ScreenShot
Created | 2021.06.11 13:39 | Machine | s1_win7_x6402 |
Filename | logo.png | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 25 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, score, Artemis, Generic ML PUA, kcloud, Caynamer, BScope, Static AI, Malicious PE, Kryptik, HLHG, ZexaF, FyZ@aSLBqwnk, confidence, 100%) | ||
md5 | 526d56017ef5105277fe0d366c95c39d | ||
sha256 | 28f2fa4f9ac95c3fc906e201b758d56c6a888b657dcf57c351a4f34ffb3e0fe2 | ||
ssdeep | 12288:cyLjvFCsHOFO7t8BmzXiDm/znL2wOhlYuGUoPavYWIJdvrQoDptkYIN:BLDFTHOF0anwGYuGDQ2vQoDk5N | ||
imphash | 583b80155ced34658fd6e3d555075407 | ||
impfuzzy | 24:mDoiw+0MINqprtyJ3JQlEcxOadQZlJv/jMJoSJlOov4TqdWHOSQ:bNctCuecvmZj6oSeedXSQ |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
watch | Communicates with host for which no DNS query was performed |
notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
notice | Performs some HTTP requests |
notice | Sends data using the HTTP POST Method |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x560204 GetProcAddress
0x560208 LoadLibraryA
0x56020c ActivateActCtx
0x560210 CreateActCtxA
0x560214 TlsSetValue
0x560218 TlsAlloc
0x56021c VirtualAlloc
0x560220 VirtualProtect
0x560224 GetTickCount
0x560228 GetModuleHandleA
0x56022c GetSystemTime
0x560230 ReadFile
0x560234 SetFilePointer
0x560238 GlobalAlloc
0x56023c GetFileSize
0x560240 CreateFileW
0x560244 GetModuleFileNameW
0x560248 GetModuleHandleW
0x56024c GetLocalTime
0x560250 InterlockedDecrement
0x560254 InterlockedIncrement
0x560258 RaiseException
0x56025c WideCharToMultiByte
0x560260 IsDebuggerPresent
0x560264 MultiByteToWideChar
0x560268 lstrlenA
0x56026c LoadLibraryW
0x560270 IsProcessorFeaturePresent
0x560274 EncodePointer
0x560278 TerminateProcess
0x56027c GetCurrentProcess
0x560280 UnhandledExceptionFilter
0x560284 SetUnhandledExceptionFilter
0x560288 GetCPInfo
0x56028c DecodePointer
0x560290 TlsGetValue
0x560294 TlsFree
0x560298 SetLastError
0x56029c GetCurrentThreadId
0x5602a0 GetLastError
0x5602a4 GetCurrentThread
0x5602a8 InitializeCriticalSectionAndSpinCount
0x5602ac DeleteCriticalSection
0x5602b0 LeaveCriticalSection
0x5602b4 FatalAppExitA
0x5602b8 EnterCriticalSection
0x5602bc HeapFree
0x5602c0 GetACP
0x5602c4 GetOEMCP
0x5602c8 IsValidCodePage
0x5602cc Sleep
0x5602d0 GetUserDefaultLCID
0x5602d4 GetLocaleInfoW
0x5602d8 GetLocaleInfoA
0x5602dc EnumSystemLocalesA
0x5602e0 IsValidLocale
0x5602e4 GetStringTypeW
0x5602e8 SetStdHandle
0x5602ec GetFileType
0x5602f0 WriteFile
0x5602f4 GetConsoleCP
0x5602f8 GetConsoleMode
0x5602fc RtlUnwind
0x560300 FreeLibrary
0x560304 HeapAlloc
0x560308 GetProcessHeap
0x56030c VirtualQuery
0x560310 LCMapStringW
0x560314 ExitProcess
0x560318 GetStdHandle
0x56031c HeapCreate
0x560320 HeapDestroy
0x560324 HeapReAlloc
0x560328 SetHandleCount
0x56032c GetStartupInfoW
0x560330 GetCommandLineA
0x560334 HeapSetInformation
0x560338 WriteConsoleW
0x56033c CloseHandle
0x560340 SetConsoleCtrlHandler
0x560344 InterlockedExchange
0x560348 HeapSize
0x56034c FlushFileBuffers
0x560350 GetModuleFileNameA
0x560354 FreeEnvironmentStringsW
0x560358 GetEnvironmentStringsW
0x56035c QueryPerformanceCounter
0x560360 GetCurrentProcessId
0x560364 GetSystemTimeAsFileTime
0x560368 SetEndOfFile
EAT(Export Address Table) is none
KERNEL32.dll
0x560204 GetProcAddress
0x560208 LoadLibraryA
0x56020c ActivateActCtx
0x560210 CreateActCtxA
0x560214 TlsSetValue
0x560218 TlsAlloc
0x56021c VirtualAlloc
0x560220 VirtualProtect
0x560224 GetTickCount
0x560228 GetModuleHandleA
0x56022c GetSystemTime
0x560230 ReadFile
0x560234 SetFilePointer
0x560238 GlobalAlloc
0x56023c GetFileSize
0x560240 CreateFileW
0x560244 GetModuleFileNameW
0x560248 GetModuleHandleW
0x56024c GetLocalTime
0x560250 InterlockedDecrement
0x560254 InterlockedIncrement
0x560258 RaiseException
0x56025c WideCharToMultiByte
0x560260 IsDebuggerPresent
0x560264 MultiByteToWideChar
0x560268 lstrlenA
0x56026c LoadLibraryW
0x560270 IsProcessorFeaturePresent
0x560274 EncodePointer
0x560278 TerminateProcess
0x56027c GetCurrentProcess
0x560280 UnhandledExceptionFilter
0x560284 SetUnhandledExceptionFilter
0x560288 GetCPInfo
0x56028c DecodePointer
0x560290 TlsGetValue
0x560294 TlsFree
0x560298 SetLastError
0x56029c GetCurrentThreadId
0x5602a0 GetLastError
0x5602a4 GetCurrentThread
0x5602a8 InitializeCriticalSectionAndSpinCount
0x5602ac DeleteCriticalSection
0x5602b0 LeaveCriticalSection
0x5602b4 FatalAppExitA
0x5602b8 EnterCriticalSection
0x5602bc HeapFree
0x5602c0 GetACP
0x5602c4 GetOEMCP
0x5602c8 IsValidCodePage
0x5602cc Sleep
0x5602d0 GetUserDefaultLCID
0x5602d4 GetLocaleInfoW
0x5602d8 GetLocaleInfoA
0x5602dc EnumSystemLocalesA
0x5602e0 IsValidLocale
0x5602e4 GetStringTypeW
0x5602e8 SetStdHandle
0x5602ec GetFileType
0x5602f0 WriteFile
0x5602f4 GetConsoleCP
0x5602f8 GetConsoleMode
0x5602fc RtlUnwind
0x560300 FreeLibrary
0x560304 HeapAlloc
0x560308 GetProcessHeap
0x56030c VirtualQuery
0x560310 LCMapStringW
0x560314 ExitProcess
0x560318 GetStdHandle
0x56031c HeapCreate
0x560320 HeapDestroy
0x560324 HeapReAlloc
0x560328 SetHandleCount
0x56032c GetStartupInfoW
0x560330 GetCommandLineA
0x560334 HeapSetInformation
0x560338 WriteConsoleW
0x56033c CloseHandle
0x560340 SetConsoleCtrlHandler
0x560344 InterlockedExchange
0x560348 HeapSize
0x56034c FlushFileBuffers
0x560350 GetModuleFileNameA
0x560354 FreeEnvironmentStringsW
0x560358 GetEnvironmentStringsW
0x56035c QueryPerformanceCounter
0x560360 GetCurrentProcessId
0x560364 GetSystemTimeAsFileTime
0x560368 SetEndOfFile
EAT(Export Address Table) is none