ScreenShot
| Created | 2023.01.20 10:28 | Machine | s1_win7_x6401 |
| Filename | accs2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetectNet, Lazy, malicious, high confidence, TrojanBanker, Bandra, Unsafe, Vkts, ABRisk, QQNW, Attribute, HighConfidence, a variant of Generik, LZERRXX, score, Generic@AI, RDML, i7cMuFnKAbdOaQKxbClo4A, vkkfg, VIDAR, YXDALZ, high, Static AI, Malicious PE, Tiggre, Detected, Artemis, ai score=84, BScope, TrojanPSW, RedLine, Bnhl, susgen, PossibleThreat, ZexaF, @F0@aq8b40bi, Chgt) | ||
| md5 | 5b7635a9a1d0010ad4d2c1cba60ed2a4 | ||
| sha256 | 47661693f3ed38b126e518ae62300ab69afd7e0ab48a9339b572158e2fa2b5ff | ||
| ssdeep | 98304:z618dO+C3TAgxK+ZlEWY78izXRfmLeaLrNLq3OMb8QZualaK83FH6JJwwvUZTtWk:zLgXhxRZlE/hfrONLzQ+wvvoa | ||
| imphash | 7b7722e74591412722fc4e10dd5e71ef | ||
| impfuzzy | 96:GWZ+fc1GJtDONcuNy1AXJ+Zcp+AjCtvALyuua:G0NHZ+5a | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET INFO TLS Handshake Failure
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x7b1000 VirtualAllocExNuma
0x7b1004 Sleep
0x7b1008 VirtualAlloc
0x7b100c LocalAlloc
0x7b1010 GetProcAddress
0x7b1014 LoadLibraryA
0x7b1018 VirtualProtect
0x7b101c GetLogicalProcessorInformationEx
0x7b1020 VirtualFree
0x7b1024 FindNextFileW
0x7b1028 CloseHandle
0x7b102c GetProcessHeap
0x7b1030 GetCurrentProcess
0x7b1034 FindFirstFileW
0x7b1038 ExitProcess
0x7b103c SetEndOfFile
0x7b1040 CreateFileW
0x7b1044 CreateFileA
0x7b1048 WriteConsoleW
0x7b104c SetStdHandle
0x7b1050 LoadLibraryW
0x7b1054 HeapReAlloc
0x7b1058 GetStringTypeW
0x7b105c IsValidLocale
0x7b1060 EnumSystemLocalesA
0x7b1064 GetLocaleInfoA
0x7b1068 InterlockedIncrement
0x7b106c InterlockedDecrement
0x7b1070 WideCharToMultiByte
0x7b1074 EncodePointer
0x7b1078 DecodePointer
0x7b107c InterlockedExchange
0x7b1080 InitializeCriticalSection
0x7b1084 DeleteCriticalSection
0x7b1088 EnterCriticalSection
0x7b108c LeaveCriticalSection
0x7b1090 MultiByteToWideChar
0x7b1094 GetLastError
0x7b1098 HeapFree
0x7b109c HeapAlloc
0x7b10a0 GetSystemTimeAsFileTime
0x7b10a4 GetCommandLineA
0x7b10a8 HeapSetInformation
0x7b10ac GetStartupInfoW
0x7b10b0 RaiseException
0x7b10b4 RtlUnwind
0x7b10b8 LCMapStringW
0x7b10bc GetCPInfo
0x7b10c0 TerminateProcess
0x7b10c4 UnhandledExceptionFilter
0x7b10c8 SetUnhandledExceptionFilter
0x7b10cc IsDebuggerPresent
0x7b10d0 GetACP
0x7b10d4 GetOEMCP
0x7b10d8 IsValidCodePage
0x7b10dc TlsAlloc
0x7b10e0 TlsGetValue
0x7b10e4 TlsSetValue
0x7b10e8 TlsFree
0x7b10ec GetModuleHandleW
0x7b10f0 SetLastError
0x7b10f4 GetCurrentThreadId
0x7b10f8 HeapCreate
0x7b10fc WriteFile
0x7b1100 GetStdHandle
0x7b1104 GetModuleFileNameW
0x7b1108 IsProcessorFeaturePresent
0x7b110c HeapSize
0x7b1110 SetHandleCount
0x7b1114 InitializeCriticalSectionAndSpinCount
0x7b1118 GetFileType
0x7b111c ReadFile
0x7b1120 SetFilePointer
0x7b1124 GetConsoleCP
0x7b1128 GetConsoleMode
0x7b112c FlushFileBuffers
0x7b1130 GetModuleFileNameA
0x7b1134 FreeEnvironmentStringsW
0x7b1138 GetEnvironmentStringsW
0x7b113c QueryPerformanceCounter
0x7b1140 GetTickCount
0x7b1144 GetCurrentProcessId
0x7b1148 GetLocaleInfoW
0x7b114c GetUserDefaultLCID
USER32.dll
0x7b1154 ReleaseDC
GDI32.dll
0x7b115c CreateDCA
0x7b1160 GetDeviceCaps
ole32.dll
0x7b1168 CoCreateInstance
0x7b116c CoInitializeSecurity
0x7b1170 CoInitializeEx
0x7b1174 CoSetProxyBlanket
OLEAUT32.dll
0x7b117c VariantInit
0x7b1180 VariantClear
0x7b1184 SysAllocString
0x7b1188 SysFreeString
KERNEL32.dll
0x7b1190 GetSystemTimeAsFileTime
0x7b1194 CreateEventA
0x7b1198 GetModuleFileNameW
0x7b119c GetModuleHandleA
0x7b11a0 TerminateProcess
0x7b11a4 GetCurrentProcess
0x7b11a8 CreateToolhelp32Snapshot
0x7b11ac Thread32First
0x7b11b0 GetCurrentProcessId
0x7b11b4 GetCurrentThreadId
0x7b11b8 OpenThread
0x7b11bc Thread32Next
0x7b11c0 CloseHandle
0x7b11c4 SuspendThread
0x7b11c8 ResumeThread
0x7b11cc WriteProcessMemory
0x7b11d0 GetSystemInfo
0x7b11d4 VirtualAlloc
0x7b11d8 VirtualProtect
0x7b11dc VirtualFree
0x7b11e0 GetProcessAffinityMask
0x7b11e4 SetProcessAffinityMask
0x7b11e8 GetCurrentThread
0x7b11ec SetThreadAffinityMask
0x7b11f0 Sleep
0x7b11f4 LoadLibraryA
0x7b11f8 FreeLibrary
0x7b11fc GetTickCount
0x7b1200 SystemTimeToFileTime
0x7b1204 FileTimeToSystemTime
0x7b1208 GlobalFree
0x7b120c LocalAlloc
0x7b1210 LocalFree
0x7b1214 GetProcAddress
0x7b1218 ExitProcess
0x7b121c EnterCriticalSection
0x7b1220 LeaveCriticalSection
0x7b1224 InitializeCriticalSection
0x7b1228 DeleteCriticalSection
0x7b122c MultiByteToWideChar
0x7b1230 GetModuleHandleW
0x7b1234 LoadResource
0x7b1238 FindResourceExW
0x7b123c FindResourceExA
0x7b1240 WideCharToMultiByte
0x7b1244 GetThreadLocale
0x7b1248 GetUserDefaultLCID
0x7b124c GetSystemDefaultLCID
0x7b1250 EnumResourceNamesA
0x7b1254 EnumResourceNamesW
0x7b1258 EnumResourceLanguagesA
0x7b125c EnumResourceLanguagesW
0x7b1260 EnumResourceTypesA
0x7b1264 EnumResourceTypesW
0x7b1268 CreateFileW
0x7b126c LoadLibraryW
0x7b1270 GetLastError
0x7b1274 FlushFileBuffers
0x7b1278 WriteConsoleW
0x7b127c SetStdHandle
0x7b1280 IsProcessorFeaturePresent
0x7b1284 DecodePointer
0x7b1288 GetCommandLineA
0x7b128c HeapFree
0x7b1290 GetCPInfo
0x7b1294 InterlockedIncrement
0x7b1298 InterlockedDecrement
0x7b129c GetACP
0x7b12a0 GetOEMCP
0x7b12a4 IsValidCodePage
0x7b12a8 EncodePointer
0x7b12ac TlsAlloc
0x7b12b0 TlsGetValue
0x7b12b4 TlsSetValue
0x7b12b8 TlsFree
0x7b12bc SetLastError
0x7b12c0 UnhandledExceptionFilter
0x7b12c4 SetUnhandledExceptionFilter
0x7b12c8 IsDebuggerPresent
0x7b12cc HeapAlloc
0x7b12d0 RaiseException
0x7b12d4 LCMapStringW
0x7b12d8 GetStringTypeW
0x7b12dc SetHandleCount
0x7b12e0 GetStdHandle
0x7b12e4 InitializeCriticalSectionAndSpinCount
0x7b12e8 GetFileType
0x7b12ec GetStartupInfoW
0x7b12f0 GetModuleFileNameA
0x7b12f4 FreeEnvironmentStringsW
0x7b12f8 GetEnvironmentStringsW
0x7b12fc HeapCreate
0x7b1300 HeapDestroy
0x7b1304 QueryPerformanceCounter
0x7b1308 HeapSize
0x7b130c WriteFile
0x7b1310 RtlUnwind
0x7b1314 SetFilePointer
0x7b1318 GetConsoleCP
0x7b131c GetConsoleMode
0x7b1320 HeapReAlloc
0x7b1324 VirtualQuery
USER32.dll
0x7b132c CharUpperBuffW
KERNEL32.dll
0x7b1334 LocalAlloc
0x7b1338 LocalFree
0x7b133c GetModuleFileNameW
0x7b1340 ExitProcess
0x7b1344 LoadLibraryA
0x7b1348 GetModuleHandleA
0x7b134c GetProcAddress
EAT(Export Address Table) is none
KERNEL32.dll
0x7b1000 VirtualAllocExNuma
0x7b1004 Sleep
0x7b1008 VirtualAlloc
0x7b100c LocalAlloc
0x7b1010 GetProcAddress
0x7b1014 LoadLibraryA
0x7b1018 VirtualProtect
0x7b101c GetLogicalProcessorInformationEx
0x7b1020 VirtualFree
0x7b1024 FindNextFileW
0x7b1028 CloseHandle
0x7b102c GetProcessHeap
0x7b1030 GetCurrentProcess
0x7b1034 FindFirstFileW
0x7b1038 ExitProcess
0x7b103c SetEndOfFile
0x7b1040 CreateFileW
0x7b1044 CreateFileA
0x7b1048 WriteConsoleW
0x7b104c SetStdHandle
0x7b1050 LoadLibraryW
0x7b1054 HeapReAlloc
0x7b1058 GetStringTypeW
0x7b105c IsValidLocale
0x7b1060 EnumSystemLocalesA
0x7b1064 GetLocaleInfoA
0x7b1068 InterlockedIncrement
0x7b106c InterlockedDecrement
0x7b1070 WideCharToMultiByte
0x7b1074 EncodePointer
0x7b1078 DecodePointer
0x7b107c InterlockedExchange
0x7b1080 InitializeCriticalSection
0x7b1084 DeleteCriticalSection
0x7b1088 EnterCriticalSection
0x7b108c LeaveCriticalSection
0x7b1090 MultiByteToWideChar
0x7b1094 GetLastError
0x7b1098 HeapFree
0x7b109c HeapAlloc
0x7b10a0 GetSystemTimeAsFileTime
0x7b10a4 GetCommandLineA
0x7b10a8 HeapSetInformation
0x7b10ac GetStartupInfoW
0x7b10b0 RaiseException
0x7b10b4 RtlUnwind
0x7b10b8 LCMapStringW
0x7b10bc GetCPInfo
0x7b10c0 TerminateProcess
0x7b10c4 UnhandledExceptionFilter
0x7b10c8 SetUnhandledExceptionFilter
0x7b10cc IsDebuggerPresent
0x7b10d0 GetACP
0x7b10d4 GetOEMCP
0x7b10d8 IsValidCodePage
0x7b10dc TlsAlloc
0x7b10e0 TlsGetValue
0x7b10e4 TlsSetValue
0x7b10e8 TlsFree
0x7b10ec GetModuleHandleW
0x7b10f0 SetLastError
0x7b10f4 GetCurrentThreadId
0x7b10f8 HeapCreate
0x7b10fc WriteFile
0x7b1100 GetStdHandle
0x7b1104 GetModuleFileNameW
0x7b1108 IsProcessorFeaturePresent
0x7b110c HeapSize
0x7b1110 SetHandleCount
0x7b1114 InitializeCriticalSectionAndSpinCount
0x7b1118 GetFileType
0x7b111c ReadFile
0x7b1120 SetFilePointer
0x7b1124 GetConsoleCP
0x7b1128 GetConsoleMode
0x7b112c FlushFileBuffers
0x7b1130 GetModuleFileNameA
0x7b1134 FreeEnvironmentStringsW
0x7b1138 GetEnvironmentStringsW
0x7b113c QueryPerformanceCounter
0x7b1140 GetTickCount
0x7b1144 GetCurrentProcessId
0x7b1148 GetLocaleInfoW
0x7b114c GetUserDefaultLCID
USER32.dll
0x7b1154 ReleaseDC
GDI32.dll
0x7b115c CreateDCA
0x7b1160 GetDeviceCaps
ole32.dll
0x7b1168 CoCreateInstance
0x7b116c CoInitializeSecurity
0x7b1170 CoInitializeEx
0x7b1174 CoSetProxyBlanket
OLEAUT32.dll
0x7b117c VariantInit
0x7b1180 VariantClear
0x7b1184 SysAllocString
0x7b1188 SysFreeString
KERNEL32.dll
0x7b1190 GetSystemTimeAsFileTime
0x7b1194 CreateEventA
0x7b1198 GetModuleFileNameW
0x7b119c GetModuleHandleA
0x7b11a0 TerminateProcess
0x7b11a4 GetCurrentProcess
0x7b11a8 CreateToolhelp32Snapshot
0x7b11ac Thread32First
0x7b11b0 GetCurrentProcessId
0x7b11b4 GetCurrentThreadId
0x7b11b8 OpenThread
0x7b11bc Thread32Next
0x7b11c0 CloseHandle
0x7b11c4 SuspendThread
0x7b11c8 ResumeThread
0x7b11cc WriteProcessMemory
0x7b11d0 GetSystemInfo
0x7b11d4 VirtualAlloc
0x7b11d8 VirtualProtect
0x7b11dc VirtualFree
0x7b11e0 GetProcessAffinityMask
0x7b11e4 SetProcessAffinityMask
0x7b11e8 GetCurrentThread
0x7b11ec SetThreadAffinityMask
0x7b11f0 Sleep
0x7b11f4 LoadLibraryA
0x7b11f8 FreeLibrary
0x7b11fc GetTickCount
0x7b1200 SystemTimeToFileTime
0x7b1204 FileTimeToSystemTime
0x7b1208 GlobalFree
0x7b120c LocalAlloc
0x7b1210 LocalFree
0x7b1214 GetProcAddress
0x7b1218 ExitProcess
0x7b121c EnterCriticalSection
0x7b1220 LeaveCriticalSection
0x7b1224 InitializeCriticalSection
0x7b1228 DeleteCriticalSection
0x7b122c MultiByteToWideChar
0x7b1230 GetModuleHandleW
0x7b1234 LoadResource
0x7b1238 FindResourceExW
0x7b123c FindResourceExA
0x7b1240 WideCharToMultiByte
0x7b1244 GetThreadLocale
0x7b1248 GetUserDefaultLCID
0x7b124c GetSystemDefaultLCID
0x7b1250 EnumResourceNamesA
0x7b1254 EnumResourceNamesW
0x7b1258 EnumResourceLanguagesA
0x7b125c EnumResourceLanguagesW
0x7b1260 EnumResourceTypesA
0x7b1264 EnumResourceTypesW
0x7b1268 CreateFileW
0x7b126c LoadLibraryW
0x7b1270 GetLastError
0x7b1274 FlushFileBuffers
0x7b1278 WriteConsoleW
0x7b127c SetStdHandle
0x7b1280 IsProcessorFeaturePresent
0x7b1284 DecodePointer
0x7b1288 GetCommandLineA
0x7b128c HeapFree
0x7b1290 GetCPInfo
0x7b1294 InterlockedIncrement
0x7b1298 InterlockedDecrement
0x7b129c GetACP
0x7b12a0 GetOEMCP
0x7b12a4 IsValidCodePage
0x7b12a8 EncodePointer
0x7b12ac TlsAlloc
0x7b12b0 TlsGetValue
0x7b12b4 TlsSetValue
0x7b12b8 TlsFree
0x7b12bc SetLastError
0x7b12c0 UnhandledExceptionFilter
0x7b12c4 SetUnhandledExceptionFilter
0x7b12c8 IsDebuggerPresent
0x7b12cc HeapAlloc
0x7b12d0 RaiseException
0x7b12d4 LCMapStringW
0x7b12d8 GetStringTypeW
0x7b12dc SetHandleCount
0x7b12e0 GetStdHandle
0x7b12e4 InitializeCriticalSectionAndSpinCount
0x7b12e8 GetFileType
0x7b12ec GetStartupInfoW
0x7b12f0 GetModuleFileNameA
0x7b12f4 FreeEnvironmentStringsW
0x7b12f8 GetEnvironmentStringsW
0x7b12fc HeapCreate
0x7b1300 HeapDestroy
0x7b1304 QueryPerformanceCounter
0x7b1308 HeapSize
0x7b130c WriteFile
0x7b1310 RtlUnwind
0x7b1314 SetFilePointer
0x7b1318 GetConsoleCP
0x7b131c GetConsoleMode
0x7b1320 HeapReAlloc
0x7b1324 VirtualQuery
USER32.dll
0x7b132c CharUpperBuffW
KERNEL32.dll
0x7b1334 LocalAlloc
0x7b1338 LocalFree
0x7b133c GetModuleFileNameW
0x7b1340 ExitProcess
0x7b1344 LoadLibraryA
0x7b1348 GetModuleHandleA
0x7b134c GetProcAddress
EAT(Export Address Table) is none