Attention: please enable javascript in order to properly view and use this malware analysis service.

Incident Response

Risk Assessment

Network Behavior
Contacts 8 domains and 3 hosts. View all details

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

  • Malicious Indicators 3

  • Network Related
    • Found more than one unique User-Agent
      details
      Found the following User-Agents: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
      Microsoft-CryptoAPI/6.1
      source
      Network Traffic
      relevance
      5/10
    • Malicious artifacts seen in the context of a contacted host
      details
      Found malicious artifacts related to "69.172.200.235" (ASN: 19324, Owner: Dosarrest Internet Security LTD): ...
      URL: http://test.com/ (AV positives: 1/65 scanned on 05/09/2017 08:17:02)
      URL: http://www.test.com/ (AV positives: 1/65 scanned on 05/09/2017 08:16:52)
      URL: https://www.test.com/ (AV positives: 1/65 scanned on 05/08/2017 07:28:19)
      URL: https://www.test.com/?test=123?test=123 (AV positives: 1/64 scanned on 05/04/2017 20:13:01)
      URL: http://test.com/xss.js (AV positives: 1/64 scanned on 05/02/2017 23:46:09)
      File SHA256: 3e7500e723f54ee6f1ddeaea6657e92526f175c7caa4467071ac2cadc60c9519 (AV positives: 46/61 scanned on 04/29/2017 16:04:10)
      File SHA256: 8b194919c2ef5c5c0558317e655a20a2afe78eff241f204007f5eec7a10094b2 (AV positives: 42/59 scanned on 04/24/2017 18:34:20)
      File SHA256: 8d3a35b75c6eff85de7154f7760a621061d5c0cbb58bea53e2a84a911a851bd8 (AV positives: 28/61 scanned on 03/26/2017 20:47:31)
      File SHA256: e5ef657586eaaf362d95e3d679b2a126366b2670fc9316f474974c2c27fa82fd (AV positives: 55/62 scanned on 03/22/2017 06:11:40)
      File SHA256: eb2cd28db3fa7b413e29a7043b2d2bbb80372f79ad50cba38038cfbc6fe3be10 (AV positives: 46/59 scanned on 03/05/2017 05:23:25)
      source
      Network Traffic
      relevance
      10/10
    • Multiple malicious artifacts seen in the context of different hosts
      details
      Found malicious artifacts related to "69.172.200.235" (ASN: 19324, Owner: Dosarrest Internet Security LTD): ...
      URL: http://test.com/ (AV positives: 1/65 scanned on 05/09/2017 08:17:02)
      URL: http://www.test.com/ (AV positives: 1/65 scanned on 05/09/2017 08:16:52)
      URL: https://www.test.com/ (AV positives: 1/65 scanned on 05/08/2017 07:28:19)
      URL: https://www.test.com/?test=123?test=123 (AV positives: 1/64 scanned on 05/04/2017 20:13:01)
      URL: http://test.com/xss.js (AV positives: 1/64 scanned on 05/02/2017 23:46:09)
      File SHA256: 3e7500e723f54ee6f1ddeaea6657e92526f175c7caa4467071ac2cadc60c9519 (AV positives: 46/61 scanned on 04/29/2017 16:04:10)
      File SHA256: 8b194919c2ef5c5c0558317e655a20a2afe78eff241f204007f5eec7a10094b2 (AV positives: 42/59 scanned on 04/24/2017 18:34:20)
      File SHA256: 8d3a35b75c6eff85de7154f7760a621061d5c0cbb58bea53e2a84a911a851bd8 (AV positives: 28/61 scanned on 03/26/2017 20:47:31)
      File SHA256: e5ef657586eaaf362d95e3d679b2a126366b2670fc9316f474974c2c27fa82fd (AV positives: 55/62 scanned on 03/22/2017 06:11:40)
      File SHA256: eb2cd28db3fa7b413e29a7043b2d2bbb80372f79ad50cba38038cfbc6fe3be10 (AV positives: 46/59 scanned on 03/05/2017 05:23:25)
      source
      Network Traffic
      relevance
      10/10
  • Suspicious Indicators 2

  • Network Related
  • Unusual Characteristics
    • Imports suspicious APIs
      details
      GetFileAttributesA
      GetVersionExA
      GetModuleFileNameA
      LoadLibraryA
      GetCommandLineA
      GetProcAddress
      GetModuleHandleA
      WriteFile
      GetStartupInfoA
      TerminateProcess
      CreateProcessA
      VirtualAlloc
      source
      Static Parser
      relevance
      1/10
  • Informative 6

  • External Systems
  • General
    • Contacts domains
      details
      "www.test.com"
      "ocsp.netsolssl.com"
      "crl.netsolssl.com"
      "stats.g.doubleclick.net"
      "fonts.googleapis.com"
      "www.googletagmanager.com"
      "www.google-analytics.com"
      "fonts.gstatic.com"
      source
      Network Traffic
      relevance
      1/10
    • Contacts server
      details
      "69.172.200.235:80"
      "69.172.200.235:443"
      "2.16.33.120:443"
      source
      Network Traffic
      relevance
      1/10
    • GETs files from a webserver
      details
      "GET / HTTP/1.1
      Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
      Accept-Language: en-us
      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
      Accept-Encoding: gzip, deflate
      Host: www.test.com
      Connection: Keep-Alive"
      "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTaM15WuqpgzMcb2vjyKNO49Vo3CgQUUc7fVB23LFeraGFIAhrTsoXsQKoCEDee6%2Fy9H6fjn8WmaZue6LM%3D HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/6.1
      Host: ocsp.netsolssl.com"
      "GET /NetworkSolutionsDVServerCA2.crl HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/6.1
      Host: crl.netsolssl.com"
      source
      Network Traffic
      relevance
      5/10
  • Network Related
    • Found potential URL in binary/memory
      details
      Heuristic match: "command.com"
      Pattern match: "http://www.test.com"
      Pattern match: "www.test.com"
      Heuristic match: "ocsp.netsolssl.com"
      Heuristic match: "crl.netsolssl.com"
      source
      File/Memory
      relevance
      10/10
  • Unusual Characteristics

File Details

All Details:

da.dll

Filename
da.dll
Size
48KiB (49152 bytes)
Type
pedll executable
Description
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Architecture
WINDOWS
SHA256
9e7283dfcf72ec7611c3be196760a9aeb214643da2599e95ed7cc624f1cd0772Copy SHA256 to clipboard
MD5
9004b2ffaa493c829a048f511aed82f9Copy MD5 to clipboard
SHA1
39962fc48fdbd6714b3d76be43805ae40850cceaCopy SHA1 to clipboard
ssdeep
768:JhTBvmwTLJhr8Y6VsedwHX2QOSdoghlVT:JhTBvxpq3Vspr3lV Copy ssdeep to clipboard
imphash
a4dc0bb70546387fd69afa63eaaf844c Copy imphash to clipboard
authentihash
1f2e3d70f31f5d3350255f0beece547718166e854f9339bcfdf5d7359879d1d1 Copy authentihash to clipboard
Compiler/Packer
Armadillo v1.xx - v2.xx
PDB Pathway

Resources

Icon
Sample Icon

Visualization

Input File (PortEx)
PE Visualization

File Sections

File Imports

CloseHandle
CompareStringA
CompareStringW
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetACP
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetVersion
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
RtlUnwind
SetEnvironmentVariableA
SetHandleCount
SetLastError
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile

File Exports

Name Ordinal Address
?KeyboardProc@@YAHH@Z #1 0x10001000
?fun2@@YAHHPAD@Z #2 0x10001020
?ttt2@@YAHHPADD@Z #3 0x10001040
ttt1 #4 0x10001040

Screenshots

Loading content, please wait...

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 1 process in total (System Resource Monitor).

Network Analysis

DNS Requests

Domain Address Registrar Country
crl.netsolssl.com 104.16.92.188 - Flag of United States United States
stats.g.doubleclick.net 74.125.133.154 - Flag of United States United States
fonts.googleapis.com 172.217.22.202 - Flag of United States United States
www.test.com 69.172.200.235 - Flag of United States United States
ocsp.netsolssl.com 178.255.83.1 - Flag of United Kingdom United Kingdom
www.googletagmanager.com 172.217.22.200 - Flag of United States United States
www.google-analytics.com 172.217.22.206 - Flag of United States United States
fonts.gstatic.com 172.217.22.195 - Flag of United States United States

Contacted Hosts

IP Address Port/Protocol Associated Process Details
69.172.200.235
80
TCP
iexplore.exe
PID: 772
Flag of United States United States
ASN: 19324 (Dosarrest Internet Security LTD)
69.172.200.235
443
TCP
iexplore.exe
PID: 772
Flag of United States United States
ASN: 19324 (Dosarrest Internet Security LTD)
2.16.33.120
443
TCP
iexplore.exe
PID: 2920
Flag of European Union European Union

Contacted Countries

HTTP Traffic

Endpoint Request URL
69.172.200.235:80 (www.test.com) GET www.test.com/
178.255.83.1:80 (ocsp.netsolssl.com) GET ocsp.netsolssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTaM15WuqpgzMcb2vjyKNO49Vo3CgQUUc7fVB23LFeraGFIAhrTsoXsQKoCEDee6%2Fy9H6fjn8WmaZue6LM%3D
104.16.92.188:80 (crl.netsolssl.com) GET crl.netsolssl.com/NetworkSolutionsDVServerCA2.crl

Memory Forensics

String Context Stream UID
command.com Domain/IP reference 5115-84-10001080
http://www.test.com Domain/IP reference 5115-83-10001060

Extracted Strings

All Details:
!This program cannot be run in DOS mode.$
Ansi based on Memory/File Scan (da.dll.bin)
"C:\da.dll"
Ansi based on Process Commandline (RunDLL)
((((( H
Unicode based on Memory/File Scan (da.dll.bin)
/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTaM15WuqpgzMcb2vjyKNO49Vo3CgQUUc7fVB23LFeraGFIAhrTsoXsQKoCEDee6%2Fy9H6fjn8WmaZue6LM%3D
Ansi based on PCAP Processing (PCAP)
/NetworkSolutionsDVServerCA2.crl
Ansi based on PCAP Processing (PCAP)
1#1)1J1T1_1d1l1
Ansi based on Memory/File Scan (da.dll.bin)
111181G1O1Z1`1f1p1
Ansi based on Memory/File Scan (da.dll.bin)
142<2D2L2T2\2d2l2t2|2
Ansi based on Memory/File Scan (da.dll.bin)
2"2e2o2t2y2~2
Ansi based on Memory/File Scan (da.dll.bin)
2(2.23292I2R2l2}2
Ansi based on Memory/File Scan (da.dll.bin)
2C2O2W2_2o2
Ansi based on Memory/File Scan (da.dll.bin)
303A3T3i3
Ansi based on Memory/File Scan (da.dll.bin)
314<4A4K4P4
Ansi based on Memory/File Scan (da.dll.bin)
3:4H4V4e4
Ansi based on Memory/File Scan (da.dll.bin)
4$41464Z4
Ansi based on Memory/File Scan (da.dll.bin)
5 5$5(5r5x5|5
Ansi based on Memory/File Scan (da.dll.bin)
5$5(585D5
Ansi based on Memory/File Scan (da.dll.bin)
6 6$6A6k6
Ansi based on Memory/File Scan (da.dll.bin)
8!8)888p8}8
Ansi based on Memory/File Scan (da.dll.bin)
8S9Y9a9i9q9}9
Ansi based on Memory/File Scan (da.dll.bin)
8X;^;e;r;y;
Ansi based on Memory/File Scan (da.dll.bin)
9 9$9(9,909@9D9H9L9P9T9X9\9`9d9p9
Ansi based on Memory/File Scan (da.dll.bin)
9$:?:O:U:
Ansi based on Memory/File Scan (da.dll.bin)
: ;q;h=q=w=
Ansi based on Memory/File Scan (da.dll.bin)
:):=:o:v:
Ansi based on Memory/File Scan (da.dll.bin)
<:=E=`=g=l=p=t=
Ansi based on Memory/File Scan (da.dll.bin)
<;<U<\<`<d<h<l<p<t<x<
Ansi based on Memory/File Scan (da.dll.bin)
<program name unknown>
Ansi based on Memory/File Scan (da.dll.bin)
=2>=>Y>m>
Ansi based on Memory/File Scan (da.dll.bin)
>#>2>8>H>S>e>x>
Ansi based on Memory/File Scan (da.dll.bin)
>Z>`>d>h>l>
Ansi based on Memory/File Scan (da.dll.bin)
?fun2@@YAHHPAD@Z
Ansi based on Memory/File Scan (da.dll.bin)
?KeyboardProc@@YAHH@Z
Ansi based on Memory/File Scan (da.dll.bin)
?ttt2@@YAHHPADD@Z
Ansi based on Memory/File Scan (da.dll.bin)
__GLOBAL_HEAP_SELECTED
Ansi based on Memory/File Scan (da.dll.bin)
__MSVCRT_HEAP_SELECT
Ansi based on Memory/File Scan (da.dll.bin)
abnormal program termination
Ansi based on Memory/File Scan (da.dll.bin)
CloseHandle
Ansi based on Memory/File Scan (da.dll.bin)
command.com
Ansi based on Memory/File Scan (da.dll.bin)
CompareStringA
Ansi based on Memory/File Scan (da.dll.bin)
CompareStringW
Ansi based on Memory/File Scan (da.dll.bin)
CreateProcessA
Ansi based on Memory/File Scan (da.dll.bin)
crl.netsolssl.com
Ansi based on PCAP Processing (PCAP)
dddd, MMMM dd, yyyy
Ansi based on Memory/File Scan (da.dll.bin)
DeleteCriticalSection
Ansi based on Memory/File Scan (da.dll.bin)
DOMAIN error
Ansi based on Memory/File Scan (da.dll.bin)
EnterCriticalSection
Ansi based on Memory/File Scan (da.dll.bin)
ExitProcess
Ansi based on Memory/File Scan (da.dll.bin)
FreeEnvironmentStringsA
Ansi based on Memory/File Scan (da.dll.bin)
FreeEnvironmentStringsW
Ansi based on Memory/File Scan (da.dll.bin)
GetActiveWindow
Ansi based on Memory/File Scan (da.dll.bin)
GetCommandLineA
Ansi based on Memory/File Scan (da.dll.bin)
GetCPInfo
Ansi based on Memory/File Scan (da.dll.bin)
GetCurrentProcess
Ansi based on Memory/File Scan (da.dll.bin)
GetCurrentThreadId
Ansi based on Memory/File Scan (da.dll.bin)
GetEnvironmentStrings
Ansi based on Memory/File Scan (da.dll.bin)
GetEnvironmentStringsW
Ansi based on Memory/File Scan (da.dll.bin)
GetEnvironmentVariableA
Ansi based on Memory/File Scan (da.dll.bin)
GetExitCodeProcess
Ansi based on Memory/File Scan (da.dll.bin)
GetFileAttributesA
Ansi based on Memory/File Scan (da.dll.bin)
GetFileType
Ansi based on Memory/File Scan (da.dll.bin)
GetLastActivePopup
Ansi based on Memory/File Scan (da.dll.bin)
GetLastError
Ansi based on Memory/File Scan (da.dll.bin)
GetModuleFileNameA
Ansi based on Memory/File Scan (da.dll.bin)
GetModuleHandleA
Ansi based on Memory/File Scan (da.dll.bin)
GetProcAddress
Ansi based on Memory/File Scan (da.dll.bin)
GetStartupInfoA
Ansi based on Memory/File Scan (da.dll.bin)
GetStdHandle
Ansi based on Memory/File Scan (da.dll.bin)
GetStringTypeA
Ansi based on Memory/File Scan (da.dll.bin)
GetStringTypeW
Ansi based on Memory/File Scan (da.dll.bin)
GetVersion
Ansi based on Memory/File Scan (da.dll.bin)
GetVersionExA
Ansi based on Memory/File Scan (da.dll.bin)
HeapAlloc
Ansi based on Memory/File Scan (da.dll.bin)
HeapCreate
Ansi based on Memory/File Scan (da.dll.bin)
HeapDestroy
Ansi based on Memory/File Scan (da.dll.bin)
HeapReAlloc
Ansi based on Memory/File Scan (da.dll.bin)
InitializeCriticalSection
Ansi based on Memory/File Scan (da.dll.bin)
InterlockedDecrement
Ansi based on Memory/File Scan (da.dll.bin)
InterlockedIncrement
Ansi based on Memory/File Scan (da.dll.bin)
JanFebMarAprMayJunJulAugSepOctNovDec
Ansi based on Memory/File Scan (da.dll.bin)
KERNEL32.dll
Ansi based on Memory/File Scan (da.dll.bin)
LCMapStringA
Ansi based on Memory/File Scan (da.dll.bin)
LCMapStringW
Ansi based on Memory/File Scan (da.dll.bin)
LeaveCriticalSection
Ansi based on Memory/File Scan (da.dll.bin)
LoadLibraryA
Ansi based on Memory/File Scan (da.dll.bin)
MessageBoxA
Ansi based on Memory/File Scan (da.dll.bin)
Microsoft Visual C++ Runtime Library
Ansi based on Memory/File Scan (da.dll.bin)
Microsoft-CryptoAPI/6.1
Ansi based on PCAP Processing (PCAP)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Ansi based on PCAP Processing (PCAP)
MultiByteToWideChar
Ansi based on Memory/File Scan (da.dll.bin)
Mydll.dll
Ansi based on Memory/File Scan (da.dll.bin)
ocsp.netsolssl.com
Ansi based on PCAP Processing (PCAP)
R6002- floating point not loaded
Ansi based on Memory/File Scan (da.dll.bin)
R6008- not enough space for arguments
Ansi based on Memory/File Scan (da.dll.bin)
R6009- not enough space for environment
Ansi based on Memory/File Scan (da.dll.bin)
R6016- not enough space for thread data
Ansi based on Memory/File Scan (da.dll.bin)
R6017- unexpected multithread lock error
Ansi based on Memory/File Scan (da.dll.bin)
R6018- unexpected heap error
Ansi based on Memory/File Scan (da.dll.bin)
R6019- unable to open console device
Ansi based on Memory/File Scan (da.dll.bin)
R6024- not enough space for _onexit/atexit table
Ansi based on Memory/File Scan (da.dll.bin)
R6025- pure virtual function call
Ansi based on Memory/File Scan (da.dll.bin)
R6026- not enough space for stdio initialization
Ansi based on Memory/File Scan (da.dll.bin)
R6027- not enough space for lowio initialization
Ansi based on Memory/File Scan (da.dll.bin)
R6028- unable to initialize heap
Ansi based on Memory/File Scan (da.dll.bin)
RtlUnwind
Ansi based on Memory/File Scan (da.dll.bin)
runtime error
Ansi based on Memory/File Scan (da.dll.bin)
Runtime Error!Program:
Ansi based on Memory/File Scan (da.dll.bin)
September
Ansi based on Memory/File Scan (da.dll.bin)
SetEnvironmentVariableA
Ansi based on Memory/File Scan (da.dll.bin)
SetHandleCount
Ansi based on Memory/File Scan (da.dll.bin)
SetLastError
Ansi based on Memory/File Scan (da.dll.bin)
SING error
Ansi based on Memory/File Scan (da.dll.bin)
SS@SSPVSS
Ansi based on Memory/File Scan (da.dll.bin)
start calc.exe
Ansi based on Memory/File Scan (da.dll.bin)
start http://www.test.com
Ansi based on Memory/File Scan (da.dll.bin)
start mstsc.exe
Ansi based on Memory/File Scan (da.dll.bin)
start notepad.exe
Ansi based on Memory/File Scan (da.dll.bin)
SunMonTueWedThuFriSat
Ansi based on Memory/File Scan (da.dll.bin)
TerminateProcess
Ansi based on Memory/File Scan (da.dll.bin)
TLOSS error
Ansi based on Memory/File Scan (da.dll.bin)
TlsGetValue
Ansi based on Memory/File Scan (da.dll.bin)
TlsSetValue
Ansi based on Memory/File Scan (da.dll.bin)
user32.dll
Ansi based on Memory/File Scan (da.dll.bin)
VC20XC00U
Ansi based on Memory/File Scan (da.dll.bin)
VirtualAlloc
Ansi based on Memory/File Scan (da.dll.bin)
VirtualFree
Ansi based on Memory/File Scan (da.dll.bin)
WaitForSingleObject
Ansi based on Memory/File Scan (da.dll.bin)
Wednesday
Ansi based on Memory/File Scan (da.dll.bin)
WideCharToMultiByte
Ansi based on Memory/File Scan (da.dll.bin)
WriteFile
Ansi based on Memory/File Scan (da.dll.bin)
www.test.com
Ansi based on PCAP Processing (PCAP)
((((( H
Unicode based on Memory/File Scan (da.dll.bin)
9$:?:O:U:
Ansi based on Memory/File Scan (da.dll.bin)
:):=:o:v:
Ansi based on Memory/File Scan (da.dll.bin)
?KeyboardProc@@YAHH@Z
Ansi based on Memory/File Scan (da.dll.bin)
command.com
Ansi based on Memory/File Scan (da.dll.bin)
CompareStringA
Ansi based on Memory/File Scan (da.dll.bin)
CompareStringW
Ansi based on Memory/File Scan (da.dll.bin)
CreateProcessA
Ansi based on Memory/File Scan (da.dll.bin)
crl.netsolssl.com
Ansi based on PCAP Processing (PCAP)
DOMAIN error
Ansi based on Memory/File Scan (da.dll.bin)
ExitProcess
Ansi based on Memory/File Scan (da.dll.bin)
GetActiveWindow
Ansi based on Memory/File Scan (da.dll.bin)
GetCommandLineA
Ansi based on Memory/File Scan (da.dll.bin)
GetCPInfo
Ansi based on Memory/File Scan (da.dll.bin)
GetCurrentProcess
Ansi based on Memory/File Scan (da.dll.bin)
GetCurrentThreadId
Ansi based on Memory/File Scan (da.dll.bin)
GetEnvironmentStrings
Ansi based on Memory/File Scan (da.dll.bin)
GetEnvironmentStringsW
Ansi based on Memory/File Scan (da.dll.bin)
GetEnvironmentVariableA
Ansi based on Memory/File Scan (da.dll.bin)
GetExitCodeProcess
Ansi based on Memory/File Scan (da.dll.bin)
GetFileAttributesA
Ansi based on Memory/File Scan (da.dll.bin)
GetFileType
Ansi based on Memory/File Scan (da.dll.bin)
GetLastActivePopup
Ansi based on Memory/File Scan (da.dll.bin)
GetLastError
Ansi based on Memory/File Scan (da.dll.bin)
GetModuleFileNameA
Ansi based on Memory/File Scan (da.dll.bin)
GetModuleHandleA
Ansi based on Memory/File Scan (da.dll.bin)
GetProcAddress
Ansi based on Memory/File Scan (da.dll.bin)
GetStartupInfoA
Ansi based on Memory/File Scan (da.dll.bin)
GetStdHandle
Ansi based on Memory/File Scan (da.dll.bin)
GetStringTypeA
Ansi based on Memory/File Scan (da.dll.bin)
GetStringTypeW
Ansi based on Memory/File Scan (da.dll.bin)
GetVersion
Ansi based on Memory/File Scan (da.dll.bin)
GetVersionExA
Ansi based on Memory/File Scan (da.dll.bin)
Microsoft Visual C++ Runtime Library
Ansi based on Memory/File Scan (da.dll.bin)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Ansi based on PCAP Processing (PCAP)
ocsp.netsolssl.com
Ansi based on PCAP Processing (PCAP)
R6017- unexpected multithread lock error
Ansi based on Memory/File Scan (da.dll.bin)
R6018- unexpected heap error
Ansi based on Memory/File Scan (da.dll.bin)
runtime error
Ansi based on Memory/File Scan (da.dll.bin)
Runtime Error!Program:
Ansi based on Memory/File Scan (da.dll.bin)
SetLastError
Ansi based on Memory/File Scan (da.dll.bin)
SING error
Ansi based on Memory/File Scan (da.dll.bin)
start calc.exe
Ansi based on Memory/File Scan (da.dll.bin)
start http://www.test.com
Ansi based on Memory/File Scan (da.dll.bin)
start mstsc.exe
Ansi based on Memory/File Scan (da.dll.bin)
start notepad.exe
Ansi based on Memory/File Scan (da.dll.bin)
TerminateProcess
Ansi based on Memory/File Scan (da.dll.bin)
TLOSS error
Ansi based on Memory/File Scan (da.dll.bin)
TlsGetValue
Ansi based on Memory/File Scan (da.dll.bin)
www.test.com
Ansi based on PCAP Processing (PCAP)
!This program cannot be run in DOS mode.$
Ansi based on Memory/File Scan (da.dll.bin)
((((( H
Unicode based on Memory/File Scan (da.dll.bin)
1#1)1J1T1_1d1l1
Ansi based on Memory/File Scan (da.dll.bin)
111181G1O1Z1`1f1p1
Ansi based on Memory/File Scan (da.dll.bin)
142<2D2L2T2\2d2l2t2|2
Ansi based on Memory/File Scan (da.dll.bin)
2"2e2o2t2y2~2
Ansi based on Memory/File Scan (da.dll.bin)
2(2.23292I2R2l2}2
Ansi based on Memory/File Scan (da.dll.bin)
2C2O2W2_2o2
Ansi based on Memory/File Scan (da.dll.bin)
303A3T3i3
Ansi based on Memory/File Scan (da.dll.bin)
314<4A4K4P4
Ansi based on Memory/File Scan (da.dll.bin)
3:4H4V4e4
Ansi based on Memory/File Scan (da.dll.bin)
4$41464Z4
Ansi based on Memory/File Scan (da.dll.bin)
5 5$5(5r5x5|5
Ansi based on Memory/File Scan (da.dll.bin)
5$5(585D5
Ansi based on Memory/File Scan (da.dll.bin)
6 6$6A6k6
Ansi based on Memory/File Scan (da.dll.bin)
8!8)888p8}8
Ansi based on Memory/File Scan (da.dll.bin)
8S9Y9a9i9q9}9
Ansi based on Memory/File Scan (da.dll.bin)
8X;^;e;r;y;
Ansi based on Memory/File Scan (da.dll.bin)
9 9$9(9,909@9D9H9L9P9T9X9\9`9d9p9
Ansi based on Memory/File Scan (da.dll.bin)
9$:?:O:U:
Ansi based on Memory/File Scan (da.dll.bin)
: ;q;h=q=w=
Ansi based on Memory/File Scan (da.dll.bin)
:):=:o:v:
Ansi based on Memory/File Scan (da.dll.bin)
<:=E=`=g=l=p=t=
Ansi based on Memory/File Scan (da.dll.bin)
<;<U<\<`<d<h<l<p<t<x<
Ansi based on Memory/File Scan (da.dll.bin)
<program name unknown>
Ansi based on Memory/File Scan (da.dll.bin)
=2>=>Y>m>
Ansi based on Memory/File Scan (da.dll.bin)
>#>2>8>H>S>e>x>
Ansi based on Memory/File Scan (da.dll.bin)
>Z>`>d>h>l>
Ansi based on Memory/File Scan (da.dll.bin)
?fun2@@YAHHPAD@Z
Ansi based on Memory/File Scan (da.dll.bin)
?KeyboardProc@@YAHH@Z
Ansi based on Memory/File Scan (da.dll.bin)
?ttt2@@YAHHPADD@Z
Ansi based on Memory/File Scan (da.dll.bin)
__GLOBAL_HEAP_SELECTED
Ansi based on Memory/File Scan (da.dll.bin)
__MSVCRT_HEAP_SELECT
Ansi based on Memory/File Scan (da.dll.bin)
abnormal program termination
Ansi based on Memory/File Scan (da.dll.bin)
CloseHandle
Ansi based on Memory/File Scan (da.dll.bin)
command.com
Ansi based on Memory/File Scan (da.dll.bin)
CompareStringA
Ansi based on Memory/File Scan (da.dll.bin)
CompareStringW
Ansi based on Memory/File Scan (da.dll.bin)
CreateProcessA
Ansi based on Memory/File Scan (da.dll.bin)
dddd, MMMM dd, yyyy
Ansi based on Memory/File Scan (da.dll.bin)
DeleteCriticalSection
Ansi based on Memory/File Scan (da.dll.bin)
DOMAIN error
Ansi based on Memory/File Scan (da.dll.bin)
EnterCriticalSection
Ansi based on Memory/File Scan (da.dll.bin)
ExitProcess
Ansi based on Memory/File Scan (da.dll.bin)
FreeEnvironmentStringsA
Ansi based on Memory/File Scan (da.dll.bin)
FreeEnvironmentStringsW
Ansi based on Memory/File Scan (da.dll.bin)
GetActiveWindow
Ansi based on Memory/File Scan (da.dll.bin)
GetCommandLineA
Ansi based on Memory/File Scan (da.dll.bin)
GetCPInfo
Ansi based on Memory/File Scan (da.dll.bin)
GetCurrentProcess
Ansi based on Memory/File Scan (da.dll.bin)
GetCurrentThreadId
Ansi based on Memory/File Scan (da.dll.bin)
GetEnvironmentStrings
Ansi based on Memory/File Scan (da.dll.bin)
GetEnvironmentStringsW
Ansi based on Memory/File Scan (da.dll.bin)
GetEnvironmentVariableA
Ansi based on Memory/File Scan (da.dll.bin)
GetExitCodeProcess
Ansi based on Memory/File Scan (da.dll.bin)
GetFileAttributesA
Ansi based on Memory/File Scan (da.dll.bin)
GetFileType
Ansi based on Memory/File Scan (da.dll.bin)
GetLastActivePopup
Ansi based on Memory/File Scan (da.dll.bin)
GetLastError
Ansi based on Memory/File Scan (da.dll.bin)
GetModuleFileNameA
Ansi based on Memory/File Scan (da.dll.bin)
GetModuleHandleA
Ansi based on Memory/File Scan (da.dll.bin)
GetProcAddress
Ansi based on Memory/File Scan (da.dll.bin)
GetStartupInfoA
Ansi based on Memory/File Scan (da.dll.bin)
GetStdHandle
Ansi based on Memory/File Scan (da.dll.bin)
GetStringTypeA
Ansi based on Memory/File Scan (da.dll.bin)
GetStringTypeW
Ansi based on Memory/File Scan (da.dll.bin)
GetVersion
Ansi based on Memory/File Scan (da.dll.bin)
GetVersionExA
Ansi based on Memory/File Scan (da.dll.bin)
HeapAlloc
Ansi based on Memory/File Scan (da.dll.bin)
HeapCreate
Ansi based on Memory/File Scan (da.dll.bin)
HeapDestroy
Ansi based on Memory/File Scan (da.dll.bin)
HeapReAlloc
Ansi based on Memory/File Scan (da.dll.bin)
InitializeCriticalSection
Ansi based on Memory/File Scan (da.dll.bin)
InterlockedDecrement
Ansi based on Memory/File Scan (da.dll.bin)
InterlockedIncrement
Ansi based on Memory/File Scan (da.dll.bin)
JanFebMarAprMayJunJulAugSepOctNovDec
Ansi based on Memory/File Scan (da.dll.bin)
KERNEL32.dll
Ansi based on Memory/File Scan (da.dll.bin)
LCMapStringA
Ansi based on Memory/File Scan (da.dll.bin)
LCMapStringW
Ansi based on Memory/File Scan (da.dll.bin)
LeaveCriticalSection
Ansi based on Memory/File Scan (da.dll.bin)
LoadLibraryA
Ansi based on Memory/File Scan (da.dll.bin)
MessageBoxA
Ansi based on Memory/File Scan (da.dll.bin)
Microsoft Visual C++ Runtime Library
Ansi based on Memory/File Scan (da.dll.bin)
MultiByteToWideChar
Ansi based on Memory/File Scan (da.dll.bin)
Mydll.dll
Ansi based on Memory/File Scan (da.dll.bin)
R6002- floating point not loaded
Ansi based on Memory/File Scan (da.dll.bin)
R6008- not enough space for arguments
Ansi based on Memory/File Scan (da.dll.bin)
R6009- not enough space for environment
Ansi based on Memory/File Scan (da.dll.bin)
R6016- not enough space for thread data
Ansi based on Memory/File Scan (da.dll.bin)
R6017- unexpected multithread lock error
Ansi based on Memory/File Scan (da.dll.bin)
R6018- unexpected heap error
Ansi based on Memory/File Scan (da.dll.bin)
R6019- unable to open console device
Ansi based on Memory/File Scan (da.dll.bin)
R6024- not enough space for _onexit/atexit table
Ansi based on Memory/File Scan (da.dll.bin)
R6025- pure virtual function call
Ansi based on Memory/File Scan (da.dll.bin)
R6026- not enough space for stdio initialization
Ansi based on Memory/File Scan (da.dll.bin)
R6027- not enough space for lowio initialization
Ansi based on Memory/File Scan (da.dll.bin)
R6028- unable to initialize heap
Ansi based on Memory/File Scan (da.dll.bin)
RtlUnwind
Ansi based on Memory/File Scan (da.dll.bin)
runtime error
Ansi based on Memory/File Scan (da.dll.bin)
Runtime Error!Program:
Ansi based on Memory/File Scan (da.dll.bin)
September
Ansi based on Memory/File Scan (da.dll.bin)
SetEnvironmentVariableA
Ansi based on Memory/File Scan (da.dll.bin)
SetHandleCount
Ansi based on Memory/File Scan (da.dll.bin)
SetLastError
Ansi based on Memory/File Scan (da.dll.bin)
SING error
Ansi based on Memory/File Scan (da.dll.bin)
SS@SSPVSS
Ansi based on Memory/File Scan (da.dll.bin)
start calc.exe
Ansi based on Memory/File Scan (da.dll.bin)
start http://www.test.com
Ansi based on Memory/File Scan (da.dll.bin)
start mstsc.exe
Ansi based on Memory/File Scan (da.dll.bin)
start notepad.exe
Ansi based on Memory/File Scan (da.dll.bin)
SunMonTueWedThuFriSat
Ansi based on Memory/File Scan (da.dll.bin)
TerminateProcess
Ansi based on Memory/File Scan (da.dll.bin)
TLOSS error
Ansi based on Memory/File Scan (da.dll.bin)
TlsGetValue
Ansi based on Memory/File Scan (da.dll.bin)
TlsSetValue
Ansi based on Memory/File Scan (da.dll.bin)
user32.dll
Ansi based on Memory/File Scan (da.dll.bin)
VC20XC00U
Ansi based on Memory/File Scan (da.dll.bin)
VirtualAlloc
Ansi based on Memory/File Scan (da.dll.bin)
VirtualFree
Ansi based on Memory/File Scan (da.dll.bin)
WaitForSingleObject
Ansi based on Memory/File Scan (da.dll.bin)
Wednesday
Ansi based on Memory/File Scan (da.dll.bin)
WideCharToMultiByte
Ansi based on Memory/File Scan (da.dll.bin)
WriteFile
Ansi based on Memory/File Scan (da.dll.bin)
"C:\da.dll"
Ansi based on Process Commandline (RunDLL)
/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTaM15WuqpgzMcb2vjyKNO49Vo3CgQUUc7fVB23LFeraGFIAhrTsoXsQKoCEDee6%2Fy9H6fjn8WmaZue6LM%3D
Ansi based on PCAP Processing (PCAP)
/NetworkSolutionsDVServerCA2.crl
Ansi based on PCAP Processing (PCAP)
crl.netsolssl.com
Ansi based on PCAP Processing (PCAP)
Microsoft-CryptoAPI/6.1
Ansi based on PCAP Processing (PCAP)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Ansi based on PCAP Processing (PCAP)
ocsp.netsolssl.com
Ansi based on PCAP Processing (PCAP)
www.test.com
Ansi based on PCAP Processing (PCAP)

Extracted Files

No significant files were extracted.

Notifications

  • Runtime

  • Added comment to Virus Total report
  • Sample was unknown to Virus Total, submitted file for scanning (Permalink: "https://www.virustotal.com/file/9e7283dfcf72ec7611c3be196760a9aeb214643da2599e95ed7cc624f1cd0772/analysis/1494320324/")

Community