ScreenShot
Created | 2021.10.02 12:58 | Machine | s1_win7_x6401 |
Filename | tfhm2.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | |||
md5 | 3a5b7d5f6a117df62b659581127ff18c | ||
sha256 | 18158134da1bb476cc580a19d2e61e1cc378452ad527022169040344abcb22a3 | ||
ssdeep | 768:jbz3IhpglwpDEq2m0j6Tf8V4Ie7ZZa3R1fb961vNPrl7sJnCJ0uZN:n4+wpDElm2IAUZZo1fbs1RVsZCJ0Y | ||
imphash | d9c7208ff3022bb34870c7ddeb406eb1 | ||
impfuzzy | 12:PcG2MJyBNEv+69A/DhLSJtPXJtej7kEsy2wOYrOoQHAd:PcdMEBOd90Dhkdbej9/2wOYrOoBd |
Network IP location
Signature (4cnts)
Level | Description |
---|---|
watch | Installs itself for autorun at Windows startup |
notice | Creates a service |
notice | Foreign language identified in PE resource |
info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (13cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsDLL | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
MFC42.DLL
0x40204c None
0x402050 None
0x402054 None
0x402058 None
0x40205c None
0x402060 None
MSVCRT.dll
0x402068 strstr
0x40206c _except_handler3
0x402070 __CxxFrameHandler
0x402074 _access
0x402078 srand
0x40207c rand
0x402080 _mkdir
KERNEL32.dll
0x402000 GetTickCount
0x402004 LoadLibraryA
0x402008 GetProcAddress
0x40200c GetLocalTime
0x402010 lstrcpyA
0x402014 GetFileAttributesA
0x402018 GetLastError
0x40201c SetUnhandledExceptionFilter
0x402020 CreateThread
0x402024 WaitForSingleObject
0x402028 ExpandEnvironmentStringsA
0x40202c DeleteFileA
0x402030 MoveFileExA
0x402034 CloseHandle
0x402038 WriteFile
0x40203c CreateFileA
0x402040 FreeLibrary
0x402044 GetCommandLineA
USER32.dll
0x402088 wsprintfA
EAT(Export Address Table) is none
MFC42.DLL
0x40204c None
0x402050 None
0x402054 None
0x402058 None
0x40205c None
0x402060 None
MSVCRT.dll
0x402068 strstr
0x40206c _except_handler3
0x402070 __CxxFrameHandler
0x402074 _access
0x402078 srand
0x40207c rand
0x402080 _mkdir
KERNEL32.dll
0x402000 GetTickCount
0x402004 LoadLibraryA
0x402008 GetProcAddress
0x40200c GetLocalTime
0x402010 lstrcpyA
0x402014 GetFileAttributesA
0x402018 GetLastError
0x40201c SetUnhandledExceptionFilter
0x402020 CreateThread
0x402024 WaitForSingleObject
0x402028 ExpandEnvironmentStringsA
0x40202c DeleteFileA
0x402030 MoveFileExA
0x402034 CloseHandle
0x402038 WriteFile
0x40203c CreateFileA
0x402040 FreeLibrary
0x402044 GetCommandLineA
USER32.dll
0x402088 wsprintfA
EAT(Export Address Table) is none