ScreenShot
| Created | 2025.02.06 09:58 | Machine | s1_win7_x6403 |
| Filename | bot.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 44 detected (AIDetectMalware, Tinukebot, Malicious, score, NetLoader, Cerbu, Unsafe, confidence, 100%, Attribute, HighConfidence, high confidence, BankerX, LbNvixlb26G, R002C0XB525, Real Protect, high, Harmony Loader, Static AI, Malicious PE, Detected, GrayWare, Wacapew, Wacatac, R690977, Artemis, Kqil) | ||
| md5 | 245749553e7194636b0f78e7dea115ef | ||
| sha256 | 4b7e4232fec31a80cdccada106516e45a38d97ae18fbba586d4bec41c0bad823 | ||
| ssdeep | 6144:0c9yCc/g1uuGXU1Np7bmwWeRTPu0ocDEb1YT3dIXtAE:0cUCc/g1zGEvhpqcgbI3dHE | ||
| imphash | d5d6aeac6f87d62518c6e18dff35614c | ||
| impfuzzy | 96:oXiDC17co2mHhN7ASVHmwetCg1zRTWb7C:objZy | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x180030020 CloseHandle
0x180030028 GetLastError
0x180030030 HeapAlloc
0x180030038 GetProcessHeap
0x180030040 Sleep
0x180030048 TerminateProcess
0x180030050 CreateThread
0x180030058 ResumeThread
0x180030060 CreateProcessA
0x180030068 GetThreadContext
0x180030070 SetThreadContext
0x180030078 OpenProcess
0x180030080 GetNativeSystemInfo
0x180030088 VirtualAllocEx
0x180030090 WriteProcessMemory
0x180030098 IsWow64Process
0x1800300a0 lstrcmpiA
0x1800300a8 lstrcpyA
0x1800300b0 lstrcatA
0x1800300b8 lstrlenA
0x1800300c0 MultiByteToWideChar
0x1800300c8 WideCharToMultiByte
0x1800300d0 CreateToolhelp32Snapshot
0x1800300d8 Process32First
0x1800300e0 Process32Next
0x1800300e8 GetCurrentProcess
0x1800300f0 CreateRemoteThread
0x1800300f8 GetModuleHandleA
0x180030100 GetProcAddress
0x180030108 K32GetProcessMemoryInfo
0x180030110 LoadLibraryA
0x180030118 GetSystemInfo
0x180030120 VirtualAlloc
0x180030128 VirtualFree
0x180030130 VirtualQuery
0x180030138 HeapCreate
0x180030140 HeapReAlloc
0x180030148 HeapFree
0x180030150 GetCurrentProcessId
0x180030158 GetCurrentThreadId
0x180030160 OpenThread
0x180030168 SuspendThread
0x180030170 FlushInstructionCache
0x180030178 VirtualProtect
0x180030180 GetModuleHandleW
0x180030188 Thread32First
0x180030190 Thread32Next
0x180030198 EnterCriticalSection
0x1800301a0 LeaveCriticalSection
0x1800301a8 VirtualProtectEx
0x1800301b0 CreateDirectoryA
0x1800301b8 SetFileAttributesA
0x1800301c0 GetWindowsDirectoryA
0x1800301c8 GetVolumeInformationA
0x1800301d0 GlobalAlloc
0x1800301d8 GlobalLock
0x1800301e0 GlobalUnlock
0x1800301e8 Module32First
0x1800301f0 Module32Next
0x1800301f8 CreateMutexA
0x180030200 FlushFileBuffers
0x180030208 WriteConsoleW
0x180030210 SetStdHandle
0x180030218 WriteFile
0x180030220 ReadFile
0x180030228 CreateFileA
0x180030230 GetFileSize
0x180030238 CreateFileW
0x180030240 HeapDestroy
0x180030248 SetFilePointerEx
0x180030250 GetConsoleMode
0x180030258 GetConsoleCP
0x180030260 LoadLibraryW
0x180030268 LoadLibraryExW
0x180030270 OutputDebugStringW
0x180030278 EnumSystemLocalesEx
0x180030280 IsValidLocaleName
0x180030288 LCMapStringEx
0x180030290 GetUserDefaultLocaleName
0x180030298 CompareStringEx
0x1800302a0 FreeEnvironmentStringsW
0x1800302a8 GetEnvironmentStringsW
0x1800302b0 GetTickCount64
0x1800302b8 GetSystemTimeAsFileTime
0x1800302c0 QueryPerformanceCounter
0x1800302c8 GetModuleFileNameA
0x1800302d0 InitOnceExecuteOnce
0x1800302d8 GetFileType
0x1800302e0 InitializeCriticalSectionEx
0x1800302e8 DeleteCriticalSection
0x1800302f0 EncodePointer
0x1800302f8 DecodePointer
0x180030300 GetLocaleInfoEx
0x180030308 GetStringTypeW
0x180030310 RaiseException
0x180030318 IsDebuggerPresent
0x180030320 IsProcessorFeaturePresent
0x180030328 GetCommandLineA
0x180030330 InitializeCriticalSectionAndSpinCount
0x180030338 GetCPInfo
0x180030340 GetStdHandle
0x180030348 GetModuleFileNameW
0x180030350 ExitProcess
0x180030358 GetModuleHandleExW
0x180030360 HeapSize
0x180030368 IsValidCodePage
0x180030370 GetACP
0x180030378 GetOEMCP
0x180030380 SetLastError
0x180030388 UnhandledExceptionFilter
0x180030390 SetUnhandledExceptionFilter
0x180030398 FlsAlloc
0x1800303a0 FlsGetValue
0x1800303a8 FlsSetValue
0x1800303b0 FlsFree
0x1800303b8 GetStartupInfoW
USER32.dll
0x180030400 wsprintfA
ADVAPI32.dll
0x180030000 LookupPrivilegeValueA
0x180030008 AdjustTokenPrivileges
0x180030010 OpenProcessToken
SHELL32.dll
0x1800303c8 SHGetFolderPathA
SHLWAPI.dll
0x1800303d8 StrStrA
0x1800303e0 PathFindFileNameW
0x1800303e8 PathFindFileNameA
0x1800303f0 PathFileExistsA
ntdll.dll
0x180030458 RtlLookupFunctionEntry
0x180030460 RtlUnwindEx
0x180030468 RtlCaptureContext
0x180030470 RtlVirtualUnwind
0x180030478 RtlPcToFileHeader
0x180030480 NtQueryInformationProcess
WININET.dll
0x180030410 InternetCloseHandle
0x180030418 InternetOpenUrlW
0x180030420 InternetOpenW
0x180030428 HttpQueryInfoA
0x180030430 InternetConnectW
0x180030438 HttpOpenRequestW
0x180030440 HttpSendRequestA
0x180030448 InternetReadFile
EAT(Export Address Table) Library
0x180009660 ?ReflectiveLoader@@YA_KXZ
KERNEL32.dll
0x180030020 CloseHandle
0x180030028 GetLastError
0x180030030 HeapAlloc
0x180030038 GetProcessHeap
0x180030040 Sleep
0x180030048 TerminateProcess
0x180030050 CreateThread
0x180030058 ResumeThread
0x180030060 CreateProcessA
0x180030068 GetThreadContext
0x180030070 SetThreadContext
0x180030078 OpenProcess
0x180030080 GetNativeSystemInfo
0x180030088 VirtualAllocEx
0x180030090 WriteProcessMemory
0x180030098 IsWow64Process
0x1800300a0 lstrcmpiA
0x1800300a8 lstrcpyA
0x1800300b0 lstrcatA
0x1800300b8 lstrlenA
0x1800300c0 MultiByteToWideChar
0x1800300c8 WideCharToMultiByte
0x1800300d0 CreateToolhelp32Snapshot
0x1800300d8 Process32First
0x1800300e0 Process32Next
0x1800300e8 GetCurrentProcess
0x1800300f0 CreateRemoteThread
0x1800300f8 GetModuleHandleA
0x180030100 GetProcAddress
0x180030108 K32GetProcessMemoryInfo
0x180030110 LoadLibraryA
0x180030118 GetSystemInfo
0x180030120 VirtualAlloc
0x180030128 VirtualFree
0x180030130 VirtualQuery
0x180030138 HeapCreate
0x180030140 HeapReAlloc
0x180030148 HeapFree
0x180030150 GetCurrentProcessId
0x180030158 GetCurrentThreadId
0x180030160 OpenThread
0x180030168 SuspendThread
0x180030170 FlushInstructionCache
0x180030178 VirtualProtect
0x180030180 GetModuleHandleW
0x180030188 Thread32First
0x180030190 Thread32Next
0x180030198 EnterCriticalSection
0x1800301a0 LeaveCriticalSection
0x1800301a8 VirtualProtectEx
0x1800301b0 CreateDirectoryA
0x1800301b8 SetFileAttributesA
0x1800301c0 GetWindowsDirectoryA
0x1800301c8 GetVolumeInformationA
0x1800301d0 GlobalAlloc
0x1800301d8 GlobalLock
0x1800301e0 GlobalUnlock
0x1800301e8 Module32First
0x1800301f0 Module32Next
0x1800301f8 CreateMutexA
0x180030200 FlushFileBuffers
0x180030208 WriteConsoleW
0x180030210 SetStdHandle
0x180030218 WriteFile
0x180030220 ReadFile
0x180030228 CreateFileA
0x180030230 GetFileSize
0x180030238 CreateFileW
0x180030240 HeapDestroy
0x180030248 SetFilePointerEx
0x180030250 GetConsoleMode
0x180030258 GetConsoleCP
0x180030260 LoadLibraryW
0x180030268 LoadLibraryExW
0x180030270 OutputDebugStringW
0x180030278 EnumSystemLocalesEx
0x180030280 IsValidLocaleName
0x180030288 LCMapStringEx
0x180030290 GetUserDefaultLocaleName
0x180030298 CompareStringEx
0x1800302a0 FreeEnvironmentStringsW
0x1800302a8 GetEnvironmentStringsW
0x1800302b0 GetTickCount64
0x1800302b8 GetSystemTimeAsFileTime
0x1800302c0 QueryPerformanceCounter
0x1800302c8 GetModuleFileNameA
0x1800302d0 InitOnceExecuteOnce
0x1800302d8 GetFileType
0x1800302e0 InitializeCriticalSectionEx
0x1800302e8 DeleteCriticalSection
0x1800302f0 EncodePointer
0x1800302f8 DecodePointer
0x180030300 GetLocaleInfoEx
0x180030308 GetStringTypeW
0x180030310 RaiseException
0x180030318 IsDebuggerPresent
0x180030320 IsProcessorFeaturePresent
0x180030328 GetCommandLineA
0x180030330 InitializeCriticalSectionAndSpinCount
0x180030338 GetCPInfo
0x180030340 GetStdHandle
0x180030348 GetModuleFileNameW
0x180030350 ExitProcess
0x180030358 GetModuleHandleExW
0x180030360 HeapSize
0x180030368 IsValidCodePage
0x180030370 GetACP
0x180030378 GetOEMCP
0x180030380 SetLastError
0x180030388 UnhandledExceptionFilter
0x180030390 SetUnhandledExceptionFilter
0x180030398 FlsAlloc
0x1800303a0 FlsGetValue
0x1800303a8 FlsSetValue
0x1800303b0 FlsFree
0x1800303b8 GetStartupInfoW
USER32.dll
0x180030400 wsprintfA
ADVAPI32.dll
0x180030000 LookupPrivilegeValueA
0x180030008 AdjustTokenPrivileges
0x180030010 OpenProcessToken
SHELL32.dll
0x1800303c8 SHGetFolderPathA
SHLWAPI.dll
0x1800303d8 StrStrA
0x1800303e0 PathFindFileNameW
0x1800303e8 PathFindFileNameA
0x1800303f0 PathFileExistsA
ntdll.dll
0x180030458 RtlLookupFunctionEntry
0x180030460 RtlUnwindEx
0x180030468 RtlCaptureContext
0x180030470 RtlVirtualUnwind
0x180030478 RtlPcToFileHeader
0x180030480 NtQueryInformationProcess
WININET.dll
0x180030410 InternetCloseHandle
0x180030418 InternetOpenUrlW
0x180030420 InternetOpenW
0x180030428 HttpQueryInfoA
0x180030430 InternetConnectW
0x180030438 HttpOpenRequestW
0x180030440 HttpSendRequestA
0x180030448 InternetReadFile
EAT(Export Address Table) Library
0x180009660 ?ReflectiveLoader@@YA_KXZ