ScreenShot
| Created | 2025.01.10 11:56 | Machine | s1_win7_x6403 |
| Filename | nemesis.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 19 detected (Malicious, score, confidence, Windows, Donutloader, GameHack, AGen, OY potentially unsafe, BEEM, Rozena, Donut, CLASSIC, Static AI, Suspicious PE, Detected, Wacapew, susgen) | ||
| md5 | 388c74339a2511c9d12340a0969a49a6 | ||
| sha256 | b42efa0ff2ed6b07c7734e4b9e21c0fdd9ac7b63fbf2eddb88578f95e321da4c | ||
| ssdeep | 98304:6sX6S/qiZHHTHzyg+8r0Lso2nfC5x2FQ6gTteEGFlgfYaq:uCHHTTyr8r0IrnfoH6g5eEGFo3 | ||
| imphash | 3f753a28089a975283d011ea368b3c4b | ||
| impfuzzy | 96:zLWQ4eLE080WDffYmoA3Y0EPkLDsEl4RjCEkvACCxUlsxhuCNl9Ajyr:mQH1WDffZoA3qouBAjyr | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1800ad080 GlobalAlloc
0x1800ad088 GlobalFree
0x1800ad090 GlobalLock
0x1800ad098 GlobalUnlock
0x1800ad0a0 QueryPerformanceFrequency
0x1800ad0a8 QueryPerformanceCounter
0x1800ad0b0 DisableThreadLibraryCalls
0x1800ad0b8 CreateThread
0x1800ad0c0 CreateFileA
0x1800ad0c8 GetFileSizeEx
0x1800ad0d0 ReadFile
0x1800ad0d8 HeapAlloc
0x1800ad0e0 HeapFree
0x1800ad0e8 MapViewOfFile
0x1800ad0f0 UnmapViewOfFile
0x1800ad0f8 CreateFileMappingA
0x1800ad100 InitializeSListHead
0x1800ad108 GetSystemTimeAsFileTime
0x1800ad110 GetCurrentProcessId
0x1800ad118 IsDebuggerPresent
0x1800ad120 IsProcessorFeaturePresent
0x1800ad128 TerminateProcess
0x1800ad130 SetUnhandledExceptionFilter
0x1800ad138 UnhandledExceptionFilter
0x1800ad140 RtlVirtualUnwind
0x1800ad148 RtlLookupFunctionEntry
0x1800ad150 RtlCaptureContext
0x1800ad158 WakeAllConditionVariable
0x1800ad160 VirtualFreeEx
0x1800ad168 GetCurrentThreadId
0x1800ad170 Sleep
0x1800ad178 SleepConditionVariableSRW
0x1800ad180 CreateRemoteThread
0x1800ad188 WideCharToMultiByte
0x1800ad190 FreeLibrary
0x1800ad198 VirtualAllocEx
0x1800ad1a0 GetProcAddress
0x1800ad1a8 LoadLibraryW
0x1800ad1b0 CloseHandle
0x1800ad1b8 Process32FirstW
0x1800ad1c0 Process32Next
0x1800ad1c8 LoadLibraryA
0x1800ad1d0 Process32NextW
0x1800ad1d8 CreateToolhelp32Snapshot
0x1800ad1e0 OpenProcess
0x1800ad1e8 GetFileAttributesW
0x1800ad1f0 CreateFileW
0x1800ad1f8 WriteFile
0x1800ad200 AcquireSRWLockExclusive
0x1800ad208 ReleaseSRWLockExclusive
0x1800ad210 GetCurrentProcess
0x1800ad218 WriteProcessMemory
0x1800ad220 MultiByteToWideChar
0x1800ad228 Process32First
0x1800ad230 GetModuleFileNameA
USER32.dll
0x1800ad300 DispatchMessageA
0x1800ad308 DestroyWindow
0x1800ad310 CreateWindowExW
0x1800ad318 SetCursorPos
0x1800ad320 UnregisterClassW
0x1800ad328 RegisterClassExW
0x1800ad330 ShowWindow
0x1800ad338 GetAsyncKeyState
0x1800ad340 SetWindowDisplayAffinity
0x1800ad348 RegisterHotKey
0x1800ad350 DefWindowProcA
0x1800ad358 SetLayeredWindowAttributes
0x1800ad360 TranslateMessage
0x1800ad368 LoadIconA
0x1800ad370 PeekMessageA
0x1800ad378 GetWindowLongPtrA
0x1800ad380 PostQuitMessage
0x1800ad388 SetWindowLongPtrA
0x1800ad390 MoveWindow
0x1800ad398 MessageBoxA
0x1800ad3a0 MessageBoxW
0x1800ad3a8 GetWindowRect
0x1800ad3b0 UpdateWindow
0x1800ad3b8 GetKeyState
0x1800ad3c0 GetMessageExtraInfo
0x1800ad3c8 LoadCursorA
0x1800ad3d0 ScreenToClient
0x1800ad3d8 GetCapture
0x1800ad3e0 ClientToScreen
0x1800ad3e8 TrackMouseEvent
0x1800ad3f0 GetForegroundWindow
0x1800ad3f8 SetCapture
0x1800ad400 SetCursor
0x1800ad408 GetClientRect
0x1800ad410 IsWindowUnicode
0x1800ad418 ReleaseCapture
0x1800ad420 GetSystemMetrics
0x1800ad428 GetCursorPos
0x1800ad430 OpenClipboard
0x1800ad438 SetClipboardData
0x1800ad440 CloseClipboard
0x1800ad448 GetClipboardData
0x1800ad450 EmptyClipboard
ADVAPI32.dll
0x1800ad000 RegOpenKeyExA
0x1800ad008 RegCloseKey
0x1800ad010 QueryServiceStatus
0x1800ad018 CloseServiceHandle
0x1800ad020 RegQueryValueExA
0x1800ad028 OpenSCManagerW
0x1800ad030 ControlService
0x1800ad038 OpenServiceW
SHELL32.dll
0x1800ad2e8 SHGetFolderPathA
0x1800ad2f0 ShellExecuteExA
MSVCP140.dll
0x1800ad240 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1800ad248 ?_Random_device@std@@YAIXZ
0x1800ad250 ?_Xlength_error@std@@YAXPEBD@Z
0x1800ad258 _Cnd_do_broadcast_at_thread_exit
0x1800ad260 _Query_perf_counter
0x1800ad268 _Thrd_detach
0x1800ad270 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1800ad278 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1800ad280 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1800ad288 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1800ad290 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1800ad298 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1800ad2a0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1800ad2a8 ?uncaught_exception@std@@YA_NXZ
0x1800ad2b0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
0x1800ad2b8 ?good@ios_base@std@@QEBA_NXZ
0x1800ad2c0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1800ad2c8 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1800ad2d0 ?_Throw_Cpp_error@std@@YAXH@Z
0x1800ad2d8 _Query_perf_frequency
WININET.dll
0x1800ad548 InternetOpenW
0x1800ad550 InternetOpenUrlW
0x1800ad558 InternetCloseHandle
0x1800ad560 InternetReadFile
WINHTTP.dll
0x1800ad500 WinHttpSendRequest
0x1800ad508 WinHttpQueryDataAvailable
0x1800ad510 WinHttpReadData
0x1800ad518 WinHttpOpenRequest
0x1800ad520 WinHttpOpen
0x1800ad528 WinHttpReceiveResponse
0x1800ad530 WinHttpCloseHandle
0x1800ad538 WinHttpConnect
urlmon.dll
0x1800ad728 URLDownloadToFileA
IMM32.dll
0x1800ad058 ImmGetContext
0x1800ad060 ImmReleaseContext
0x1800ad068 ImmSetCandidateWindow
0x1800ad070 ImmSetCompositionWindow
D3DCOMPILER_47.dll
0x1800ad048 D3DCompile
dwmapi.dll
0x1800ad718 DwmExtendFrameIntoClientArea
d3d11.dll
0x1800ad6f8 D3D11CreateDeviceAndSwapChain
d3dx11_43.dll
0x1800ad708 D3DX11CreateShaderResourceViewFromMemory
VCRUNTIME140_1.dll
0x1800ad4f0 __CxxFrameHandler4
VCRUNTIME140.dll
0x1800ad460 strstr
0x1800ad468 __std_exception_destroy
0x1800ad470 __std_type_info_destroy_list
0x1800ad478 _CxxThrowException
0x1800ad480 __intrinsic_setjmp
0x1800ad488 __C_specific_handler
0x1800ad490 __current_exception_context
0x1800ad498 __current_exception
0x1800ad4a0 memcmp
0x1800ad4a8 memchr
0x1800ad4b0 memset
0x1800ad4b8 memmove
0x1800ad4c0 memcpy
0x1800ad4c8 longjmp
0x1800ad4d0 __std_exception_copy
0x1800ad4d8 strrchr
0x1800ad4e0 __std_terminate
api-ms-win-crt-runtime-l1-1-0.dll
0x1800ad5e0 _beginthreadex
0x1800ad5e8 terminate
0x1800ad5f0 _invalid_parameter_noinfo_noreturn
0x1800ad5f8 _initterm_e
0x1800ad600 _initterm
0x1800ad608 _cexit
0x1800ad610 _crt_atexit
0x1800ad618 _execute_onexit_table
0x1800ad620 _register_onexit_function
0x1800ad628 _initialize_onexit_table
0x1800ad630 _initialize_narrow_environment
0x1800ad638 _configure_narrow_argv
0x1800ad640 _seh_filter_dll
0x1800ad648 exit
api-ms-win-crt-heap-l1-1-0.dll
0x1800ad588 free
0x1800ad590 _callnewh
0x1800ad598 malloc
api-ms-win-crt-string-l1-1-0.dll
0x1800ad6b8 strcmp
0x1800ad6c0 strncmp
0x1800ad6c8 isprint
0x1800ad6d0 strncpy
0x1800ad6d8 strcat_s
api-ms-win-crt-stdio-l1-1-0.dll
0x1800ad658 fseek
0x1800ad660 ftell
0x1800ad668 __acrt_iob_func
0x1800ad670 fread
0x1800ad678 __stdio_common_vsprintf
0x1800ad680 _wfopen
0x1800ad688 fwrite
0x1800ad690 fflush
0x1800ad698 fclose
0x1800ad6a0 __stdio_common_vfprintf
0x1800ad6a8 __stdio_common_vsscanf
api-ms-win-crt-utility-l1-1-0.dll
0x1800ad6e8 qsort
api-ms-win-crt-convert-l1-1-0.dll
0x1800ad570 strtol
0x1800ad578 mbstowcs_s
api-ms-win-crt-math-l1-1-0.dll
0x1800ad5a8 sinf
0x1800ad5b0 fmodf
0x1800ad5b8 cosf
0x1800ad5c0 ceilf
0x1800ad5c8 acosf
0x1800ad5d0 sqrtf
EAT(Export Address Table) is none
KERNEL32.dll
0x1800ad080 GlobalAlloc
0x1800ad088 GlobalFree
0x1800ad090 GlobalLock
0x1800ad098 GlobalUnlock
0x1800ad0a0 QueryPerformanceFrequency
0x1800ad0a8 QueryPerformanceCounter
0x1800ad0b0 DisableThreadLibraryCalls
0x1800ad0b8 CreateThread
0x1800ad0c0 CreateFileA
0x1800ad0c8 GetFileSizeEx
0x1800ad0d0 ReadFile
0x1800ad0d8 HeapAlloc
0x1800ad0e0 HeapFree
0x1800ad0e8 MapViewOfFile
0x1800ad0f0 UnmapViewOfFile
0x1800ad0f8 CreateFileMappingA
0x1800ad100 InitializeSListHead
0x1800ad108 GetSystemTimeAsFileTime
0x1800ad110 GetCurrentProcessId
0x1800ad118 IsDebuggerPresent
0x1800ad120 IsProcessorFeaturePresent
0x1800ad128 TerminateProcess
0x1800ad130 SetUnhandledExceptionFilter
0x1800ad138 UnhandledExceptionFilter
0x1800ad140 RtlVirtualUnwind
0x1800ad148 RtlLookupFunctionEntry
0x1800ad150 RtlCaptureContext
0x1800ad158 WakeAllConditionVariable
0x1800ad160 VirtualFreeEx
0x1800ad168 GetCurrentThreadId
0x1800ad170 Sleep
0x1800ad178 SleepConditionVariableSRW
0x1800ad180 CreateRemoteThread
0x1800ad188 WideCharToMultiByte
0x1800ad190 FreeLibrary
0x1800ad198 VirtualAllocEx
0x1800ad1a0 GetProcAddress
0x1800ad1a8 LoadLibraryW
0x1800ad1b0 CloseHandle
0x1800ad1b8 Process32FirstW
0x1800ad1c0 Process32Next
0x1800ad1c8 LoadLibraryA
0x1800ad1d0 Process32NextW
0x1800ad1d8 CreateToolhelp32Snapshot
0x1800ad1e0 OpenProcess
0x1800ad1e8 GetFileAttributesW
0x1800ad1f0 CreateFileW
0x1800ad1f8 WriteFile
0x1800ad200 AcquireSRWLockExclusive
0x1800ad208 ReleaseSRWLockExclusive
0x1800ad210 GetCurrentProcess
0x1800ad218 WriteProcessMemory
0x1800ad220 MultiByteToWideChar
0x1800ad228 Process32First
0x1800ad230 GetModuleFileNameA
USER32.dll
0x1800ad300 DispatchMessageA
0x1800ad308 DestroyWindow
0x1800ad310 CreateWindowExW
0x1800ad318 SetCursorPos
0x1800ad320 UnregisterClassW
0x1800ad328 RegisterClassExW
0x1800ad330 ShowWindow
0x1800ad338 GetAsyncKeyState
0x1800ad340 SetWindowDisplayAffinity
0x1800ad348 RegisterHotKey
0x1800ad350 DefWindowProcA
0x1800ad358 SetLayeredWindowAttributes
0x1800ad360 TranslateMessage
0x1800ad368 LoadIconA
0x1800ad370 PeekMessageA
0x1800ad378 GetWindowLongPtrA
0x1800ad380 PostQuitMessage
0x1800ad388 SetWindowLongPtrA
0x1800ad390 MoveWindow
0x1800ad398 MessageBoxA
0x1800ad3a0 MessageBoxW
0x1800ad3a8 GetWindowRect
0x1800ad3b0 UpdateWindow
0x1800ad3b8 GetKeyState
0x1800ad3c0 GetMessageExtraInfo
0x1800ad3c8 LoadCursorA
0x1800ad3d0 ScreenToClient
0x1800ad3d8 GetCapture
0x1800ad3e0 ClientToScreen
0x1800ad3e8 TrackMouseEvent
0x1800ad3f0 GetForegroundWindow
0x1800ad3f8 SetCapture
0x1800ad400 SetCursor
0x1800ad408 GetClientRect
0x1800ad410 IsWindowUnicode
0x1800ad418 ReleaseCapture
0x1800ad420 GetSystemMetrics
0x1800ad428 GetCursorPos
0x1800ad430 OpenClipboard
0x1800ad438 SetClipboardData
0x1800ad440 CloseClipboard
0x1800ad448 GetClipboardData
0x1800ad450 EmptyClipboard
ADVAPI32.dll
0x1800ad000 RegOpenKeyExA
0x1800ad008 RegCloseKey
0x1800ad010 QueryServiceStatus
0x1800ad018 CloseServiceHandle
0x1800ad020 RegQueryValueExA
0x1800ad028 OpenSCManagerW
0x1800ad030 ControlService
0x1800ad038 OpenServiceW
SHELL32.dll
0x1800ad2e8 SHGetFolderPathA
0x1800ad2f0 ShellExecuteExA
MSVCP140.dll
0x1800ad240 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1800ad248 ?_Random_device@std@@YAIXZ
0x1800ad250 ?_Xlength_error@std@@YAXPEBD@Z
0x1800ad258 _Cnd_do_broadcast_at_thread_exit
0x1800ad260 _Query_perf_counter
0x1800ad268 _Thrd_detach
0x1800ad270 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1800ad278 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1800ad280 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1800ad288 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1800ad290 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1800ad298 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1800ad2a0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1800ad2a8 ?uncaught_exception@std@@YA_NXZ
0x1800ad2b0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
0x1800ad2b8 ?good@ios_base@std@@QEBA_NXZ
0x1800ad2c0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1800ad2c8 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x1800ad2d0 ?_Throw_Cpp_error@std@@YAXH@Z
0x1800ad2d8 _Query_perf_frequency
WININET.dll
0x1800ad548 InternetOpenW
0x1800ad550 InternetOpenUrlW
0x1800ad558 InternetCloseHandle
0x1800ad560 InternetReadFile
WINHTTP.dll
0x1800ad500 WinHttpSendRequest
0x1800ad508 WinHttpQueryDataAvailable
0x1800ad510 WinHttpReadData
0x1800ad518 WinHttpOpenRequest
0x1800ad520 WinHttpOpen
0x1800ad528 WinHttpReceiveResponse
0x1800ad530 WinHttpCloseHandle
0x1800ad538 WinHttpConnect
urlmon.dll
0x1800ad728 URLDownloadToFileA
IMM32.dll
0x1800ad058 ImmGetContext
0x1800ad060 ImmReleaseContext
0x1800ad068 ImmSetCandidateWindow
0x1800ad070 ImmSetCompositionWindow
D3DCOMPILER_47.dll
0x1800ad048 D3DCompile
dwmapi.dll
0x1800ad718 DwmExtendFrameIntoClientArea
d3d11.dll
0x1800ad6f8 D3D11CreateDeviceAndSwapChain
d3dx11_43.dll
0x1800ad708 D3DX11CreateShaderResourceViewFromMemory
VCRUNTIME140_1.dll
0x1800ad4f0 __CxxFrameHandler4
VCRUNTIME140.dll
0x1800ad460 strstr
0x1800ad468 __std_exception_destroy
0x1800ad470 __std_type_info_destroy_list
0x1800ad478 _CxxThrowException
0x1800ad480 __intrinsic_setjmp
0x1800ad488 __C_specific_handler
0x1800ad490 __current_exception_context
0x1800ad498 __current_exception
0x1800ad4a0 memcmp
0x1800ad4a8 memchr
0x1800ad4b0 memset
0x1800ad4b8 memmove
0x1800ad4c0 memcpy
0x1800ad4c8 longjmp
0x1800ad4d0 __std_exception_copy
0x1800ad4d8 strrchr
0x1800ad4e0 __std_terminate
api-ms-win-crt-runtime-l1-1-0.dll
0x1800ad5e0 _beginthreadex
0x1800ad5e8 terminate
0x1800ad5f0 _invalid_parameter_noinfo_noreturn
0x1800ad5f8 _initterm_e
0x1800ad600 _initterm
0x1800ad608 _cexit
0x1800ad610 _crt_atexit
0x1800ad618 _execute_onexit_table
0x1800ad620 _register_onexit_function
0x1800ad628 _initialize_onexit_table
0x1800ad630 _initialize_narrow_environment
0x1800ad638 _configure_narrow_argv
0x1800ad640 _seh_filter_dll
0x1800ad648 exit
api-ms-win-crt-heap-l1-1-0.dll
0x1800ad588 free
0x1800ad590 _callnewh
0x1800ad598 malloc
api-ms-win-crt-string-l1-1-0.dll
0x1800ad6b8 strcmp
0x1800ad6c0 strncmp
0x1800ad6c8 isprint
0x1800ad6d0 strncpy
0x1800ad6d8 strcat_s
api-ms-win-crt-stdio-l1-1-0.dll
0x1800ad658 fseek
0x1800ad660 ftell
0x1800ad668 __acrt_iob_func
0x1800ad670 fread
0x1800ad678 __stdio_common_vsprintf
0x1800ad680 _wfopen
0x1800ad688 fwrite
0x1800ad690 fflush
0x1800ad698 fclose
0x1800ad6a0 __stdio_common_vfprintf
0x1800ad6a8 __stdio_common_vsscanf
api-ms-win-crt-utility-l1-1-0.dll
0x1800ad6e8 qsort
api-ms-win-crt-convert-l1-1-0.dll
0x1800ad570 strtol
0x1800ad578 mbstowcs_s
api-ms-win-crt-math-l1-1-0.dll
0x1800ad5a8 sinf
0x1800ad5b0 fmodf
0x1800ad5b8 cosf
0x1800ad5c0 ceilf
0x1800ad5c8 acosf
0x1800ad5d0 sqrtf
EAT(Export Address Table) is none