ScreenShot
| Created | 2025.05.01 08:34 | Machine | s1_win7_x6403 |
| Filename | 123.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 41 detected (Malicious, score, FileRep, Jaik, Unsafe, SilverFox, swkah, confidence, Windows, DustyWarehouse, Farfli, MalwareX, Misc, Fragtor, AntiAV, khthkw, CLASSIC, AGEN, Static AI, Suspicious PE, Detected, Wacapew, GdSda, susgen, Manuscrypt) | ||
| md5 | 2a76c9def2e5f4d2503f1cc3ec882e4f | ||
| sha256 | a77a678b63be93410305679e884b744cf7b82479872251db400372523568bb14 | ||
| ssdeep | 12288:NLjYuY+GWBBcGbpXaRwDNIUAzmER9KHgR9uTT0n:NLUT+GWrcgpXaaDNFK9eiuTT | ||
| imphash | 35df1e9438f71df442de46ffe74e70c9 | ||
| impfuzzy | 96:fc3yaqB/yttgYDIzf+2rP8LyEUTsm/kKBt0od51Vp:03yaNj16TtBt0Mp | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1005d04c CreateToolhelp32Snapshot
0x1005d050 Process32FirstW
0x1005d054 Process32NextW
0x1005d058 CloseHandle
0x1005d05c LoadLibraryW
0x1005d060 GetProcAddress
0x1005d064 CreateFileW
0x1005d068 GetCurrentProcess
0x1005d06c lstrcpyW
0x1005d070 GetLastError
0x1005d074 HeapAlloc
0x1005d078 GetProcessHeap
0x1005d07c HeapFree
0x1005d080 OpenProcess
0x1005d084 GetDriveTypeW
0x1005d088 GetDiskFreeSpaceExW
0x1005d08c GlobalMemoryStatusEx
0x1005d090 GetSystemInfo
0x1005d094 FreeLibrary
0x1005d098 GetModuleFileNameW
0x1005d09c GetCommandLineW
0x1005d0a0 GetStartupInfoW
0x1005d0a4 CreateProcessW
0x1005d0a8 ExitProcess
0x1005d0ac WideCharToMultiByte
0x1005d0b0 CreateFileA
0x1005d0b4 DeviceIoControl
0x1005d0b8 QueryPerformanceFrequency
0x1005d0bc CreateEventW
0x1005d0c0 SetEvent
0x1005d0c4 ResetEvent
0x1005d0c8 QueryPerformanceCounter
0x1005d0cc WaitForSingleObject
0x1005d0d0 InterlockedExchange
0x1005d0d4 WriteFile
0x1005d0d8 ExpandEnvironmentStringsW
0x1005d0dc CopyFileW
0x1005d0e0 SetFileAttributesW
0x1005d0e4 GetConsoleWindow
0x1005d0e8 CreateEventA
0x1005d0ec FormatMessageW
0x1005d0f0 SetLastError
0x1005d0f4 VirtualProtect
0x1005d0f8 IsBadReadPtr
0x1005d0fc LoadLibraryA
0x1005d100 GetNativeSystemInfo
0x1005d104 CreateThread
0x1005d108 SetErrorMode
0x1005d10c SetUnhandledExceptionFilter
0x1005d110 CreateMutexW
0x1005d114 GetFileSize
0x1005d118 DeleteFileW
0x1005d11c ReleaseMutex
0x1005d120 SetFilePointer
0x1005d124 RaiseException
0x1005d128 LocalFree
0x1005d12c ReadFile
0x1005d130 LCMapStringW
0x1005d134 FlushFileBuffers
0x1005d138 SetStdHandle
0x1005d13c WriteConsoleW
0x1005d140 GetSystemTimeAsFileTime
0x1005d144 GetEnvironmentStringsW
0x1005d148 GetModuleHandleW
0x1005d14c lstrcmpW
0x1005d150 GetTickCount
0x1005d154 Sleep
0x1005d158 lstrcatW
0x1005d15c GetSystemDirectoryW
0x1005d160 GetLocaleInfoW
0x1005d164 GetLocalTime
0x1005d168 GetCurrentProcessId
0x1005d16c MultiByteToWideChar
0x1005d170 lstrlenW
0x1005d174 InterlockedDecrement
0x1005d178 VirtualAlloc
0x1005d17c LeaveCriticalSection
0x1005d180 EnterCriticalSection
0x1005d184 DeleteCriticalSection
0x1005d188 VirtualFree
0x1005d18c FreeEnvironmentStringsW
0x1005d190 GetModuleFileNameA
0x1005d194 GetFileType
0x1005d198 SetHandleCount
0x1005d19c IsValidCodePage
0x1005d1a0 GetOEMCP
0x1005d1a4 GetACP
0x1005d1a8 GetCPInfo
0x1005d1ac InitializeCriticalSectionAndSpinCount
0x1005d1b0 GetFileAttributesW
0x1005d1b4 InitializeCriticalSection
0x1005d1b8 GetCurrentThreadId
0x1005d1bc HeapCreate
0x1005d1c0 HeapDestroy
0x1005d1c4 CreateWaitableTimerW
0x1005d1c8 GetStringTypeW
0x1005d1cc HeapSize
0x1005d1d0 GetConsoleMode
0x1005d1d4 GetConsoleCP
0x1005d1d8 GetStdHandle
0x1005d1dc TlsFree
0x1005d1e0 TlsSetValue
0x1005d1e4 TlsGetValue
0x1005d1e8 TlsAlloc
0x1005d1ec IsProcessorFeaturePresent
0x1005d1f0 IsDebuggerPresent
0x1005d1f4 UnhandledExceptionFilter
0x1005d1f8 TerminateProcess
0x1005d1fc RtlUnwind
0x1005d200 GetCommandLineA
0x1005d204 HeapReAlloc
0x1005d208 ExitThread
0x1005d20c EncodePointer
0x1005d210 DecodePointer
0x1005d214 TryEnterCriticalSection
0x1005d218 CancelWaitableTimer
0x1005d21c SetWaitableTimer
0x1005d220 lstrlenA
0x1005d224 UnmapViewOfFile
0x1005d228 SwitchToThread
0x1005d22c CreateFileMappingW
0x1005d230 MapViewOfFileEx
0x1005d234 InterlockedIncrement
0x1005d238 InterlockedCompareExchange
USER32.dll
0x1005d278 PeekMessageW
0x1005d27c MsgWaitForMultipleObjects
0x1005d280 GetWindowTextW
0x1005d284 GetMonitorInfoW
0x1005d288 EnumDisplayMonitors
0x1005d28c GetForegroundWindow
0x1005d290 SendMessageW
0x1005d294 FindWindowA
0x1005d298 GetWindowTextA
0x1005d29c GetWindow
0x1005d2a0 GetClassNameA
0x1005d2a4 OpenWindowStationW
0x1005d2a8 SetProcessWindowStation
0x1005d2ac IsWindow
0x1005d2b0 GetLastInputInfo
0x1005d2b4 DispatchMessageW
0x1005d2b8 TranslateMessage
0x1005d2bc wsprintfW
ADVAPI32.dll
0x1005d000 OpenProcessToken
0x1005d004 RegSetValueExW
0x1005d008 RegCreateKeyW
0x1005d00c RegDeleteValueW
0x1005d010 RegQueryValueExW
0x1005d014 RegOpenKeyExW
0x1005d018 LookupAccountSidW
0x1005d01c GetTokenInformation
0x1005d020 GetCurrentHwProfileW
0x1005d024 FreeSid
0x1005d028 CheckTokenMembership
0x1005d02c AllocateAndInitializeSid
0x1005d030 RegCloseKey
0x1005d034 RegEnumKeyExA
0x1005d038 RegQueryInfoKeyW
0x1005d03c RegOpenKeyExA
SHELL32.dll
0x1005d260 SHGetFolderPathW
ole32.dll
0x1005d350 CoUninitialize
0x1005d354 CoInitializeEx
0x1005d358 CoInitializeSecurity
0x1005d35c CoCreateInstance
0x1005d360 CoInitialize
OLEAUT32.dll
0x1005d248 VariantInit
0x1005d24c SysFreeString
0x1005d250 SysStringLen
0x1005d254 VariantClear
0x1005d258 SysAllocString
WS2_32.dll
0x1005d2d8 getsockname
0x1005d2dc WSAAddressToStringW
0x1005d2e0 WSASetLastError
0x1005d2e4 WSAStringToAddressW
0x1005d2e8 closesocket
0x1005d2ec send
0x1005d2f0 setsockopt
0x1005d2f4 WSAIoctl
0x1005d2f8 htons
0x1005d2fc WSAGetLastError
0x1005d300 inet_ntoa
0x1005d304 gethostbyname
0x1005d308 gethostname
0x1005d30c freeaddrinfo
0x1005d310 getaddrinfo
0x1005d314 WSAStartup
0x1005d318 WSAResetEvent
0x1005d31c WSAEventSelect
0x1005d320 WSACleanup
0x1005d324 ind
0x1005d328 connect
0x1005d32c recv
0x1005d330 WSACloseEvent
0x1005d334 WSACreateEvent
0x1005d338 socket
0x1005d33c WSAEnumNetworkEvents
0x1005d340 WSAWaitForMultipleEvents
0x1005d344 shutdown
0x1005d348 ntohs
SHLWAPI.dll
0x1005d268 StrChrW
0x1005d26c StrPBrkW
0x1005d270 PathIsDirectoryA
NETAPI32.dll
0x1005d240 NetWkstaGetInfo
DINPUT8.dll
0x1005d044 DirectInput8Create
WINMM.dll
0x1005d2c4 timeGetDevCaps
0x1005d2c8 timeEndPeriod
0x1005d2cc timeBeginPeriod
0x1005d2d0 timeGetTime
EAT(Export Address Table) Library
0x10009a20 GetInstallDetailsPayload
0x10009a20 SignalChromeElf
0x10009a70 Version
0x10009950 load
0x100099c0 run
KERNEL32.dll
0x1005d04c CreateToolhelp32Snapshot
0x1005d050 Process32FirstW
0x1005d054 Process32NextW
0x1005d058 CloseHandle
0x1005d05c LoadLibraryW
0x1005d060 GetProcAddress
0x1005d064 CreateFileW
0x1005d068 GetCurrentProcess
0x1005d06c lstrcpyW
0x1005d070 GetLastError
0x1005d074 HeapAlloc
0x1005d078 GetProcessHeap
0x1005d07c HeapFree
0x1005d080 OpenProcess
0x1005d084 GetDriveTypeW
0x1005d088 GetDiskFreeSpaceExW
0x1005d08c GlobalMemoryStatusEx
0x1005d090 GetSystemInfo
0x1005d094 FreeLibrary
0x1005d098 GetModuleFileNameW
0x1005d09c GetCommandLineW
0x1005d0a0 GetStartupInfoW
0x1005d0a4 CreateProcessW
0x1005d0a8 ExitProcess
0x1005d0ac WideCharToMultiByte
0x1005d0b0 CreateFileA
0x1005d0b4 DeviceIoControl
0x1005d0b8 QueryPerformanceFrequency
0x1005d0bc CreateEventW
0x1005d0c0 SetEvent
0x1005d0c4 ResetEvent
0x1005d0c8 QueryPerformanceCounter
0x1005d0cc WaitForSingleObject
0x1005d0d0 InterlockedExchange
0x1005d0d4 WriteFile
0x1005d0d8 ExpandEnvironmentStringsW
0x1005d0dc CopyFileW
0x1005d0e0 SetFileAttributesW
0x1005d0e4 GetConsoleWindow
0x1005d0e8 CreateEventA
0x1005d0ec FormatMessageW
0x1005d0f0 SetLastError
0x1005d0f4 VirtualProtect
0x1005d0f8 IsBadReadPtr
0x1005d0fc LoadLibraryA
0x1005d100 GetNativeSystemInfo
0x1005d104 CreateThread
0x1005d108 SetErrorMode
0x1005d10c SetUnhandledExceptionFilter
0x1005d110 CreateMutexW
0x1005d114 GetFileSize
0x1005d118 DeleteFileW
0x1005d11c ReleaseMutex
0x1005d120 SetFilePointer
0x1005d124 RaiseException
0x1005d128 LocalFree
0x1005d12c ReadFile
0x1005d130 LCMapStringW
0x1005d134 FlushFileBuffers
0x1005d138 SetStdHandle
0x1005d13c WriteConsoleW
0x1005d140 GetSystemTimeAsFileTime
0x1005d144 GetEnvironmentStringsW
0x1005d148 GetModuleHandleW
0x1005d14c lstrcmpW
0x1005d150 GetTickCount
0x1005d154 Sleep
0x1005d158 lstrcatW
0x1005d15c GetSystemDirectoryW
0x1005d160 GetLocaleInfoW
0x1005d164 GetLocalTime
0x1005d168 GetCurrentProcessId
0x1005d16c MultiByteToWideChar
0x1005d170 lstrlenW
0x1005d174 InterlockedDecrement
0x1005d178 VirtualAlloc
0x1005d17c LeaveCriticalSection
0x1005d180 EnterCriticalSection
0x1005d184 DeleteCriticalSection
0x1005d188 VirtualFree
0x1005d18c FreeEnvironmentStringsW
0x1005d190 GetModuleFileNameA
0x1005d194 GetFileType
0x1005d198 SetHandleCount
0x1005d19c IsValidCodePage
0x1005d1a0 GetOEMCP
0x1005d1a4 GetACP
0x1005d1a8 GetCPInfo
0x1005d1ac InitializeCriticalSectionAndSpinCount
0x1005d1b0 GetFileAttributesW
0x1005d1b4 InitializeCriticalSection
0x1005d1b8 GetCurrentThreadId
0x1005d1bc HeapCreate
0x1005d1c0 HeapDestroy
0x1005d1c4 CreateWaitableTimerW
0x1005d1c8 GetStringTypeW
0x1005d1cc HeapSize
0x1005d1d0 GetConsoleMode
0x1005d1d4 GetConsoleCP
0x1005d1d8 GetStdHandle
0x1005d1dc TlsFree
0x1005d1e0 TlsSetValue
0x1005d1e4 TlsGetValue
0x1005d1e8 TlsAlloc
0x1005d1ec IsProcessorFeaturePresent
0x1005d1f0 IsDebuggerPresent
0x1005d1f4 UnhandledExceptionFilter
0x1005d1f8 TerminateProcess
0x1005d1fc RtlUnwind
0x1005d200 GetCommandLineA
0x1005d204 HeapReAlloc
0x1005d208 ExitThread
0x1005d20c EncodePointer
0x1005d210 DecodePointer
0x1005d214 TryEnterCriticalSection
0x1005d218 CancelWaitableTimer
0x1005d21c SetWaitableTimer
0x1005d220 lstrlenA
0x1005d224 UnmapViewOfFile
0x1005d228 SwitchToThread
0x1005d22c CreateFileMappingW
0x1005d230 MapViewOfFileEx
0x1005d234 InterlockedIncrement
0x1005d238 InterlockedCompareExchange
USER32.dll
0x1005d278 PeekMessageW
0x1005d27c MsgWaitForMultipleObjects
0x1005d280 GetWindowTextW
0x1005d284 GetMonitorInfoW
0x1005d288 EnumDisplayMonitors
0x1005d28c GetForegroundWindow
0x1005d290 SendMessageW
0x1005d294 FindWindowA
0x1005d298 GetWindowTextA
0x1005d29c GetWindow
0x1005d2a0 GetClassNameA
0x1005d2a4 OpenWindowStationW
0x1005d2a8 SetProcessWindowStation
0x1005d2ac IsWindow
0x1005d2b0 GetLastInputInfo
0x1005d2b4 DispatchMessageW
0x1005d2b8 TranslateMessage
0x1005d2bc wsprintfW
ADVAPI32.dll
0x1005d000 OpenProcessToken
0x1005d004 RegSetValueExW
0x1005d008 RegCreateKeyW
0x1005d00c RegDeleteValueW
0x1005d010 RegQueryValueExW
0x1005d014 RegOpenKeyExW
0x1005d018 LookupAccountSidW
0x1005d01c GetTokenInformation
0x1005d020 GetCurrentHwProfileW
0x1005d024 FreeSid
0x1005d028 CheckTokenMembership
0x1005d02c AllocateAndInitializeSid
0x1005d030 RegCloseKey
0x1005d034 RegEnumKeyExA
0x1005d038 RegQueryInfoKeyW
0x1005d03c RegOpenKeyExA
SHELL32.dll
0x1005d260 SHGetFolderPathW
ole32.dll
0x1005d350 CoUninitialize
0x1005d354 CoInitializeEx
0x1005d358 CoInitializeSecurity
0x1005d35c CoCreateInstance
0x1005d360 CoInitialize
OLEAUT32.dll
0x1005d248 VariantInit
0x1005d24c SysFreeString
0x1005d250 SysStringLen
0x1005d254 VariantClear
0x1005d258 SysAllocString
WS2_32.dll
0x1005d2d8 getsockname
0x1005d2dc WSAAddressToStringW
0x1005d2e0 WSASetLastError
0x1005d2e4 WSAStringToAddressW
0x1005d2e8 closesocket
0x1005d2ec send
0x1005d2f0 setsockopt
0x1005d2f4 WSAIoctl
0x1005d2f8 htons
0x1005d2fc WSAGetLastError
0x1005d300 inet_ntoa
0x1005d304 gethostbyname
0x1005d308 gethostname
0x1005d30c freeaddrinfo
0x1005d310 getaddrinfo
0x1005d314 WSAStartup
0x1005d318 WSAResetEvent
0x1005d31c WSAEventSelect
0x1005d320 WSACleanup
0x1005d324 ind
0x1005d328 connect
0x1005d32c recv
0x1005d330 WSACloseEvent
0x1005d334 WSACreateEvent
0x1005d338 socket
0x1005d33c WSAEnumNetworkEvents
0x1005d340 WSAWaitForMultipleEvents
0x1005d344 shutdown
0x1005d348 ntohs
SHLWAPI.dll
0x1005d268 StrChrW
0x1005d26c StrPBrkW
0x1005d270 PathIsDirectoryA
NETAPI32.dll
0x1005d240 NetWkstaGetInfo
DINPUT8.dll
0x1005d044 DirectInput8Create
WINMM.dll
0x1005d2c4 timeGetDevCaps
0x1005d2c8 timeEndPeriod
0x1005d2cc timeBeginPeriod
0x1005d2d0 timeGetTime
EAT(Export Address Table) Library
0x10009a20 GetInstallDetailsPayload
0x10009a20 SignalChromeElf
0x10009a70 Version
0x10009950 load
0x100099c0 run