ScreenShot
| Created | 2022.07.20 09:58 | Machine | s1_win7_x6401 |
| Filename | c15260d16a95f7dc2b23a56d67c34330.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (Manuscrypt, malicious, moderate confidence, Zusy, a variant of Generik, ICFDSOX, R002H09GG22, DropperX, Redcap, itdbl, score, ai score=85, Wacatac, Unsafe, CLOUD, PossibleThreat) | ||
| md5 | 0a4823a70dd20e61275a3dc44977a990 | ||
| sha256 | abc829b78eaeec5b8de27b90e1746b01fcff69087373c0e7fed963913f3c0023 | ||
| ssdeep | 3072:0+Ii7CwTmEjamOyWMZ13UE5qBqg4Psb0fW68/0npV2owr73sOoKvtJnUzZEPg4Tf:0geYrumOy7Z1kr7Ksb02MnaUdEPb | ||
| imphash | 8513d38276d3bae5f771a5f33a9b91c2 | ||
| impfuzzy | 96:eOMbiALEFo14/n/iRERqsB5fq954uBzJVWcfcyKCs7NTUY:etTRERqsB5fq9FB1ocfcdCkNAY | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Foreign language identified in PE resource |
| notice | Performs some HTTP requests |
| info | Checks amount of memory in system |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (5cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42208c HeapFree
0x422090 HeapAlloc
0x422094 GetProcessHeap
0x422098 GetStartupInfoW
0x42209c ExitProcess
0x4220a0 RtlUnwind
0x4220a4 RaiseException
0x4220a8 HeapReAlloc
0x4220ac HeapSize
0x4220b0 GetStdHandle
0x4220b4 GetModuleFileNameA
0x4220b8 UnhandledExceptionFilter
0x4220bc FreeEnvironmentStringsA
0x4220c0 GetEnvironmentStrings
0x4220c4 FreeEnvironmentStringsW
0x4220c8 GetEnvironmentStringsW
0x4220cc GetCommandLineA
0x4220d0 GetCommandLineW
0x4220d4 SetHandleCount
0x4220d8 GetFileType
0x4220dc GetStartupInfoA
0x4220e0 HeapDestroy
0x4220e4 HeapCreate
0x4220e8 VirtualFree
0x4220ec QueryPerformanceCounter
0x4220f0 GetTickCount
0x4220f4 GetSystemTimeAsFileTime
0x4220f8 SetUnhandledExceptionFilter
0x4220fc IsDebuggerPresent
0x422100 VirtualAlloc
0x422104 Sleep
0x422108 GetCPInfo
0x42210c GetACP
0x422110 GetOEMCP
0x422114 GetLocaleInfoA
0x422118 GetConsoleCP
0x42211c GetConsoleMode
0x422120 GetStringTypeA
0x422124 GetStringTypeW
0x422128 LCMapStringA
0x42212c LCMapStringW
0x422130 SetStdHandle
0x422134 WriteConsoleA
0x422138 GetConsoleOutputCP
0x42213c WriteConsoleW
0x422140 CreateFileA
0x422144 SetErrorMode
0x422148 lstrlenA
0x42214c GetCurrentProcess
0x422150 FlushFileBuffers
0x422154 SetFilePointer
0x422158 WriteFile
0x42215c ReadFile
0x422160 GetThreadLocale
0x422164 GlobalFlags
0x422168 TlsFree
0x42216c DeleteCriticalSection
0x422170 LocalReAlloc
0x422174 TlsSetValue
0x422178 TlsAlloc
0x42217c InitializeCriticalSection
0x422180 GlobalHandle
0x422184 GlobalReAlloc
0x422188 EnterCriticalSection
0x42218c TlsGetValue
0x422190 LeaveCriticalSection
0x422194 LocalAlloc
0x422198 InterlockedIncrement
0x42219c GlobalFindAtomW
0x4221a0 CompareStringW
0x4221a4 LoadLibraryA
0x4221a8 GetVersionExA
0x4221ac InterlockedDecrement
0x4221b0 GetCurrentProcessId
0x4221b4 GlobalAddAtomW
0x4221b8 CloseHandle
0x4221bc FreeResource
0x4221c0 WritePrivateProfileStringW
0x4221c4 GetCurrentThread
0x4221c8 GetCurrentThreadId
0x4221cc ConvertDefaultLocale
0x4221d0 GetModuleFileNameW
0x4221d4 GetVersion
0x4221d8 EnumResourceLanguagesW
0x4221dc lstrcmpA
0x4221e0 GetLocaleInfoW
0x4221e4 LoadLibraryW
0x4221e8 WideCharToMultiByte
0x4221ec InterlockedExchange
0x4221f0 lstrcmpW
0x4221f4 FreeLibrary
0x4221f8 GlobalDeleteAtom
0x4221fc GetModuleHandleW
0x422200 GetLastError
0x422204 SetLastError
0x422208 GlobalFree
0x42220c GlobalAlloc
0x422210 GlobalLock
0x422214 GlobalUnlock
0x422218 FormatMessageW
0x42221c LocalFree
0x422220 FindResourceW
0x422224 LoadResource
0x422228 LockResource
0x42222c SizeofResource
0x422230 lstrlenW
0x422234 MulDiv
0x422238 GetModuleHandleA
0x42223c GetProcAddress
0x422240 TerminateProcess
0x422244 MultiByteToWideChar
USER32.dll
0x42229c UnregisterClassW
0x4222a0 LoadCursorW
0x4222a4 GetSysColorBrush
0x4222a8 ShowWindow
0x4222ac SetWindowTextW
0x4222b0 IsDialogMessageW
0x4222b4 RegisterWindowMessageW
0x4222b8 SendDlgItemMessageW
0x4222bc SendDlgItemMessageA
0x4222c0 WinHelpW
0x4222c4 GetCapture
0x4222c8 GetClassLongW
0x4222cc GetClassNameW
0x4222d0 SetPropW
0x4222d4 GetPropW
0x4222d8 RemovePropW
0x4222dc SetFocus
0x4222e0 GetWindowTextW
0x4222e4 GetForegroundWindow
0x4222e8 GetTopWindow
0x4222ec GetMessageTime
0x4222f0 GetMessagePos
0x4222f4 MapWindowPoints
0x4222f8 SetForegroundWindow
0x4222fc UpdateWindow
0x422300 GetMenu
0x422304 CreateWindowExW
0x422308 GetClassInfoExW
0x42230c GetClassInfoW
0x422310 RegisterClassW
0x422314 AdjustWindowRectEx
0x422318 CopyRect
0x42231c PtInRect
0x422320 GetDlgCtrlID
0x422324 DefWindowProcW
0x422328 CallWindowProcW
0x42232c SetWindowLongW
0x422330 SetWindowPos
0x422334 SystemParametersInfoA
0x422338 GetWindowPlacement
0x42233c GetWindowRect
0x422340 GetWindow
0x422344 GetSysColor
0x422348 EndPaint
0x42234c BeginPaint
0x422350 ReleaseDC
0x422354 GetDC
0x422358 ClientToScreen
0x42235c GrayStringW
0x422360 DrawTextExW
0x422364 DrawTextW
0x422368 TabbedTextOutW
0x42236c wsprintfW
0x422370 LoadIconW
0x422374 UnregisterClassA
0x422378 IsIconic
0x42237c SendMessageW
0x422380 GetSystemMetrics
0x422384 UnhookWindowsHookEx
0x422388 GetWindowThreadProcessId
0x42238c GetLastActivePopup
0x422390 MessageBoxW
0x422394 SetCursor
0x422398 SetWindowsHookExW
0x42239c CallNextHookEx
0x4223a0 GetMessageW
0x4223a4 TranslateMessage
0x4223a8 DispatchMessageW
0x4223ac IsWindowVisible
0x4223b0 DestroyMenu
0x4223b4 GetClientRect
0x4223b8 DrawIcon
0x4223bc EnableWindow
0x4223c0 GetSubMenu
0x4223c4 GetMenuItemCount
0x4223c8 GetMenuItemID
0x4223cc GetMenuState
0x4223d0 PostMessageW
0x4223d4 PostQuitMessage
0x4223d8 EndDialog
0x4223dc GetNextDlgTabItem
0x4223e0 GetParent
0x4223e4 IsWindowEnabled
0x4223e8 GetDlgItem
0x4223ec GetWindowLongW
0x4223f0 GetKeyState
0x4223f4 PeekMessageW
0x4223f8 GetCursorPos
0x4223fc ValidateRect
0x422400 SetMenuItemBitmaps
0x422404 GetMenuCheckMarkDimensions
0x422408 LoadBitmapW
0x42240c GetFocus
0x422410 ModifyMenuW
0x422414 EnableMenuItem
0x422418 CheckMenuItem
0x42241c GetDesktopWindow
0x422420 GetActiveWindow
0x422424 SetActiveWindow
0x422428 CreateDialogIndirectParamW
0x42242c DestroyWindow
0x422430 IsWindow
GDI32.dll
0x422028 DeleteDC
0x42202c GetStockObject
0x422030 ScaleWindowExtEx
0x422034 SetWindowExtEx
0x422038 ScaleViewportExtEx
0x42203c ExtTextOutW
0x422040 SetViewportExtEx
0x422044 OffsetViewportOrgEx
0x422048 SetViewportOrgEx
0x42204c SelectObject
0x422050 GetDeviceCaps
0x422054 TextOutW
0x422058 RectVisible
0x42205c PtVisible
0x422060 GetObjectW
0x422064 DeleteObject
0x422068 GetClipBox
0x42206c SetMapMode
0x422070 SetTextColor
0x422074 SetBkColor
0x422078 RestoreDC
0x42207c SaveDC
0x422080 CreateBitmap
0x422084 Escape
WINSPOOL.DRV
0x422438 ClosePrinter
0x42243c DocumentPropertiesW
0x422440 OpenPrinterW
ADVAPI32.dll
0x422000 RegQueryValueW
0x422004 RegEnumKeyW
0x422008 RegDeleteKeyW
0x42200c RegSetValueExW
0x422010 RegCreateKeyExW
0x422014 RegOpenKeyExW
0x422018 RegQueryValueExW
0x42201c RegOpenKeyW
0x422020 RegCloseKey
SHELL32.dll
0x422288 ShellExecuteExW
SHLWAPI.dll
0x422290 PathFindFileNameW
0x422294 PathFindExtensionW
ole32.dll
0x422448 CoInitializeSecurity
OLEAUT32.dll
0x42224c SysAllocString
0x422250 SysAllocStringByteLen
0x422254 SysStringByteLen
0x422258 SysFreeString
0x42225c VariantInit
0x422260 VariantClear
0x422264 SysAllocStringLen
0x422268 SafeArrayGetDim
0x42226c SafeArrayGetLBound
0x422270 SafeArrayGetUBound
0x422274 SafeArrayAccessData
0x422278 SafeArrayUnaccessData
0x42227c VariantChangeType
0x422280 GetErrorInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x42208c HeapFree
0x422090 HeapAlloc
0x422094 GetProcessHeap
0x422098 GetStartupInfoW
0x42209c ExitProcess
0x4220a0 RtlUnwind
0x4220a4 RaiseException
0x4220a8 HeapReAlloc
0x4220ac HeapSize
0x4220b0 GetStdHandle
0x4220b4 GetModuleFileNameA
0x4220b8 UnhandledExceptionFilter
0x4220bc FreeEnvironmentStringsA
0x4220c0 GetEnvironmentStrings
0x4220c4 FreeEnvironmentStringsW
0x4220c8 GetEnvironmentStringsW
0x4220cc GetCommandLineA
0x4220d0 GetCommandLineW
0x4220d4 SetHandleCount
0x4220d8 GetFileType
0x4220dc GetStartupInfoA
0x4220e0 HeapDestroy
0x4220e4 HeapCreate
0x4220e8 VirtualFree
0x4220ec QueryPerformanceCounter
0x4220f0 GetTickCount
0x4220f4 GetSystemTimeAsFileTime
0x4220f8 SetUnhandledExceptionFilter
0x4220fc IsDebuggerPresent
0x422100 VirtualAlloc
0x422104 Sleep
0x422108 GetCPInfo
0x42210c GetACP
0x422110 GetOEMCP
0x422114 GetLocaleInfoA
0x422118 GetConsoleCP
0x42211c GetConsoleMode
0x422120 GetStringTypeA
0x422124 GetStringTypeW
0x422128 LCMapStringA
0x42212c LCMapStringW
0x422130 SetStdHandle
0x422134 WriteConsoleA
0x422138 GetConsoleOutputCP
0x42213c WriteConsoleW
0x422140 CreateFileA
0x422144 SetErrorMode
0x422148 lstrlenA
0x42214c GetCurrentProcess
0x422150 FlushFileBuffers
0x422154 SetFilePointer
0x422158 WriteFile
0x42215c ReadFile
0x422160 GetThreadLocale
0x422164 GlobalFlags
0x422168 TlsFree
0x42216c DeleteCriticalSection
0x422170 LocalReAlloc
0x422174 TlsSetValue
0x422178 TlsAlloc
0x42217c InitializeCriticalSection
0x422180 GlobalHandle
0x422184 GlobalReAlloc
0x422188 EnterCriticalSection
0x42218c TlsGetValue
0x422190 LeaveCriticalSection
0x422194 LocalAlloc
0x422198 InterlockedIncrement
0x42219c GlobalFindAtomW
0x4221a0 CompareStringW
0x4221a4 LoadLibraryA
0x4221a8 GetVersionExA
0x4221ac InterlockedDecrement
0x4221b0 GetCurrentProcessId
0x4221b4 GlobalAddAtomW
0x4221b8 CloseHandle
0x4221bc FreeResource
0x4221c0 WritePrivateProfileStringW
0x4221c4 GetCurrentThread
0x4221c8 GetCurrentThreadId
0x4221cc ConvertDefaultLocale
0x4221d0 GetModuleFileNameW
0x4221d4 GetVersion
0x4221d8 EnumResourceLanguagesW
0x4221dc lstrcmpA
0x4221e0 GetLocaleInfoW
0x4221e4 LoadLibraryW
0x4221e8 WideCharToMultiByte
0x4221ec InterlockedExchange
0x4221f0 lstrcmpW
0x4221f4 FreeLibrary
0x4221f8 GlobalDeleteAtom
0x4221fc GetModuleHandleW
0x422200 GetLastError
0x422204 SetLastError
0x422208 GlobalFree
0x42220c GlobalAlloc
0x422210 GlobalLock
0x422214 GlobalUnlock
0x422218 FormatMessageW
0x42221c LocalFree
0x422220 FindResourceW
0x422224 LoadResource
0x422228 LockResource
0x42222c SizeofResource
0x422230 lstrlenW
0x422234 MulDiv
0x422238 GetModuleHandleA
0x42223c GetProcAddress
0x422240 TerminateProcess
0x422244 MultiByteToWideChar
USER32.dll
0x42229c UnregisterClassW
0x4222a0 LoadCursorW
0x4222a4 GetSysColorBrush
0x4222a8 ShowWindow
0x4222ac SetWindowTextW
0x4222b0 IsDialogMessageW
0x4222b4 RegisterWindowMessageW
0x4222b8 SendDlgItemMessageW
0x4222bc SendDlgItemMessageA
0x4222c0 WinHelpW
0x4222c4 GetCapture
0x4222c8 GetClassLongW
0x4222cc GetClassNameW
0x4222d0 SetPropW
0x4222d4 GetPropW
0x4222d8 RemovePropW
0x4222dc SetFocus
0x4222e0 GetWindowTextW
0x4222e4 GetForegroundWindow
0x4222e8 GetTopWindow
0x4222ec GetMessageTime
0x4222f0 GetMessagePos
0x4222f4 MapWindowPoints
0x4222f8 SetForegroundWindow
0x4222fc UpdateWindow
0x422300 GetMenu
0x422304 CreateWindowExW
0x422308 GetClassInfoExW
0x42230c GetClassInfoW
0x422310 RegisterClassW
0x422314 AdjustWindowRectEx
0x422318 CopyRect
0x42231c PtInRect
0x422320 GetDlgCtrlID
0x422324 DefWindowProcW
0x422328 CallWindowProcW
0x42232c SetWindowLongW
0x422330 SetWindowPos
0x422334 SystemParametersInfoA
0x422338 GetWindowPlacement
0x42233c GetWindowRect
0x422340 GetWindow
0x422344 GetSysColor
0x422348 EndPaint
0x42234c BeginPaint
0x422350 ReleaseDC
0x422354 GetDC
0x422358 ClientToScreen
0x42235c GrayStringW
0x422360 DrawTextExW
0x422364 DrawTextW
0x422368 TabbedTextOutW
0x42236c wsprintfW
0x422370 LoadIconW
0x422374 UnregisterClassA
0x422378 IsIconic
0x42237c SendMessageW
0x422380 GetSystemMetrics
0x422384 UnhookWindowsHookEx
0x422388 GetWindowThreadProcessId
0x42238c GetLastActivePopup
0x422390 MessageBoxW
0x422394 SetCursor
0x422398 SetWindowsHookExW
0x42239c CallNextHookEx
0x4223a0 GetMessageW
0x4223a4 TranslateMessage
0x4223a8 DispatchMessageW
0x4223ac IsWindowVisible
0x4223b0 DestroyMenu
0x4223b4 GetClientRect
0x4223b8 DrawIcon
0x4223bc EnableWindow
0x4223c0 GetSubMenu
0x4223c4 GetMenuItemCount
0x4223c8 GetMenuItemID
0x4223cc GetMenuState
0x4223d0 PostMessageW
0x4223d4 PostQuitMessage
0x4223d8 EndDialog
0x4223dc GetNextDlgTabItem
0x4223e0 GetParent
0x4223e4 IsWindowEnabled
0x4223e8 GetDlgItem
0x4223ec GetWindowLongW
0x4223f0 GetKeyState
0x4223f4 PeekMessageW
0x4223f8 GetCursorPos
0x4223fc ValidateRect
0x422400 SetMenuItemBitmaps
0x422404 GetMenuCheckMarkDimensions
0x422408 LoadBitmapW
0x42240c GetFocus
0x422410 ModifyMenuW
0x422414 EnableMenuItem
0x422418 CheckMenuItem
0x42241c GetDesktopWindow
0x422420 GetActiveWindow
0x422424 SetActiveWindow
0x422428 CreateDialogIndirectParamW
0x42242c DestroyWindow
0x422430 IsWindow
GDI32.dll
0x422028 DeleteDC
0x42202c GetStockObject
0x422030 ScaleWindowExtEx
0x422034 SetWindowExtEx
0x422038 ScaleViewportExtEx
0x42203c ExtTextOutW
0x422040 SetViewportExtEx
0x422044 OffsetViewportOrgEx
0x422048 SetViewportOrgEx
0x42204c SelectObject
0x422050 GetDeviceCaps
0x422054 TextOutW
0x422058 RectVisible
0x42205c PtVisible
0x422060 GetObjectW
0x422064 DeleteObject
0x422068 GetClipBox
0x42206c SetMapMode
0x422070 SetTextColor
0x422074 SetBkColor
0x422078 RestoreDC
0x42207c SaveDC
0x422080 CreateBitmap
0x422084 Escape
WINSPOOL.DRV
0x422438 ClosePrinter
0x42243c DocumentPropertiesW
0x422440 OpenPrinterW
ADVAPI32.dll
0x422000 RegQueryValueW
0x422004 RegEnumKeyW
0x422008 RegDeleteKeyW
0x42200c RegSetValueExW
0x422010 RegCreateKeyExW
0x422014 RegOpenKeyExW
0x422018 RegQueryValueExW
0x42201c RegOpenKeyW
0x422020 RegCloseKey
SHELL32.dll
0x422288 ShellExecuteExW
SHLWAPI.dll
0x422290 PathFindFileNameW
0x422294 PathFindExtensionW
ole32.dll
0x422448 CoInitializeSecurity
OLEAUT32.dll
0x42224c SysAllocString
0x422250 SysAllocStringByteLen
0x422254 SysStringByteLen
0x422258 SysFreeString
0x42225c VariantInit
0x422260 VariantClear
0x422264 SysAllocStringLen
0x422268 SafeArrayGetDim
0x42226c SafeArrayGetLBound
0x422270 SafeArrayGetUBound
0x422274 SafeArrayAccessData
0x422278 SafeArrayUnaccessData
0x42227c VariantChangeType
0x422280 GetErrorInfo
EAT(Export Address Table) is none