Injector
Mal/HTMLGen-A C2/Generic-A Gen:Variant.Bulz.604474
Created on 2021-09-27T19:30:00
31a90ad6dbe61a0a90ee10802efa1a6ea8cc5edbeb3b74e79f7d07293cd56898.dll
Remarks (2/3)
(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.
(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 day, 17 hours, 26 minutes, 34 seconds" to "5 hours, 7 minutes, 30 seconds" to reveal dormant functionality.
(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\KEECFM~1\Desktop\31a90ad6dbe61a0a90ee10802efa1a6ea8cc5edbeb3b74e79f7d07293cd56898.dll | Dropped File | Binary |
malicious
|
...
|
Image Base | 0x10000000 |
Entry Point | 0x10001000 |
Size Of Code | 0x30a00 |
Size Of Initialized Data | 0x1f600 |
File Type | FileType.dll |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2021-09-10 16:49:09+00:00 |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x10001000 | 0x3090c | 0x30a00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.09 |
.edata | 0x10032000 | 0x70 | 0x200 | 0x30e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.32 |
.data | 0x10033000 | 0x2000 | 0x1400 | 0x31000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
.data | 0x10035000 | 0xbf54 | 0xc000 | 0x32400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.08 |
.rdatat | 0x10041000 | 0x648 | 0x800 | 0x3e400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.75 |
.rsrc | 0x10042000 | 0x10bf4 | 0x10c00 | 0x3ec00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.09 |
- | 0x10053000 | 0x5000 | 0x5000 | 0x4f800 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
- | 0x10058000 | 0x5000 | 0x5000 | 0x54800 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
- | 0x1005d000 | 0x5000 | 0x5000 | 0x59800 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetProcAddress | - | 0x10041030 | 0x41274 | 0x3e674 | 0x0 |
LoadLibraryA | - | 0x10041034 | 0x41278 | 0x3e678 | 0x0 |
VirtualAlloc | - | 0x10041038 | 0x4127c | 0x3e67c | 0x0 |
VirtualProtect | - | 0x1004103c | 0x41280 | 0x3e680 | 0x0 |
GetCurrentThread | - | 0x10041040 | 0x41284 | 0x3e684 | 0x0 |
lstrcmpA | - | 0x10041044 | 0x41288 | 0x3e688 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SetWindowPos | - | 0x100410a0 | 0x412e4 | 0x3e6e4 | 0x0 |
ShowCursor | - | 0x100410a4 | 0x412e8 | 0x3e6e8 | 0x0 |
ShowWindow | - | 0x100410a8 | 0x412ec | 0x3e6ec | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CoCreateGuid | - | 0x10041054 | 0x41298 | 0x3e698 | 0x0 |
OleUninitialize | - | 0x10041058 | 0x4129c | 0x3e69c | 0x0 |
CoFreeUnusedLibraries | - | 0x1004105c | 0x412a0 | 0x3e6a0 | 0x0 |
CoGetCurrentProcess | - | 0x10041060 | 0x412a4 | 0x3e6a4 | 0x0 |
CoGetCurrentLogicalThreadId | - | 0x10041064 | 0x412a8 | 0x3e6a8 | 0x0 |
CoFileTimeNow | - | 0x10041068 | 0x412ac | 0x3e6ac | 0x0 |
CoGetContextToken | - | 0x1004106c | 0x412b0 | 0x3e6b0 | 0x0 |
OleInitialize | - | 0x10041070 | 0x412b4 | 0x3e6b4 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GdiGetBitmapBitsSize | - | 0x10041018 | 0x4125c | 0x3e65c | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SystemFunction003 | - | 0x10041000 | 0x41244 | 0x3e644 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
FindFileInPath | - | 0x10041028 | 0x4126c | 0x3e66c | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
AlphaBlend | - | 0x1004104c | 0x41290 | 0x3e690 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetFileVersionInfoSizeA | - | 0x100410b0 | 0x412f4 | 0x3e6f4 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
auxGetVolume | - | 0x100410b8 | 0x412fc | 0x3e6fc | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
AddPortW | - | 0x100410c0 | 0x41304 | 0x3e704 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetEffectiveClientRect | - | 0x10041008 | 0x4124c | 0x3e64c | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
OleUIPromptUserW | - | 0x10041088 | 0x412cc | 0x3e6cc | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetFileTitleA | - | 0x10041010 | 0x41254 | 0x3e654 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GdipImageSelectActiveFrame | - | 0x10041020 | 0x41264 | 0x3e664 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SHFileOperationA | - | 0x10041090 | 0x412d4 | 0x3e6d4 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SHRegSetUSValueA | - | 0x10041098 | 0x412dc | 0x3e6dc | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SysAllocString | - | 0x10041080 | 0x412c4 | 0x3e6c4 | 0x0 |
Api name | EAT Address | Ordinal |
---|---|---|
GetClass | 0x555f6 | 0x1 |
SetClass | 0x3804d | 0x2 |
c:\samr | Dropped File | Unknown |
N/A
Not Available because the file was not extracted successfully.
|
...
|
MIME Type | - |
File Size | - |
MD5 | - |
SHA1 | - |
SHA256 | - |
SSDeep | - |
ImpHash | - |
C:\Users\KEECFM~1\Desktop\31a90ad6dbe61a0a90ee10802efa1a6ea8cc5edbeb3b74e79f7d07293cd56898.dll | Dropped File | Binary |
clean
|
...
|
Image Base | 0x10000000 |
Entry Point | 0x10001000 |
Size Of Code | 0x30a00 |
Size Of Initialized Data | 0x1f600 |
File Type | FileType.dll |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2021-09-10 16:49:09+00:00 |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x10001000 | 0x3090c | 0x30a00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 2.95 |
.edata | 0x10032000 | 0x70 | 0x200 | 0x30e00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.0 |
.data | 0x10033000 | 0x2000 | 0x1400 | 0x31000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
.data | 0x10035000 | 0xbf54 | 0xc000 | 0x32400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
.rdatat | 0x10041000 | 0x648 | 0x800 | 0x3e400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
.rsrc | 0x10042000 | 0x10bf4 | 0x10c00 | 0x3ec00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.0 |
- | 0x10053000 | 0x5000 | 0x5000 | 0x4f800 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
- | 0x10058000 | 0x5000 | 0x5000 | 0x54800 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
- | 0x1005d000 | 0x5000 | 0x5000 | 0x59800 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |