ScreenShot
Created | 2021.03.21 10:01 | Machine | s1_win7_x6402 |
Filename | mon93.dll | ||
Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 45 detected (Trick, GenericKD, Trickpak, GenericRXAA, Unsafe, TrickBot, malicious, confidence, 100%, GenKryptik, FCIV, inpyrw, Gencirc, Kryptik, hcbql, R002C0DC621, Emotet, score, ai score=99, Ms4A7Uf2pEV, o9gPKtvEnL8, Krypt, GdSda, HgkASQAA) | ||
md5 | 0146eb52e4aee5da7c191971c99cb79b | ||
sha256 | 057f4d75fd224f7f149dca7b203d4357631e6594a7a74ad86b95ad80bb3a4c52 | ||
ssdeep | 12288:3hm3t/45Iz5tby4y9MVjW/xk1qQcWbob8TM6ecBaJeb3Z7wqjG:R+/4Yxj4xkkCRQyBWG75G | ||
imphash | d32b4b1906fa2ea31b12c4d6e80d5b9d | ||
impfuzzy | 192:7tKlhJLmFAYZfPbU7ah2H93h7F55hcRcfc72cCiX:ElH4AYk3HzhEwWX |
Network IP location
Signature (3cnts)
Level | Description |
---|---|
danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
info | The executable uses a known packer |
info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (13cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsDLL | (no description) | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
info | HasDebugData | DebugData Check | binaries (upload) |
info | HasOverlay | Overlay Check | binaries (upload) |
info | HasRichSignature | Rich Signature Check | binaries (upload) |
info | IsWindowsGUI | (no description) | binaries (upload) |
info | keylogger | Run a keylogger | binaries (upload) |
info | screenshot | Take screenshot | binaries (upload) |
info | win_files_operation | Affect private profile | binaries (upload) |
info | win_private_profile | Affect private profile | binaries (upload) |
info | win_registry | Affect system registries | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|