ScreenShot
| Created | 2021.10.28 17:27 | Machine | s1_win7_x6401 |
| Filename | c54893932feb406033f276e4e924ea33.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 37 detected (malicious, high confidence, GenericKD, Unsafe, Mokes, Attribute, HighConfidence, AGen, MalwareX, Artemis, fedo, Redcap, vblhk, kcloud, Sabsik, score, GenericRXAA, ai score=87, BScope, PasswordStealer, PrUqdk28, PossibleThreat, GdSda) | ||
| md5 | ff3fffe53dee30a1c24bf86d419bd4ac | ||
| sha256 | 25d79c1a508700c16bfa42039870d590bb3281c271ed02db20899c87259c657f | ||
| ssdeep | 1536:4ZxrW2eq7mQeNzn26jO0+7I+LeScuT1Gd5anG7IW1V7hYxamr+s8jcdMTWgM/D:4bEZQC26S0+7NeSrTcTanGEWLh477MT8 | ||
| imphash | 81d7345751d04409b2dd22cc99377edb | ||
| impfuzzy | 24:FXloubD3gMUsviucH1GcStIS18YbJh9roHOovbOuqNFT3wxCEYBqEEQm:h1HDNcStIS1RDZB3dYHYC9 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Performs some HTTP requests |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (5cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f000 WriteFile
0x40f004 InterlockedDecrement
0x40f008 InitializeCriticalSectionAndSpinCount
0x40f00c Sleep
0x40f010 GetLastError
0x40f014 RaiseException
0x40f018 DecodePointer
0x40f01c GetProcAddress
0x40f020 DeleteCriticalSection
0x40f024 GetModuleHandleW
0x40f028 CreateFileW
0x40f02c WriteConsoleW
0x40f030 SetFilePointerEx
0x40f034 GetConsoleMode
0x40f038 GetConsoleCP
0x40f03c FlushFileBuffers
0x40f040 GetStringTypeW
0x40f044 SetStdHandle
0x40f048 CloseHandle
0x40f04c GetFileType
0x40f050 GetProcessHeap
0x40f054 SetEnvironmentVariableA
0x40f058 FreeEnvironmentStringsW
0x40f05c GetEnvironmentStringsW
0x40f060 IsDebuggerPresent
0x40f064 OutputDebugStringW
0x40f068 EnterCriticalSection
0x40f06c LeaveCriticalSection
0x40f070 MultiByteToWideChar
0x40f074 WideCharToMultiByte
0x40f078 LocalFree
0x40f07c UnhandledExceptionFilter
0x40f080 SetUnhandledExceptionFilter
0x40f084 GetCurrentProcess
0x40f088 TerminateProcess
0x40f08c IsProcessorFeaturePresent
0x40f090 GetStartupInfoW
0x40f094 QueryPerformanceCounter
0x40f098 GetCurrentProcessId
0x40f09c GetCurrentThreadId
0x40f0a0 GetSystemTimeAsFileTime
0x40f0a4 InitializeSListHead
0x40f0a8 EncodePointer
0x40f0ac RtlUnwind
0x40f0b0 SetLastError
0x40f0b4 TlsAlloc
0x40f0b8 TlsGetValue
0x40f0bc TlsSetValue
0x40f0c0 TlsFree
0x40f0c4 FreeLibrary
0x40f0c8 LoadLibraryExW
0x40f0cc ExitProcess
0x40f0d0 GetModuleHandleExW
0x40f0d4 GetModuleFileNameA
0x40f0d8 GetStdHandle
0x40f0dc GetCommandLineA
0x40f0e0 GetCommandLineW
0x40f0e4 GetACP
0x40f0e8 HeapFree
0x40f0ec HeapAlloc
0x40f0f0 HeapSize
0x40f0f4 HeapReAlloc
0x40f0f8 CompareStringW
0x40f0fc LCMapStringW
0x40f100 FindClose
0x40f104 FindFirstFileExA
0x40f108 FindNextFileA
0x40f10c IsValidCodePage
0x40f110 GetOEMCP
0x40f114 GetCPInfo
ole32.dll
0x40f150 CoInitializeSecurity
0x40f154 CoSetProxyBlanket
0x40f158 CoCreateInstance
OLEAUT32.dll
0x40f11c SafeArrayGetDim
0x40f120 VariantInit
0x40f124 SafeArrayGetUBound
0x40f128 SafeArrayGetLBound
0x40f12c SysFreeString
0x40f130 SysStringByteLen
0x40f134 SysAllocStringByteLen
0x40f138 SysAllocString
0x40f13c SafeArrayUnaccessData
0x40f140 SafeArrayAccessData
0x40f144 VariantClear
0x40f148 GetErrorInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x40f000 WriteFile
0x40f004 InterlockedDecrement
0x40f008 InitializeCriticalSectionAndSpinCount
0x40f00c Sleep
0x40f010 GetLastError
0x40f014 RaiseException
0x40f018 DecodePointer
0x40f01c GetProcAddress
0x40f020 DeleteCriticalSection
0x40f024 GetModuleHandleW
0x40f028 CreateFileW
0x40f02c WriteConsoleW
0x40f030 SetFilePointerEx
0x40f034 GetConsoleMode
0x40f038 GetConsoleCP
0x40f03c FlushFileBuffers
0x40f040 GetStringTypeW
0x40f044 SetStdHandle
0x40f048 CloseHandle
0x40f04c GetFileType
0x40f050 GetProcessHeap
0x40f054 SetEnvironmentVariableA
0x40f058 FreeEnvironmentStringsW
0x40f05c GetEnvironmentStringsW
0x40f060 IsDebuggerPresent
0x40f064 OutputDebugStringW
0x40f068 EnterCriticalSection
0x40f06c LeaveCriticalSection
0x40f070 MultiByteToWideChar
0x40f074 WideCharToMultiByte
0x40f078 LocalFree
0x40f07c UnhandledExceptionFilter
0x40f080 SetUnhandledExceptionFilter
0x40f084 GetCurrentProcess
0x40f088 TerminateProcess
0x40f08c IsProcessorFeaturePresent
0x40f090 GetStartupInfoW
0x40f094 QueryPerformanceCounter
0x40f098 GetCurrentProcessId
0x40f09c GetCurrentThreadId
0x40f0a0 GetSystemTimeAsFileTime
0x40f0a4 InitializeSListHead
0x40f0a8 EncodePointer
0x40f0ac RtlUnwind
0x40f0b0 SetLastError
0x40f0b4 TlsAlloc
0x40f0b8 TlsGetValue
0x40f0bc TlsSetValue
0x40f0c0 TlsFree
0x40f0c4 FreeLibrary
0x40f0c8 LoadLibraryExW
0x40f0cc ExitProcess
0x40f0d0 GetModuleHandleExW
0x40f0d4 GetModuleFileNameA
0x40f0d8 GetStdHandle
0x40f0dc GetCommandLineA
0x40f0e0 GetCommandLineW
0x40f0e4 GetACP
0x40f0e8 HeapFree
0x40f0ec HeapAlloc
0x40f0f0 HeapSize
0x40f0f4 HeapReAlloc
0x40f0f8 CompareStringW
0x40f0fc LCMapStringW
0x40f100 FindClose
0x40f104 FindFirstFileExA
0x40f108 FindNextFileA
0x40f10c IsValidCodePage
0x40f110 GetOEMCP
0x40f114 GetCPInfo
ole32.dll
0x40f150 CoInitializeSecurity
0x40f154 CoSetProxyBlanket
0x40f158 CoCreateInstance
OLEAUT32.dll
0x40f11c SafeArrayGetDim
0x40f120 VariantInit
0x40f124 SafeArrayGetUBound
0x40f128 SafeArrayGetLBound
0x40f12c SysFreeString
0x40f130 SysStringByteLen
0x40f134 SysAllocStringByteLen
0x40f138 SysAllocString
0x40f13c SafeArrayUnaccessData
0x40f140 SafeArrayAccessData
0x40f144 VariantClear
0x40f148 GetErrorInfo
EAT(Export Address Table) is none