ScreenShot
| Created | 2021.07.29 09:51 | Machine | s1_win7_x6403 |
| Filename | joinpornhub.pdf.exe | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 15 detected (AIDetect, malware1, GenericFCA, a variant of Generik, CEIVFVI, Malicious, Trickpak, TRICKBOT, TIGOCJS, CA0SRR, ai score=82, kcloud, Unsafe, Score) | ||
| md5 | e136a977901a98fb11493370926cfcf6 | ||
| sha256 | dbdf67590cfb1a76b02700a7c91c11ddf0c75f5963e6d56020e983e15a65c5d9 | ||
| ssdeep | 6144:3wi7sK+CK0KLSGcUeinKOo15usoj8VOqR6Pu64LQTK:j/KWzinKnboj8sqRds2 | ||
| imphash | 0cc847421006f34ce0abae8731017938 | ||
| impfuzzy | 48:tQ2gIED2YzxAffcAKrq33KqteQCSeKMoFZAXEM:tQ26RGh136qt0 | ||
Network IP location
Signature (18cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable uses a known packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (13cnts) ?
Suricata ids
ET CNC Feodo Tracker Reported CnC Server group 19
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 22
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 22
PE API
IAT(Import Address Table) Library
MFC42.DLL
0x100062e8 None
0x100062ec None
0x100062f0 None
0x100062f4 None
0x100062f8 None
0x100062fc None
0x10006300 None
0x10006304 None
0x10006308 None
0x1000630c None
0x10006310 None
0x10006314 None
0x10006318 None
0x1000631c None
0x10006320 None
0x10006324 None
0x10006328 None
0x1000632c None
0x10006330 None
0x10006334 None
0x10006338 None
0x1000633c None
0x10006340 None
0x10006344 None
0x10006348 None
0x1000634c None
0x10006350 None
0x10006354 None
0x10006358 None
0x1000635c None
0x10006360 None
0x10006364 None
0x10006368 None
0x1000636c None
0x10006370 None
0x10006374 None
0x10006378 None
0x1000637c None
0x10006380 None
0x10006384 None
0x10006388 None
0x1000638c None
0x10006390 None
0x10006394 None
0x10006398 None
0x1000639c None
0x100063a0 None
0x100063a4 None
0x100063a8 None
0x100063ac None
0x100063b0 None
0x100063b4 None
0x100063b8 None
0x100063bc None
0x100063c0 None
0x100063c4 None
0x100063c8 None
0x100063cc None
0x100063d0 None
0x100063d4 None
0x100063d8 None
0x100063dc None
0x100063e0 None
0x100063e4 None
0x100063e8 None
0x100063ec None
0x100063f0 None
0x100063f4 None
0x100063f8 None
0x100063fc None
0x10006400 None
0x10006404 None
0x10006408 None
0x1000640c None
0x10006410 None
0x10006414 None
0x10006418 None
0x1000641c None
0x10006420 None
0x10006424 None
0x10006428 None
0x1000642c None
0x10006430 None
0x10006434 None
0x10006438 None
0x1000643c None
0x10006440 None
0x10006444 None
0x10006448 None
0x1000644c None
0x10006450 None
0x10006454 None
0x10006458 None
0x1000645c None
0x10006460 None
0x10006464 None
0x10006468 None
0x1000646c None
0x10006470 None
0x10006474 None
0x10006478 None
0x1000647c None
0x10006480 None
0x10006484 None
0x10006488 None
0x1000648c None
0x10006490 None
0x10006494 None
0x10006498 None
0x1000649c None
0x100064a0 None
0x100064a4 None
0x100064a8 None
0x100064ac None
0x100064b0 None
0x100064b4 None
0x100064b8 None
0x100064bc None
MSVCRT.dll
0x100064c4 _initterm
0x100064c8 free
0x100064cc _onexit
0x100064d0 __dllonexit
0x100064d4 malloc
0x100064d8 __CxxFrameHandler
0x100064dc _wcsicmp
0x100064e0 _adjust_fdiv
KERNEL32.dll
0x100062d4 DisableThreadLibraryCalls
0x100062d8 GetLastError
0x100062dc LoadLibraryW
0x100062e0 GetCurrentProcess
USER32.dll
0x100064e8 InvalidateRect
0x100064ec UpdateWindow
0x100064f0 LoadIconA
0x100064f4 ShowWindow
0x100064f8 DrawIcon
0x100064fc GetClientRect
0x10006500 GetSystemMetrics
0x10006504 IsIconic
0x10006508 SendMessageA
0x1000650c EnableWindow
0x10006510 GetWindowRect
GDI32.dll
0x100062c8 CreateSolidBrush
0x100062cc CreateFontA
EAT(Export Address Table) Library
0x100028a0 StartW
MFC42.DLL
0x100062e8 None
0x100062ec None
0x100062f0 None
0x100062f4 None
0x100062f8 None
0x100062fc None
0x10006300 None
0x10006304 None
0x10006308 None
0x1000630c None
0x10006310 None
0x10006314 None
0x10006318 None
0x1000631c None
0x10006320 None
0x10006324 None
0x10006328 None
0x1000632c None
0x10006330 None
0x10006334 None
0x10006338 None
0x1000633c None
0x10006340 None
0x10006344 None
0x10006348 None
0x1000634c None
0x10006350 None
0x10006354 None
0x10006358 None
0x1000635c None
0x10006360 None
0x10006364 None
0x10006368 None
0x1000636c None
0x10006370 None
0x10006374 None
0x10006378 None
0x1000637c None
0x10006380 None
0x10006384 None
0x10006388 None
0x1000638c None
0x10006390 None
0x10006394 None
0x10006398 None
0x1000639c None
0x100063a0 None
0x100063a4 None
0x100063a8 None
0x100063ac None
0x100063b0 None
0x100063b4 None
0x100063b8 None
0x100063bc None
0x100063c0 None
0x100063c4 None
0x100063c8 None
0x100063cc None
0x100063d0 None
0x100063d4 None
0x100063d8 None
0x100063dc None
0x100063e0 None
0x100063e4 None
0x100063e8 None
0x100063ec None
0x100063f0 None
0x100063f4 None
0x100063f8 None
0x100063fc None
0x10006400 None
0x10006404 None
0x10006408 None
0x1000640c None
0x10006410 None
0x10006414 None
0x10006418 None
0x1000641c None
0x10006420 None
0x10006424 None
0x10006428 None
0x1000642c None
0x10006430 None
0x10006434 None
0x10006438 None
0x1000643c None
0x10006440 None
0x10006444 None
0x10006448 None
0x1000644c None
0x10006450 None
0x10006454 None
0x10006458 None
0x1000645c None
0x10006460 None
0x10006464 None
0x10006468 None
0x1000646c None
0x10006470 None
0x10006474 None
0x10006478 None
0x1000647c None
0x10006480 None
0x10006484 None
0x10006488 None
0x1000648c None
0x10006490 None
0x10006494 None
0x10006498 None
0x1000649c None
0x100064a0 None
0x100064a4 None
0x100064a8 None
0x100064ac None
0x100064b0 None
0x100064b4 None
0x100064b8 None
0x100064bc None
MSVCRT.dll
0x100064c4 _initterm
0x100064c8 free
0x100064cc _onexit
0x100064d0 __dllonexit
0x100064d4 malloc
0x100064d8 __CxxFrameHandler
0x100064dc _wcsicmp
0x100064e0 _adjust_fdiv
KERNEL32.dll
0x100062d4 DisableThreadLibraryCalls
0x100062d8 GetLastError
0x100062dc LoadLibraryW
0x100062e0 GetCurrentProcess
USER32.dll
0x100064e8 InvalidateRect
0x100064ec UpdateWindow
0x100064f0 LoadIconA
0x100064f4 ShowWindow
0x100064f8 DrawIcon
0x100064fc GetClientRect
0x10006500 GetSystemMetrics
0x10006504 IsIconic
0x10006508 SendMessageA
0x1000650c EnableWindow
0x10006510 GetWindowRect
GDI32.dll
0x100062c8 CreateSolidBrush
0x100062cc CreateFontA
EAT(Export Address Table) Library
0x100028a0 StartW