Report - ZeroBOX

ScreenShot

Info
Location map


Created	2024.11.20 09:33	Machine	s1_win7_x6403
Filename	dll007.dll
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score	9	Behavior Score	2.0
ZERO API	file : clean
VT API (file)	67 detected (FamVT, DebrisA, Debris, tsC7, Malicious, score, Barys, Unsafe, Save, confidence, 100%, EmailWorm, Bundpil, Dromedan, high confidence, None, cqkxyu, Gamarue, CLASSIC, MulDrop4, DebrisGen, Static AI, Malicious PE, axdgt, Detected, AH@4yjufs, Andromeda, Csyr, Eldorado, R71328, GenAsa, VJN5611Pa6Y)
md5	46ff33dbadc5b36e0c1f1df20eca90a0
sha256	a3cf86c9d16fe62fa80010395991c72be7be4549641f0565b031144dd26747a5
ssdeep	48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqD6//RQCCzrTEBzlroWFFmT3W0IW9GmxYVt:hy859x0P8MaRCCzr0yrjW0IOGm2VH1
imphash	c4c9ecfc26ca516a80b8f6f5b2bdb7e6
impfuzzy	3:swBJAGvbAJS9KTXzhAXwaamlmN5IlGBJ8UGvnn:dBJAGvPGDkamE5GGBJqvnn

Network IP location

Signature (4cnts)

Level	Description
danger	File has been identified by 67 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
info	Checks if process is being debugged by a debugger
info	The executable uses a known packer

Rules (4cnts)

Level	Name	Description	Collection
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x10002000 LoadLibraryW
0x10002004 GetProcAddress
0x10002008 CreateFileA
MSVCRT.dll
0x10002010 free
0x10002014 _initterm
0x10002018 malloc
0x1000201c _adjust_fdiv

EAT(Export Address Table) Library

0x10001193 rundll32

Report - dll007.dll

Signature (4cnts)

Rules (4cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure