ScreenShot
| Created | 2025.04.08 05:19 | Machine | s1_win7_x6401 |
| Filename | tssysprep.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | e59a1f8f4039ee8470009ef03a5cd292 | ||
| sha256 | 288da46cbf4aa6e74d650c31a50771afcac499ffc76c349153cceccd317cbb4f | ||
| ssdeep | 768:Io3pL/sVYzfwoWjIEQFOY+yBoGrAHCFcmlNPdHwvYXzl0MyxbgrxVH:IgLGbHBmlPD+HZgrxJ | ||
| imphash | e16a254190b5318d0665c0fdf2746840 | ||
| impfuzzy | 96:ouXajVljVrqnabuL76U4q1jVlXYi8v3GgvQmjmEK1CvKyVvu/Ol0Gn:ouXaHB25LmS1zyTOsLu4Xn | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x18000af10 _snwprintf_s
0x18000af18 ??3@YAXPEAX@Z
0x18000af20 _vsnwprintf_s
0x18000af28 ??1type_info@@UEAA@XZ
0x18000af30 _callnewh
0x18000af38 _purecall
0x18000af40 ??0exception@@QEAA@AEBQEBD@Z
0x18000af48 ??0exception@@QEAA@AEBQEBDH@Z
0x18000af50 ??1exception@@UEAA@XZ
0x18000af58 ?what@exception@@UEBAPEBDXZ
0x18000af60 _CxxThrowException
0x18000af68 memcpy
0x18000af70 memmove
0x18000af78 ??_V@YAXPEAX@Z
0x18000af80 _onexit
0x18000af88 __dllonexit
0x18000af90 _unlock
0x18000af98 _lock
0x18000afa0 __C_specific_handler
0x18000afa8 _initterm
0x18000afb0 malloc
0x18000afb8 free
0x18000afc0 _amsg_exit
0x18000afc8 _XcptFilter
0x18000afd0 ??0exception@@QEAA@AEBV0@@Z
0x18000afd8 __CxxFrameHandler3
0x18000afe0 memset
WDSCORE.dll
0x18000aec8 CurrentIP
0x18000aed0 WdsSetupLogMessageW
0x18000aed8 ConstructPartialMsgVW
ntdll.dll
0x18000aff0 RtlCaptureContext
0x18000aff8 RtlVirtualUnwind
0x18000b000 RtlLookupFunctionEntry
KERNEL32.dll
0x18000ad58 GetSystemFirmwareTable
0x18000ad60 GetLastError
0x18000ad68 Sleep
0x18000ad70 TerminateProcess
0x18000ad78 GetCurrentProcess
0x18000ad80 SetUnhandledExceptionFilter
0x18000ad88 WideCharToMultiByte
0x18000ad90 UnhandledExceptionFilter
0x18000ad98 GetTickCount
0x18000ada0 GetSystemTimeAsFileTime
0x18000ada8 GetCurrentThreadId
0x18000adb0 GetCurrentProcessId
0x18000adb8 QueryPerformanceCounter
0x18000adc0 LocalFree
0x18000adc8 SetLastError
0x18000add0 OutputDebugStringW
0x18000add8 LoadLibraryW
0x18000ade0 GetProcAddress
0x18000ade8 FreeLibrary
0x18000adf0 CloseHandle
0x18000adf8 RaiseException
0x18000ae00 WriteFile
0x18000ae08 SetFilePointer
0x18000ae10 CreateFileW
0x18000ae18 GetVersionExW
CRYPT32.dll
0x18000ad20 CertCloseStore
0x18000ad28 CertFindCertificateInStore
0x18000ad30 CertOpenStore
0x18000ad38 CertDeleteCertificateFromStore
SHLWAPI.dll
0x18000aea8 SHGetValueW
0x18000aeb0 SHDeleteKeyW
0x18000aeb8 SHDeleteValueW
api-ms-win-core-com-l1-1-0.dll
0x18000aee8 CoUninitialize
0x18000aef0 CoCreateInstance
0x18000aef8 CoSetProxyBlanket
0x18000af00 CoInitializeEx
ADVAPI32.dll
0x18000abf8 GetAclInformation
0x18000ac00 GetAce
0x18000ac08 EqualSid
0x18000ac10 DeleteAce
0x18000ac18 InitializeSecurityDescriptor
0x18000ac20 SetSecurityDescriptorControl
0x18000ac28 RegDeleteKeyW
0x18000ac30 RegEnumKeyExW
0x18000ac38 GetSecurityDescriptorLength
0x18000ac40 RegQueryInfoKeyW
0x18000ac48 GetSecurityDescriptorDacl
0x18000ac50 SetSecurityDescriptorDacl
0x18000ac58 RegOpenKeyExW
0x18000ac60 RegCloseKey
0x18000ac68 RegCreateKeyExW
0x18000ac70 RegSetValueExW
0x18000ac78 GetTokenInformation
0x18000ac80 SetSecurityDescriptorGroup
0x18000ac88 MakeAbsoluteSD
0x18000ac90 MakeSelfRelativeSD
0x18000ac98 RegQueryValueExW
0x18000aca0 AddAccessAllowedAce
0x18000aca8 IsValidAcl
0x18000acb0 GetLengthSid
0x18000acb8 AddAccessAllowedAceEx
0x18000acc0 InitializeAcl
0x18000acc8 FreeSid
0x18000acd0 OpenProcessToken
0x18000acd8 IsValidSecurityDescriptor
0x18000ace0 AddAce
0x18000ace8 GetSecurityDescriptorOwner
0x18000acf0 GetSecurityDescriptorGroup
0x18000acf8 AllocateAndInitializeSid
0x18000ad00 SetSecurityDescriptorOwner
0x18000ad08 GetSecurityDescriptorSacl
0x18000ad10 RegDeleteValueW
OLEAUT32.dll
0x18000ae28 SysFreeString
0x18000ae30 SafeArrayUnlock
0x18000ae38 SafeArrayGetUBound
0x18000ae40 VariantInit
0x18000ae48 SafeArrayDestroy
0x18000ae50 SafeArrayRedim
0x18000ae58 VariantClear
0x18000ae60 SafeArrayAccessData
0x18000ae68 SafeArrayCreate
0x18000ae70 SafeArrayUnaccessData
0x18000ae78 SafeArrayLock
0x18000ae80 SysAllocString
0x18000ae88 SafeArrayGetVartype
0x18000ae90 SafeArrayCopy
0x18000ae98 SafeArrayGetLBound
CRYPTBASE.dll
0x18000ad48 SystemFunction036
EAT(Export Address Table) Library
0x1800024b0 AppsrvSysPrepGeneralize
0x1800029a0 AppsrvSysPrepSpecializeOffline
0x180002b80 AppsrvSysPrepSpecializeOnline
0x180002e50 CBrokerSysPrepGeneralize
0x180003340 CBrokerSysPrepSpecializeOffline
0x180003520 CBrokerSysPrepSpecializeOnline
0x180003820 LSMSysPrepBackup
0x1800039f0 LSMSysPrepRestoreOffline
0x180003bb0 LSMSysPrepRestoreOnline
0x180003d70 RCMSysPrepGeneralize
0x180003f20 RdpSysPrepGeneralize
0x1800040f0 RdpSysPrepRestoreOffline
0x1800043d0 RdpSysPrepRestoreOnline
msvcrt.dll
0x18000af10 _snwprintf_s
0x18000af18 ??3@YAXPEAX@Z
0x18000af20 _vsnwprintf_s
0x18000af28 ??1type_info@@UEAA@XZ
0x18000af30 _callnewh
0x18000af38 _purecall
0x18000af40 ??0exception@@QEAA@AEBQEBD@Z
0x18000af48 ??0exception@@QEAA@AEBQEBDH@Z
0x18000af50 ??1exception@@UEAA@XZ
0x18000af58 ?what@exception@@UEBAPEBDXZ
0x18000af60 _CxxThrowException
0x18000af68 memcpy
0x18000af70 memmove
0x18000af78 ??_V@YAXPEAX@Z
0x18000af80 _onexit
0x18000af88 __dllonexit
0x18000af90 _unlock
0x18000af98 _lock
0x18000afa0 __C_specific_handler
0x18000afa8 _initterm
0x18000afb0 malloc
0x18000afb8 free
0x18000afc0 _amsg_exit
0x18000afc8 _XcptFilter
0x18000afd0 ??0exception@@QEAA@AEBV0@@Z
0x18000afd8 __CxxFrameHandler3
0x18000afe0 memset
WDSCORE.dll
0x18000aec8 CurrentIP
0x18000aed0 WdsSetupLogMessageW
0x18000aed8 ConstructPartialMsgVW
ntdll.dll
0x18000aff0 RtlCaptureContext
0x18000aff8 RtlVirtualUnwind
0x18000b000 RtlLookupFunctionEntry
KERNEL32.dll
0x18000ad58 GetSystemFirmwareTable
0x18000ad60 GetLastError
0x18000ad68 Sleep
0x18000ad70 TerminateProcess
0x18000ad78 GetCurrentProcess
0x18000ad80 SetUnhandledExceptionFilter
0x18000ad88 WideCharToMultiByte
0x18000ad90 UnhandledExceptionFilter
0x18000ad98 GetTickCount
0x18000ada0 GetSystemTimeAsFileTime
0x18000ada8 GetCurrentThreadId
0x18000adb0 GetCurrentProcessId
0x18000adb8 QueryPerformanceCounter
0x18000adc0 LocalFree
0x18000adc8 SetLastError
0x18000add0 OutputDebugStringW
0x18000add8 LoadLibraryW
0x18000ade0 GetProcAddress
0x18000ade8 FreeLibrary
0x18000adf0 CloseHandle
0x18000adf8 RaiseException
0x18000ae00 WriteFile
0x18000ae08 SetFilePointer
0x18000ae10 CreateFileW
0x18000ae18 GetVersionExW
CRYPT32.dll
0x18000ad20 CertCloseStore
0x18000ad28 CertFindCertificateInStore
0x18000ad30 CertOpenStore
0x18000ad38 CertDeleteCertificateFromStore
SHLWAPI.dll
0x18000aea8 SHGetValueW
0x18000aeb0 SHDeleteKeyW
0x18000aeb8 SHDeleteValueW
api-ms-win-core-com-l1-1-0.dll
0x18000aee8 CoUninitialize
0x18000aef0 CoCreateInstance
0x18000aef8 CoSetProxyBlanket
0x18000af00 CoInitializeEx
ADVAPI32.dll
0x18000abf8 GetAclInformation
0x18000ac00 GetAce
0x18000ac08 EqualSid
0x18000ac10 DeleteAce
0x18000ac18 InitializeSecurityDescriptor
0x18000ac20 SetSecurityDescriptorControl
0x18000ac28 RegDeleteKeyW
0x18000ac30 RegEnumKeyExW
0x18000ac38 GetSecurityDescriptorLength
0x18000ac40 RegQueryInfoKeyW
0x18000ac48 GetSecurityDescriptorDacl
0x18000ac50 SetSecurityDescriptorDacl
0x18000ac58 RegOpenKeyExW
0x18000ac60 RegCloseKey
0x18000ac68 RegCreateKeyExW
0x18000ac70 RegSetValueExW
0x18000ac78 GetTokenInformation
0x18000ac80 SetSecurityDescriptorGroup
0x18000ac88 MakeAbsoluteSD
0x18000ac90 MakeSelfRelativeSD
0x18000ac98 RegQueryValueExW
0x18000aca0 AddAccessAllowedAce
0x18000aca8 IsValidAcl
0x18000acb0 GetLengthSid
0x18000acb8 AddAccessAllowedAceEx
0x18000acc0 InitializeAcl
0x18000acc8 FreeSid
0x18000acd0 OpenProcessToken
0x18000acd8 IsValidSecurityDescriptor
0x18000ace0 AddAce
0x18000ace8 GetSecurityDescriptorOwner
0x18000acf0 GetSecurityDescriptorGroup
0x18000acf8 AllocateAndInitializeSid
0x18000ad00 SetSecurityDescriptorOwner
0x18000ad08 GetSecurityDescriptorSacl
0x18000ad10 RegDeleteValueW
OLEAUT32.dll
0x18000ae28 SysFreeString
0x18000ae30 SafeArrayUnlock
0x18000ae38 SafeArrayGetUBound
0x18000ae40 VariantInit
0x18000ae48 SafeArrayDestroy
0x18000ae50 SafeArrayRedim
0x18000ae58 VariantClear
0x18000ae60 SafeArrayAccessData
0x18000ae68 SafeArrayCreate
0x18000ae70 SafeArrayUnaccessData
0x18000ae78 SafeArrayLock
0x18000ae80 SysAllocString
0x18000ae88 SafeArrayGetVartype
0x18000ae90 SafeArrayCopy
0x18000ae98 SafeArrayGetLBound
CRYPTBASE.dll
0x18000ad48 SystemFunction036
EAT(Export Address Table) Library
0x1800024b0 AppsrvSysPrepGeneralize
0x1800029a0 AppsrvSysPrepSpecializeOffline
0x180002b80 AppsrvSysPrepSpecializeOnline
0x180002e50 CBrokerSysPrepGeneralize
0x180003340 CBrokerSysPrepSpecializeOffline
0x180003520 CBrokerSysPrepSpecializeOnline
0x180003820 LSMSysPrepBackup
0x1800039f0 LSMSysPrepRestoreOffline
0x180003bb0 LSMSysPrepRestoreOnline
0x180003d70 RCMSysPrepGeneralize
0x180003f20 RdpSysPrepGeneralize
0x1800040f0 RdpSysPrepRestoreOffline
0x1800043d0 RdpSysPrepRestoreOnline