Edit tour
Windows
Analysis Report
libmmd.dll.dll
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Classification
- System is w10x64
- loaddll64.exe (PID: 6324 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\lib mmd.dll.dl l" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) - conhost.exe (PID: 6372 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 3084 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\lib mmd.dll.dl l",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 5180 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",#1 MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 5220 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 5 180 -s 328 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 5572 cmdline:
rundll32.e xe C:\User s\user\Des ktop\libmm d.dll.dll, _LIB_VERSI ONIMF MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 1016 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 5 572 -s 328 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 7212 cmdline:
rundll32.e xe C:\User s\user\Des ktop\libmm d.dll.dll, __acosdq MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 7248 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 212 -s 328 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 7360 cmdline:
rundll32.e xe C:\User s\user\Des ktop\libmm d.dll.dll, __acoshq MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 7396 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 360 -s 320 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 7456 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",_LIB_VER SIONIMF MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7464 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",__acosdq MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7472 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",__acoshq MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7492 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",ynl MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7504 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",ynf16 MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7512 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",ynf MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7520 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",yn MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7528 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",y1l MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7536 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",y1f16 MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7544 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",y1f MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7552 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",y1 MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7560 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",y0l MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7568 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",y0f16 MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7580 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",y0f MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7596 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",y0 MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7608 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",truncl MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7688 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",truncf16 MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7708 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",truncf MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7724 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",trunc MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7740 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",tgammal MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7768 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",tgammaf1 6 MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7784 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",tgammaf MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7816 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\libm md.dll.dll ",tgamma MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Timestamp: | 2024-07-27T11:34:16.927782+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49746 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-27T11:34:54.490258+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49754 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Binary string: |