ScreenShot
| Created | 2024.11.13 14:04 | Machine | s1_win7_x6401 |
| Filename | 1.dll | ||
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 31 detected (AIDetectMalware, Malicious, score, lazy, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, GZDO, Killmbr, Farfli, ktgbcg, Krypt, Static AI, Malicious PE, hsppu, GrayWare, Wacapew, Detected, R674775, Wacatac, Floxif, FileInfector, Gencirc, susgen) | ||
| md5 | df03779329dcd093c166c678bf3e866c | ||
| sha256 | dceac4fdd04231224c9580ff935200f0dd04e290396c805ed521c305d946e8b6 | ||
| ssdeep | 24576:4pLOet+FXyf5pGJd1GdQmw7dj6ypuNiTdjvPG4/:4pLnt+Fy+1GnAj4ipjnL/ | ||
| imphash | 0acbc8175e55bd9f068d57d00d7aba58 | ||
| impfuzzy | 24:fbxO1DoUviuteS1hGzplJeDc+plmRCSOovbO9ZHu9CuFZXvoTFGMc2g2Muh:z4NiuteS1hGz2c+pd3NuFZ/0h | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1004c010 HeapFree
0x1004c014 GetProcessHeap
0x1004c018 GetCurrentProcess
0x1004c01c ExitProcess
0x1004c020 GetSystemInfo
0x1004c024 VirtualAlloc
0x1004c028 VirtualProtect
0x1004c02c VirtualFree
0x1004c030 HeapReAlloc
0x1004c034 FreeLibrary
0x1004c038 GetModuleFileNameA
0x1004c03c GetModuleHandleA
0x1004c040 GetProcAddress
0x1004c044 LoadLibraryA
0x1004c048 CreateFileMappingA
0x1004c04c IsBadReadPtr
0x1004c050 K32GetModuleInformation
0x1004c054 WriteConsoleW
0x1004c058 HeapAlloc
0x1004c05c CloseHandle
0x1004c060 MapViewOfFile
0x1004c064 CreateFileA
0x1004c068 UnhandledExceptionFilter
0x1004c06c SetUnhandledExceptionFilter
0x1004c070 TerminateProcess
0x1004c074 IsProcessorFeaturePresent
0x1004c078 QueryPerformanceCounter
0x1004c07c GetCurrentProcessId
0x1004c080 GetCurrentThreadId
0x1004c084 GetSystemTimeAsFileTime
0x1004c088 InitializeSListHead
0x1004c08c IsDebuggerPresent
0x1004c090 GetStartupInfoW
0x1004c094 GetModuleHandleW
0x1004c098 RaiseException
0x1004c09c RtlUnwind
0x1004c0a0 InterlockedPushEntrySList
0x1004c0a4 InterlockedFlushSList
0x1004c0a8 GetLastError
0x1004c0ac SetLastError
0x1004c0b0 EncodePointer
0x1004c0b4 EnterCriticalSection
0x1004c0b8 LeaveCriticalSection
0x1004c0bc DeleteCriticalSection
0x1004c0c0 InitializeCriticalSectionAndSpinCount
0x1004c0c4 TlsAlloc
0x1004c0c8 TlsGetValue
0x1004c0cc TlsSetValue
0x1004c0d0 TlsFree
0x1004c0d4 LoadLibraryExW
0x1004c0d8 GetModuleHandleExW
0x1004c0dc GetModuleFileNameW
0x1004c0e0 GetCurrentThread
0x1004c0e4 FindClose
0x1004c0e8 FindFirstFileExW
0x1004c0ec FindNextFileW
0x1004c0f0 IsValidCodePage
0x1004c0f4 GetACP
0x1004c0f8 GetOEMCP
0x1004c0fc GetCPInfo
0x1004c100 GetCommandLineA
0x1004c104 GetCommandLineW
0x1004c108 MultiByteToWideChar
0x1004c10c WideCharToMultiByte
0x1004c110 GetEnvironmentStringsW
0x1004c114 FreeEnvironmentStringsW
0x1004c118 SetEnvironmentVariableW
0x1004c11c GetTempPathW
0x1004c120 GetDateFormatW
0x1004c124 GetTimeFormatW
0x1004c128 CompareStringW
0x1004c12c LCMapStringW
0x1004c130 GetLocaleInfoW
0x1004c134 IsValidLocale
0x1004c138 GetUserDefaultLCID
0x1004c13c EnumSystemLocalesW
0x1004c140 GetStdHandle
0x1004c144 GetFileType
0x1004c148 SetConsoleCtrlHandler
0x1004c14c GetStringTypeW
0x1004c150 HeapSize
0x1004c154 SetStdHandle
0x1004c158 FlushFileBuffers
0x1004c15c WriteFile
0x1004c160 GetConsoleOutputCP
0x1004c164 GetConsoleMode
0x1004c168 GetFileSizeEx
0x1004c16c SetFilePointerEx
0x1004c170 ReadFile
0x1004c174 ReadConsoleW
0x1004c178 OutputDebugStringW
0x1004c17c CreateFileW
0x1004c180 DecodePointer
ADVAPI32.dll
0x1004c000 RegOpenKeyExA
0x1004c004 RegCloseKey
0x1004c008 RegSetValueExA
EAT(Export Address Table) Library
0x100020c0 UnityMain
0x100021a0 hook
KERNEL32.dll
0x1004c010 HeapFree
0x1004c014 GetProcessHeap
0x1004c018 GetCurrentProcess
0x1004c01c ExitProcess
0x1004c020 GetSystemInfo
0x1004c024 VirtualAlloc
0x1004c028 VirtualProtect
0x1004c02c VirtualFree
0x1004c030 HeapReAlloc
0x1004c034 FreeLibrary
0x1004c038 GetModuleFileNameA
0x1004c03c GetModuleHandleA
0x1004c040 GetProcAddress
0x1004c044 LoadLibraryA
0x1004c048 CreateFileMappingA
0x1004c04c IsBadReadPtr
0x1004c050 K32GetModuleInformation
0x1004c054 WriteConsoleW
0x1004c058 HeapAlloc
0x1004c05c CloseHandle
0x1004c060 MapViewOfFile
0x1004c064 CreateFileA
0x1004c068 UnhandledExceptionFilter
0x1004c06c SetUnhandledExceptionFilter
0x1004c070 TerminateProcess
0x1004c074 IsProcessorFeaturePresent
0x1004c078 QueryPerformanceCounter
0x1004c07c GetCurrentProcessId
0x1004c080 GetCurrentThreadId
0x1004c084 GetSystemTimeAsFileTime
0x1004c088 InitializeSListHead
0x1004c08c IsDebuggerPresent
0x1004c090 GetStartupInfoW
0x1004c094 GetModuleHandleW
0x1004c098 RaiseException
0x1004c09c RtlUnwind
0x1004c0a0 InterlockedPushEntrySList
0x1004c0a4 InterlockedFlushSList
0x1004c0a8 GetLastError
0x1004c0ac SetLastError
0x1004c0b0 EncodePointer
0x1004c0b4 EnterCriticalSection
0x1004c0b8 LeaveCriticalSection
0x1004c0bc DeleteCriticalSection
0x1004c0c0 InitializeCriticalSectionAndSpinCount
0x1004c0c4 TlsAlloc
0x1004c0c8 TlsGetValue
0x1004c0cc TlsSetValue
0x1004c0d0 TlsFree
0x1004c0d4 LoadLibraryExW
0x1004c0d8 GetModuleHandleExW
0x1004c0dc GetModuleFileNameW
0x1004c0e0 GetCurrentThread
0x1004c0e4 FindClose
0x1004c0e8 FindFirstFileExW
0x1004c0ec FindNextFileW
0x1004c0f0 IsValidCodePage
0x1004c0f4 GetACP
0x1004c0f8 GetOEMCP
0x1004c0fc GetCPInfo
0x1004c100 GetCommandLineA
0x1004c104 GetCommandLineW
0x1004c108 MultiByteToWideChar
0x1004c10c WideCharToMultiByte
0x1004c110 GetEnvironmentStringsW
0x1004c114 FreeEnvironmentStringsW
0x1004c118 SetEnvironmentVariableW
0x1004c11c GetTempPathW
0x1004c120 GetDateFormatW
0x1004c124 GetTimeFormatW
0x1004c128 CompareStringW
0x1004c12c LCMapStringW
0x1004c130 GetLocaleInfoW
0x1004c134 IsValidLocale
0x1004c138 GetUserDefaultLCID
0x1004c13c EnumSystemLocalesW
0x1004c140 GetStdHandle
0x1004c144 GetFileType
0x1004c148 SetConsoleCtrlHandler
0x1004c14c GetStringTypeW
0x1004c150 HeapSize
0x1004c154 SetStdHandle
0x1004c158 FlushFileBuffers
0x1004c15c WriteFile
0x1004c160 GetConsoleOutputCP
0x1004c164 GetConsoleMode
0x1004c168 GetFileSizeEx
0x1004c16c SetFilePointerEx
0x1004c170 ReadFile
0x1004c174 ReadConsoleW
0x1004c178 OutputDebugStringW
0x1004c17c CreateFileW
0x1004c180 DecodePointer
ADVAPI32.dll
0x1004c000 RegOpenKeyExA
0x1004c004 RegCloseKey
0x1004c008 RegSetValueExA
EAT(Export Address Table) Library
0x100020c0 UnityMain
0x100021a0 hook