ScreenShot
| Created | 2021.07.06 18:01 | Machine | s1_win7_x6401 |
| Filename | 60e40fb428612.dll | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 7 detected (malicious, high confidence, Artemis, score, Dridex) | ||
| md5 | c6bfea479b46b9eb7a69667e0165179f | ||
| sha256 | 62dbfe723197430a3af1ec9262fcd2a5c2bfc8e81b97c313101f0a5388d587fc | ||
| ssdeep | 6144:vC8nRa6tXFOspzA7n6NZVeC8i795fubASK9beZTX3l8Eo:J0SVOsphVWi7PWoBeZTX36 | ||
| imphash | 4c29865e356872ef0757b58734cbbb11 | ||
| impfuzzy | 48:T43n9Qc+RGuW8thwuFZeN0SkjGALo0E6x91ttk:T4XWc+RGr8thpeWScc | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| notice | Performs some HTTP requests |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (24cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1044018 CreateProcessA
0x104401c GetSystemDirectoryA
0x1044020 GetTempPathA
0x1044024 GetWindowsDirectoryA
0x1044028 GetCurrentDirectoryA
0x104402c SetSystemPowerState
0x1044030 SetConsoleCP
0x1044034 SetConsoleOutputCP
0x1044038 GetModuleHandleA
0x104403c CreateFileW
0x1044040 ReadConsoleW
0x1044044 WriteConsoleW
0x1044048 SetStdHandle
0x104404c OutputDebugStringW
0x1044050 LoadLibraryExW
0x1044054 GetTimeZoneInformation
0x1044058 GetModuleFileNameA
0x104405c FormatMessageA
0x1044060 GetSystemTimeAsFileTime
0x1044064 GetProcessHeap
0x1044068 VirtualProtect
0x104406c WideCharToMultiByte
0x1044070 MultiByteToWideChar
0x1044074 GetStringTypeW
0x1044078 EnterCriticalSection
0x104407c LeaveCriticalSection
0x1044080 DeleteCriticalSection
0x1044084 EncodePointer
0x1044088 DecodePointer
0x104408c GetLastError
0x1044090 HeapFree
0x1044094 HeapAlloc
0x1044098 RaiseException
0x104409c RtlUnwind
0x10440a0 GetCommandLineA
0x10440a4 GetCurrentThreadId
0x10440a8 GetCPInfo
0x10440ac UnhandledExceptionFilter
0x10440b0 SetUnhandledExceptionFilter
0x10440b4 SetLastError
0x10440b8 InitializeCriticalSectionAndSpinCount
0x10440bc Sleep
0x10440c0 GetCurrentProcess
0x10440c4 TerminateProcess
0x10440c8 TlsAlloc
0x10440cc TlsGetValue
0x10440d0 TlsSetValue
0x10440d4 TlsFree
0x10440d8 GetStartupInfoW
0x10440dc GetModuleHandleW
0x10440e0 GetProcAddress
0x10440e4 IsProcessorFeaturePresent
0x10440e8 GetDateFormatW
0x10440ec GetTimeFormatW
0x10440f0 CompareStringW
0x10440f4 LCMapStringW
0x10440f8 GetLocaleInfoW
0x10440fc IsValidLocale
0x1044100 GetUserDefaultLCID
0x1044104 EnumSystemLocalesW
0x1044108 ExitProcess
0x104410c GetModuleHandleExW
0x1044110 HeapSize
0x1044114 GetStdHandle
0x1044118 WriteFile
0x104411c GetModuleFileNameW
0x1044120 IsDebuggerPresent
0x1044124 IsValidCodePage
0x1044128 GetACP
0x104412c GetOEMCP
0x1044130 GetFileType
0x1044134 QueryPerformanceCounter
0x1044138 GetCurrentProcessId
0x104413c GetEnvironmentStringsW
0x1044140 FreeEnvironmentStringsW
0x1044144 HeapReAlloc
0x1044148 CloseHandle
0x104414c FlushFileBuffers
0x1044150 GetConsoleCP
0x1044154 GetConsoleMode
0x1044158 ReadFile
0x104415c SetFilePointerEx
0x1044160 SetEnvironmentVariableA
USER32.dll
0x1044168 GetWindowThreadProcessId
0x104416c GetSysColorBrush
0x1044170 GetWindowRect
0x1044174 GetClientRect
0x1044178 GetForegroundWindow
0x104417c CreatePopupMenu
0x1044180 DialogBoxIndirectParamA
0x1044184 CreateDialogIndirectParamA
GDI32.dll
0x1044000 SetPixel
0x1044004 SelectObject
0x1044008 PatBlt
0x104400c GetTextExtentPoint32A
0x1044010 StretchBlt
EAT(Export Address Table) Library
0x1021070 Clockcondition
0x1021fa0 Dogwhen
0x1022080 Sing
0x1022270 Wholegray
KERNEL32.dll
0x1044018 CreateProcessA
0x104401c GetSystemDirectoryA
0x1044020 GetTempPathA
0x1044024 GetWindowsDirectoryA
0x1044028 GetCurrentDirectoryA
0x104402c SetSystemPowerState
0x1044030 SetConsoleCP
0x1044034 SetConsoleOutputCP
0x1044038 GetModuleHandleA
0x104403c CreateFileW
0x1044040 ReadConsoleW
0x1044044 WriteConsoleW
0x1044048 SetStdHandle
0x104404c OutputDebugStringW
0x1044050 LoadLibraryExW
0x1044054 GetTimeZoneInformation
0x1044058 GetModuleFileNameA
0x104405c FormatMessageA
0x1044060 GetSystemTimeAsFileTime
0x1044064 GetProcessHeap
0x1044068 VirtualProtect
0x104406c WideCharToMultiByte
0x1044070 MultiByteToWideChar
0x1044074 GetStringTypeW
0x1044078 EnterCriticalSection
0x104407c LeaveCriticalSection
0x1044080 DeleteCriticalSection
0x1044084 EncodePointer
0x1044088 DecodePointer
0x104408c GetLastError
0x1044090 HeapFree
0x1044094 HeapAlloc
0x1044098 RaiseException
0x104409c RtlUnwind
0x10440a0 GetCommandLineA
0x10440a4 GetCurrentThreadId
0x10440a8 GetCPInfo
0x10440ac UnhandledExceptionFilter
0x10440b0 SetUnhandledExceptionFilter
0x10440b4 SetLastError
0x10440b8 InitializeCriticalSectionAndSpinCount
0x10440bc Sleep
0x10440c0 GetCurrentProcess
0x10440c4 TerminateProcess
0x10440c8 TlsAlloc
0x10440cc TlsGetValue
0x10440d0 TlsSetValue
0x10440d4 TlsFree
0x10440d8 GetStartupInfoW
0x10440dc GetModuleHandleW
0x10440e0 GetProcAddress
0x10440e4 IsProcessorFeaturePresent
0x10440e8 GetDateFormatW
0x10440ec GetTimeFormatW
0x10440f0 CompareStringW
0x10440f4 LCMapStringW
0x10440f8 GetLocaleInfoW
0x10440fc IsValidLocale
0x1044100 GetUserDefaultLCID
0x1044104 EnumSystemLocalesW
0x1044108 ExitProcess
0x104410c GetModuleHandleExW
0x1044110 HeapSize
0x1044114 GetStdHandle
0x1044118 WriteFile
0x104411c GetModuleFileNameW
0x1044120 IsDebuggerPresent
0x1044124 IsValidCodePage
0x1044128 GetACP
0x104412c GetOEMCP
0x1044130 GetFileType
0x1044134 QueryPerformanceCounter
0x1044138 GetCurrentProcessId
0x104413c GetEnvironmentStringsW
0x1044140 FreeEnvironmentStringsW
0x1044144 HeapReAlloc
0x1044148 CloseHandle
0x104414c FlushFileBuffers
0x1044150 GetConsoleCP
0x1044154 GetConsoleMode
0x1044158 ReadFile
0x104415c SetFilePointerEx
0x1044160 SetEnvironmentVariableA
USER32.dll
0x1044168 GetWindowThreadProcessId
0x104416c GetSysColorBrush
0x1044170 GetWindowRect
0x1044174 GetClientRect
0x1044178 GetForegroundWindow
0x104417c CreatePopupMenu
0x1044180 DialogBoxIndirectParamA
0x1044184 CreateDialogIndirectParamA
GDI32.dll
0x1044000 SetPixel
0x1044004 SelectObject
0x1044008 PatBlt
0x104400c GetTextExtentPoint32A
0x1044010 StretchBlt
EAT(Export Address Table) Library
0x1021070 Clockcondition
0x1021fa0 Dogwhen
0x1022080 Sing
0x1022270 Wholegray