Report - mon93.dll

ScreenShot

Info
Location map


Created	2021.03.21 10:01	Machine	s1_win7_x6402
Filename	mon93.dll
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
AI Score	6	Behavior Score	1.6
ZERO API	file : malware
VT API (file)	45 detected (Trick, GenericKD, Trickpak, GenericRXAA, Unsafe, TrickBot, malicious, confidence, 100%, GenKryptik, FCIV, inpyrw, Gencirc, Kryptik, hcbql, R002C0DC621, Emotet, score, ai score=99, Ms4A7Uf2pEV, o9gPKtvEnL8, Krypt, GdSda, HgkASQAA)
md5	0146eb52e4aee5da7c191971c99cb79b
sha256	057f4d75fd224f7f149dca7b203d4357631e6594a7a74ad86b95ad80bb3a4c52
ssdeep	12288:3hm3t/45Iz5tby4y9MVjW/xk1qQcWbob8TM6ecBaJeb3Z7wqjG:R+/4Yxj4xkkCRQyBWG75G
imphash	d32b4b1906fa2ea31b12c4d6e80d5b9d
impfuzzy	192:7tKlhJLmFAYZfPbU7ah2H93h7F55hcRcfc72cCiX:ElH4AYk3HzhEwWX

Network IP location

Signature (3cnts)

Level	Description
danger	File has been identified by 45 AntiVirus engines on VirusTotal as malicious
info	The executable uses a known packer
info	The file contains an unknown PE resource name possibly indicative of a packer

Rules (13cnts)

Level	Name	Description	Collection
info	IsDLL	(no description)	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check Signature Zero	binaries (upload)
info	PE_Header_Zero	PE File Signature Zero	binaries (upload)
info	HasDebugData	DebugData Check	binaries (upload)
info	HasOverlay	Overlay Check	binaries (upload)
info	HasRichSignature	Rich Signature Check	binaries (upload)
info	IsWindowsGUI	(no description)	binaries (upload)
info	keylogger	Run a keylogger	binaries (upload)
info	screenshot	Take screenshot	binaries (upload)
info	win_files_operation	Affect private profile	binaries (upload)
info	win_private_profile	Affect private profile	binaries (upload)
info	win_registry	Affect system registries	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure