ScreenShot
| Created | 2025.01.12 15:07 | Machine | s1_win7_x6403 |
| Filename | ActivePod.ocx | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 7 detected (Malicious, score, GenericKD, susgen) | ||
| md5 | da2ab0623e5fd0a9ee8c26b935ab1297 | ||
| sha256 | c8623ea4107e6094065ce47235fd8e9a2be31a49b070e2f79a969d79043304f1 | ||
| ssdeep | 24576:ybwqrQp5pPlJaVFZJp5BuSuAZOmJWWgDuY6v9ohj4UfrB5xOrvXJJrAM5r51MC:yVrQ3pSVBp558DzsD+rxa/JJrAMe | ||
| imphash | 4a0cd349eab0a952057ef13ce76a8916 | ||
| impfuzzy | 96:N3WITHQ3GKKva7YcxGgvQ1XQHodOd7WVlHtkZQlAIKLx:NmO2G9a7FNodOVW+SKLx | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| notice | Performs some HTTP requests |
| info | Checks if process is being debugged by a debugger |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180187098 TerminateThread
0x1801870a0 CloseHandle
0x1801870a8 QueueUserAPC
0x1801870b0 GetLocalTime
0x1801870b8 CreateWaitableTimerA
0x1801870c0 GetProcAddress
0x1801870c8 LocalFree
0x1801870d0 DeleteCriticalSection
0x1801870d8 WideCharToMultiByte
0x1801870e0 SleepEx
0x1801870e8 CreateProcessA
0x1801870f0 FormatMessageA
0x1801870f8 CreateIoCompletionPort
0x180187100 GetExitCodeProcess
0x180187108 ExitProcess
0x180187110 AreFileApisANSI
0x180187118 TryEnterCriticalSection
0x180187120 HeapCreate
0x180187128 HeapFree
0x180187130 GetFullPathNameW
0x180187138 WriteFile
0x180187140 GetDiskFreeSpaceW
0x180187148 OutputDebugStringA
0x180187150 LockFile
0x180187158 InitializeCriticalSection
0x180187160 SetFilePointer
0x180187168 GetFullPathNameA
0x180187170 SetEndOfFile
0x180187178 UnlockFileEx
0x180187180 GetTempPathW
0x180187188 CreateMutexW
0x180187190 CreateFileW
0x180187198 GetFileAttributesW
0x1801871a0 GetCurrentThreadId
0x1801871a8 UnmapViewOfFile
0x1801871b0 HeapValidate
0x1801871b8 HeapSize
0x1801871c0 MultiByteToWideChar
0x1801871c8 GetTempPathA
0x1801871d0 GetDiskFreeSpaceA
0x1801871d8 GetFileAttributesA
0x1801871e0 GetFileAttributesExW
0x1801871e8 OutputDebugStringW
0x1801871f0 FlushViewOfFile
0x1801871f8 CreateFileA
0x180187200 LoadLibraryA
0x180187208 WaitForSingleObjectEx
0x180187210 DeleteFileA
0x180187218 DeleteFileW
0x180187220 HeapReAlloc
0x180187228 RaiseException
0x180187230 GetSystemInfo
0x180187238 LoadLibraryW
0x180187240 HeapAlloc
0x180187248 HeapCompact
0x180187250 HeapDestroy
0x180187258 UnlockFile
0x180187260 LockFileEx
0x180187268 GetFileSize
0x180187270 GetCurrentProcessId
0x180187278 GetProcessHeap
0x180187280 SystemTimeToFileTime
0x180187288 DisableThreadLibraryCalls
0x180187290 GetSystemTimeAsFileTime
0x180187298 GetSystemTime
0x1801872a0 CreateFileMappingW
0x1801872a8 MapViewOfFile
0x1801872b0 QueryPerformanceCounter
0x1801872b8 GetTickCount
0x1801872c0 FlushFileBuffers
0x1801872c8 OpenEventA
0x1801872d0 CreateEventA
0x1801872d8 SetEvent
0x1801872e0 GetLastError
0x1801872e8 FormatMessageW
0x1801872f0 Sleep
0x1801872f8 CreateEventW
0x180187300 GetCommandLineA
0x180187308 PostQueuedCompletionStatus
0x180187310 GetModuleHandleA
0x180187318 WaitForSingleObject
0x180187320 GetQueuedCompletionStatus
0x180187328 CreatePipe
0x180187330 LeaveCriticalSection
0x180187338 ResetEvent
0x180187340 InitializeCriticalSectionAndSpinCount
0x180187348 WaitForMultipleObjects
0x180187350 EnterCriticalSection
0x180187358 SetLastError
0x180187360 WriteConsoleW
0x180187368 SetStdHandle
0x180187370 SetEnvironmentVariableW
0x180187378 FreeEnvironmentStringsW
0x180187380 GetEnvironmentStringsW
0x180187388 GetCommandLineW
0x180187390 GetOEMCP
0x180187398 GetACP
0x1801873a0 IsValidCodePage
0x1801873a8 ReadConsoleW
0x1801873b0 EnumSystemLocalesW
0x1801873b8 GetUserDefaultLCID
0x1801873c0 IsValidLocale
0x1801873c8 GetLocaleInfoW
0x1801873d0 LCMapStringW
0x1801873d8 CompareStringW
0x1801873e0 GetTimeFormatW
0x1801873e8 GetDateFormatW
0x1801873f0 FlsFree
0x1801873f8 FlsSetValue
0x180187400 FlsGetValue
0x180187408 FlsAlloc
0x180187410 GetConsoleMode
0x180187418 GetConsoleOutputCP
0x180187420 GetTimeZoneInformation
0x180187428 GetFileType
0x180187430 GetStdHandle
0x180187438 SetFilePointerEx
0x180187440 GetFileSizeEx
0x180187448 GetModuleFileNameW
0x180187450 FreeLibraryAndExitThread
0x180187458 ExitThread
0x180187460 RtlUnwind
0x180187468 CreateThread
0x180187470 LoadLibraryExW
0x180187478 TlsFree
0x180187480 TlsSetValue
0x180187488 TlsGetValue
0x180187490 TlsAlloc
0x180187498 InterlockedFlushSList
0x1801874a0 RtlUnwindEx
0x1801874a8 InitializeSListHead
0x1801874b0 GetStartupInfoW
0x1801874b8 IsDebuggerPresent
0x1801874c0 TerminateProcess
0x1801874c8 GetCurrentProcess
0x1801874d0 SetWaitableTimer
0x1801874d8 SetHandleInformation
0x1801874e0 GetModuleFileNameA
0x1801874e8 FreeLibrary
0x1801874f0 ReadFile
0x1801874f8 RtlPcToFileHeader
0x180187500 IsProcessorFeaturePresent
0x180187508 FreeLibraryWhenCallbackReturns
0x180187510 CreateThreadpoolWork
0x180187518 SubmitThreadpoolWork
0x180187520 CloseThreadpoolWork
0x180187528 GetModuleHandleExW
0x180187530 GetLocaleInfoEx
0x180187538 CreateDirectoryW
0x180187540 FindClose
0x180187548 FindFirstFileW
0x180187550 FindFirstFileExW
0x180187558 FindNextFileW
0x180187560 GetFileInformationByHandle
0x180187568 SetFileInformationByHandle
0x180187570 GetModuleHandleW
0x180187578 CopyFileW
0x180187580 GetFileInformationByHandleEx
0x180187588 QueryPerformanceFrequency
0x180187590 InitOnceComplete
0x180187598 InitOnceBeginInitialize
0x1801875a0 ReleaseSRWLockExclusive
0x1801875a8 AcquireSRWLockExclusive
0x1801875b0 TryAcquireSRWLockExclusive
0x1801875b8 SleepConditionVariableSRW
0x1801875c0 WakeAllConditionVariable
0x1801875c8 InitializeCriticalSectionEx
0x1801875d0 EncodePointer
0x1801875d8 DecodePointer
0x1801875e0 LCMapStringEx
0x1801875e8 GetStringTypeW
0x1801875f0 GetCPInfo
0x1801875f8 RtlCaptureContext
0x180187600 RtlLookupFunctionEntry
0x180187608 RtlVirtualUnwind
0x180187610 UnhandledExceptionFilter
0x180187618 SetUnhandledExceptionFilter
USER32.dll
0x180187638 GetDC
0x180187640 GetSystemMetrics
0x180187648 ReleaseDC
GDI32.dll
0x180187060 DeleteObject
0x180187068 DeleteDC
0x180187070 BitBlt
0x180187078 CreateCompatibleBitmap
0x180187080 SelectObject
0x180187088 CreateCompatibleDC
ADVAPI32.dll
0x180187000 RegCloseKey
0x180187008 RegSetValueExA
0x180187010 CreateProcessWithLogonW
0x180187018 CryptEnumProvidersA
0x180187020 CryptAcquireContextA
0x180187028 CryptReleaseContext
0x180187030 CryptGenRandom
0x180187038 RegOpenKeyExA
SHELL32.dll
0x180187628 SHGetFolderPathA
ole32.dll
0x1801877f8 CreateStreamOnHGlobal
WS2_32.dll
0x180187658 listen
0x180187660 WSAGetLastError
0x180187668 setsockopt
0x180187670 ioctlsocket
0x180187678 freeaddrinfo
0x180187680 htonl
0x180187688 getsockopt
0x180187690 recv
0x180187698 WSARecv
0x1801876a0 gethostname
0x1801876a8 WSAAddressToStringW
0x1801876b0 inet_pton
0x1801876b8 send
0x1801876c0 WSACleanup
0x1801876c8 __WSAFDIsSet
0x1801876d0 accept
0x1801876d8 ind
0x1801876e0 WSAIoctl
0x1801876e8 closesocket
0x1801876f0 WSASend
0x1801876f8 select
0x180187700 ntohl
0x180187708 shutdown
0x180187710 connect
0x180187718 WSASetLastError
0x180187720 WSASocketW
0x180187728 getaddrinfo
0x180187730 WSAStartup
0x180187738 getpeername
0x180187740 getsockname
0x180187748 socket
0x180187750 ntohs
0x180187758 htons
crypt.dll
0x180187768 BCryptDecrypt
0x180187770 BCryptOpenAlgorithmProvider
0x180187778 BCryptSetProperty
0x180187780 BCryptGenerateSymmetricKey
0x180187788 BCryptDestroyKey
0x180187790 BCryptCloseAlgorithmProvider
gdiplus.dll
0x1801877a0 GdipSaveImageToStream
0x1801877a8 GdipGetImageEncodersSize
0x1801877b0 GdipFree
0x1801877b8 GdiplusStartup
0x1801877c0 GdiplusShutdown
0x1801877c8 GdipDisposeImage
0x1801877d0 GdipCreateBitmapFromHBITMAP
0x1801877d8 GdipAlloc
0x1801877e0 GdipCloneImage
0x1801877e8 GdipGetImageEncoders
CRYPT32.dll
0x180187048 CryptUnprotectData
0x180187050 CryptStringToBinaryA
EAT(Export Address Table) Library
0x180020540 DllRegisterServer
0x180020650 DllUnregisterServer
0x180008b80 GEcGdimckJN
0x180008b80 IUBXEXQIinbFRiFL
0x180008b80 LWnAvcuedaaNnq
0x180008b80 RcqYmIgyrxYHuyZcm
0x180008b80 SojHROrTWJMGlUH
0x180008b80 TVAuGzPwbBq
0x180008b80 bHvDkWgAHBapXqx
0x180008b80 csDBVqBlqNjQwsdffmec
0x180008b80 mRjFengeNucVTb
0x180008b80 uEXPAxMVRhAPGCHNLrYQ
0x180008b80 uLMvUgPtIrl
0x180008b80 vmxMHLgRreJjcU
0x180008b80 yMhVkVhmYFO
KERNEL32.dll
0x180187098 TerminateThread
0x1801870a0 CloseHandle
0x1801870a8 QueueUserAPC
0x1801870b0 GetLocalTime
0x1801870b8 CreateWaitableTimerA
0x1801870c0 GetProcAddress
0x1801870c8 LocalFree
0x1801870d0 DeleteCriticalSection
0x1801870d8 WideCharToMultiByte
0x1801870e0 SleepEx
0x1801870e8 CreateProcessA
0x1801870f0 FormatMessageA
0x1801870f8 CreateIoCompletionPort
0x180187100 GetExitCodeProcess
0x180187108 ExitProcess
0x180187110 AreFileApisANSI
0x180187118 TryEnterCriticalSection
0x180187120 HeapCreate
0x180187128 HeapFree
0x180187130 GetFullPathNameW
0x180187138 WriteFile
0x180187140 GetDiskFreeSpaceW
0x180187148 OutputDebugStringA
0x180187150 LockFile
0x180187158 InitializeCriticalSection
0x180187160 SetFilePointer
0x180187168 GetFullPathNameA
0x180187170 SetEndOfFile
0x180187178 UnlockFileEx
0x180187180 GetTempPathW
0x180187188 CreateMutexW
0x180187190 CreateFileW
0x180187198 GetFileAttributesW
0x1801871a0 GetCurrentThreadId
0x1801871a8 UnmapViewOfFile
0x1801871b0 HeapValidate
0x1801871b8 HeapSize
0x1801871c0 MultiByteToWideChar
0x1801871c8 GetTempPathA
0x1801871d0 GetDiskFreeSpaceA
0x1801871d8 GetFileAttributesA
0x1801871e0 GetFileAttributesExW
0x1801871e8 OutputDebugStringW
0x1801871f0 FlushViewOfFile
0x1801871f8 CreateFileA
0x180187200 LoadLibraryA
0x180187208 WaitForSingleObjectEx
0x180187210 DeleteFileA
0x180187218 DeleteFileW
0x180187220 HeapReAlloc
0x180187228 RaiseException
0x180187230 GetSystemInfo
0x180187238 LoadLibraryW
0x180187240 HeapAlloc
0x180187248 HeapCompact
0x180187250 HeapDestroy
0x180187258 UnlockFile
0x180187260 LockFileEx
0x180187268 GetFileSize
0x180187270 GetCurrentProcessId
0x180187278 GetProcessHeap
0x180187280 SystemTimeToFileTime
0x180187288 DisableThreadLibraryCalls
0x180187290 GetSystemTimeAsFileTime
0x180187298 GetSystemTime
0x1801872a0 CreateFileMappingW
0x1801872a8 MapViewOfFile
0x1801872b0 QueryPerformanceCounter
0x1801872b8 GetTickCount
0x1801872c0 FlushFileBuffers
0x1801872c8 OpenEventA
0x1801872d0 CreateEventA
0x1801872d8 SetEvent
0x1801872e0 GetLastError
0x1801872e8 FormatMessageW
0x1801872f0 Sleep
0x1801872f8 CreateEventW
0x180187300 GetCommandLineA
0x180187308 PostQueuedCompletionStatus
0x180187310 GetModuleHandleA
0x180187318 WaitForSingleObject
0x180187320 GetQueuedCompletionStatus
0x180187328 CreatePipe
0x180187330 LeaveCriticalSection
0x180187338 ResetEvent
0x180187340 InitializeCriticalSectionAndSpinCount
0x180187348 WaitForMultipleObjects
0x180187350 EnterCriticalSection
0x180187358 SetLastError
0x180187360 WriteConsoleW
0x180187368 SetStdHandle
0x180187370 SetEnvironmentVariableW
0x180187378 FreeEnvironmentStringsW
0x180187380 GetEnvironmentStringsW
0x180187388 GetCommandLineW
0x180187390 GetOEMCP
0x180187398 GetACP
0x1801873a0 IsValidCodePage
0x1801873a8 ReadConsoleW
0x1801873b0 EnumSystemLocalesW
0x1801873b8 GetUserDefaultLCID
0x1801873c0 IsValidLocale
0x1801873c8 GetLocaleInfoW
0x1801873d0 LCMapStringW
0x1801873d8 CompareStringW
0x1801873e0 GetTimeFormatW
0x1801873e8 GetDateFormatW
0x1801873f0 FlsFree
0x1801873f8 FlsSetValue
0x180187400 FlsGetValue
0x180187408 FlsAlloc
0x180187410 GetConsoleMode
0x180187418 GetConsoleOutputCP
0x180187420 GetTimeZoneInformation
0x180187428 GetFileType
0x180187430 GetStdHandle
0x180187438 SetFilePointerEx
0x180187440 GetFileSizeEx
0x180187448 GetModuleFileNameW
0x180187450 FreeLibraryAndExitThread
0x180187458 ExitThread
0x180187460 RtlUnwind
0x180187468 CreateThread
0x180187470 LoadLibraryExW
0x180187478 TlsFree
0x180187480 TlsSetValue
0x180187488 TlsGetValue
0x180187490 TlsAlloc
0x180187498 InterlockedFlushSList
0x1801874a0 RtlUnwindEx
0x1801874a8 InitializeSListHead
0x1801874b0 GetStartupInfoW
0x1801874b8 IsDebuggerPresent
0x1801874c0 TerminateProcess
0x1801874c8 GetCurrentProcess
0x1801874d0 SetWaitableTimer
0x1801874d8 SetHandleInformation
0x1801874e0 GetModuleFileNameA
0x1801874e8 FreeLibrary
0x1801874f0 ReadFile
0x1801874f8 RtlPcToFileHeader
0x180187500 IsProcessorFeaturePresent
0x180187508 FreeLibraryWhenCallbackReturns
0x180187510 CreateThreadpoolWork
0x180187518 SubmitThreadpoolWork
0x180187520 CloseThreadpoolWork
0x180187528 GetModuleHandleExW
0x180187530 GetLocaleInfoEx
0x180187538 CreateDirectoryW
0x180187540 FindClose
0x180187548 FindFirstFileW
0x180187550 FindFirstFileExW
0x180187558 FindNextFileW
0x180187560 GetFileInformationByHandle
0x180187568 SetFileInformationByHandle
0x180187570 GetModuleHandleW
0x180187578 CopyFileW
0x180187580 GetFileInformationByHandleEx
0x180187588 QueryPerformanceFrequency
0x180187590 InitOnceComplete
0x180187598 InitOnceBeginInitialize
0x1801875a0 ReleaseSRWLockExclusive
0x1801875a8 AcquireSRWLockExclusive
0x1801875b0 TryAcquireSRWLockExclusive
0x1801875b8 SleepConditionVariableSRW
0x1801875c0 WakeAllConditionVariable
0x1801875c8 InitializeCriticalSectionEx
0x1801875d0 EncodePointer
0x1801875d8 DecodePointer
0x1801875e0 LCMapStringEx
0x1801875e8 GetStringTypeW
0x1801875f0 GetCPInfo
0x1801875f8 RtlCaptureContext
0x180187600 RtlLookupFunctionEntry
0x180187608 RtlVirtualUnwind
0x180187610 UnhandledExceptionFilter
0x180187618 SetUnhandledExceptionFilter
USER32.dll
0x180187638 GetDC
0x180187640 GetSystemMetrics
0x180187648 ReleaseDC
GDI32.dll
0x180187060 DeleteObject
0x180187068 DeleteDC
0x180187070 BitBlt
0x180187078 CreateCompatibleBitmap
0x180187080 SelectObject
0x180187088 CreateCompatibleDC
ADVAPI32.dll
0x180187000 RegCloseKey
0x180187008 RegSetValueExA
0x180187010 CreateProcessWithLogonW
0x180187018 CryptEnumProvidersA
0x180187020 CryptAcquireContextA
0x180187028 CryptReleaseContext
0x180187030 CryptGenRandom
0x180187038 RegOpenKeyExA
SHELL32.dll
0x180187628 SHGetFolderPathA
ole32.dll
0x1801877f8 CreateStreamOnHGlobal
WS2_32.dll
0x180187658 listen
0x180187660 WSAGetLastError
0x180187668 setsockopt
0x180187670 ioctlsocket
0x180187678 freeaddrinfo
0x180187680 htonl
0x180187688 getsockopt
0x180187690 recv
0x180187698 WSARecv
0x1801876a0 gethostname
0x1801876a8 WSAAddressToStringW
0x1801876b0 inet_pton
0x1801876b8 send
0x1801876c0 WSACleanup
0x1801876c8 __WSAFDIsSet
0x1801876d0 accept
0x1801876d8 ind
0x1801876e0 WSAIoctl
0x1801876e8 closesocket
0x1801876f0 WSASend
0x1801876f8 select
0x180187700 ntohl
0x180187708 shutdown
0x180187710 connect
0x180187718 WSASetLastError
0x180187720 WSASocketW
0x180187728 getaddrinfo
0x180187730 WSAStartup
0x180187738 getpeername
0x180187740 getsockname
0x180187748 socket
0x180187750 ntohs
0x180187758 htons
crypt.dll
0x180187768 BCryptDecrypt
0x180187770 BCryptOpenAlgorithmProvider
0x180187778 BCryptSetProperty
0x180187780 BCryptGenerateSymmetricKey
0x180187788 BCryptDestroyKey
0x180187790 BCryptCloseAlgorithmProvider
gdiplus.dll
0x1801877a0 GdipSaveImageToStream
0x1801877a8 GdipGetImageEncodersSize
0x1801877b0 GdipFree
0x1801877b8 GdiplusStartup
0x1801877c0 GdiplusShutdown
0x1801877c8 GdipDisposeImage
0x1801877d0 GdipCreateBitmapFromHBITMAP
0x1801877d8 GdipAlloc
0x1801877e0 GdipCloneImage
0x1801877e8 GdipGetImageEncoders
CRYPT32.dll
0x180187048 CryptUnprotectData
0x180187050 CryptStringToBinaryA
EAT(Export Address Table) Library
0x180020540 DllRegisterServer
0x180020650 DllUnregisterServer
0x180008b80 GEcGdimckJN
0x180008b80 IUBXEXQIinbFRiFL
0x180008b80 LWnAvcuedaaNnq
0x180008b80 RcqYmIgyrxYHuyZcm
0x180008b80 SojHROrTWJMGlUH
0x180008b80 TVAuGzPwbBq
0x180008b80 bHvDkWgAHBapXqx
0x180008b80 csDBVqBlqNjQwsdffmec
0x180008b80 mRjFengeNucVTb
0x180008b80 uEXPAxMVRhAPGCHNLrYQ
0x180008b80 uLMvUgPtIrl
0x180008b80 vmxMHLgRreJjcU
0x180008b80 yMhVkVhmYFO