ScreenShot
| Created | 2025.04.07 10:06 | Machine | s1_win7_x6403 |
| Filename | w54cez.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 55 detected (Common, GenericKD, Win64RI, S35352211, Unsafe, malicious, confidence, high confidence, DropperX, score, qwkvez, kvwuhd, qcmep, DownLoader47, ewvz, Detected, Multiverze, Kryptik, Eldorado, AsyncRAT, R656586, Artemis, Chgt, R023H0CC425, Oojlde6nN9E, susgen, Phonzy, B9nj) | ||
| md5 | 842526afcbc5e4567e84a1375d597df8 | ||
| sha256 | 509843bba178671ba718f531b6f6459d299870228ee569c67951aa86369a15c6 | ||
| ssdeep | 24576:rCDAjCPps7W325iovvQAz7IDx1z7+Z0On2n46UYT:SAjys7tNQJ/W2n4 | ||
| imphash | 9a4c1d46ce5204579f3b15445fb1f9b9 | ||
| impfuzzy | 96:vXveg6cEthOzWY7/2+XkImHKeOlc1bWY4iD/EEepcNglvK9gqjxK:vGgtSQHmHKrvKgqjxK | ||
No network connection information
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
d3d11.dll
0x180093840 D3D11CreateDeviceAndSwapChain
OPENGL32.dll
0x180093320 wglGetProcAddress
0x180093328 wglGetCurrentDC
0x180093330 glGetString
0x180093338 glGetIntegerv
0x180093340 glPopMatrix
0x180093348 glDepthRange
0x180093350 glStencilOp
0x180093358 glPopAttrib
0x180093360 glEnable
0x180093368 glVertex3f
0x180093370 glEnd
0x180093378 glLineWidth
0x180093380 glStencilFunc
0x180093388 glBlendFunc
0x180093390 glColor4f
0x180093398 glColorMask
0x1800933a0 glBegin
0x1800933a8 glDrawElements
0x1800933b0 glDisable
0x1800933b8 glPushMatrix
0x1800933c0 glPushAttrib
KERNEL32.dll
0x180093088 CreateEventW
0x180093090 EnterCriticalSection
0x180093098 LeaveCriticalSection
0x1800930a0 WaitForSingleObjectEx
0x1800930a8 RtlCaptureContext
0x1800930b0 RtlLookupFunctionEntry
0x1800930b8 RtlVirtualUnwind
0x1800930c0 UnhandledExceptionFilter
0x1800930c8 SetUnhandledExceptionFilter
0x1800930d0 TerminateProcess
0x1800930d8 IsProcessorFeaturePresent
0x1800930e0 IsDebuggerPresent
0x1800930e8 MultiByteToWideChar
0x1800930f0 GlobalAlloc
0x1800930f8 GlobalFree
0x180093100 GlobalLock
0x180093108 WideCharToMultiByte
0x180093110 GlobalUnlock
0x180093118 GetModuleHandleA
0x180093120 LoadLibraryA
0x180093128 QueryPerformanceFrequency
0x180093130 GetProcAddress
0x180093138 VerSetConditionMask
0x180093140 FreeLibrary
0x180093148 QueryPerformanceCounter
0x180093150 DisableThreadLibraryCalls
0x180093158 CreateThread
0x180093160 HeapFree
0x180093168 GetCurrentProcess
0x180093170 InitializeCriticalSectionEx
0x180093178 ExitThread
0x180093180 HeapSize
0x180093188 Sleep
0x180093190 GetLastError
0x180093198 HeapReAlloc
0x1800931a0 CloseHandle
0x1800931a8 HeapAlloc
0x1800931b0 HeapDestroy
0x1800931b8 LocalFree
0x1800931c0 DeleteCriticalSection
0x1800931c8 GetProcessHeap
0x1800931d0 WaitForSingleObject
0x1800931d8 GetExitCodeThread
0x1800931e0 HeapCreate
0x1800931e8 VirtualProtect
0x1800931f0 Thread32Next
0x1800931f8 Thread32First
0x180093200 GetCurrentThreadId
0x180093208 SuspendThread
0x180093210 ResumeThread
0x180093218 CreateToolhelp32Snapshot
0x180093220 GetThreadContext
0x180093228 GetCurrentProcessId
0x180093230 GetModuleHandleW
0x180093238 FlushInstructionCache
0x180093240 SetThreadContext
0x180093248 OpenThread
0x180093250 InitializeCriticalSectionAndSpinCount
0x180093258 VirtualAlloc
0x180093260 GetSystemInfo
0x180093268 VirtualQuery
0x180093270 GetSystemTimeAsFileTime
0x180093278 InitializeSListHead
0x180093280 OutputDebugStringW
0x180093288 ResetEvent
0x180093290 SetEvent
0x180093298 VirtualFree
USER32.dll
0x1800933e0 GetForegroundWindow
0x1800933e8 DefWindowProcA
0x1800933f0 CreateWindowExA
0x1800933f8 SetLayeredWindowAttributes
0x180093400 SetFocus
0x180093408 BringWindowToTop
0x180093410 SetCapture
0x180093418 SetCursor
0x180093420 SetWindowLongW
0x180093428 GetClientRect
0x180093430 UnregisterClassA
0x180093438 SetProcessDPIAware
0x180093440 RegisterClassExA
0x180093448 ReleaseCapture
0x180093450 SetForegroundWindow
0x180093458 IsIconic
0x180093460 SetCursorPos
0x180093468 ReleaseDC
0x180093470 GetCursorPos
0x180093478 TrackMouseEvent
0x180093480 CloseClipboard
0x180093488 EmptyClipboard
0x180093490 GetClipboardData
0x180093498 SetClipboardData
0x1800934a0 ClientToScreen
0x1800934a8 SetWindowLongA
0x1800934b0 GetCapture
0x1800934b8 ShowWindow
0x1800934c0 WindowFromPoint
0x1800934c8 GetMonitorInfoA
0x1800934d0 SetWindowTextW
0x1800934d8 ScreenToClient
0x1800934e0 EnumDisplayMonitors
0x1800934e8 MonitorFromWindow
0x1800934f0 SetWindowPos
0x1800934f8 GetDC
0x180093500 DestroyWindow
0x180093508 LoadCursorA
0x180093510 GetKeyState
0x180093518 AdjustWindowRectEx
0x180093520 OpenClipboard
0x180093528 IsChild
0x180093530 DispatchMessageA
0x180093538 GetAsyncKeyState
0x180093540 TranslateMessage
0x180093548 PeekMessageA
0x180093550 PostQuitMessage
0x180093558 UpdateWindow
0x180093560 GetWindowLongW
GDI32.dll
0x180093048 GetDeviceCaps
ADVAPI32.dll
0x180093000 ConvertSidToStringSidA
0x180093008 GetTokenInformation
0x180093010 GetLengthSid
0x180093018 OpenProcessToken
0x180093020 IsValidSid
0x180093028 CopySid
SHELL32.dll
0x1800933d0 ShellExecuteA
IMM32.dll
0x180093058 ImmGetContext
0x180093060 ImmSetCompositionWindow
0x180093068 ImmSetCandidateWindow
0x180093070 ImmAssociateContextEx
0x180093078 ImmReleaseContext
D3DCOMPILER_43.dll
0x180093038 D3DCompile
MSVCP140.dll
0x1800932a8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
0x1800932b0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1800932b8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1800932c0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1800932c8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1800932d0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1800932d8 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1800932e0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1800932e8 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1800932f0 ?_Xout_of_range@std@@YAXPEBD@Z
0x1800932f8 ?uncaught_exception@std@@YA_NXZ
0x180093300 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x180093308 ?_Xbad_function_call@std@@YAXXZ
0x180093310 ?_Xlength_error@std@@YAXPEBD@Z
urlmon.dll
0x180093850 URLDownloadToFileA
USERENV.dll
0x180093570 UnloadUserProfile
WININET.dll
0x180093608 HttpSendRequestA
0x180093610 InternetCloseHandle
0x180093618 InternetReadFile
0x180093620 InternetOpenA
0x180093628 InternetSetOptionA
0x180093630 HttpOpenRequestA
0x180093638 InternetQueryOptionA
0x180093640 HttpQueryInfoA
0x180093648 InternetSetCookieA
0x180093650 InternetConnectA
VCRUNTIME140_1.dll
0x1800935f8 __CxxFrameHandler4
VCRUNTIME140.dll
0x180093580 memchr
0x180093588 __std_terminate
0x180093590 strstr
0x180093598 __C_specific_handler
0x1800935a0 __std_exception_destroy
0x1800935a8 __std_exception_copy
0x1800935b0 __current_exception
0x1800935b8 __current_exception_context
0x1800935c0 memset
0x1800935c8 _CxxThrowException
0x1800935d0 __std_type_info_destroy_list
0x1800935d8 memmove
0x1800935e0 memcmp
0x1800935e8 memcpy
api-ms-win-crt-stdio-l1-1-0.dll
0x180093790 ftell
0x180093798 __acrt_iob_func
0x1800937a0 fflush
0x1800937a8 fopen
0x1800937b0 fclose
0x1800937b8 fseek
0x1800937c0 fwrite
0x1800937c8 __stdio_common_vfprintf
0x1800937d0 __stdio_common_vsscanf
0x1800937d8 fread
0x1800937e0 __stdio_common_vsprintf
0x1800937e8 _wfopen
api-ms-win-crt-string-l1-1-0.dll
0x1800937f8 strncmp
0x180093800 strncpy
0x180093808 isspace
0x180093810 strcmp
0x180093818 tolower
0x180093820 isalnum
api-ms-win-crt-utility-l1-1-0.dll
0x180093830 qsort
api-ms-win-crt-heap-l1-1-0.dll
0x180093688 malloc
0x180093690 free
0x180093698 calloc
0x1800936a0 _callnewh
api-ms-win-crt-convert-l1-1-0.dll
0x180093660 strtoull
0x180093668 strtoll
0x180093670 strtod
0x180093678 atof
api-ms-win-crt-runtime-l1-1-0.dll
0x180093710 _seh_filter_dll
0x180093718 _configure_narrow_argv
0x180093720 _initialize_narrow_environment
0x180093728 _initialize_onexit_table
0x180093730 _register_onexit_function
0x180093738 _execute_onexit_table
0x180093740 _crt_atexit
0x180093748 _cexit
0x180093750 terminate
0x180093758 _initterm
0x180093760 _initterm_e
0x180093768 _resetstkoflw
0x180093770 _invalid_parameter_noinfo
0x180093778 _errno
0x180093780 _invalid_parameter_noinfo_noreturn
api-ms-win-crt-locale-l1-1-0.dll
0x1800936b0 localeconv
api-ms-win-crt-math-l1-1-0.dll
0x1800936c0 atan2f
0x1800936c8 ceilf
0x1800936d0 cosf
0x1800936d8 _dclass
0x1800936e0 powf
0x1800936e8 sinf
0x1800936f0 acosf
0x1800936f8 sqrtf
0x180093700 fmodf
EAT(Export Address Table) is none
d3d11.dll
0x180093840 D3D11CreateDeviceAndSwapChain
OPENGL32.dll
0x180093320 wglGetProcAddress
0x180093328 wglGetCurrentDC
0x180093330 glGetString
0x180093338 glGetIntegerv
0x180093340 glPopMatrix
0x180093348 glDepthRange
0x180093350 glStencilOp
0x180093358 glPopAttrib
0x180093360 glEnable
0x180093368 glVertex3f
0x180093370 glEnd
0x180093378 glLineWidth
0x180093380 glStencilFunc
0x180093388 glBlendFunc
0x180093390 glColor4f
0x180093398 glColorMask
0x1800933a0 glBegin
0x1800933a8 glDrawElements
0x1800933b0 glDisable
0x1800933b8 glPushMatrix
0x1800933c0 glPushAttrib
KERNEL32.dll
0x180093088 CreateEventW
0x180093090 EnterCriticalSection
0x180093098 LeaveCriticalSection
0x1800930a0 WaitForSingleObjectEx
0x1800930a8 RtlCaptureContext
0x1800930b0 RtlLookupFunctionEntry
0x1800930b8 RtlVirtualUnwind
0x1800930c0 UnhandledExceptionFilter
0x1800930c8 SetUnhandledExceptionFilter
0x1800930d0 TerminateProcess
0x1800930d8 IsProcessorFeaturePresent
0x1800930e0 IsDebuggerPresent
0x1800930e8 MultiByteToWideChar
0x1800930f0 GlobalAlloc
0x1800930f8 GlobalFree
0x180093100 GlobalLock
0x180093108 WideCharToMultiByte
0x180093110 GlobalUnlock
0x180093118 GetModuleHandleA
0x180093120 LoadLibraryA
0x180093128 QueryPerformanceFrequency
0x180093130 GetProcAddress
0x180093138 VerSetConditionMask
0x180093140 FreeLibrary
0x180093148 QueryPerformanceCounter
0x180093150 DisableThreadLibraryCalls
0x180093158 CreateThread
0x180093160 HeapFree
0x180093168 GetCurrentProcess
0x180093170 InitializeCriticalSectionEx
0x180093178 ExitThread
0x180093180 HeapSize
0x180093188 Sleep
0x180093190 GetLastError
0x180093198 HeapReAlloc
0x1800931a0 CloseHandle
0x1800931a8 HeapAlloc
0x1800931b0 HeapDestroy
0x1800931b8 LocalFree
0x1800931c0 DeleteCriticalSection
0x1800931c8 GetProcessHeap
0x1800931d0 WaitForSingleObject
0x1800931d8 GetExitCodeThread
0x1800931e0 HeapCreate
0x1800931e8 VirtualProtect
0x1800931f0 Thread32Next
0x1800931f8 Thread32First
0x180093200 GetCurrentThreadId
0x180093208 SuspendThread
0x180093210 ResumeThread
0x180093218 CreateToolhelp32Snapshot
0x180093220 GetThreadContext
0x180093228 GetCurrentProcessId
0x180093230 GetModuleHandleW
0x180093238 FlushInstructionCache
0x180093240 SetThreadContext
0x180093248 OpenThread
0x180093250 InitializeCriticalSectionAndSpinCount
0x180093258 VirtualAlloc
0x180093260 GetSystemInfo
0x180093268 VirtualQuery
0x180093270 GetSystemTimeAsFileTime
0x180093278 InitializeSListHead
0x180093280 OutputDebugStringW
0x180093288 ResetEvent
0x180093290 SetEvent
0x180093298 VirtualFree
USER32.dll
0x1800933e0 GetForegroundWindow
0x1800933e8 DefWindowProcA
0x1800933f0 CreateWindowExA
0x1800933f8 SetLayeredWindowAttributes
0x180093400 SetFocus
0x180093408 BringWindowToTop
0x180093410 SetCapture
0x180093418 SetCursor
0x180093420 SetWindowLongW
0x180093428 GetClientRect
0x180093430 UnregisterClassA
0x180093438 SetProcessDPIAware
0x180093440 RegisterClassExA
0x180093448 ReleaseCapture
0x180093450 SetForegroundWindow
0x180093458 IsIconic
0x180093460 SetCursorPos
0x180093468 ReleaseDC
0x180093470 GetCursorPos
0x180093478 TrackMouseEvent
0x180093480 CloseClipboard
0x180093488 EmptyClipboard
0x180093490 GetClipboardData
0x180093498 SetClipboardData
0x1800934a0 ClientToScreen
0x1800934a8 SetWindowLongA
0x1800934b0 GetCapture
0x1800934b8 ShowWindow
0x1800934c0 WindowFromPoint
0x1800934c8 GetMonitorInfoA
0x1800934d0 SetWindowTextW
0x1800934d8 ScreenToClient
0x1800934e0 EnumDisplayMonitors
0x1800934e8 MonitorFromWindow
0x1800934f0 SetWindowPos
0x1800934f8 GetDC
0x180093500 DestroyWindow
0x180093508 LoadCursorA
0x180093510 GetKeyState
0x180093518 AdjustWindowRectEx
0x180093520 OpenClipboard
0x180093528 IsChild
0x180093530 DispatchMessageA
0x180093538 GetAsyncKeyState
0x180093540 TranslateMessage
0x180093548 PeekMessageA
0x180093550 PostQuitMessage
0x180093558 UpdateWindow
0x180093560 GetWindowLongW
GDI32.dll
0x180093048 GetDeviceCaps
ADVAPI32.dll
0x180093000 ConvertSidToStringSidA
0x180093008 GetTokenInformation
0x180093010 GetLengthSid
0x180093018 OpenProcessToken
0x180093020 IsValidSid
0x180093028 CopySid
SHELL32.dll
0x1800933d0 ShellExecuteA
IMM32.dll
0x180093058 ImmGetContext
0x180093060 ImmSetCompositionWindow
0x180093068 ImmSetCandidateWindow
0x180093070 ImmAssociateContextEx
0x180093078 ImmReleaseContext
D3DCOMPILER_43.dll
0x180093038 D3DCompile
MSVCP140.dll
0x1800932a8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
0x1800932b0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
0x1800932b8 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x1800932c0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
0x1800932c8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
0x1800932d0 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
0x1800932d8 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
0x1800932e0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
0x1800932e8 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
0x1800932f0 ?_Xout_of_range@std@@YAXPEBD@Z
0x1800932f8 ?uncaught_exception@std@@YA_NXZ
0x180093300 ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
0x180093308 ?_Xbad_function_call@std@@YAXXZ
0x180093310 ?_Xlength_error@std@@YAXPEBD@Z
urlmon.dll
0x180093850 URLDownloadToFileA
USERENV.dll
0x180093570 UnloadUserProfile
WININET.dll
0x180093608 HttpSendRequestA
0x180093610 InternetCloseHandle
0x180093618 InternetReadFile
0x180093620 InternetOpenA
0x180093628 InternetSetOptionA
0x180093630 HttpOpenRequestA
0x180093638 InternetQueryOptionA
0x180093640 HttpQueryInfoA
0x180093648 InternetSetCookieA
0x180093650 InternetConnectA
VCRUNTIME140_1.dll
0x1800935f8 __CxxFrameHandler4
VCRUNTIME140.dll
0x180093580 memchr
0x180093588 __std_terminate
0x180093590 strstr
0x180093598 __C_specific_handler
0x1800935a0 __std_exception_destroy
0x1800935a8 __std_exception_copy
0x1800935b0 __current_exception
0x1800935b8 __current_exception_context
0x1800935c0 memset
0x1800935c8 _CxxThrowException
0x1800935d0 __std_type_info_destroy_list
0x1800935d8 memmove
0x1800935e0 memcmp
0x1800935e8 memcpy
api-ms-win-crt-stdio-l1-1-0.dll
0x180093790 ftell
0x180093798 __acrt_iob_func
0x1800937a0 fflush
0x1800937a8 fopen
0x1800937b0 fclose
0x1800937b8 fseek
0x1800937c0 fwrite
0x1800937c8 __stdio_common_vfprintf
0x1800937d0 __stdio_common_vsscanf
0x1800937d8 fread
0x1800937e0 __stdio_common_vsprintf
0x1800937e8 _wfopen
api-ms-win-crt-string-l1-1-0.dll
0x1800937f8 strncmp
0x180093800 strncpy
0x180093808 isspace
0x180093810 strcmp
0x180093818 tolower
0x180093820 isalnum
api-ms-win-crt-utility-l1-1-0.dll
0x180093830 qsort
api-ms-win-crt-heap-l1-1-0.dll
0x180093688 malloc
0x180093690 free
0x180093698 calloc
0x1800936a0 _callnewh
api-ms-win-crt-convert-l1-1-0.dll
0x180093660 strtoull
0x180093668 strtoll
0x180093670 strtod
0x180093678 atof
api-ms-win-crt-runtime-l1-1-0.dll
0x180093710 _seh_filter_dll
0x180093718 _configure_narrow_argv
0x180093720 _initialize_narrow_environment
0x180093728 _initialize_onexit_table
0x180093730 _register_onexit_function
0x180093738 _execute_onexit_table
0x180093740 _crt_atexit
0x180093748 _cexit
0x180093750 terminate
0x180093758 _initterm
0x180093760 _initterm_e
0x180093768 _resetstkoflw
0x180093770 _invalid_parameter_noinfo
0x180093778 _errno
0x180093780 _invalid_parameter_noinfo_noreturn
api-ms-win-crt-locale-l1-1-0.dll
0x1800936b0 localeconv
api-ms-win-crt-math-l1-1-0.dll
0x1800936c0 atan2f
0x1800936c8 ceilf
0x1800936d0 cosf
0x1800936d8 _dclass
0x1800936e0 powf
0x1800936e8 sinf
0x1800936f0 acosf
0x1800936f8 sqrtf
0x180093700 fmodf
EAT(Export Address Table) is none