ScreenShot
| Created | 2021.08.11 09:29 | Machine | s1_win7_x6401 |
| Filename | tooltipred.png | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 6ce7c1cb6f680530d26e6035c2adfaa9 | ||
| sha256 | 6dc07b0a84d1211c8e90e657751b756cc27d0abede25bd805436e9a8ee6d4f79 | ||
| ssdeep | 12288:WR5gpjm2Ku1779BYsYBJCa8qsxtQdk7pwC:ggpjmi79YPCtqsLQd+p | ||
| imphash | f8b60646b40ae52cd59fc07b6f215175 | ||
| impfuzzy | 96:NJig7Jlu/GScqFcTQlZHKdHUjgsAVWOoFPPcRcLt912EUQ:rT9pMHiHUjgsAVWOSPcRcNwQ | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 19
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 19
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4250c4 HeapReAlloc
0x4250c8 HeapSize
0x4250cc HeapDestroy
0x4250d0 HeapCreate
0x4250d4 VirtualFree
0x4250d8 VirtualAlloc
0x4250dc IsBadWritePtr
0x4250e0 UnhandledExceptionFilter
0x4250e4 FreeEnvironmentStringsA
0x4250e8 FreeEnvironmentStringsW
0x4250ec GetEnvironmentStrings
0x4250f0 GetEnvironmentStringsW
0x4250f4 SetHandleCount
0x4250f8 GetStdHandle
0x4250fc TerminateProcess
0x425100 SetUnhandledExceptionFilter
0x425104 LCMapStringA
0x425108 LCMapStringW
0x42510c GetStringTypeA
0x425110 GetStringTypeW
0x425114 IsBadReadPtr
0x425118 IsBadCodePtr
0x42511c SetStdHandle
0x425120 GetACP
0x425124 GetProfileStringA
0x425128 HeapFree
0x42512c RaiseException
0x425130 GetCommandLineA
0x425134 GetStartupInfoA
0x425138 HeapAlloc
0x42513c RtlUnwind
0x425140 FlushFileBuffers
0x425144 SetFilePointer
0x425148 WriteFile
0x42514c SetErrorMode
0x425150 WritePrivateProfileStringA
0x425154 GetOEMCP
0x425158 GetCPInfo
0x42515c GetProcessVersion
0x425160 TlsGetValue
0x425164 LocalReAlloc
0x425168 TlsSetValue
0x42516c EnterCriticalSection
0x425170 LeaveCriticalSection
0x425174 TlsFree
0x425178 GlobalHandle
0x42517c DeleteCriticalSection
0x425180 TlsAlloc
0x425184 InitializeCriticalSection
0x425188 LocalAlloc
0x42518c SizeofResource
0x425190 GetLastError
0x425194 GlobalFlags
0x425198 CloseHandle
0x42519c lstrcmpA
0x4251a0 GetCurrentThread
0x4251a4 FormatMessageA
0x4251a8 LocalFree
0x4251ac MulDiv
0x4251b0 SetLastError
0x4251b4 GlobalAlloc
0x4251b8 GlobalSize
0x4251bc GlobalReAlloc
0x4251c0 GetModuleFileNameA
0x4251c4 MultiByteToWideChar
0x4251c8 WideCharToMultiByte
0x4251cc InterlockedDecrement
0x4251d0 InterlockedIncrement
0x4251d4 lstrcpynA
0x4251d8 LoadLibraryA
0x4251dc FreeLibrary
0x4251e0 GetVersion
0x4251e4 lstrcatA
0x4251e8 GetCurrentThreadId
0x4251ec GlobalGetAtomNameA
0x4251f0 lstrcmpiA
0x4251f4 GlobalAddAtomA
0x4251f8 GlobalFindAtomA
0x4251fc GlobalDeleteAtom
0x425200 lstrcpyA
0x425204 lstrlenA
0x425208 GetModuleHandleA
0x42520c GetProcAddress
0x425210 GlobalLock
0x425214 GlobalUnlock
0x425218 GlobalFree
0x42521c LockResource
0x425220 FindResourceA
0x425224 LoadResource
0x425228 LoadLibraryW
0x42522c ExitProcess
0x425230 GetCurrentProcess
0x425234 GetFileType
USER32.dll
0x425274 InvalidateRect
0x425278 SetWindowTextA
0x42527c IsDialogMessageA
0x425280 SetDlgItemTextA
0x425284 PostMessageA
0x425288 MapWindowPoints
0x42528c PeekMessageA
0x425290 DispatchMessageA
0x425294 GetFocus
0x425298 SetFocus
0x42529c AdjustWindowRectEx
0x4252a0 IsWindowVisible
0x4252a4 GetTopWindow
0x4252a8 MessageBoxA
0x4252ac GetCapture
0x4252b0 WinHelpA
0x4252b4 wsprintfA
0x4252b8 GetClassInfoA
0x4252bc RegisterClassA
0x4252c0 GetMenu
0x4252c4 GetWindowTextLengthA
0x4252c8 GetWindowTextA
0x4252cc GetDlgCtrlID
0x4252d0 GetKeyState
0x4252d4 DefWindowProcA
0x4252d8 SetWindowsHookExA
0x4252dc CallNextHookEx
0x4252e0 GetClassLongA
0x4252e4 SetPropA
0x4252e8 UnhookWindowsHookEx
0x4252ec GetPropA
0x4252f0 CallWindowProcA
0x4252f4 RemovePropA
0x4252f8 GetMessageTime
0x4252fc GetMessagePos
0x425300 GetLastActivePopup
0x425304 GetForegroundWindow
0x425308 GetWindow
0x42530c SetWindowLongA
0x425310 SetWindowPos
0x425314 RegisterWindowMessageA
0x425318 OffsetRect
0x42531c IntersectRect
0x425320 SystemParametersInfoA
0x425324 GetWindowPlacement
0x425328 GetWindowRect
0x42532c GetNextDlgTabItem
0x425330 EndDialog
0x425334 GetActiveWindow
0x425338 SetActiveWindow
0x42533c IsWindow
0x425340 CreateDialogIndirectParamA
0x425344 DestroyWindow
0x425348 GetParent
0x42534c GetWindowLongA
0x425350 GetDlgItem
0x425354 IsWindowEnabled
0x425358 EnableWindow
0x42535c UnregisterClassA
0x425360 HideCaret
0x425364 ShowCaret
0x425368 ExcludeUpdateRgn
0x42536c DefDlgProcA
0x425370 SetTimer
0x425374 LoadCursorA
0x425378 LoadBitmapA
0x42537c UpdateWindow
0x425380 GetClientRect
0x425384 IsIconic
0x425388 DrawIcon
0x42538c GetSystemMetrics
0x425390 GetSystemMenu
0x425394 AppendMenuA
0x425398 InflateRect
0x42539c GetMenuItemCount
0x4253a0 GetSysColorBrush
0x4253a4 LoadMenuA
0x4253a8 GetSubMenu
0x4253ac GetMenuItemID
0x4253b0 SetMenuDefaultItem
0x4253b4 SetForegroundWindow
0x4253b8 TrackPopupMenu
0x4253bc DrawFocusRect
0x4253c0 CopyRect
0x4253c4 GetSysColor
0x4253c8 ScreenToClient
0x4253cc GetCursorPos
0x4253d0 LoadIconA
0x4253d4 CharNextA
0x4253d8 IsWindowUnicode
0x4253dc SendMessageA
0x4253e0 PtInRect
0x4253e4 GetClassNameA
0x4253e8 GetMessageA
0x4253ec TranslateMessage
0x4253f0 ValidateRect
0x4253f4 SetCursor
0x4253f8 PostQuitMessage
0x4253fc DestroyMenu
0x425400 LoadStringA
0x425404 GrayStringA
0x425408 DrawTextA
0x42540c TabbedTextOutA
0x425410 EndPaint
0x425414 BeginPaint
0x425418 GetWindowDC
0x42541c ClientToScreen
0x425420 GetDC
0x425424 ReleaseDC
0x425428 GetMenuCheckMarkDimensions
0x42542c GetMenuState
0x425430 ModifyMenuA
0x425434 SetMenuItemBitmaps
0x425438 CheckMenuItem
0x42543c EnableMenuItem
0x425440 CreateWindowExA
0x425444 ShowWindow
0x425448 SendDlgItemMessageA
GDI32.dll
0x425030 SetMapMode
0x425034 SetViewportOrgEx
0x425038 OffsetViewportOrgEx
0x42503c SetViewportExtEx
0x425040 ScaleViewportExtEx
0x425044 SetWindowExtEx
0x425048 ScaleWindowExtEx
0x42504c IntersectClipRect
0x425050 MoveToEx
0x425054 LineTo
0x425058 DeleteObject
0x42505c GetDeviceCaps
0x425060 CreatePen
0x425064 CreateSolidBrush
0x425068 PtVisible
0x42506c RectVisible
0x425070 TextOutA
0x425074 ExtTextOutA
0x425078 Escape
0x42507c SetBkMode
0x425080 GetStockObject
0x425084 SelectObject
0x425088 RestoreDC
0x42508c SaveDC
0x425090 DeleteDC
0x425094 PatBlt
0x425098 CreateBitmap
0x42509c SetBkColor
0x4250a0 SetTextColor
0x4250a4 GetClipBox
0x4250a8 BitBlt
0x4250ac CreateCompatibleDC
0x4250b0 GetObjectA
0x4250b4 CreateDIBitmap
0x4250b8 GetTextExtentPointA
0x4250bc GetTextExtentPoint32A
WINSPOOL.DRV
0x425450 ClosePrinter
0x425454 DocumentPropertiesA
0x425458 OpenPrinterA
ADVAPI32.dll
0x425000 RegCloseKey
0x425004 RegOpenKeyExA
0x425008 RegSetValueExA
0x42500c RegCreateKeyExA
0x425010 RegQueryValueExA
SHELL32.dll
0x42526c Shell_NotifyIconA
COMCTL32.dll
0x425018 ImageList_Draw
0x42501c None
0x425020 ImageList_Destroy
0x425024 ImageList_Create
0x425028 ImageList_ReplaceIcon
ole32.dll
0x425460 CoUninitialize
0x425464 CoInitialize
0x425468 CoGetClassObject
OLEAUT32.dll
0x42523c SysAllocStringByteLen
0x425240 SysAllocString
0x425244 VariantCopy
0x425248 SafeArrayRedim
0x42524c SafeArrayCreate
0x425250 SafeArrayGetDim
0x425254 SafeArrayGetLBound
0x425258 SafeArrayGetUBound
0x42525c SafeArrayAccessData
0x425260 SafeArrayUnaccessData
0x425264 VariantClear
EAT(Export Address Table) is none
KERNEL32.dll
0x4250c4 HeapReAlloc
0x4250c8 HeapSize
0x4250cc HeapDestroy
0x4250d0 HeapCreate
0x4250d4 VirtualFree
0x4250d8 VirtualAlloc
0x4250dc IsBadWritePtr
0x4250e0 UnhandledExceptionFilter
0x4250e4 FreeEnvironmentStringsA
0x4250e8 FreeEnvironmentStringsW
0x4250ec GetEnvironmentStrings
0x4250f0 GetEnvironmentStringsW
0x4250f4 SetHandleCount
0x4250f8 GetStdHandle
0x4250fc TerminateProcess
0x425100 SetUnhandledExceptionFilter
0x425104 LCMapStringA
0x425108 LCMapStringW
0x42510c GetStringTypeA
0x425110 GetStringTypeW
0x425114 IsBadReadPtr
0x425118 IsBadCodePtr
0x42511c SetStdHandle
0x425120 GetACP
0x425124 GetProfileStringA
0x425128 HeapFree
0x42512c RaiseException
0x425130 GetCommandLineA
0x425134 GetStartupInfoA
0x425138 HeapAlloc
0x42513c RtlUnwind
0x425140 FlushFileBuffers
0x425144 SetFilePointer
0x425148 WriteFile
0x42514c SetErrorMode
0x425150 WritePrivateProfileStringA
0x425154 GetOEMCP
0x425158 GetCPInfo
0x42515c GetProcessVersion
0x425160 TlsGetValue
0x425164 LocalReAlloc
0x425168 TlsSetValue
0x42516c EnterCriticalSection
0x425170 LeaveCriticalSection
0x425174 TlsFree
0x425178 GlobalHandle
0x42517c DeleteCriticalSection
0x425180 TlsAlloc
0x425184 InitializeCriticalSection
0x425188 LocalAlloc
0x42518c SizeofResource
0x425190 GetLastError
0x425194 GlobalFlags
0x425198 CloseHandle
0x42519c lstrcmpA
0x4251a0 GetCurrentThread
0x4251a4 FormatMessageA
0x4251a8 LocalFree
0x4251ac MulDiv
0x4251b0 SetLastError
0x4251b4 GlobalAlloc
0x4251b8 GlobalSize
0x4251bc GlobalReAlloc
0x4251c0 GetModuleFileNameA
0x4251c4 MultiByteToWideChar
0x4251c8 WideCharToMultiByte
0x4251cc InterlockedDecrement
0x4251d0 InterlockedIncrement
0x4251d4 lstrcpynA
0x4251d8 LoadLibraryA
0x4251dc FreeLibrary
0x4251e0 GetVersion
0x4251e4 lstrcatA
0x4251e8 GetCurrentThreadId
0x4251ec GlobalGetAtomNameA
0x4251f0 lstrcmpiA
0x4251f4 GlobalAddAtomA
0x4251f8 GlobalFindAtomA
0x4251fc GlobalDeleteAtom
0x425200 lstrcpyA
0x425204 lstrlenA
0x425208 GetModuleHandleA
0x42520c GetProcAddress
0x425210 GlobalLock
0x425214 GlobalUnlock
0x425218 GlobalFree
0x42521c LockResource
0x425220 FindResourceA
0x425224 LoadResource
0x425228 LoadLibraryW
0x42522c ExitProcess
0x425230 GetCurrentProcess
0x425234 GetFileType
USER32.dll
0x425274 InvalidateRect
0x425278 SetWindowTextA
0x42527c IsDialogMessageA
0x425280 SetDlgItemTextA
0x425284 PostMessageA
0x425288 MapWindowPoints
0x42528c PeekMessageA
0x425290 DispatchMessageA
0x425294 GetFocus
0x425298 SetFocus
0x42529c AdjustWindowRectEx
0x4252a0 IsWindowVisible
0x4252a4 GetTopWindow
0x4252a8 MessageBoxA
0x4252ac GetCapture
0x4252b0 WinHelpA
0x4252b4 wsprintfA
0x4252b8 GetClassInfoA
0x4252bc RegisterClassA
0x4252c0 GetMenu
0x4252c4 GetWindowTextLengthA
0x4252c8 GetWindowTextA
0x4252cc GetDlgCtrlID
0x4252d0 GetKeyState
0x4252d4 DefWindowProcA
0x4252d8 SetWindowsHookExA
0x4252dc CallNextHookEx
0x4252e0 GetClassLongA
0x4252e4 SetPropA
0x4252e8 UnhookWindowsHookEx
0x4252ec GetPropA
0x4252f0 CallWindowProcA
0x4252f4 RemovePropA
0x4252f8 GetMessageTime
0x4252fc GetMessagePos
0x425300 GetLastActivePopup
0x425304 GetForegroundWindow
0x425308 GetWindow
0x42530c SetWindowLongA
0x425310 SetWindowPos
0x425314 RegisterWindowMessageA
0x425318 OffsetRect
0x42531c IntersectRect
0x425320 SystemParametersInfoA
0x425324 GetWindowPlacement
0x425328 GetWindowRect
0x42532c GetNextDlgTabItem
0x425330 EndDialog
0x425334 GetActiveWindow
0x425338 SetActiveWindow
0x42533c IsWindow
0x425340 CreateDialogIndirectParamA
0x425344 DestroyWindow
0x425348 GetParent
0x42534c GetWindowLongA
0x425350 GetDlgItem
0x425354 IsWindowEnabled
0x425358 EnableWindow
0x42535c UnregisterClassA
0x425360 HideCaret
0x425364 ShowCaret
0x425368 ExcludeUpdateRgn
0x42536c DefDlgProcA
0x425370 SetTimer
0x425374 LoadCursorA
0x425378 LoadBitmapA
0x42537c UpdateWindow
0x425380 GetClientRect
0x425384 IsIconic
0x425388 DrawIcon
0x42538c GetSystemMetrics
0x425390 GetSystemMenu
0x425394 AppendMenuA
0x425398 InflateRect
0x42539c GetMenuItemCount
0x4253a0 GetSysColorBrush
0x4253a4 LoadMenuA
0x4253a8 GetSubMenu
0x4253ac GetMenuItemID
0x4253b0 SetMenuDefaultItem
0x4253b4 SetForegroundWindow
0x4253b8 TrackPopupMenu
0x4253bc DrawFocusRect
0x4253c0 CopyRect
0x4253c4 GetSysColor
0x4253c8 ScreenToClient
0x4253cc GetCursorPos
0x4253d0 LoadIconA
0x4253d4 CharNextA
0x4253d8 IsWindowUnicode
0x4253dc SendMessageA
0x4253e0 PtInRect
0x4253e4 GetClassNameA
0x4253e8 GetMessageA
0x4253ec TranslateMessage
0x4253f0 ValidateRect
0x4253f4 SetCursor
0x4253f8 PostQuitMessage
0x4253fc DestroyMenu
0x425400 LoadStringA
0x425404 GrayStringA
0x425408 DrawTextA
0x42540c TabbedTextOutA
0x425410 EndPaint
0x425414 BeginPaint
0x425418 GetWindowDC
0x42541c ClientToScreen
0x425420 GetDC
0x425424 ReleaseDC
0x425428 GetMenuCheckMarkDimensions
0x42542c GetMenuState
0x425430 ModifyMenuA
0x425434 SetMenuItemBitmaps
0x425438 CheckMenuItem
0x42543c EnableMenuItem
0x425440 CreateWindowExA
0x425444 ShowWindow
0x425448 SendDlgItemMessageA
GDI32.dll
0x425030 SetMapMode
0x425034 SetViewportOrgEx
0x425038 OffsetViewportOrgEx
0x42503c SetViewportExtEx
0x425040 ScaleViewportExtEx
0x425044 SetWindowExtEx
0x425048 ScaleWindowExtEx
0x42504c IntersectClipRect
0x425050 MoveToEx
0x425054 LineTo
0x425058 DeleteObject
0x42505c GetDeviceCaps
0x425060 CreatePen
0x425064 CreateSolidBrush
0x425068 PtVisible
0x42506c RectVisible
0x425070 TextOutA
0x425074 ExtTextOutA
0x425078 Escape
0x42507c SetBkMode
0x425080 GetStockObject
0x425084 SelectObject
0x425088 RestoreDC
0x42508c SaveDC
0x425090 DeleteDC
0x425094 PatBlt
0x425098 CreateBitmap
0x42509c SetBkColor
0x4250a0 SetTextColor
0x4250a4 GetClipBox
0x4250a8 BitBlt
0x4250ac CreateCompatibleDC
0x4250b0 GetObjectA
0x4250b4 CreateDIBitmap
0x4250b8 GetTextExtentPointA
0x4250bc GetTextExtentPoint32A
WINSPOOL.DRV
0x425450 ClosePrinter
0x425454 DocumentPropertiesA
0x425458 OpenPrinterA
ADVAPI32.dll
0x425000 RegCloseKey
0x425004 RegOpenKeyExA
0x425008 RegSetValueExA
0x42500c RegCreateKeyExA
0x425010 RegQueryValueExA
SHELL32.dll
0x42526c Shell_NotifyIconA
COMCTL32.dll
0x425018 ImageList_Draw
0x42501c None
0x425020 ImageList_Destroy
0x425024 ImageList_Create
0x425028 ImageList_ReplaceIcon
ole32.dll
0x425460 CoUninitialize
0x425464 CoInitialize
0x425468 CoGetClassObject
OLEAUT32.dll
0x42523c SysAllocStringByteLen
0x425240 SysAllocString
0x425244 VariantCopy
0x425248 SafeArrayRedim
0x42524c SafeArrayCreate
0x425250 SafeArrayGetDim
0x425254 SafeArrayGetLBound
0x425258 SafeArrayGetUBound
0x42525c SafeArrayAccessData
0x425260 SafeArrayUnaccessData
0x425264 VariantClear
EAT(Export Address Table) is none