessHeap
0x1000e0fc GetStdHandle
0x1000e100 GetFileType
0x1000e104 GetStringTypeW
0x1000e108 HeapSize
0x1000e10c HeapReAlloc
0x1000e110 SetStdHandle
0x1000e114 FlushFileBuffers
0x1000e118 WriteFile
0x1000e11c GetConsoleOutputCP
0x1000e120 GetConsoleMode
0x1000e124 SetFilePointerEx
0x1000e128 DecodePointer
ADVAPI32.dll
0x1000e000 RegSetValueExW
0x1000e004 RegOpenKeyExW
0x1000e008 RegCloseKey
EAT(Export Address Table) Library
0x100012bb Z1
KERNEL32.dll
0x1000e010 CreateFileW
0x1000e014 GetFileSize
0x1000e018 ReadFile
0x1000e01c lstrcatW
0x1000e020 Sleep
0x1000e024 lstrlenW
0x1000e028 WriteConsoleW
0x1000e02c GetModuleFileNameW
0x1000e030 LoadLibraryW
0x1000e034 CloseHandle
0x1000e038 GetProcAddress
0x1000e03c UnhandledExceptionFilter
0x1000e040 SetUnhandledExceptionFilter
0x1000e044 GetCurrentProcess
0x1000e048 TerminateProcess
0x1000e04c IsProcessorFeaturePresent
0x1000e050 QueryPerformanceCounter
0x1000e054 GetCurrentProcessId
0x1000e058 GetCurrentThreadId
0x1000e05c GetSystemTimeAsFileTime
0x1000e060 InitializeSListHead
0x1000e064 IsDebuggerPresent
0x1000e068 GetStartupInfoW
0x1000e06c GetModuleHandleW
0x1000e070 InterlockedFlushSList
0x1000e074 RtlUnwind
0x1000e078 GetLastError
0x1000e07c SetLastError
0x1000e080 EnterCriticalSection
0x1000e084 LeaveCriticalSection
0x1000e088 DeleteCriticalSection
0x1000e08c InitializeCriticalSectionAndSpinCount
0x1000e090 TlsAlloc
0x1000e094 TlsGetValue
0x1000e098 TlsSetValue
0x1000e09c TlsFree
0x1000e0a0 FreeLibrary
0x1000e0a4 LoadLibraryExW
0x1000e0a8 EncodePointer
0x1000e0ac RaiseException
0x1000e0b0 ExitProcess
0x1000e0b4 GetModuleHandleExW
0x1000e0b8 HeapAlloc
0x1000e0bc HeapFree
0x1000e0c0 FindClose
0x1000e0c4 FindFirstFileExW
0x1000e0c8 FindNextFileW
0x1000e0cc IsValidCodePage
0x1000e0d0 GetACP
0x1000e0d4 GetOEMCP
0x1000e0d8 GetCPInfo
0x1000e0dc GetCommandLineA
0x1000e0e0 GetCommandLineW
0x1000e0e4 MultiByteToWideChar
0x1000e0e8 WideCharToMultiByte
0x1000e0ec GetEnvironmentStringsW
0x1000e0f0 FreeEnvironmentStringsW
0x1000e0f4 LCMapStringW
0x1000e0f8 GetProcessHeap
0x1000e0fc GetStdHandle
0x1000e100 GetFileType
0x1000e104 GetStringTypeW
0x1000e108 HeapSize
0x1000e10c HeapReAlloc
0x1000e110 SetStdHandle
0x1000e114 FlushFileBuffers
0x1000e118 WriteFile
0x1000e11c GetConsoleOutputCP
0x1000e120 GetConsoleMode
0x1000e124 SetFilePointerEx
0x1000e128 DecodePointer
ADVAPI32.dll
0x1000e000 RegSetValueExW
0x1000e004 RegOpenKeyExW
0x1000e008 RegCloseKey
EAT(Export Address Table) Library
0x100012bb Z1