Windows
Analysis Report
file.dll
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
AI detected suspicious sample
Found Tor onion address
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Switches to a custom stack to bypass stack traces
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Entry point lies outside standard sections
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
PE / OLE file has an invalid certificate
PE file contains more sections than normal
PE file contains sections with non-standard names
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Classification
- System is w10x64
loaddll32.exe (PID: 6324 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\fil e.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618) conhost.exe (PID: 6332 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) cmd.exe (PID: 1416 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\fil e.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) rundll32.exe (PID: 1204 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\file .dll",#1 MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 4100 cmdline:
rundll32.e xe C:\User s\user\Des ktop\file. dll,MainFu nc MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 2460 cmdline:
rundll32.e xe C:\User s\user\Des ktop\file. dll,_cgo_d ummy_expor t MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 7236 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\file .dll",Main Func MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 7244 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\file .dll",_cgo _dummy_exp ort MD5: 889B99C52A60DD49227C5E485A016679)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | Static PE information: |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | String found in binary or memory: |