ScreenShot
| Created | 2025.05.02 09:00 | Machine | s1_win7_x6401 |
| Filename | ssasr.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | |||
| md5 | 7663dc3e0621a72da868b765d2e8070f | ||
| sha256 | eb35232cd586130d8901506120e801dd14f223d7806b0178ac0b28d989335552 | ||
| ssdeep | 1536:HTlQmk/bljo3VAilk9wQnSRGsWEcdQH/E2ctB9Z:2jo3ZgwK2eQH/E19Z | ||
| imphash | f3fc1d7ee69955b2822f94dfbca3a15c | ||
| impfuzzy | 24:W/VGm1MjGcEtQS1CqJBl3eDorobmZVvcOovbOC9:W/VNcEtQS1C+pXND3Q | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1000b008 WriteFile
0x1000b00c DecodePointer
0x1000b010 CloseHandle
0x1000b014 RaiseException
0x1000b018 InitializeCriticalSectionEx
0x1000b01c DeleteCriticalSection
0x1000b020 WinExec
0x1000b024 MultiByteToWideChar
0x1000b028 GetLastError
0x1000b02c CreateFileW
0x1000b030 WriteConsoleW
0x1000b034 SetFilePointerEx
0x1000b038 GetConsoleMode
0x1000b03c IsDebuggerPresent
0x1000b040 OutputDebugStringW
0x1000b044 EnterCriticalSection
0x1000b048 LeaveCriticalSection
0x1000b04c IsProcessorFeaturePresent
0x1000b050 UnhandledExceptionFilter
0x1000b054 SetUnhandledExceptionFilter
0x1000b058 GetStartupInfoW
0x1000b05c GetModuleHandleW
0x1000b060 GetCurrentProcess
0x1000b064 TerminateProcess
0x1000b068 QueryPerformanceCounter
0x1000b06c GetCurrentProcessId
0x1000b070 GetCurrentThreadId
0x1000b074 GetSystemTimeAsFileTime
0x1000b078 InitializeSListHead
0x1000b07c RtlUnwind
0x1000b080 GetModuleFileNameW
0x1000b084 InterlockedFlushSList
0x1000b088 SetLastError
0x1000b08c InitializeCriticalSectionAndSpinCount
0x1000b090 TlsAlloc
0x1000b094 TlsGetValue
0x1000b098 TlsSetValue
0x1000b09c TlsFree
0x1000b0a0 FreeLibrary
0x1000b0a4 GetProcAddress
0x1000b0a8 LoadLibraryExW
0x1000b0ac ExitProcess
0x1000b0b0 GetModuleHandleExW
0x1000b0b4 WideCharToMultiByte
0x1000b0b8 HeapFree
0x1000b0bc HeapAlloc
0x1000b0c0 HeapSize
0x1000b0c4 HeapReAlloc
0x1000b0c8 LCMapStringW
0x1000b0cc IsValidCodePage
0x1000b0d0 GetACP
0x1000b0d4 GetOEMCP
0x1000b0d8 GetCPInfo
0x1000b0dc GetEnvironmentStringsW
0x1000b0e0 FreeEnvironmentStringsW
0x1000b0e4 GetProcessHeap
0x1000b0e8 GetStdHandle
0x1000b0ec GetFileType
0x1000b0f0 GetCommandLineA
0x1000b0f4 GetCommandLineW
0x1000b0f8 GetStringTypeW
0x1000b0fc SetStdHandle
0x1000b100 FlushFileBuffers
0x1000b104 GetConsoleCP
ADVAPI32.dll
0x1000b000 SystemFunction036
EAT(Export Address Table) Library
0x10001390 sogou_speech_asr_close
0x10001370 sogou_speech_asr_init
0x10001390 sogou_speech_asr_start
0x10001390 sogou_speech_asr_stop
0x10001390 sogou_speech_cleanup
0x10001390 sogou_speech_create_engine
0x10001390 sogou_speech_do_idle
0x10001390 sogou_speech_init
0x10001390 sogou_speech_notify_network_status
0x10001390 sogou_speech_process_sound_data
0x10001390 sogou_speech_release_engine
KERNEL32.dll
0x1000b008 WriteFile
0x1000b00c DecodePointer
0x1000b010 CloseHandle
0x1000b014 RaiseException
0x1000b018 InitializeCriticalSectionEx
0x1000b01c DeleteCriticalSection
0x1000b020 WinExec
0x1000b024 MultiByteToWideChar
0x1000b028 GetLastError
0x1000b02c CreateFileW
0x1000b030 WriteConsoleW
0x1000b034 SetFilePointerEx
0x1000b038 GetConsoleMode
0x1000b03c IsDebuggerPresent
0x1000b040 OutputDebugStringW
0x1000b044 EnterCriticalSection
0x1000b048 LeaveCriticalSection
0x1000b04c IsProcessorFeaturePresent
0x1000b050 UnhandledExceptionFilter
0x1000b054 SetUnhandledExceptionFilter
0x1000b058 GetStartupInfoW
0x1000b05c GetModuleHandleW
0x1000b060 GetCurrentProcess
0x1000b064 TerminateProcess
0x1000b068 QueryPerformanceCounter
0x1000b06c GetCurrentProcessId
0x1000b070 GetCurrentThreadId
0x1000b074 GetSystemTimeAsFileTime
0x1000b078 InitializeSListHead
0x1000b07c RtlUnwind
0x1000b080 GetModuleFileNameW
0x1000b084 InterlockedFlushSList
0x1000b088 SetLastError
0x1000b08c InitializeCriticalSectionAndSpinCount
0x1000b090 TlsAlloc
0x1000b094 TlsGetValue
0x1000b098 TlsSetValue
0x1000b09c TlsFree
0x1000b0a0 FreeLibrary
0x1000b0a4 GetProcAddress
0x1000b0a8 LoadLibraryExW
0x1000b0ac ExitProcess
0x1000b0b0 GetModuleHandleExW
0x1000b0b4 WideCharToMultiByte
0x1000b0b8 HeapFree
0x1000b0bc HeapAlloc
0x1000b0c0 HeapSize
0x1000b0c4 HeapReAlloc
0x1000b0c8 LCMapStringW
0x1000b0cc IsValidCodePage
0x1000b0d0 GetACP
0x1000b0d4 GetOEMCP
0x1000b0d8 GetCPInfo
0x1000b0dc GetEnvironmentStringsW
0x1000b0e0 FreeEnvironmentStringsW
0x1000b0e4 GetProcessHeap
0x1000b0e8 GetStdHandle
0x1000b0ec GetFileType
0x1000b0f0 GetCommandLineA
0x1000b0f4 GetCommandLineW
0x1000b0f8 GetStringTypeW
0x1000b0fc SetStdHandle
0x1000b100 FlushFileBuffers
0x1000b104 GetConsoleCP
ADVAPI32.dll
0x1000b000 SystemFunction036
EAT(Export Address Table) Library
0x10001390 sogou_speech_asr_close
0x10001370 sogou_speech_asr_init
0x10001390 sogou_speech_asr_start
0x10001390 sogou_speech_asr_stop
0x10001390 sogou_speech_cleanup
0x10001390 sogou_speech_create_engine
0x10001390 sogou_speech_do_idle
0x10001390 sogou_speech_init
0x10001390 sogou_speech_notify_network_status
0x10001390 sogou_speech_process_sound_data
0x10001390 sogou_speech_release_engine