ScreenShot
| Created | 2025.03.06 11:18 | Machine | s1_win7_x6402 |
| Filename | VERSION.DLL | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 46 detected (Crysan, Malicious, score, Ghanarava, Artemis, GenericKD, Unsafe, Vep9, confidence, 100%, high confidence, BackdoorX, CLOUD, Nekark, pbbon, high, apefe, Detected, ABBackdoor, GGNI, Chgt, R002H0CI124, Gencirc, susgen, PossibleThreat) | ||
| md5 | 9e94126e8a26efd10b2a5b179d64be90 | ||
| sha256 | 6bdcd10a2434861f81f6dc75bd2b40f3aa847adb4b358ab6855d1c760a3090a1 | ||
| ssdeep | 98304:Z3BSbnpWV8SvVCuEjg4qWy5UiiIsYhR/CjzcFAiP:ZRSbp6VCzmV539nC0FAk | ||
| imphash | 6eb96493cee4a59e8646c2ae6a2b352d | ||
| impfuzzy | 24:mDKm2pktnmQkhLunud2iqEQ73g3uMUcLTwg2ByCb8hDBJCZhKF4Tg97QIih0q:CeQkhLuul/aw7qBMhyF | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10004010 GetProcAddress
0x10004014 GetTickCount
0x10004018 GetModuleFileNameA
0x1000401c SizeofResource
0x10004020 SuspendThread
0x10004024 LoadLibraryA
0x10004028 LockResource
0x1000402c CloseHandle
0x10004030 LoadLibraryW
0x10004034 CreateThread
0x10004038 LoadResource
0x1000403c FindResourceW
0x10004040 GetCurrentProcessId
0x10004044 FreeLibrary
0x10004048 OpenThread
0x1000404c GetSystemTimeAsFileTime
0x10004050 GetCurrentThreadId
0x10004054 GetCurrentProcess
0x10004058 LocalFree
0x1000405c TerminateProcess
0x10004060 IsProcessorFeaturePresent
0x10004064 SetUnhandledExceptionFilter
0x10004068 UnhandledExceptionFilter
0x1000406c IsDebuggerPresent
0x10004070 InitializeSListHead
0x10004074 QueryPerformanceCounter
ADVAPI32.dll
0x10004000 RegSetValueExA
0x10004004 RegOpenKeyExA
0x10004008 RegCloseKey
SHELL32.dll
0x10004084 SHGetFolderPathW
OLEAUT32.dll
0x1000407c VariantClear
SHLWAPI.dll
0x1000408c StrStrW
VCRUNTIME140.dll
0x10004094 __std_type_info_destroy_list
0x10004098 memset
0x1000409c _except_handler4_common
0x100040a0 _CxxThrowException
0x100040a4 memcpy
api-ms-win-crt-string-l1-1-0.dll
0x10004100 strncpy_s
0x10004104 _wcslwr_s
0x10004108 wcscpy_s
api-ms-win-crt-stdio-l1-1-0.dll
0x100040f8 __stdio_common_vswprintf
api-ms-win-crt-runtime-l1-1-0.dll
0x100040c0 _crt_atexit
0x100040c4 _execute_onexit_table
0x100040c8 _cexit
0x100040cc exit
0x100040d0 _register_onexit_function
0x100040d4 _initialize_onexit_table
0x100040d8 _initialize_narrow_environment
0x100040dc _invalid_parameter_noinfo
0x100040e0 _configure_narrow_argv
0x100040e4 _errno
0x100040e8 _seh_filter_dll
0x100040ec _initterm
0x100040f0 _initterm_e
api-ms-win-crt-heap-l1-1-0.dll
0x100040b4 free
0x100040b8 calloc
api-ms-win-crt-utility-l1-1-0.dll
0x10004110 srand
api-ms-win-crt-convert-l1-1-0.dll
0x100040ac mbstowcs_s
EAT(Export Address Table) Library
0x10002090 GetFileVersionInfoA
0x100020a0 GetFileVersionInfoByHandle
0x100020b0 GetFileVersionInfoExA
0x100020c0 GetFileVersionInfoExW
0x100020d0 GetFileVersionInfoSizeA
0x100020e0 GetFileVersionInfoSizeExA
0x100020f0 GetFileVersionInfoSizeExW
0x10002100 GetFileVersionInfoSizeW
0x10002110 GetFileVersionInfoW
0x10002120 VerFindFileA
0x10002130 VerFindFileW
0x10002140 VerInstallFileA
0x10002150 VerInstallFileW
0x10002160 VerLanguageNameA
0x10002170 VerLanguageNameW
0x10002180 VerQueryValueA
0x10002190 VerQueryValueW
KERNEL32.dll
0x10004010 GetProcAddress
0x10004014 GetTickCount
0x10004018 GetModuleFileNameA
0x1000401c SizeofResource
0x10004020 SuspendThread
0x10004024 LoadLibraryA
0x10004028 LockResource
0x1000402c CloseHandle
0x10004030 LoadLibraryW
0x10004034 CreateThread
0x10004038 LoadResource
0x1000403c FindResourceW
0x10004040 GetCurrentProcessId
0x10004044 FreeLibrary
0x10004048 OpenThread
0x1000404c GetSystemTimeAsFileTime
0x10004050 GetCurrentThreadId
0x10004054 GetCurrentProcess
0x10004058 LocalFree
0x1000405c TerminateProcess
0x10004060 IsProcessorFeaturePresent
0x10004064 SetUnhandledExceptionFilter
0x10004068 UnhandledExceptionFilter
0x1000406c IsDebuggerPresent
0x10004070 InitializeSListHead
0x10004074 QueryPerformanceCounter
ADVAPI32.dll
0x10004000 RegSetValueExA
0x10004004 RegOpenKeyExA
0x10004008 RegCloseKey
SHELL32.dll
0x10004084 SHGetFolderPathW
OLEAUT32.dll
0x1000407c VariantClear
SHLWAPI.dll
0x1000408c StrStrW
VCRUNTIME140.dll
0x10004094 __std_type_info_destroy_list
0x10004098 memset
0x1000409c _except_handler4_common
0x100040a0 _CxxThrowException
0x100040a4 memcpy
api-ms-win-crt-string-l1-1-0.dll
0x10004100 strncpy_s
0x10004104 _wcslwr_s
0x10004108 wcscpy_s
api-ms-win-crt-stdio-l1-1-0.dll
0x100040f8 __stdio_common_vswprintf
api-ms-win-crt-runtime-l1-1-0.dll
0x100040c0 _crt_atexit
0x100040c4 _execute_onexit_table
0x100040c8 _cexit
0x100040cc exit
0x100040d0 _register_onexit_function
0x100040d4 _initialize_onexit_table
0x100040d8 _initialize_narrow_environment
0x100040dc _invalid_parameter_noinfo
0x100040e0 _configure_narrow_argv
0x100040e4 _errno
0x100040e8 _seh_filter_dll
0x100040ec _initterm
0x100040f0 _initterm_e
api-ms-win-crt-heap-l1-1-0.dll
0x100040b4 free
0x100040b8 calloc
api-ms-win-crt-utility-l1-1-0.dll
0x10004110 srand
api-ms-win-crt-convert-l1-1-0.dll
0x100040ac mbstowcs_s
EAT(Export Address Table) Library
0x10002090 GetFileVersionInfoA
0x100020a0 GetFileVersionInfoByHandle
0x100020b0 GetFileVersionInfoExA
0x100020c0 GetFileVersionInfoExW
0x100020d0 GetFileVersionInfoSizeA
0x100020e0 GetFileVersionInfoSizeExA
0x100020f0 GetFileVersionInfoSizeExW
0x10002100 GetFileVersionInfoSizeW
0x10002110 GetFileVersionInfoW
0x10002120 VerFindFileA
0x10002130 VerFindFileW
0x10002140 VerInstallFileA
0x10002150 VerInstallFileW
0x10002160 VerLanguageNameA
0x10002170 VerLanguageNameW
0x10002180 VerQueryValueA
0x10002190 VerQueryValueW