ScreenShot
| Created | 2025.02.27 14:41 | Machine | s1_win7_x6403 |
| Filename | Dll2.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 8 detected (GenericKD, GameHack, AGen, AIP potentially unsafe, CLOUD, hacktool, MALICIOUS) | ||
| md5 | 0ddfb511418427767e22ec3259c7fddd | ||
| sha256 | 65e8672493d253d4f4fa6c88a6008752b1144e3995d12b515bd5eeda22c930c8 | ||
| ssdeep | 384:6iWt8/Y3RK5n8QhZx3Ve45kLg6eIvmdx7uBTkfVTE2+YR0ReSGUym:6iWm/iYn86ZaZP+DGoNUiQePt | ||
| imphash | c1c8014e50bff25ac277c0a3b7a505da | ||
| impfuzzy | 96:X9dL78v7Wz2uBeSNmULN8/g3cgBx398iOomxksUPpzUurvAyiNx9YI9njxgSa:X9AWE2AyiNzJ9njx6 | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| watch | Checks for the presence of known windows from debuggers and forensic tools |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | File has been identified by 8 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10006000 IsDebuggerPresent
0x10006004 CheckRemoteDebuggerPresent
0x10006008 CloseHandle
0x1000600c WaitForSingleObject
0x10006010 GetCurrentProcess
0x10006014 ExitProcess
0x10006018 CreateProcessA
0x1000601c GetModuleFileNameA
0x10006020 GetModuleHandleA
0x10006024 GetProcAddress
0x10006028 IsProcessorFeaturePresent
0x1000602c SetUnhandledExceptionFilter
0x10006030 UnhandledExceptionFilter
0x10006034 InitializeSListHead
0x10006038 GetSystemTimeAsFileTime
0x1000603c GetCurrentThreadId
0x10006040 GetCurrentProcessId
0x10006044 QueryPerformanceCounter
0x10006048 TerminateProcess
USER32.dll
0x10006100 FindWindowA
MSVCP140.dll
0x10006050 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x10006054 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x10006058 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
0x1000605c ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
0x10006060 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
0x10006064 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x10006068 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x1000606c ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
0x10006070 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
0x10006074 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
0x10006078 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
0x1000607c ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
0x10006080 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
0x10006084 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
0x10006088 ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x1000608c ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x10006090 ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
0x10006094 ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
0x10006098 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x1000609c ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
0x100060a0 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
0x100060a4 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
0x100060a8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
0x100060ac ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
0x100060b0 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
0x100060b4 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x100060b8 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
0x100060bc ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
0x100060c0 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x100060c4 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x100060c8 ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
0x100060cc ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
0x100060d0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x100060d4 ?_Xbad_alloc@std@@YAXXZ
0x100060d8 ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x100060dc ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x100060e0 ??0_Lockit@std@@QAE@H@Z
0x100060e4 ??1_Lockit@std@@QAE@XZ
0x100060e8 ?_Xlength_error@std@@YAXPBD@Z
0x100060ec ?_Xout_of_range@std@@YAXPBD@Z
0x100060f0 ??Bid@locale@std@@QAEIXZ
0x100060f4 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x100060f8 ?always_noconv@codecvt_base@std@@QBE_NXZ
VCRUNTIME140.dll
0x10006108 memcpy
0x1000610c _except_handler4_common
0x10006110 memmove
0x10006114 memset
0x10006118 __std_exception_copy
0x1000611c __std_exception_destroy
0x10006120 _CxxThrowException
0x10006124 __CxxFrameHandler3
0x10006128 __std_type_info_destroy_list
api-ms-win-crt-runtime-l1-1-0.dll
0x1000614c _crt_atexit
0x10006150 _invalid_parameter_noinfo_noreturn
0x10006154 _initterm
0x10006158 _initterm_e
0x1000615c _configure_narrow_argv
0x10006160 _initialize_narrow_environment
0x10006164 _initialize_onexit_table
0x10006168 _register_onexit_function
0x1000616c _execute_onexit_table
0x10006170 _seh_filter_dll
0x10006174 _cexit
api-ms-win-crt-string-l1-1-0.dll
0x100061b0 strlen
api-ms-win-crt-stdio-l1-1-0.dll
0x1000617c fsetpos
0x10006180 fwrite
0x10006184 setvbuf
0x10006188 _get_stream_buffer_pointers
0x1000618c ungetc
0x10006190 fread
0x10006194 fputc
0x10006198 fgetpos
0x1000619c fgetc
0x100061a0 fflush
0x100061a4 fclose
0x100061a8 _fseeki64
api-ms-win-crt-filesystem-l1-1-0.dll
0x10006130 _lock_file
0x10006134 _unlock_file
api-ms-win-crt-heap-l1-1-0.dll
0x1000613c _callnewh
0x10006140 free
0x10006144 malloc
EAT(Export Address Table) Library
0x10004162 add_2
KERNEL32.dll
0x10006000 IsDebuggerPresent
0x10006004 CheckRemoteDebuggerPresent
0x10006008 CloseHandle
0x1000600c WaitForSingleObject
0x10006010 GetCurrentProcess
0x10006014 ExitProcess
0x10006018 CreateProcessA
0x1000601c GetModuleFileNameA
0x10006020 GetModuleHandleA
0x10006024 GetProcAddress
0x10006028 IsProcessorFeaturePresent
0x1000602c SetUnhandledExceptionFilter
0x10006030 UnhandledExceptionFilter
0x10006034 InitializeSListHead
0x10006038 GetSystemTimeAsFileTime
0x1000603c GetCurrentThreadId
0x10006040 GetCurrentProcessId
0x10006044 QueryPerformanceCounter
0x10006048 TerminateProcess
USER32.dll
0x10006100 FindWindowA
MSVCP140.dll
0x10006050 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
0x10006054 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
0x10006058 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
0x1000605c ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
0x10006060 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
0x10006064 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x10006068 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
0x1000606c ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
0x10006070 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
0x10006074 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
0x10006078 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
0x1000607c ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
0x10006080 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
0x10006084 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
0x10006088 ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x1000608c ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x10006090 ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
0x10006094 ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
0x10006098 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
0x1000609c ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
0x100060a0 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
0x100060a4 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
0x100060a8 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
0x100060ac ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
0x100060b0 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
0x100060b4 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
0x100060b8 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
0x100060bc ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
0x100060c0 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x100060c4 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
0x100060c8 ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
0x100060cc ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
0x100060d0 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x100060d4 ?_Xbad_alloc@std@@YAXXZ
0x100060d8 ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x100060dc ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
0x100060e0 ??0_Lockit@std@@QAE@H@Z
0x100060e4 ??1_Lockit@std@@QAE@XZ
0x100060e8 ?_Xlength_error@std@@YAXPBD@Z
0x100060ec ?_Xout_of_range@std@@YAXPBD@Z
0x100060f0 ??Bid@locale@std@@QAEIXZ
0x100060f4 ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
0x100060f8 ?always_noconv@codecvt_base@std@@QBE_NXZ
VCRUNTIME140.dll
0x10006108 memcpy
0x1000610c _except_handler4_common
0x10006110 memmove
0x10006114 memset
0x10006118 __std_exception_copy
0x1000611c __std_exception_destroy
0x10006120 _CxxThrowException
0x10006124 __CxxFrameHandler3
0x10006128 __std_type_info_destroy_list
api-ms-win-crt-runtime-l1-1-0.dll
0x1000614c _crt_atexit
0x10006150 _invalid_parameter_noinfo_noreturn
0x10006154 _initterm
0x10006158 _initterm_e
0x1000615c _configure_narrow_argv
0x10006160 _initialize_narrow_environment
0x10006164 _initialize_onexit_table
0x10006168 _register_onexit_function
0x1000616c _execute_onexit_table
0x10006170 _seh_filter_dll
0x10006174 _cexit
api-ms-win-crt-string-l1-1-0.dll
0x100061b0 strlen
api-ms-win-crt-stdio-l1-1-0.dll
0x1000617c fsetpos
0x10006180 fwrite
0x10006184 setvbuf
0x10006188 _get_stream_buffer_pointers
0x1000618c ungetc
0x10006190 fread
0x10006194 fputc
0x10006198 fgetpos
0x1000619c fgetc
0x100061a0 fflush
0x100061a4 fclose
0x100061a8 _fseeki64
api-ms-win-crt-filesystem-l1-1-0.dll
0x10006130 _lock_file
0x10006134 _unlock_file
api-ms-win-crt-heap-l1-1-0.dll
0x1000613c _callnewh
0x10006140 free
0x10006144 malloc
EAT(Export Address Table) Library
0x10004162 add_2