ScreenShot
| Created | 2025.04.28 09:06 | Machine | s1_win7_x6401 |
| Filename | WWLIB.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (Malicious, score, Dllhijacker, Fragtor, Unsafe, Shellcoderunner, Vizm, confidence, 100%, Attribute, HighConfidence, moderate confidence, MalwareX, Kryptik@AI, RDML, B9i4+D8kJDYQC6H, 9QK1AA, Redcap, bmerb, Detected, GrayWare, Wacapew, Malware@#2y0400l2876my, Wacatac, ABApplication, DTDD, Artemis, Chgt, R002H09DO25, Gencirc, Pjgl) | ||
| md5 | c6dde31a037cbe64c608b053de821d5b | ||
| sha256 | 19c20a75582a9be0b017cb3c208aa5222344e9173216125bae5297cab4c67a84 | ||
| ssdeep | 3072:4//0pc30jAF9lmTYZxC1NrH744XYLtFweIwmOO6QWtOYJXOAg0FujpEp7bL:4HvJiYedH7zYLvweIHOO++AOQHL | ||
| imphash | 14a2adc03064e8584e3f34d28cd3b857 | ||
| impfuzzy | 24:uDscpVWjfS1jtbG0lJBl39roC4ZXvAGMAkpOovbOPZb:HcpVwfS1jtbGOpZyZ/V3B | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x10022000 CreateProcessA
0x10022004 GetModuleFileNameA
0x10022008 GetProcAddress
0x1002200c SetEndOfFile
0x10022010 EnterCriticalSection
0x10022014 LeaveCriticalSection
0x10022018 InitializeCriticalSectionEx
0x1002201c DeleteCriticalSection
0x10022020 EncodePointer
0x10022024 DecodePointer
0x10022028 MultiByteToWideChar
0x1002202c WideCharToMultiByte
0x10022030 LCMapStringEx
0x10022034 GetStringTypeW
0x10022038 GetCPInfo
0x1002203c IsProcessorFeaturePresent
0x10022040 QueryPerformanceCounter
0x10022044 GetCurrentProcessId
0x10022048 GetCurrentThreadId
0x1002204c GetSystemTimeAsFileTime
0x10022050 InitializeSListHead
0x10022054 IsDebuggerPresent
0x10022058 UnhandledExceptionFilter
0x1002205c SetUnhandledExceptionFilter
0x10022060 GetStartupInfoW
0x10022064 GetModuleHandleW
0x10022068 GetCurrentProcess
0x1002206c TerminateProcess
0x10022070 RaiseException
0x10022074 RtlUnwind
0x10022078 InterlockedFlushSList
0x1002207c GetLastError
0x10022080 SetLastError
0x10022084 InitializeCriticalSectionAndSpinCount
0x10022088 TlsAlloc
0x1002208c TlsGetValue
0x10022090 TlsSetValue
0x10022094 TlsFree
0x10022098 FreeLibrary
0x1002209c LoadLibraryExW
0x100220a0 ExitProcess
0x100220a4 GetModuleHandleExW
0x100220a8 GetModuleFileNameW
0x100220ac HeapFree
0x100220b0 HeapAlloc
0x100220b4 LCMapStringW
0x100220b8 GetLocaleInfoW
0x100220bc IsValidLocale
0x100220c0 GetUserDefaultLCID
0x100220c4 EnumSystemLocalesW
0x100220c8 GetStdHandle
0x100220cc GetFileType
0x100220d0 CloseHandle
0x100220d4 FlushFileBuffers
0x100220d8 WriteFile
0x100220dc GetConsoleOutputCP
0x100220e0 GetConsoleMode
0x100220e4 ReadFile
0x100220e8 GetFileSizeEx
0x100220ec SetFilePointerEx
0x100220f0 ReadConsoleW
0x100220f4 HeapReAlloc
0x100220f8 FindClose
0x100220fc FindFirstFileExW
0x10022100 FindNextFileW
0x10022104 IsValidCodePage
0x10022108 GetACP
0x1002210c GetOEMCP
0x10022110 GetCommandLineA
0x10022114 GetCommandLineW
0x10022118 GetEnvironmentStringsW
0x1002211c FreeEnvironmentStringsW
0x10022120 GetProcessHeap
0x10022124 SetStdHandle
0x10022128 CreateFileW
0x1002212c HeapSize
0x10022130 WriteConsoleW
EAT(Export Address Table) Library
0x10001070 DllCanUnloadNow
0x10001070 DllGetClassObject
0x10001070 DllGetLCID
0x10001070 DllMain
0x10001070 FMain
0x10001070 _GetAllocCounters@0
0x10001070 wdCommandDispatch
0x10001070 wdGetApplicationObject
KERNEL32.dll
0x10022000 CreateProcessA
0x10022004 GetModuleFileNameA
0x10022008 GetProcAddress
0x1002200c SetEndOfFile
0x10022010 EnterCriticalSection
0x10022014 LeaveCriticalSection
0x10022018 InitializeCriticalSectionEx
0x1002201c DeleteCriticalSection
0x10022020 EncodePointer
0x10022024 DecodePointer
0x10022028 MultiByteToWideChar
0x1002202c WideCharToMultiByte
0x10022030 LCMapStringEx
0x10022034 GetStringTypeW
0x10022038 GetCPInfo
0x1002203c IsProcessorFeaturePresent
0x10022040 QueryPerformanceCounter
0x10022044 GetCurrentProcessId
0x10022048 GetCurrentThreadId
0x1002204c GetSystemTimeAsFileTime
0x10022050 InitializeSListHead
0x10022054 IsDebuggerPresent
0x10022058 UnhandledExceptionFilter
0x1002205c SetUnhandledExceptionFilter
0x10022060 GetStartupInfoW
0x10022064 GetModuleHandleW
0x10022068 GetCurrentProcess
0x1002206c TerminateProcess
0x10022070 RaiseException
0x10022074 RtlUnwind
0x10022078 InterlockedFlushSList
0x1002207c GetLastError
0x10022080 SetLastError
0x10022084 InitializeCriticalSectionAndSpinCount
0x10022088 TlsAlloc
0x1002208c TlsGetValue
0x10022090 TlsSetValue
0x10022094 TlsFree
0x10022098 FreeLibrary
0x1002209c LoadLibraryExW
0x100220a0 ExitProcess
0x100220a4 GetModuleHandleExW
0x100220a8 GetModuleFileNameW
0x100220ac HeapFree
0x100220b0 HeapAlloc
0x100220b4 LCMapStringW
0x100220b8 GetLocaleInfoW
0x100220bc IsValidLocale
0x100220c0 GetUserDefaultLCID
0x100220c4 EnumSystemLocalesW
0x100220c8 GetStdHandle
0x100220cc GetFileType
0x100220d0 CloseHandle
0x100220d4 FlushFileBuffers
0x100220d8 WriteFile
0x100220dc GetConsoleOutputCP
0x100220e0 GetConsoleMode
0x100220e4 ReadFile
0x100220e8 GetFileSizeEx
0x100220ec SetFilePointerEx
0x100220f0 ReadConsoleW
0x100220f4 HeapReAlloc
0x100220f8 FindClose
0x100220fc FindFirstFileExW
0x10022100 FindNextFileW
0x10022104 IsValidCodePage
0x10022108 GetACP
0x1002210c GetOEMCP
0x10022110 GetCommandLineA
0x10022114 GetCommandLineW
0x10022118 GetEnvironmentStringsW
0x1002211c FreeEnvironmentStringsW
0x10022120 GetProcessHeap
0x10022124 SetStdHandle
0x10022128 CreateFileW
0x1002212c HeapSize
0x10022130 WriteConsoleW
EAT(Export Address Table) Library
0x10001070 DllCanUnloadNow
0x10001070 DllGetClassObject
0x10001070 DllGetLCID
0x10001070 DllMain
0x10001070 FMain
0x10001070 _GetAllocCounters@0
0x10001070 wdCommandDispatch
0x10001070 wdGetApplicationObject