ScreenShot
| Created | 2025.04.21 13:29 | Machine | s1_win7_x6403 |
| Filename | rref.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 61 detected (AIDetectMalware, mtwx, Malicious, score, Lockbit, S30100487, BlackMatter, Unsafe, Save, LockBit30, confidence, 100%, Vundo, Windows, Ransomware, Filecoder, MalwareX, Lazy, ccmw, CLASSIC, EPACK, Gen2, SMYXDLK, high, Static AI, Suspicious PE, hopdl, Detected, ABRansom, QJML, R521854, GenericRXUJ, FileEncryptor, GdSda, Gencirc, x1glab) | ||
| md5 | f5b8403563561a9c385590801f577396 | ||
| sha256 | b582f63e5d9d5b24515f509983309a13217f925fcaa9252e4193973a05346b8c | ||
| ssdeep | 1536:EzICS4A30TY1kUS/U2ztdS1I6DdL9Ta1axd2MlsHod2GT60s7c:LJ0TYyUS/U2RgGWL9+cxE8bT60s7 | ||
| imphash | 07530c85f3bf8d18d55bc566a43ea905 | ||
| impfuzzy | 12:XC78MX9rBFJN/mlAaBES6UX1JzeDoKJa0e:XwX/FJN/KAaBES6UFJzeDTav | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 61 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | BlackMatter_Ransomware_IN | BlackMatter Ransomware | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
gdi32.dll
0x1001204c CreateSolidBrush
0x10012050 TextOutW
0x10012054 SetTextColor
0x10012058 SetDCBrushColor
0x1001205c GetPixel
0x10012060 GetDeviceCaps
0x10012064 CreateFontW
USER32.dll
0x1001202c GetMessageW
0x10012030 IsDlgButtonChecked
0x10012034 LoadImageW
0x10012038 DefWindowProcW
0x1001203c CreateMenu
0x10012040 CreateWindowExW
0x10012044 DialogBoxParamW
KERNEL32.dll
0x10012000 GetAtomNameW
0x10012004 SetLastError
0x10012008 GetTickCount
0x1001200c GetProcAddress
0x10012010 GetModuleHandleW
0x10012014 GetModuleHandleA
0x10012018 GetLocaleInfoW
0x1001201c GetLastError
0x10012020 FreeLibrary
0x10012024 GetFileAttributesW
EAT(Export Address Table) is none
gdi32.dll
0x1001204c CreateSolidBrush
0x10012050 TextOutW
0x10012054 SetTextColor
0x10012058 SetDCBrushColor
0x1001205c GetPixel
0x10012060 GetDeviceCaps
0x10012064 CreateFontW
USER32.dll
0x1001202c GetMessageW
0x10012030 IsDlgButtonChecked
0x10012034 LoadImageW
0x10012038 DefWindowProcW
0x1001203c CreateMenu
0x10012040 CreateWindowExW
0x10012044 DialogBoxParamW
KERNEL32.dll
0x10012000 GetAtomNameW
0x10012004 SetLastError
0x10012008 GetTickCount
0x1001200c GetProcAddress
0x10012010 GetModuleHandleW
0x10012014 GetModuleHandleA
0x10012018 GetLocaleInfoW
0x1001201c GetLastError
0x10012020 FreeLibrary
0x10012024 GetFileAttributesW
EAT(Export Address Table) is none