ScreenShot
| Created | 2025.02.03 10:09 | Machine | s1_win7_x6403 |
| Filename | rcdll.dll | ||
| Type | PE32+ executable (DLL) (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 37 detected (DLLhijack, Malicious, score, Unsafe, confidence, a variant of Generik, REZTPT, MalwareX, kvlkxe, CLOUD, MulDrop29, Detected, ABTrojan, SUAG, Artemis, Outbreak, R002H09AU25, susgen, PossibleThreat) | ||
| md5 | 924239278b93e09b6e97125a18079f70 | ||
| sha256 | cfe8de2fc5b222a84e6e8a537a45027cc929004782e04fbb6f6eb40da707061e | ||
| ssdeep | 384:WdOouja52V5E1qYEXrCKvVtqMzAU58zIbVHs6OWkLUW:WoprC0tHcU52gVfu | ||
| imphash | 3a85a329a225f7caf61c48685ef582a1 | ||
| impfuzzy | 24:0jHzxaf2tySA7pQaT5yWNwg3uMUJyWPWLTwiUYODK4Tg9IAyZh/8hiy:MVtySGpnJNvq8EqD | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180004000 TerminateProcess
0x180004008 WaitForSingleObject
0x180004010 OpenProcess
0x180004018 CreateToolhelp32Snapshot
0x180004020 Sleep
0x180004028 Process32NextW
0x180004030 Process32FirstW
0x180004038 CloseHandle
0x180004040 MoveFileExW
0x180004048 CreateProcessW
0x180004050 RtlLookupFunctionEntry
0x180004058 RtlVirtualUnwind
0x180004060 UnhandledExceptionFilter
0x180004068 SetUnhandledExceptionFilter
0x180004070 GetCurrentProcess
0x180004078 IsProcessorFeaturePresent
0x180004080 QueryPerformanceCounter
0x180004088 GetCurrentProcessId
0x180004090 RtlCaptureContext
0x180004098 GetCurrentThreadId
0x1800040a0 GetSystemTimeAsFileTime
0x1800040a8 InitializeSListHead
0x1800040b0 IsDebuggerPresent
MSVCP140.dll
0x1800040c0 ?_Xlength_error@std@@YAXPEBD@Z
VCRUNTIME140_1.dll
0x180004120 __CxxFrameHandler4
VCRUNTIME140.dll
0x1800040d0 __current_exception
0x1800040d8 __std_type_info_destroy_list
0x1800040e0 __std_exception_copy
0x1800040e8 __std_exception_destroy
0x1800040f0 __current_exception_context
0x1800040f8 _CxxThrowException
0x180004100 memcpy
0x180004108 memset
0x180004110 __C_specific_handler
api-ms-win-crt-string-l1-1-0.dll
0x1800041a8 _wcsicmp
api-ms-win-crt-runtime-l1-1-0.dll
0x180004150 _cexit
0x180004158 _initialize_narrow_environment
0x180004160 _configure_narrow_argv
0x180004168 _seh_filter_dll
0x180004170 _initterm_e
0x180004178 terminate
0x180004180 _initialize_onexit_table
0x180004188 _invalid_parameter_noinfo_noreturn
0x180004190 _execute_onexit_table
0x180004198 _initterm
api-ms-win-crt-heap-l1-1-0.dll
0x180004130 _callnewh
0x180004138 free
0x180004140 malloc
EAT(Export Address Table) Library
0x1800011c0 Handler
0x1800011c0 RC
0x1800011c0 RCW
KERNEL32.dll
0x180004000 TerminateProcess
0x180004008 WaitForSingleObject
0x180004010 OpenProcess
0x180004018 CreateToolhelp32Snapshot
0x180004020 Sleep
0x180004028 Process32NextW
0x180004030 Process32FirstW
0x180004038 CloseHandle
0x180004040 MoveFileExW
0x180004048 CreateProcessW
0x180004050 RtlLookupFunctionEntry
0x180004058 RtlVirtualUnwind
0x180004060 UnhandledExceptionFilter
0x180004068 SetUnhandledExceptionFilter
0x180004070 GetCurrentProcess
0x180004078 IsProcessorFeaturePresent
0x180004080 QueryPerformanceCounter
0x180004088 GetCurrentProcessId
0x180004090 RtlCaptureContext
0x180004098 GetCurrentThreadId
0x1800040a0 GetSystemTimeAsFileTime
0x1800040a8 InitializeSListHead
0x1800040b0 IsDebuggerPresent
MSVCP140.dll
0x1800040c0 ?_Xlength_error@std@@YAXPEBD@Z
VCRUNTIME140_1.dll
0x180004120 __CxxFrameHandler4
VCRUNTIME140.dll
0x1800040d0 __current_exception
0x1800040d8 __std_type_info_destroy_list
0x1800040e0 __std_exception_copy
0x1800040e8 __std_exception_destroy
0x1800040f0 __current_exception_context
0x1800040f8 _CxxThrowException
0x180004100 memcpy
0x180004108 memset
0x180004110 __C_specific_handler
api-ms-win-crt-string-l1-1-0.dll
0x1800041a8 _wcsicmp
api-ms-win-crt-runtime-l1-1-0.dll
0x180004150 _cexit
0x180004158 _initialize_narrow_environment
0x180004160 _configure_narrow_argv
0x180004168 _seh_filter_dll
0x180004170 _initterm_e
0x180004178 terminate
0x180004180 _initialize_onexit_table
0x180004188 _invalid_parameter_noinfo_noreturn
0x180004190 _execute_onexit_table
0x180004198 _initterm
api-ms-win-crt-heap-l1-1-0.dll
0x180004130 _callnewh
0x180004138 free
0x180004140 malloc
EAT(Export Address Table) Library
0x1800011c0 Handler
0x1800011c0 RC
0x1800011c0 RCW