ScreenShot
| Created | 2021.09.22 09:47 | Machine | s1_win7_x6402 |
| Filename | 1115744375.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 53 detected (AIDetect, malware2, Racealer, malicious, high confidence, GenericKD, Unsafe, TrojanPSW, ZexaF, JqW@aWi7jFl, ITNZ, Attribute, HighConfidence, Raccoon, janrll, MalwareX, Gencirc, DownLoader41, GenericRXMR, Racoon, Score, StellarStealer, jnxyo, ASMalwS, Tnega, ai score=82, BScope, RaccoonStealer, R067C0PIH21, CLASSIC, 44EKjHk, Static AI, Malicious PE, susgen, GdSda, confidence, 100%) | ||
| md5 | c7be1b666b8ec3b2a43bb1713fba6fdd | ||
| sha256 | 79b016ce5731ed6ba8a2f570c5d32b69f3ba9e6b6624e95e219df4a1626e67f8 | ||
| ssdeep | 12288:jh/yDN787IPelHo8BM2rMayvaD7Jz52548cRWipfx8BjaM3bG7nU:d28y2rMDaD7j2581k3ijU | ||
| imphash | 35279f0bcb93fbb246a2ff5f9995bdc1 | ||
| impfuzzy | 96:WrznXQjOqeX23mGz8v0LVGxgcpVeceb4nlEHdkNAM6lYo:wjX2eX2A9e8lAdkNeYo | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (5cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x46c088 WaitForSingleObject
0x46c08c GetModuleHandleA
0x46c090 GetLocaleInfoA
0x46c094 Sleep
0x46c098 RemoveDirectoryTransactedA
0x46c09c GetUserDefaultLCID
0x46c0a0 CreateThread
0x46c0a4 GetLastError
0x46c0a8 DeleteFileA
0x46c0ac HeapAlloc
0x46c0b0 lstrcpynA
0x46c0b4 lstrcmpiW
0x46c0b8 GetModuleFileNameA
0x46c0bc GetCurrentProcess
0x46c0c0 GetSystemPowerStatus
0x46c0c4 CreateMutexA
0x46c0c8 OpenProcess
0x46c0cc CreateToolhelp32Snapshot
0x46c0d0 MultiByteToWideChar
0x46c0d4 GetSystemWow64DirectoryW
0x46c0d8 GetTimeZoneInformation
0x46c0dc OpenMutexA
0x46c0e0 Process32NextW
0x46c0e4 GlobalAlloc
0x46c0e8 GetEnvironmentVariableA
0x46c0ec Process32FirstW
0x46c0f0 GlobalFree
0x46c0f4 GetSystemInfo
0x46c0f8 GetLogicalDriveStringsA
0x46c0fc GlobalMemoryStatusEx
0x46c100 WideCharToMultiByte
0x46c104 CreateProcessA
0x46c108 GetComputerNameA
0x46c10c UnmapViewOfFile
0x46c110 GetFileInformationByHandle
0x46c114 CloseHandle
0x46c118 GetLocalTime
0x46c11c CreateFileMappingA
0x46c120 MapViewOfFile
0x46c124 GetTickCount
0x46c128 SetStdHandle
0x46c12c FreeEnvironmentStringsW
0x46c130 GetEnvironmentStringsW
0x46c134 GetOEMCP
0x46c138 GetACP
0x46c13c IsValidCodePage
0x46c140 HeapReAlloc
0x46c144 OutputDebugStringW
0x46c148 lstrlenA
0x46c14c GetFileSize
0x46c150 lstrcpyW
0x46c154 lstrcatW
0x46c158 GetVersionExW
0x46c15c lstrlenW
0x46c160 CreateDirectoryA
0x46c164 lstrcpyA
0x46c168 SystemTimeToFileTime
0x46c16c CreateFileA
0x46c170 GetFileAttributesA
0x46c174 LocalFileTimeToFileTime
0x46c178 SetCurrentDirectoryA
0x46c17c GetCurrentDirectoryA
0x46c180 SetFilePointer
0x46c184 SetFileTime
0x46c188 WriteFile
0x46c18c ReadFile
0x46c190 FindClose
0x46c194 GetDriveTypeA
0x46c198 CopyFileTransactedA
0x46c19c FreeLibrary
0x46c1a0 GetProcessHeap
0x46c1a4 LocalFree
0x46c1a8 GetProcAddress
0x46c1ac LoadLibraryA
0x46c1b0 LocalAlloc
0x46c1b4 DeleteFileTransactedA
0x46c1b8 SetEnvironmentVariableW
0x46c1bc ReadConsoleW
0x46c1c0 EnumSystemLocalesW
0x46c1c4 IsValidLocale
0x46c1c8 GetLocaleInfoW
0x46c1cc LCMapStringW
0x46c1d0 CompareStringW
0x46c1d4 GetTimeFormatW
0x46c1d8 GetDateFormatW
0x46c1dc GetConsoleMode
0x46c1e0 GetConsoleCP
0x46c1e4 FlushFileBuffers
0x46c1e8 GetFileSizeEx
0x46c1ec HeapSize
0x46c1f0 GetCommandLineW
0x46c1f4 GetCommandLineA
0x46c1f8 WriteConsoleW
0x46c1fc GetModuleFileNameW
0x46c200 GetFileType
0x46c204 GetStdHandle
0x46c208 GetModuleHandleExW
0x46c20c HeapFree
0x46c210 FileTimeToSystemTime
0x46c214 CreateDirectoryTransactedA
0x46c218 ExitProcess
0x46c21c LoadLibraryExW
0x46c220 TlsFree
0x46c224 TlsSetValue
0x46c228 TlsGetValue
0x46c22c TlsAlloc
0x46c230 InitializeCriticalSectionAndSpinCount
0x46c234 SetLastError
0x46c238 RaiseException
0x46c23c RtlUnwind
0x46c240 TerminateProcess
0x46c244 InitializeSListHead
0x46c248 GetSystemTimeAsFileTime
0x46c24c GetCurrentThreadId
0x46c250 GetCurrentProcessId
0x46c254 QueryPerformanceCounter
0x46c258 GetModuleHandleW
0x46c25c GetStartupInfoW
0x46c260 SetUnhandledExceptionFilter
0x46c264 UnhandledExceptionFilter
0x46c268 IsDebuggerPresent
0x46c26c IsProcessorFeaturePresent
0x46c270 GetCPInfo
0x46c274 SetCurrentDirectoryW
0x46c278 CreateDirectoryW
0x46c27c CreateFileW
0x46c280 FindFirstFileExW
0x46c284 FindNextFileW
0x46c288 GetFileAttributesExW
0x46c28c SetEndOfFile
0x46c290 SetFilePointerEx
0x46c294 AreFileApisANSI
0x46c298 DeviceIoControl
0x46c29c CopyFileW
0x46c2a0 CreateHardLinkW
0x46c2a4 GetFileInformationByHandleEx
0x46c2a8 CreateSymbolicLinkW
0x46c2ac FormatMessageA
0x46c2b0 EnterCriticalSection
0x46c2b4 LeaveCriticalSection
0x46c2b8 InitializeCriticalSectionEx
0x46c2bc DeleteCriticalSection
0x46c2c0 EncodePointer
0x46c2c4 DecodePointer
0x46c2c8 LCMapStringEx
0x46c2cc GetStringTypeW
USER32.dll
0x46c2f4 wsprintfW
0x46c2f8 wsprintfA
0x46c2fc GetWindowRect
0x46c300 GetSystemMetrics
0x46c304 GetWindowDC
0x46c308 EnumDisplayDevicesA
0x46c30c GetDesktopWindow
GDI32.dll
0x46c060 BitBlt
0x46c064 SaveDC
0x46c068 SelectObject
0x46c06c CreateDIBSection
0x46c070 CreateCompatibleDC
0x46c074 GetDeviceCaps
0x46c078 DeleteDC
0x46c07c RestoreDC
0x46c080 DeleteObject
ADVAPI32.dll
0x46c000 GetTokenInformation
0x46c004 CryptGetHashParam
0x46c008 CryptDestroyHash
0x46c00c RegQueryValueExA
0x46c010 GetUserNameA
0x46c014 CreateProcessWithTokenW
0x46c018 OpenProcessToken
0x46c01c RegOpenKeyExA
0x46c020 ConvertSidToStringSidW
0x46c024 DuplicateTokenEx
0x46c028 RegQueryValueExW
0x46c02c CryptReleaseContext
0x46c030 RegCloseKey
0x46c034 RegEnumKeyExW
0x46c038 RegOpenKeyExW
0x46c03c CryptAcquireContextA
0x46c040 CredEnumerateW
0x46c044 CredFree
0x46c048 CryptCreateHash
0x46c04c CryptHashData
SHELL32.dll
0x46c2d4 SHGetFolderPathA
0x46c2d8 ShellExecuteA
0x46c2dc SHGetSpecialFolderPathW
ole32.dll
0x46c39c CoInitialize
0x46c3a0 CoUninitialize
0x46c3a4 CoTaskMemFree
0x46c3a8 CoCreateInstance
USERENV.dll
0x46c314 GetUserProfileDirectoryA
ktmw32.dll
0x46c38c CreateTransaction
0x46c390 RollbackTransaction
0x46c394 CommitTransaction
crypt.dll
0x46c344 BCryptDecrypt
0x46c348 BCryptDestroyKey
0x46c34c BCryptGenerateSymmetricKey
0x46c350 BCryptOpenAlgorithmProvider
0x46c354 BCryptCloseAlgorithmProvider
0x46c358 BCryptSetProperty
CRYPT32.dll
0x46c054 CryptStringToBinaryA
0x46c058 CryptUnprotectData
SHLWAPI.dll
0x46c2e4 StrCmpNW
0x46c2e8 StrToIntA
0x46c2ec StrStrIW
WINHTTP.dll
0x46c31c WinHttpSendRequest
0x46c320 WinHttpConnect
0x46c324 WinHttpQueryDataAvailable
0x46c328 WinHttpOpenRequest
0x46c32c WinHttpCloseHandle
0x46c330 WinHttpOpen
0x46c334 WinHttpSetOption
0x46c338 WinHttpReceiveResponse
0x46c33c WinHttpReadData
gdiplus.dll
0x46c360 GdiplusStartup
0x46c364 GdipGetImageEncodersSize
0x46c368 GdipFree
0x46c36c GdipDisposeImage
0x46c370 GdipCreateBitmapFromHBITMAP
0x46c374 GdipAlloc
0x46c378 GdipCloneImage
0x46c37c GdipGetImageEncoders
0x46c380 GdiplusShutdown
0x46c384 GdipSaveImageToFile
EAT(Export Address Table) is none
KERNEL32.dll
0x46c088 WaitForSingleObject
0x46c08c GetModuleHandleA
0x46c090 GetLocaleInfoA
0x46c094 Sleep
0x46c098 RemoveDirectoryTransactedA
0x46c09c GetUserDefaultLCID
0x46c0a0 CreateThread
0x46c0a4 GetLastError
0x46c0a8 DeleteFileA
0x46c0ac HeapAlloc
0x46c0b0 lstrcpynA
0x46c0b4 lstrcmpiW
0x46c0b8 GetModuleFileNameA
0x46c0bc GetCurrentProcess
0x46c0c0 GetSystemPowerStatus
0x46c0c4 CreateMutexA
0x46c0c8 OpenProcess
0x46c0cc CreateToolhelp32Snapshot
0x46c0d0 MultiByteToWideChar
0x46c0d4 GetSystemWow64DirectoryW
0x46c0d8 GetTimeZoneInformation
0x46c0dc OpenMutexA
0x46c0e0 Process32NextW
0x46c0e4 GlobalAlloc
0x46c0e8 GetEnvironmentVariableA
0x46c0ec Process32FirstW
0x46c0f0 GlobalFree
0x46c0f4 GetSystemInfo
0x46c0f8 GetLogicalDriveStringsA
0x46c0fc GlobalMemoryStatusEx
0x46c100 WideCharToMultiByte
0x46c104 CreateProcessA
0x46c108 GetComputerNameA
0x46c10c UnmapViewOfFile
0x46c110 GetFileInformationByHandle
0x46c114 CloseHandle
0x46c118 GetLocalTime
0x46c11c CreateFileMappingA
0x46c120 MapViewOfFile
0x46c124 GetTickCount
0x46c128 SetStdHandle
0x46c12c FreeEnvironmentStringsW
0x46c130 GetEnvironmentStringsW
0x46c134 GetOEMCP
0x46c138 GetACP
0x46c13c IsValidCodePage
0x46c140 HeapReAlloc
0x46c144 OutputDebugStringW
0x46c148 lstrlenA
0x46c14c GetFileSize
0x46c150 lstrcpyW
0x46c154 lstrcatW
0x46c158 GetVersionExW
0x46c15c lstrlenW
0x46c160 CreateDirectoryA
0x46c164 lstrcpyA
0x46c168 SystemTimeToFileTime
0x46c16c CreateFileA
0x46c170 GetFileAttributesA
0x46c174 LocalFileTimeToFileTime
0x46c178 SetCurrentDirectoryA
0x46c17c GetCurrentDirectoryA
0x46c180 SetFilePointer
0x46c184 SetFileTime
0x46c188 WriteFile
0x46c18c ReadFile
0x46c190 FindClose
0x46c194 GetDriveTypeA
0x46c198 CopyFileTransactedA
0x46c19c FreeLibrary
0x46c1a0 GetProcessHeap
0x46c1a4 LocalFree
0x46c1a8 GetProcAddress
0x46c1ac LoadLibraryA
0x46c1b0 LocalAlloc
0x46c1b4 DeleteFileTransactedA
0x46c1b8 SetEnvironmentVariableW
0x46c1bc ReadConsoleW
0x46c1c0 EnumSystemLocalesW
0x46c1c4 IsValidLocale
0x46c1c8 GetLocaleInfoW
0x46c1cc LCMapStringW
0x46c1d0 CompareStringW
0x46c1d4 GetTimeFormatW
0x46c1d8 GetDateFormatW
0x46c1dc GetConsoleMode
0x46c1e0 GetConsoleCP
0x46c1e4 FlushFileBuffers
0x46c1e8 GetFileSizeEx
0x46c1ec HeapSize
0x46c1f0 GetCommandLineW
0x46c1f4 GetCommandLineA
0x46c1f8 WriteConsoleW
0x46c1fc GetModuleFileNameW
0x46c200 GetFileType
0x46c204 GetStdHandle
0x46c208 GetModuleHandleExW
0x46c20c HeapFree
0x46c210 FileTimeToSystemTime
0x46c214 CreateDirectoryTransactedA
0x46c218 ExitProcess
0x46c21c LoadLibraryExW
0x46c220 TlsFree
0x46c224 TlsSetValue
0x46c228 TlsGetValue
0x46c22c TlsAlloc
0x46c230 InitializeCriticalSectionAndSpinCount
0x46c234 SetLastError
0x46c238 RaiseException
0x46c23c RtlUnwind
0x46c240 TerminateProcess
0x46c244 InitializeSListHead
0x46c248 GetSystemTimeAsFileTime
0x46c24c GetCurrentThreadId
0x46c250 GetCurrentProcessId
0x46c254 QueryPerformanceCounter
0x46c258 GetModuleHandleW
0x46c25c GetStartupInfoW
0x46c260 SetUnhandledExceptionFilter
0x46c264 UnhandledExceptionFilter
0x46c268 IsDebuggerPresent
0x46c26c IsProcessorFeaturePresent
0x46c270 GetCPInfo
0x46c274 SetCurrentDirectoryW
0x46c278 CreateDirectoryW
0x46c27c CreateFileW
0x46c280 FindFirstFileExW
0x46c284 FindNextFileW
0x46c288 GetFileAttributesExW
0x46c28c SetEndOfFile
0x46c290 SetFilePointerEx
0x46c294 AreFileApisANSI
0x46c298 DeviceIoControl
0x46c29c CopyFileW
0x46c2a0 CreateHardLinkW
0x46c2a4 GetFileInformationByHandleEx
0x46c2a8 CreateSymbolicLinkW
0x46c2ac FormatMessageA
0x46c2b0 EnterCriticalSection
0x46c2b4 LeaveCriticalSection
0x46c2b8 InitializeCriticalSectionEx
0x46c2bc DeleteCriticalSection
0x46c2c0 EncodePointer
0x46c2c4 DecodePointer
0x46c2c8 LCMapStringEx
0x46c2cc GetStringTypeW
USER32.dll
0x46c2f4 wsprintfW
0x46c2f8 wsprintfA
0x46c2fc GetWindowRect
0x46c300 GetSystemMetrics
0x46c304 GetWindowDC
0x46c308 EnumDisplayDevicesA
0x46c30c GetDesktopWindow
GDI32.dll
0x46c060 BitBlt
0x46c064 SaveDC
0x46c068 SelectObject
0x46c06c CreateDIBSection
0x46c070 CreateCompatibleDC
0x46c074 GetDeviceCaps
0x46c078 DeleteDC
0x46c07c RestoreDC
0x46c080 DeleteObject
ADVAPI32.dll
0x46c000 GetTokenInformation
0x46c004 CryptGetHashParam
0x46c008 CryptDestroyHash
0x46c00c RegQueryValueExA
0x46c010 GetUserNameA
0x46c014 CreateProcessWithTokenW
0x46c018 OpenProcessToken
0x46c01c RegOpenKeyExA
0x46c020 ConvertSidToStringSidW
0x46c024 DuplicateTokenEx
0x46c028 RegQueryValueExW
0x46c02c CryptReleaseContext
0x46c030 RegCloseKey
0x46c034 RegEnumKeyExW
0x46c038 RegOpenKeyExW
0x46c03c CryptAcquireContextA
0x46c040 CredEnumerateW
0x46c044 CredFree
0x46c048 CryptCreateHash
0x46c04c CryptHashData
SHELL32.dll
0x46c2d4 SHGetFolderPathA
0x46c2d8 ShellExecuteA
0x46c2dc SHGetSpecialFolderPathW
ole32.dll
0x46c39c CoInitialize
0x46c3a0 CoUninitialize
0x46c3a4 CoTaskMemFree
0x46c3a8 CoCreateInstance
USERENV.dll
0x46c314 GetUserProfileDirectoryA
ktmw32.dll
0x46c38c CreateTransaction
0x46c390 RollbackTransaction
0x46c394 CommitTransaction
crypt.dll
0x46c344 BCryptDecrypt
0x46c348 BCryptDestroyKey
0x46c34c BCryptGenerateSymmetricKey
0x46c350 BCryptOpenAlgorithmProvider
0x46c354 BCryptCloseAlgorithmProvider
0x46c358 BCryptSetProperty
CRYPT32.dll
0x46c054 CryptStringToBinaryA
0x46c058 CryptUnprotectData
SHLWAPI.dll
0x46c2e4 StrCmpNW
0x46c2e8 StrToIntA
0x46c2ec StrStrIW
WINHTTP.dll
0x46c31c WinHttpSendRequest
0x46c320 WinHttpConnect
0x46c324 WinHttpQueryDataAvailable
0x46c328 WinHttpOpenRequest
0x46c32c WinHttpCloseHandle
0x46c330 WinHttpOpen
0x46c334 WinHttpSetOption
0x46c338 WinHttpReceiveResponse
0x46c33c WinHttpReadData
gdiplus.dll
0x46c360 GdiplusStartup
0x46c364 GdipGetImageEncodersSize
0x46c368 GdipFree
0x46c36c GdipDisposeImage
0x46c370 GdipCreateBitmapFromHBITMAP
0x46c374 GdipAlloc
0x46c378 GdipCloneImage
0x46c37c GdipGetImageEncoders
0x46c380 GdiplusShutdown
0x46c384 GdipSaveImageToFile
EAT(Export Address Table) is none