ScreenShot
Created | 2023.02.12 15:05 | Machine | s1_win7_x6401 |
Filename | WW2.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 42 detected (Mint, PrivateLoader, Artemis, Unsafe, Vzn3, Nekark, malicious, confidence, 100%, Attribute, HighConfidence, Windows, ADGH, score, PWSX, Jtgl, DownLoader45, YXDBKZ, jtxwk, ai score=89, Wacatac, kcloud, Casdet, ZexaF, tw0@aOND2PkQ, BScope, TrojanPSW, Arkei, WDDisabler, CLASSIC, susgen) | ||
md5 | 6cc7d9664c1a89c58549e57b5959bb38 | ||
sha256 | 27c1ed01c767f504642801a7e7a7de8d87dbc87dee88fbc5f6adb99f069afde4 | ||
ssdeep | 49152:kHEP1Ytp7MnOYoH7NzvsfZHXlIZELxmuY88jIvnPojMuHmsMtTQpw:GEPuBSONzvsfZ3eCxmQ8cWmsM | ||
imphash | 02951e73b23a430852958a5fac567566 | ||
impfuzzy | 96:/mX3QbcGtpxWtv746AJ1wtLCW/DGg5KzF0:oGYtv7QJEd |
Network IP location
Signature (11cnts)
Level | Description |
---|---|
danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
danger | Disables Windows Security features |
watch | Communicates with host for which no DNS query was performed |
notice | Checks adapter addresses which can be used to detect virtual network interfaces |
notice | Creates hidden or system file |
notice | Foreign language identified in PE resource |
notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
notice | Looks up the external IP address |
notice | Performs some HTTP requests |
notice | Sends data using the HTTP POST Method |
info | Checks if process is being debugged by a debugger |
Rules (6cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (16cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x603020 InitializeCriticalSectionEx
0x603024 lstrlenA
0x603028 lstrcatA
0x60302c GetModuleHandleA
0x603030 SetCurrentDirectoryA
0x603034 Sleep
0x603038 GetModuleHandleExA
0x60303c GetFileAttributesA
0x603040 GetBinaryTypeA
0x603044 QueryFullProcessImageNameA
0x603048 GetSystemDirectoryA
0x60304c GlobalAlloc
0x603050 lstrcpyA
0x603054 SetFileAttributesA
0x603058 VerSetConditionMask
0x60305c WideCharToMultiByte
0x603060 VerifyVersionInfoW
0x603064 GetSystemTimeAsFileTime
0x603068 HeapFree
0x60306c HeapAlloc
0x603070 GetProcAddress
0x603074 lstrcpynA
0x603078 GetProcessHeap
0x60307c AreFileApisANSI
0x603080 TryEnterCriticalSection
0x603084 HeapCreate
0x603088 EnterCriticalSection
0x60308c GetFullPathNameW
0x603090 GetDiskFreeSpaceW
0x603094 OutputDebugStringA
0x603098 LockFile
0x60309c LeaveCriticalSection
0x6030a0 InitializeCriticalSection
0x6030a4 GetFullPathNameA
0x6030a8 SetEndOfFile
0x6030ac FindClose
0x6030b0 GetTempPathW
0x6030b4 CreateMutexW
0x6030b8 WaitForSingleObject
0x6030bc GetFileAttributesW
0x6030c0 GetCurrentThreadId
0x6030c4 UnmapViewOfFile
0x6030c8 HeapValidate
0x6030cc HeapSize
0x6030d0 MultiByteToWideChar
0x6030d4 GetTempPathA
0x6030d8 FormatMessageW
0x6030dc GetDiskFreeSpaceA
0x6030e0 GetFileAttributesExW
0x6030e4 OutputDebugStringW
0x6030e8 FlushViewOfFile
0x6030ec LoadLibraryA
0x6030f0 WaitForSingleObjectEx
0x6030f4 DeleteFileA
0x6030f8 DeleteFileW
0x6030fc HeapReAlloc
0x603100 GetSystemInfo
0x603104 LoadLibraryW
0x603108 HeapCompact
0x60310c HeapDestroy
0x603110 UnlockFile
0x603114 LocalFree
0x603118 LockFileEx
0x60311c GetFileSize
0x603120 DeleteCriticalSection
0x603124 GetCurrentProcessId
0x603128 SystemTimeToFileTime
0x60312c FreeLibrary
0x603130 GetSystemTime
0x603134 FormatMessageA
0x603138 CreateFileMappingW
0x60313c MapViewOfFile
0x603140 QueryPerformanceCounter
0x603144 GetTickCount
0x603148 FlushFileBuffers
0x60314c WriteConsoleW
0x603150 CloseHandle
0x603154 CreateFileA
0x603158 GetLastError
0x60315c CreateFileW
0x603160 SetFilePointer
0x603164 WriteFile
0x603168 UnlockFileEx
0x60316c ReadFile
0x603170 SetEnvironmentVariableW
0x603174 FreeEnvironmentStringsW
0x603178 GetEnvironmentStringsW
0x60317c GetCommandLineW
0x603180 GetCommandLineA
0x603184 GetOEMCP
0x603188 GetACP
0x60318c UnhandledExceptionFilter
0x603190 SetUnhandledExceptionFilter
0x603194 GetCurrentProcess
0x603198 TerminateProcess
0x60319c IsProcessorFeaturePresent
0x6031a0 InitializeSListHead
0x6031a4 InitializeCriticalSectionAndSpinCount
0x6031a8 SetEvent
0x6031ac ResetEvent
0x6031b0 CreateEventW
0x6031b4 GetModuleHandleW
0x6031b8 IsDebuggerPresent
0x6031bc GetStartupInfoW
0x6031c0 CreateDirectoryW
0x6031c4 FindFirstFileExW
0x6031c8 FindNextFileW
0x6031cc SetFilePointerEx
0x6031d0 GetFileInformationByHandleEx
0x6031d4 QueryPerformanceFrequency
0x6031d8 LCMapStringEx
0x6031dc EncodePointer
0x6031e0 DecodePointer
0x6031e4 GetCPInfo
0x6031e8 GetStringTypeW
0x6031ec SetLastError
0x6031f0 GetThreadTimes
0x6031f4 GetCurrentThread
0x6031f8 InterlockedPushEntrySList
0x6031fc RaiseException
0x603200 RtlUnwind
0x603204 TlsAlloc
0x603208 TlsGetValue
0x60320c TlsSetValue
0x603210 TlsFree
0x603214 LoadLibraryExW
0x603218 GetFileType
0x60321c ExitProcess
0x603220 GetModuleHandleExW
0x603224 CreateThread
0x603228 ExitThread
0x60322c FreeLibraryAndExitThread
0x603230 GetModuleFileNameW
0x603234 GetStdHandle
0x603238 GetConsoleMode
0x60323c ReadConsoleW
0x603240 GetConsoleOutputCP
0x603244 SetStdHandle
0x603248 CompareStringW
0x60324c LCMapStringW
0x603250 GetLocaleInfoW
0x603254 IsValidLocale
0x603258 GetUserDefaultLCID
0x60325c EnumSystemLocalesW
0x603260 GetFileSizeEx
0x603264 GetTimeZoneInformation
0x603268 IsValidCodePage
0x60326c VirtualQuery
USER32.dll
0x60327c CharNextA
ADVAPI32.dll
0x603000 RegCloseKey
0x603004 RegCreateKeyExA
0x603008 RegSetValueExA
0x60300c OpenProcessToken
0x603010 RegOpenKeyExA
0x603014 GetTokenInformation
0x603018 CryptReleaseContext
SHELL32.dll
0x603274 ShellExecuteA
ole32.dll
0x603284 CoCreateInstance
0x603288 CoInitializeEx
0x60328c CoUninitialize
EAT(Export Address Table) is none
KERNEL32.dll
0x603020 InitializeCriticalSectionEx
0x603024 lstrlenA
0x603028 lstrcatA
0x60302c GetModuleHandleA
0x603030 SetCurrentDirectoryA
0x603034 Sleep
0x603038 GetModuleHandleExA
0x60303c GetFileAttributesA
0x603040 GetBinaryTypeA
0x603044 QueryFullProcessImageNameA
0x603048 GetSystemDirectoryA
0x60304c GlobalAlloc
0x603050 lstrcpyA
0x603054 SetFileAttributesA
0x603058 VerSetConditionMask
0x60305c WideCharToMultiByte
0x603060 VerifyVersionInfoW
0x603064 GetSystemTimeAsFileTime
0x603068 HeapFree
0x60306c HeapAlloc
0x603070 GetProcAddress
0x603074 lstrcpynA
0x603078 GetProcessHeap
0x60307c AreFileApisANSI
0x603080 TryEnterCriticalSection
0x603084 HeapCreate
0x603088 EnterCriticalSection
0x60308c GetFullPathNameW
0x603090 GetDiskFreeSpaceW
0x603094 OutputDebugStringA
0x603098 LockFile
0x60309c LeaveCriticalSection
0x6030a0 InitializeCriticalSection
0x6030a4 GetFullPathNameA
0x6030a8 SetEndOfFile
0x6030ac FindClose
0x6030b0 GetTempPathW
0x6030b4 CreateMutexW
0x6030b8 WaitForSingleObject
0x6030bc GetFileAttributesW
0x6030c0 GetCurrentThreadId
0x6030c4 UnmapViewOfFile
0x6030c8 HeapValidate
0x6030cc HeapSize
0x6030d0 MultiByteToWideChar
0x6030d4 GetTempPathA
0x6030d8 FormatMessageW
0x6030dc GetDiskFreeSpaceA
0x6030e0 GetFileAttributesExW
0x6030e4 OutputDebugStringW
0x6030e8 FlushViewOfFile
0x6030ec LoadLibraryA
0x6030f0 WaitForSingleObjectEx
0x6030f4 DeleteFileA
0x6030f8 DeleteFileW
0x6030fc HeapReAlloc
0x603100 GetSystemInfo
0x603104 LoadLibraryW
0x603108 HeapCompact
0x60310c HeapDestroy
0x603110 UnlockFile
0x603114 LocalFree
0x603118 LockFileEx
0x60311c GetFileSize
0x603120 DeleteCriticalSection
0x603124 GetCurrentProcessId
0x603128 SystemTimeToFileTime
0x60312c FreeLibrary
0x603130 GetSystemTime
0x603134 FormatMessageA
0x603138 CreateFileMappingW
0x60313c MapViewOfFile
0x603140 QueryPerformanceCounter
0x603144 GetTickCount
0x603148 FlushFileBuffers
0x60314c WriteConsoleW
0x603150 CloseHandle
0x603154 CreateFileA
0x603158 GetLastError
0x60315c CreateFileW
0x603160 SetFilePointer
0x603164 WriteFile
0x603168 UnlockFileEx
0x60316c ReadFile
0x603170 SetEnvironmentVariableW
0x603174 FreeEnvironmentStringsW
0x603178 GetEnvironmentStringsW
0x60317c GetCommandLineW
0x603180 GetCommandLineA
0x603184 GetOEMCP
0x603188 GetACP
0x60318c UnhandledExceptionFilter
0x603190 SetUnhandledExceptionFilter
0x603194 GetCurrentProcess
0x603198 TerminateProcess
0x60319c IsProcessorFeaturePresent
0x6031a0 InitializeSListHead
0x6031a4 InitializeCriticalSectionAndSpinCount
0x6031a8 SetEvent
0x6031ac ResetEvent
0x6031b0 CreateEventW
0x6031b4 GetModuleHandleW
0x6031b8 IsDebuggerPresent
0x6031bc GetStartupInfoW
0x6031c0 CreateDirectoryW
0x6031c4 FindFirstFileExW
0x6031c8 FindNextFileW
0x6031cc SetFilePointerEx
0x6031d0 GetFileInformationByHandleEx
0x6031d4 QueryPerformanceFrequency
0x6031d8 LCMapStringEx
0x6031dc EncodePointer
0x6031e0 DecodePointer
0x6031e4 GetCPInfo
0x6031e8 GetStringTypeW
0x6031ec SetLastError
0x6031f0 GetThreadTimes
0x6031f4 GetCurrentThread
0x6031f8 InterlockedPushEntrySList
0x6031fc RaiseException
0x603200 RtlUnwind
0x603204 TlsAlloc
0x603208 TlsGetValue
0x60320c TlsSetValue
0x603210 TlsFree
0x603214 LoadLibraryExW
0x603218 GetFileType
0x60321c ExitProcess
0x603220 GetModuleHandleExW
0x603224 CreateThread
0x603228 ExitThread
0x60322c FreeLibraryAndExitThread
0x603230 GetModuleFileNameW
0x603234 GetStdHandle
0x603238 GetConsoleMode
0x60323c ReadConsoleW
0x603240 GetConsoleOutputCP
0x603244 SetStdHandle
0x603248 CompareStringW
0x60324c LCMapStringW
0x603250 GetLocaleInfoW
0x603254 IsValidLocale
0x603258 GetUserDefaultLCID
0x60325c EnumSystemLocalesW
0x603260 GetFileSizeEx
0x603264 GetTimeZoneInformation
0x603268 IsValidCodePage
0x60326c VirtualQuery
USER32.dll
0x60327c CharNextA
ADVAPI32.dll
0x603000 RegCloseKey
0x603004 RegCreateKeyExA
0x603008 RegSetValueExA
0x60300c OpenProcessToken
0x603010 RegOpenKeyExA
0x603014 GetTokenInformation
0x603018 CryptReleaseContext
SHELL32.dll
0x603274 ShellExecuteA
ole32.dll
0x603284 CoCreateInstance
0x603288 CoInitializeEx
0x60328c CoUninitialize
EAT(Export Address Table) is none