ScreenShot
| Created | 2023.07.10 07:56 | Machine | s1_win7_x6403 |
| Filename | okka25.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 14 detected (unsafe, Attribute, HighConfidence, a variant of Generik, DGHZGFB, Malicious, Fabookie, FileRepMalware, Misc, EmnL0dJ0FNC, Facebook, PRIVATELOADER, YXDGIZ, Wacatac) | ||
| md5 | 484ba824bee1da806d39dd7c902b5110 | ||
| sha256 | 959b84bd323f73783b6d1ad4bb8d05b04d10a15809d251cbdea7ef18fe202b0b | ||
| ssdeep | 3072:/PDOEk3kKqUa9antF5hvvJkeXp2QhHkKqUa9antF5hvvJkeXp:HeUKq99UF5hvvfjhEKq99UF5hvvf | ||
| imphash | 4fd11f5c9a089e7b45c77cd8b5fde1cf | ||
| impfuzzy | 48:4/diO9GQCWr71v9k/gKvlRSv6Uy/1bfjSYwEkFEoz/JG4toEkJ6HBhn6gpKC/4nY:cdiO8QCC71v98oidnGe5aJKvet | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 14 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (7cnts) ?
Suricata ids
ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET)
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x100001000 RegOpenKeyExW
0x100001008 RegEnumKeyW
0x100001010 RegCloseKey
0x100001018 RegQueryValueExW
0x100001020 RegSetValueExW
KERNEL32.dll
0x1000010a0 Sleep
0x1000010a8 SetEvent
0x1000010b0 GetDriveTypeW
0x1000010b8 FormatMessageW
0x1000010c0 GetWindowsDirectoryW
0x1000010c8 CreateThread
0x1000010d0 GetDiskFreeSpaceW
0x1000010d8 GetVolumeInformationW
0x1000010e0 FreeLibrary
0x1000010e8 LoadLibraryExW
0x1000010f0 GetProcessHeap
0x1000010f8 HeapFree
0x100001100 lstrlenW
0x100001108 GetTickCount
0x100001110 CheckElevationEnabled
0x100001118 GetModuleFileNameW
0x100001120 GetLastError
0x100001128 LocalFree
0x100001130 HeapSetInformation
0x100001138 CreateEventW
0x100001140 CloseHandle
0x100001148 WaitForSingleObject
0x100001150 GetDiskFreeSpaceExW
0x100001158 GetCommandLineW
0x100001160 SetErrorMode
0x100001168 GetStartupInfoA
0x100001170 GetModuleHandleW
0x100001178 MulDiv
0x100001180 WideCharToMultiByte
0x100001188 LocalAlloc
0x100001190 RtlCaptureContext
0x100001198 RtlLookupFunctionEntry
0x1000011a0 RtlVirtualUnwind
0x1000011a8 UnhandledExceptionFilter
0x1000011b0 GetCurrentProcess
0x1000011b8 TerminateProcess
0x1000011c0 GetSystemTimeAsFileTime
0x1000011c8 GetCurrentProcessId
0x1000011d0 GetCurrentThreadId
0x1000011d8 QueryPerformanceCounter
0x1000011e0 SetUnhandledExceptionFilter
0x1000011e8 HeapAlloc
0x1000011f0 GetVolumeNameForVolumeMountPointW
GDI32.dll
0x100001068 GetLayout
0x100001070 ExtTextOutW
0x100001078 SetBkMode
0x100001080 SetTextColor
0x100001088 SetBkColor
0x100001090 GetTextExtentPoint32W
USER32.dll
0x100001298 MessageBoxW
0x1000012a0 ShowWindow
0x1000012a8 SetFocus
0x1000012b0 SendMessageW
0x1000012b8 GetDlgItem
0x1000012c0 EndDialog
0x1000012c8 DialogBoxParamW
0x1000012d0 DestroyWindow
0x1000012d8 CreateDialogParamW
0x1000012e0 IsDialogMessageW
0x1000012e8 LoadStringW
0x1000012f0 LoadIconW
0x1000012f8 GetWindowLongPtrW
0x100001300 EnableWindow
0x100001308 GetWindowLongW
0x100001310 GetSystemMetrics
0x100001318 SetWindowLongPtrW
0x100001320 GetClientRect
0x100001328 SetDlgItemTextW
0x100001330 EnumWindows
0x100001338 DispatchMessageW
0x100001340 TranslateMessage
0x100001348 PeekMessageW
0x100001350 GetSysColor
0x100001358 SetForegroundWindow
0x100001360 GetWindowTextW
0x100001368 DrawFocusRect
0x100001370 DestroyIcon
0x100001378 DrawIconEx
0x100001380 GetParent
0x100001388 PostMessageW
0x100001390 SendDlgItemMessageW
msvcrt.dll
0x1000013b8 __set_app_type
0x1000013c0 _fmode
0x1000013c8 _commode
0x1000013d0 ?terminate@@YAXXZ
0x1000013d8 memset
0x1000013e0 __setusermatherr
0x1000013e8 _amsg_exit
0x1000013f0 _initterm
0x1000013f8 exit
0x100001400 _cexit
0x100001408 _exit
0x100001410 _XcptFilter
0x100001418 __C_specific_handler
0x100001420 __getmainargs
0x100001428 _vsnwprintf
0x100001430 toupper
0x100001438 _wcsicmp
ntdll.dll
0x100001448 NtOpenProcessToken
0x100001450 NtClose
0x100001458 NtOpenThreadToken
0x100001460 RtlNtStatusToDosError
0x100001468 WinSqmAddToStream
0x100001470 NtQueryInformationToken
ole32.dll
0x100001480 CoTaskMemAlloc
0x100001488 CoInitialize
0x100001490 CoUninitialize
0x100001498 CLSIDFromString
0x1000014a0 CoTaskMemFree
0x1000014a8 CoCreateInstance
0x1000014b0 CoInitializeEx
OLEAUT32.dll
0x100001200 VariantClear
0x100001208 SysStringLen
0x100001210 VariantInit
SHLWAPI.dll
0x100001248 StrStrIW
0x100001250 StrToIntW
0x100001258 StrCmpW
0x100001260 StrCmpNW
0x100001268 PathStripToRootW
0x100001270 None
0x100001278 StrFormatByteSizeW
0x100001280 None
0x100001288 SHDeleteKeyW
COMCTL32.dll
0x100001030 PropertySheetW
0x100001038 ImageList_Create
0x100001040 ImageList_ReplaceIcon
0x100001048 None
0x100001050 CreatePropertySheetPageW
0x100001058 None
SHELL32.dll
0x100001220 ShellExecuteExW
0x100001228 SHGetFileInfoW
0x100001230 ExtractIconExW
0x100001238 None
VSSAPI.DLL
0x1000013a0 CreateVssBackupComponentsInternal
0x1000013a8 VssFreeSnapshotPropertiesInternal
EAT(Export Address Table) is none
ADVAPI32.dll
0x100001000 RegOpenKeyExW
0x100001008 RegEnumKeyW
0x100001010 RegCloseKey
0x100001018 RegQueryValueExW
0x100001020 RegSetValueExW
KERNEL32.dll
0x1000010a0 Sleep
0x1000010a8 SetEvent
0x1000010b0 GetDriveTypeW
0x1000010b8 FormatMessageW
0x1000010c0 GetWindowsDirectoryW
0x1000010c8 CreateThread
0x1000010d0 GetDiskFreeSpaceW
0x1000010d8 GetVolumeInformationW
0x1000010e0 FreeLibrary
0x1000010e8 LoadLibraryExW
0x1000010f0 GetProcessHeap
0x1000010f8 HeapFree
0x100001100 lstrlenW
0x100001108 GetTickCount
0x100001110 CheckElevationEnabled
0x100001118 GetModuleFileNameW
0x100001120 GetLastError
0x100001128 LocalFree
0x100001130 HeapSetInformation
0x100001138 CreateEventW
0x100001140 CloseHandle
0x100001148 WaitForSingleObject
0x100001150 GetDiskFreeSpaceExW
0x100001158 GetCommandLineW
0x100001160 SetErrorMode
0x100001168 GetStartupInfoA
0x100001170 GetModuleHandleW
0x100001178 MulDiv
0x100001180 WideCharToMultiByte
0x100001188 LocalAlloc
0x100001190 RtlCaptureContext
0x100001198 RtlLookupFunctionEntry
0x1000011a0 RtlVirtualUnwind
0x1000011a8 UnhandledExceptionFilter
0x1000011b0 GetCurrentProcess
0x1000011b8 TerminateProcess
0x1000011c0 GetSystemTimeAsFileTime
0x1000011c8 GetCurrentProcessId
0x1000011d0 GetCurrentThreadId
0x1000011d8 QueryPerformanceCounter
0x1000011e0 SetUnhandledExceptionFilter
0x1000011e8 HeapAlloc
0x1000011f0 GetVolumeNameForVolumeMountPointW
GDI32.dll
0x100001068 GetLayout
0x100001070 ExtTextOutW
0x100001078 SetBkMode
0x100001080 SetTextColor
0x100001088 SetBkColor
0x100001090 GetTextExtentPoint32W
USER32.dll
0x100001298 MessageBoxW
0x1000012a0 ShowWindow
0x1000012a8 SetFocus
0x1000012b0 SendMessageW
0x1000012b8 GetDlgItem
0x1000012c0 EndDialog
0x1000012c8 DialogBoxParamW
0x1000012d0 DestroyWindow
0x1000012d8 CreateDialogParamW
0x1000012e0 IsDialogMessageW
0x1000012e8 LoadStringW
0x1000012f0 LoadIconW
0x1000012f8 GetWindowLongPtrW
0x100001300 EnableWindow
0x100001308 GetWindowLongW
0x100001310 GetSystemMetrics
0x100001318 SetWindowLongPtrW
0x100001320 GetClientRect
0x100001328 SetDlgItemTextW
0x100001330 EnumWindows
0x100001338 DispatchMessageW
0x100001340 TranslateMessage
0x100001348 PeekMessageW
0x100001350 GetSysColor
0x100001358 SetForegroundWindow
0x100001360 GetWindowTextW
0x100001368 DrawFocusRect
0x100001370 DestroyIcon
0x100001378 DrawIconEx
0x100001380 GetParent
0x100001388 PostMessageW
0x100001390 SendDlgItemMessageW
msvcrt.dll
0x1000013b8 __set_app_type
0x1000013c0 _fmode
0x1000013c8 _commode
0x1000013d0 ?terminate@@YAXXZ
0x1000013d8 memset
0x1000013e0 __setusermatherr
0x1000013e8 _amsg_exit
0x1000013f0 _initterm
0x1000013f8 exit
0x100001400 _cexit
0x100001408 _exit
0x100001410 _XcptFilter
0x100001418 __C_specific_handler
0x100001420 __getmainargs
0x100001428 _vsnwprintf
0x100001430 toupper
0x100001438 _wcsicmp
ntdll.dll
0x100001448 NtOpenProcessToken
0x100001450 NtClose
0x100001458 NtOpenThreadToken
0x100001460 RtlNtStatusToDosError
0x100001468 WinSqmAddToStream
0x100001470 NtQueryInformationToken
ole32.dll
0x100001480 CoTaskMemAlloc
0x100001488 CoInitialize
0x100001490 CoUninitialize
0x100001498 CLSIDFromString
0x1000014a0 CoTaskMemFree
0x1000014a8 CoCreateInstance
0x1000014b0 CoInitializeEx
OLEAUT32.dll
0x100001200 VariantClear
0x100001208 SysStringLen
0x100001210 VariantInit
SHLWAPI.dll
0x100001248 StrStrIW
0x100001250 StrToIntW
0x100001258 StrCmpW
0x100001260 StrCmpNW
0x100001268 PathStripToRootW
0x100001270 None
0x100001278 StrFormatByteSizeW
0x100001280 None
0x100001288 SHDeleteKeyW
COMCTL32.dll
0x100001030 PropertySheetW
0x100001038 ImageList_Create
0x100001040 ImageList_ReplaceIcon
0x100001048 None
0x100001050 CreatePropertySheetPageW
0x100001058 None
SHELL32.dll
0x100001220 ShellExecuteExW
0x100001228 SHGetFileInfoW
0x100001230 ExtractIconExW
0x100001238 None
VSSAPI.DLL
0x1000013a0 CreateVssBackupComponentsInternal
0x1000013a8 VssFreeSnapshotPropertiesInternal
EAT(Export Address Table) is none