ScreenShot
| Created | 2021.11.05 09:08 | Machine | s1_win7_x6401 |
| Filename | 23ce6573d0b61d1c6b7a3a8c1cdf07b2.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 39 detected (Mokes, Siggen15, FPEC, Attribute, HighConfidence, R06BC0PK321, miqkw, kcloud, Phonzy, Malicious, score, Wacatac, Unsafe, PossibleThreat, GdSda) | ||
| md5 | ad0b9bd8cdaba862d346e9cd551f381f | ||
| sha256 | e852926791745a6ded438269c590cf206746c924f38a1689af277a81a6412f96 | ||
| ssdeep | 768:x+AugrSlcnSGbUR2aBUb4yOKMnGeEDETh6i8Xwkvqh/m8HszbSaOgNB3tXDjU:x+zO5ni2aB3yOK4MM6NgkU/m8HkRtXHU | ||
| imphash | 0ecf48e8c76f506e2b4eaafb33f4f2b8 | ||
| impfuzzy | 24:s1DS2qyOovnGMZtfjFQHRyvDh/J3aRT4Rf4pB3T3wxGcEKEQ+8X:HdlpMZtfbDjWcRfAmMfPq | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Performs some HTTP requests |
| info | Checks amount of memory in system |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (5cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40d000 InterlockedDecrement
0x40d004 GetModuleHandleW
0x40d008 WriteFile
0x40d00c Sleep
0x40d010 GetProcAddress
0x40d014 GetStringTypeW
0x40d018 GetStringTypeA
0x40d01c LCMapStringW
0x40d020 LCMapStringA
0x40d024 GetLocaleInfoA
0x40d028 GetOEMCP
0x40d02c GetLastError
0x40d030 MultiByteToWideChar
0x40d034 lstrlenA
0x40d038 WideCharToMultiByte
0x40d03c LocalFree
0x40d040 GetCommandLineA
0x40d044 HeapFree
0x40d048 GetVersionExA
0x40d04c HeapAlloc
0x40d050 GetProcessHeap
0x40d054 RtlUnwind
0x40d058 RaiseException
0x40d05c TerminateProcess
0x40d060 GetCurrentProcess
0x40d064 UnhandledExceptionFilter
0x40d068 SetUnhandledExceptionFilter
0x40d06c IsDebuggerPresent
0x40d070 GetModuleHandleA
0x40d074 ExitProcess
0x40d078 GetStdHandle
0x40d07c GetModuleFileNameA
0x40d080 FreeEnvironmentStringsA
0x40d084 GetEnvironmentStrings
0x40d088 FreeEnvironmentStringsW
0x40d08c GetEnvironmentStringsW
0x40d090 SetHandleCount
0x40d094 GetFileType
0x40d098 GetStartupInfoA
0x40d09c DeleteCriticalSection
0x40d0a0 TlsGetValue
0x40d0a4 TlsAlloc
0x40d0a8 TlsSetValue
0x40d0ac TlsFree
0x40d0b0 InterlockedIncrement
0x40d0b4 SetLastError
0x40d0b8 GetCurrentThreadId
0x40d0bc HeapDestroy
0x40d0c0 HeapCreate
0x40d0c4 VirtualFree
0x40d0c8 QueryPerformanceCounter
0x40d0cc GetTickCount
0x40d0d0 GetCurrentProcessId
0x40d0d4 GetSystemTimeAsFileTime
0x40d0d8 LeaveCriticalSection
0x40d0dc EnterCriticalSection
0x40d0e0 VirtualAlloc
0x40d0e4 HeapReAlloc
0x40d0e8 HeapSize
0x40d0ec LoadLibraryA
0x40d0f0 InitializeCriticalSection
0x40d0f4 GetCPInfo
0x40d0f8 GetACP
ole32.dll
0x40d134 CoInitializeSecurity
0x40d138 CoSetProxyBlanket
0x40d13c CoCreateInstance
OLEAUT32.dll
0x40d100 SafeArrayGetUBound
0x40d104 SysFreeString
0x40d108 SysStringByteLen
0x40d10c SafeArrayUnaccessData
0x40d110 SafeArrayGetDim
0x40d114 VariantInit
0x40d118 SysAllocStringByteLen
0x40d11c SafeArrayAccessData
0x40d120 VariantClear
0x40d124 SafeArrayGetLBound
0x40d128 SysAllocString
0x40d12c GetErrorInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x40d000 InterlockedDecrement
0x40d004 GetModuleHandleW
0x40d008 WriteFile
0x40d00c Sleep
0x40d010 GetProcAddress
0x40d014 GetStringTypeW
0x40d018 GetStringTypeA
0x40d01c LCMapStringW
0x40d020 LCMapStringA
0x40d024 GetLocaleInfoA
0x40d028 GetOEMCP
0x40d02c GetLastError
0x40d030 MultiByteToWideChar
0x40d034 lstrlenA
0x40d038 WideCharToMultiByte
0x40d03c LocalFree
0x40d040 GetCommandLineA
0x40d044 HeapFree
0x40d048 GetVersionExA
0x40d04c HeapAlloc
0x40d050 GetProcessHeap
0x40d054 RtlUnwind
0x40d058 RaiseException
0x40d05c TerminateProcess
0x40d060 GetCurrentProcess
0x40d064 UnhandledExceptionFilter
0x40d068 SetUnhandledExceptionFilter
0x40d06c IsDebuggerPresent
0x40d070 GetModuleHandleA
0x40d074 ExitProcess
0x40d078 GetStdHandle
0x40d07c GetModuleFileNameA
0x40d080 FreeEnvironmentStringsA
0x40d084 GetEnvironmentStrings
0x40d088 FreeEnvironmentStringsW
0x40d08c GetEnvironmentStringsW
0x40d090 SetHandleCount
0x40d094 GetFileType
0x40d098 GetStartupInfoA
0x40d09c DeleteCriticalSection
0x40d0a0 TlsGetValue
0x40d0a4 TlsAlloc
0x40d0a8 TlsSetValue
0x40d0ac TlsFree
0x40d0b0 InterlockedIncrement
0x40d0b4 SetLastError
0x40d0b8 GetCurrentThreadId
0x40d0bc HeapDestroy
0x40d0c0 HeapCreate
0x40d0c4 VirtualFree
0x40d0c8 QueryPerformanceCounter
0x40d0cc GetTickCount
0x40d0d0 GetCurrentProcessId
0x40d0d4 GetSystemTimeAsFileTime
0x40d0d8 LeaveCriticalSection
0x40d0dc EnterCriticalSection
0x40d0e0 VirtualAlloc
0x40d0e4 HeapReAlloc
0x40d0e8 HeapSize
0x40d0ec LoadLibraryA
0x40d0f0 InitializeCriticalSection
0x40d0f4 GetCPInfo
0x40d0f8 GetACP
ole32.dll
0x40d134 CoInitializeSecurity
0x40d138 CoSetProxyBlanket
0x40d13c CoCreateInstance
OLEAUT32.dll
0x40d100 SafeArrayGetUBound
0x40d104 SysFreeString
0x40d108 SysStringByteLen
0x40d10c SafeArrayUnaccessData
0x40d110 SafeArrayGetDim
0x40d114 VariantInit
0x40d118 SysAllocStringByteLen
0x40d11c SafeArrayAccessData
0x40d120 VariantClear
0x40d124 SafeArrayGetLBound
0x40d128 SysAllocString
0x40d12c GetErrorInfo
EAT(Export Address Table) is none