ScreenShot
| Created | 2021.03.21 19:02 | Machine | s1_win7_x6402 |
| Filename | dl2.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (Artemis, malicious, confidence, a variant of Generik, FIIMZXO, BAZARLOADER, FAIR, CrypterX, Wacatac, score, Undefined, CLOUD, Generik, HgEASRIA) | ||
| md5 | 900bcb73268ea52cd6ea935e2b250453 | ||
| sha256 | 98cbdd45b45679061e3a3741cc2a32ef8abbc599de118a4604cff54b528cdaf3 | ||
| ssdeep | 12288:HHU60lYcwWYPfdHQkqy8qGvkD/+GcMI+zo3Tx/qAnNtN:H060RbUQkqy8qcIWGcMZza9/Bn5 | ||
| imphash | 16e250c65701cc465de4f160e736e7b5 | ||
| impfuzzy | 48:hKA/SvjS5SY+nB6Uy8RzBuc+U8tMSa7BggJnkZq:hoDQc+U8tMSa7BggJkq | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasRichSignature | Rich Signature Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x1400b8268 DefWindowProcW
0x1400b8270 DestroyWindow
0x1400b8278 EndDialog
0x1400b8280 LoadStringW
0x1400b8288 EndPaint
0x1400b8290 LoadIconW
0x1400b8298 LoadCursorW
0x1400b82a0 PostQuitMessage
0x1400b82a8 DialogBoxParamW
0x1400b82b0 BeginPaint
KERNEL32.dll
0x1400b8000 GetCurrentThreadId
0x1400b8008 WriteConsoleW
0x1400b8010 CreateFileW
0x1400b8018 HeapSize
0x1400b8020 GetProcessHeap
0x1400b8028 SetStdHandle
0x1400b8030 FreeEnvironmentStringsW
0x1400b8038 GetEnvironmentStringsW
0x1400b8040 GetCommandLineW
0x1400b8048 GetCommandLineA
0x1400b8050 GetOEMCP
0x1400b8058 GetACP
0x1400b8060 IsValidCodePage
0x1400b8068 FindNextFileW
0x1400b8070 FindFirstFileExW
0x1400b8078 FindClose
0x1400b8080 HeapReAlloc
0x1400b8088 WideCharToMultiByte
0x1400b8090 EnterCriticalSection
0x1400b8098 LeaveCriticalSection
0x1400b80a0 DeleteCriticalSection
0x1400b80a8 EncodePointer
0x1400b80b0 DecodePointer
0x1400b80b8 MultiByteToWideChar
0x1400b80c0 SetLastError
0x1400b80c8 InitializeCriticalSectionAndSpinCount
0x1400b80d0 TlsAlloc
0x1400b80d8 TlsGetValue
0x1400b80e0 TlsSetValue
0x1400b80e8 TlsFree
0x1400b80f0 GetSystemTimeAsFileTime
0x1400b80f8 GetModuleHandleW
0x1400b8100 GetProcAddress
0x1400b8108 LCMapStringW
0x1400b8110 GetLocaleInfoW
0x1400b8118 GetStringTypeW
0x1400b8120 GetCPInfo
0x1400b8128 RtlCaptureContext
0x1400b8130 RtlLookupFunctionEntry
0x1400b8138 RtlVirtualUnwind
0x1400b8140 UnhandledExceptionFilter
0x1400b8148 SetUnhandledExceptionFilter
0x1400b8150 GetCurrentProcess
0x1400b8158 TerminateProcess
0x1400b8160 IsProcessorFeaturePresent
0x1400b8168 QueryPerformanceCounter
0x1400b8170 GetCurrentProcessId
0x1400b8178 RtlUnwind
0x1400b8180 InitializeSListHead
0x1400b8188 IsDebuggerPresent
0x1400b8190 GetStartupInfoW
0x1400b8198 RtlUnwindEx
0x1400b81a0 RtlPcToFileHeader
0x1400b81a8 RaiseException
0x1400b81b0 GetLastError
0x1400b81b8 FreeLibrary
0x1400b81c0 LoadLibraryExW
0x1400b81c8 GetStdHandle
0x1400b81d0 WriteFile
0x1400b81d8 GetModuleFileNameW
0x1400b81e0 ExitProcess
0x1400b81e8 GetModuleHandleExW
0x1400b81f0 HeapAlloc
0x1400b81f8 HeapFree
0x1400b8200 GetFileType
0x1400b8208 IsValidLocale
0x1400b8210 GetUserDefaultLCID
0x1400b8218 EnumSystemLocalesW
0x1400b8220 CloseHandle
0x1400b8228 FlushFileBuffers
0x1400b8230 GetConsoleCP
0x1400b8238 GetConsoleMode
0x1400b8240 ReadFile
0x1400b8248 GetFileSizeEx
0x1400b8250 SetFilePointerEx
0x1400b8258 ReadConsoleW
EAT(Export Address Table) is none
USER32.dll
0x1400b8268 DefWindowProcW
0x1400b8270 DestroyWindow
0x1400b8278 EndDialog
0x1400b8280 LoadStringW
0x1400b8288 EndPaint
0x1400b8290 LoadIconW
0x1400b8298 LoadCursorW
0x1400b82a0 PostQuitMessage
0x1400b82a8 DialogBoxParamW
0x1400b82b0 BeginPaint
KERNEL32.dll
0x1400b8000 GetCurrentThreadId
0x1400b8008 WriteConsoleW
0x1400b8010 CreateFileW
0x1400b8018 HeapSize
0x1400b8020 GetProcessHeap
0x1400b8028 SetStdHandle
0x1400b8030 FreeEnvironmentStringsW
0x1400b8038 GetEnvironmentStringsW
0x1400b8040 GetCommandLineW
0x1400b8048 GetCommandLineA
0x1400b8050 GetOEMCP
0x1400b8058 GetACP
0x1400b8060 IsValidCodePage
0x1400b8068 FindNextFileW
0x1400b8070 FindFirstFileExW
0x1400b8078 FindClose
0x1400b8080 HeapReAlloc
0x1400b8088 WideCharToMultiByte
0x1400b8090 EnterCriticalSection
0x1400b8098 LeaveCriticalSection
0x1400b80a0 DeleteCriticalSection
0x1400b80a8 EncodePointer
0x1400b80b0 DecodePointer
0x1400b80b8 MultiByteToWideChar
0x1400b80c0 SetLastError
0x1400b80c8 InitializeCriticalSectionAndSpinCount
0x1400b80d0 TlsAlloc
0x1400b80d8 TlsGetValue
0x1400b80e0 TlsSetValue
0x1400b80e8 TlsFree
0x1400b80f0 GetSystemTimeAsFileTime
0x1400b80f8 GetModuleHandleW
0x1400b8100 GetProcAddress
0x1400b8108 LCMapStringW
0x1400b8110 GetLocaleInfoW
0x1400b8118 GetStringTypeW
0x1400b8120 GetCPInfo
0x1400b8128 RtlCaptureContext
0x1400b8130 RtlLookupFunctionEntry
0x1400b8138 RtlVirtualUnwind
0x1400b8140 UnhandledExceptionFilter
0x1400b8148 SetUnhandledExceptionFilter
0x1400b8150 GetCurrentProcess
0x1400b8158 TerminateProcess
0x1400b8160 IsProcessorFeaturePresent
0x1400b8168 QueryPerformanceCounter
0x1400b8170 GetCurrentProcessId
0x1400b8178 RtlUnwind
0x1400b8180 InitializeSListHead
0x1400b8188 IsDebuggerPresent
0x1400b8190 GetStartupInfoW
0x1400b8198 RtlUnwindEx
0x1400b81a0 RtlPcToFileHeader
0x1400b81a8 RaiseException
0x1400b81b0 GetLastError
0x1400b81b8 FreeLibrary
0x1400b81c0 LoadLibraryExW
0x1400b81c8 GetStdHandle
0x1400b81d0 WriteFile
0x1400b81d8 GetModuleFileNameW
0x1400b81e0 ExitProcess
0x1400b81e8 GetModuleHandleExW
0x1400b81f0 HeapAlloc
0x1400b81f8 HeapFree
0x1400b8200 GetFileType
0x1400b8208 IsValidLocale
0x1400b8210 GetUserDefaultLCID
0x1400b8218 EnumSystemLocalesW
0x1400b8220 CloseHandle
0x1400b8228 FlushFileBuffers
0x1400b8230 GetConsoleCP
0x1400b8238 GetConsoleMode
0x1400b8240 ReadFile
0x1400b8248 GetFileSizeEx
0x1400b8250 SetFilePointerEx
0x1400b8258 ReadConsoleW
EAT(Export Address Table) is none