ScreenShot
| Created | 2023.07.19 09:38 | Machine | s1_win7_x6401 |
| Filename | CTFMON.EXE | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 25 detected (AIDetectMalware, status, malicious, confidence, 100%, ZexaF, wq3@amu@YVbi, Attribute, HighConfidence, high confidence, score, GenericML, xnet, ccnc, Artemis, CeeInject, Sonbokli, Wacatac, Detected, Generic@AI, RDML, j60fWFoEihUF5Rsl06HbAA, PossibleThreat) | ||
| md5 | 842b0d0eb01716a9f526acd866d8bad3 | ||
| sha256 | 6f11c52f01e5696b1ac0faf6c19b0b439ba6f48f1f9851e34f0fa582b09dfa48 | ||
| ssdeep | 6144:mnDh1g60VJZNC1e+xdJCgwQ3MIKkQ0tuWeR1Jhcf/W:mnEZNC7d8mK3v | ||
| imphash | 9308ae5a32f3325746ec67b81842246c | ||
| impfuzzy | 96:8usxtva/LKl3OtG4atnWIio14SFY5LBpOMcLnc4MFVQPor2h:8us7va/LKl351HFi4McDcHQPog | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| info | Checks amount of memory in system |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Emotet_1_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
USER32.dll
0x426258 EndPaint
0x42625c BeginPaint
0x426260 ReleaseDC
0x426264 GetDC
0x426268 ClientToScreen
0x42626c GrayStringA
0x426270 DrawTextExA
0x426274 DrawTextA
0x426278 TabbedTextOutA
0x42627c ShowWindow
0x426280 SetWindowTextA
0x426284 IsDialogMessageA
0x426288 SetDlgItemTextA
0x42628c RegisterWindowMessageA
0x426290 SendDlgItemMessageA
0x426294 WinHelpA
0x426298 GetCapture
0x42629c GetClassLongA
0x4262a0 GetClassNameA
0x4262a4 SetPropA
0x4262a8 GetPropA
0x4262ac RemovePropA
0x4262b0 SetFocus
0x4262b4 GetWindowTextLengthA
0x4262b8 GetWindowTextA
0x4262bc GetForegroundWindow
0x4262c0 GetTopWindow
0x4262c4 GetMessageTime
0x4262c8 GetMessagePos
0x4262cc MapWindowPoints
0x4262d0 SetMenu
0x4262d4 SetForegroundWindow
0x4262d8 UpdateWindow
0x4262dc GetSubMenu
0x4262e0 GetMenuItemCount
0x4262e4 CreateWindowExA
0x4262e8 GetClassInfoExA
0x4262ec GetClassInfoA
0x4262f0 RegisterClassA
0x4262f4 GetSysColor
0x4262f8 AdjustWindowRectEx
0x4262fc CopyRect
0x426300 PtInRect
0x426304 GetDlgCtrlID
0x426308 DefWindowProcA
0x42630c CallWindowProcA
0x426310 GetMenu
0x426314 SetWindowLongA
0x426318 SetWindowPos
0x42631c SystemParametersInfoA
0x426320 GetWindowPlacement
0x426324 GetWindowRect
0x426328 GetWindow
0x42632c UnhookWindowsHookEx
0x426330 GetDesktopWindow
0x426334 SetActiveWindow
0x426338 CreateDialogIndirectParamA
0x42633c DestroyWindow
0x426340 IsWindow
0x426344 GetDlgItem
0x426348 GetNextDlgTabItem
0x42634c EndDialog
0x426350 GetWindowThreadProcessId
0x426354 GetWindowLongA
0x426358 GetLastActivePopup
0x42635c IsWindowEnabled
0x426360 MessageBoxA
0x426364 SetCursor
0x426368 SetWindowsHookExA
0x42636c DestroyMenu
0x426370 UnregisterClassA
0x426374 CallNextHookEx
0x426378 GetMessageA
0x42637c TranslateMessage
0x426380 DispatchMessageA
0x426384 GetActiveWindow
0x426388 IsWindowVisible
0x42638c GetKeyState
0x426390 PeekMessageA
0x426394 GetCursorPos
0x426398 ValidateRect
0x42639c SetMenuItemBitmaps
0x4263a0 GetMenuCheckMarkDimensions
0x4263a4 LoadBitmapA
0x4263a8 GetFocus
0x4263ac GetParent
0x4263b0 ModifyMenuA
0x4263b4 GetMenuState
0x4263b8 EnableMenuItem
0x4263bc CheckMenuItem
0x4263c0 PostMessageA
0x4263c4 PostQuitMessage
0x4263c8 GetSysColorBrush
0x4263cc LoadCursorA
0x4263d0 EnableWindow
0x4263d4 IsIconic
0x4263d8 GetSystemMetrics
0x4263dc GetClientRect
0x4263e0 DrawIcon
0x4263e4 SendMessageA
0x4263e8 GetMenuItemID
0x4263ec LoadIconA
SHLWAPI.dll
0x42624c PathFindFileNameA
0x426250 PathFindExtensionA
OLEACC.dll
0x426230 CreateStdAccessibleObject
0x426234 LresultFromObject
KERNEL32.dll
0x42608c CreateFileA
0x426090 GetCPInfo
0x426094 GetOEMCP
0x426098 GetModuleHandleW
0x42609c SetErrorMode
0x4260a0 RtlUnwind
0x4260a4 GetCommandLineA
0x4260a8 GetStartupInfoA
0x4260ac HeapAlloc
0x4260b0 HeapFree
0x4260b4 Sleep
0x4260b8 ExitProcess
0x4260bc RaiseException
0x4260c0 HeapReAlloc
0x4260c4 VirtualAlloc
0x4260c8 HeapSize
0x4260cc TerminateProcess
0x4260d0 UnhandledExceptionFilter
0x4260d4 SetUnhandledExceptionFilter
0x4260d8 IsDebuggerPresent
0x4260dc GetACP
0x4260e0 IsValidCodePage
0x4260e4 GetStdHandle
0x4260e8 FreeEnvironmentStringsA
0x4260ec GetEnvironmentStrings
0x4260f0 FreeEnvironmentStringsW
0x4260f4 GetEnvironmentStringsW
0x4260f8 SetHandleCount
0x4260fc GetFileType
0x426100 HeapCreate
0x426104 VirtualFree
0x426108 QueryPerformanceCounter
0x42610c GetTickCount
0x426110 GetSystemTimeAsFileTime
0x426114 InitializeCriticalSectionAndSpinCount
0x426118 LCMapStringA
0x42611c LCMapStringW
0x426120 GetStringTypeA
0x426124 GetStringTypeW
0x426128 GetConsoleCP
0x42612c GetConsoleMode
0x426130 SetStdHandle
0x426134 WriteConsoleA
0x426138 GetConsoleOutputCP
0x42613c WriteConsoleW
0x426140 GetCurrentProcess
0x426144 FlushFileBuffers
0x426148 SetFilePointer
0x42614c WriteFile
0x426150 InterlockedIncrement
0x426154 TlsFree
0x426158 DeleteCriticalSection
0x42615c LocalReAlloc
0x426160 TlsSetValue
0x426164 TlsAlloc
0x426168 InitializeCriticalSection
0x42616c GlobalHandle
0x426170 GlobalReAlloc
0x426174 EnterCriticalSection
0x426178 TlsGetValue
0x42617c LeaveCriticalSection
0x426180 LocalAlloc
0x426184 GlobalFlags
0x426188 WritePrivateProfileStringA
0x42618c FormatMessageA
0x426190 LocalFree
0x426194 MulDiv
0x426198 lstrlenA
0x42619c GlobalGetAtomNameA
0x4261a0 GlobalFindAtomA
0x4261a4 MultiByteToWideChar
0x4261a8 lstrcmpW
0x4261ac GetVersionExA
0x4261b0 InterlockedDecrement
0x4261b4 GetModuleFileNameW
0x4261b8 GlobalUnlock
0x4261bc GlobalFree
0x4261c0 FreeResource
0x4261c4 GetCurrentProcessId
0x4261c8 GetLastError
0x4261cc SetLastError
0x4261d0 GlobalAddAtomA
0x4261d4 CloseHandle
0x4261d8 GlobalDeleteAtom
0x4261dc GetCurrentThread
0x4261e0 GetCurrentThreadId
0x4261e4 ConvertDefaultLocale
0x4261e8 EnumResourceLanguagesA
0x4261ec GetModuleFileNameA
0x4261f0 GetLocaleInfoA
0x4261f4 LoadLibraryA
0x4261f8 WideCharToMultiByte
0x4261fc CompareStringA
0x426200 FindResourceA
0x426204 LoadResource
0x426208 LockResource
0x42620c SizeofResource
0x426210 InterlockedExchange
0x426214 GlobalLock
0x426218 lstrcmpA
0x42621c GlobalAlloc
0x426220 FreeLibrary
0x426224 GetModuleHandleA
0x426228 GetProcAddress
GDI32.dll
0x426028 SetMapMode
0x42602c ScaleViewportExtEx
0x426030 SetWindowExtEx
0x426034 ScaleWindowExtEx
0x426038 DeleteDC
0x42603c GetStockObject
0x426040 OffsetViewportOrgEx
0x426044 GetDeviceCaps
0x426048 SetViewportOrgEx
0x42604c SelectObject
0x426050 Escape
0x426054 ExtTextOutA
0x426058 RestoreDC
0x42605c SaveDC
0x426060 GetObjectA
0x426064 SetBkColor
0x426068 SetTextColor
0x42606c GetClipBox
0x426070 CreateBitmap
0x426074 TextOutA
0x426078 RectVisible
0x42607c PtVisible
0x426080 DeleteObject
0x426084 SetViewportExtEx
WINSPOOL.DRV
0x4263f4 DocumentPropertiesA
0x4263f8 OpenPrinterA
0x4263fc ClosePrinter
ADVAPI32.dll
0x426000 RegSetValueExA
0x426004 RegCreateKeyExA
0x426008 RegQueryValueA
0x42600c RegOpenKeyA
0x426010 RegEnumKeyA
0x426014 RegDeleteKeyA
0x426018 RegOpenKeyExA
0x42601c RegQueryValueExA
0x426020 RegCloseKey
OLEAUT32.dll
0x42623c VariantClear
0x426240 VariantChangeType
0x426244 VariantInit
kernel32.dll
0x42e6f8 GetProcessHeap
0x42e6fc ReadFile
0x42e700 GetLocalTime
0x42e704 lstrcmpiA
0x42e708 CreateMutexA
0x42e70c GetSystemDefaultLangID
0x42e710 GetAtomNameA
0x42e714 ExpandEnvironmentStringsA
0x42e718 GetUserDefaultUILanguage
EAT(Export Address Table) is none
USER32.dll
0x426258 EndPaint
0x42625c BeginPaint
0x426260 ReleaseDC
0x426264 GetDC
0x426268 ClientToScreen
0x42626c GrayStringA
0x426270 DrawTextExA
0x426274 DrawTextA
0x426278 TabbedTextOutA
0x42627c ShowWindow
0x426280 SetWindowTextA
0x426284 IsDialogMessageA
0x426288 SetDlgItemTextA
0x42628c RegisterWindowMessageA
0x426290 SendDlgItemMessageA
0x426294 WinHelpA
0x426298 GetCapture
0x42629c GetClassLongA
0x4262a0 GetClassNameA
0x4262a4 SetPropA
0x4262a8 GetPropA
0x4262ac RemovePropA
0x4262b0 SetFocus
0x4262b4 GetWindowTextLengthA
0x4262b8 GetWindowTextA
0x4262bc GetForegroundWindow
0x4262c0 GetTopWindow
0x4262c4 GetMessageTime
0x4262c8 GetMessagePos
0x4262cc MapWindowPoints
0x4262d0 SetMenu
0x4262d4 SetForegroundWindow
0x4262d8 UpdateWindow
0x4262dc GetSubMenu
0x4262e0 GetMenuItemCount
0x4262e4 CreateWindowExA
0x4262e8 GetClassInfoExA
0x4262ec GetClassInfoA
0x4262f0 RegisterClassA
0x4262f4 GetSysColor
0x4262f8 AdjustWindowRectEx
0x4262fc CopyRect
0x426300 PtInRect
0x426304 GetDlgCtrlID
0x426308 DefWindowProcA
0x42630c CallWindowProcA
0x426310 GetMenu
0x426314 SetWindowLongA
0x426318 SetWindowPos
0x42631c SystemParametersInfoA
0x426320 GetWindowPlacement
0x426324 GetWindowRect
0x426328 GetWindow
0x42632c UnhookWindowsHookEx
0x426330 GetDesktopWindow
0x426334 SetActiveWindow
0x426338 CreateDialogIndirectParamA
0x42633c DestroyWindow
0x426340 IsWindow
0x426344 GetDlgItem
0x426348 GetNextDlgTabItem
0x42634c EndDialog
0x426350 GetWindowThreadProcessId
0x426354 GetWindowLongA
0x426358 GetLastActivePopup
0x42635c IsWindowEnabled
0x426360 MessageBoxA
0x426364 SetCursor
0x426368 SetWindowsHookExA
0x42636c DestroyMenu
0x426370 UnregisterClassA
0x426374 CallNextHookEx
0x426378 GetMessageA
0x42637c TranslateMessage
0x426380 DispatchMessageA
0x426384 GetActiveWindow
0x426388 IsWindowVisible
0x42638c GetKeyState
0x426390 PeekMessageA
0x426394 GetCursorPos
0x426398 ValidateRect
0x42639c SetMenuItemBitmaps
0x4263a0 GetMenuCheckMarkDimensions
0x4263a4 LoadBitmapA
0x4263a8 GetFocus
0x4263ac GetParent
0x4263b0 ModifyMenuA
0x4263b4 GetMenuState
0x4263b8 EnableMenuItem
0x4263bc CheckMenuItem
0x4263c0 PostMessageA
0x4263c4 PostQuitMessage
0x4263c8 GetSysColorBrush
0x4263cc LoadCursorA
0x4263d0 EnableWindow
0x4263d4 IsIconic
0x4263d8 GetSystemMetrics
0x4263dc GetClientRect
0x4263e0 DrawIcon
0x4263e4 SendMessageA
0x4263e8 GetMenuItemID
0x4263ec LoadIconA
SHLWAPI.dll
0x42624c PathFindFileNameA
0x426250 PathFindExtensionA
OLEACC.dll
0x426230 CreateStdAccessibleObject
0x426234 LresultFromObject
KERNEL32.dll
0x42608c CreateFileA
0x426090 GetCPInfo
0x426094 GetOEMCP
0x426098 GetModuleHandleW
0x42609c SetErrorMode
0x4260a0 RtlUnwind
0x4260a4 GetCommandLineA
0x4260a8 GetStartupInfoA
0x4260ac HeapAlloc
0x4260b0 HeapFree
0x4260b4 Sleep
0x4260b8 ExitProcess
0x4260bc RaiseException
0x4260c0 HeapReAlloc
0x4260c4 VirtualAlloc
0x4260c8 HeapSize
0x4260cc TerminateProcess
0x4260d0 UnhandledExceptionFilter
0x4260d4 SetUnhandledExceptionFilter
0x4260d8 IsDebuggerPresent
0x4260dc GetACP
0x4260e0 IsValidCodePage
0x4260e4 GetStdHandle
0x4260e8 FreeEnvironmentStringsA
0x4260ec GetEnvironmentStrings
0x4260f0 FreeEnvironmentStringsW
0x4260f4 GetEnvironmentStringsW
0x4260f8 SetHandleCount
0x4260fc GetFileType
0x426100 HeapCreate
0x426104 VirtualFree
0x426108 QueryPerformanceCounter
0x42610c GetTickCount
0x426110 GetSystemTimeAsFileTime
0x426114 InitializeCriticalSectionAndSpinCount
0x426118 LCMapStringA
0x42611c LCMapStringW
0x426120 GetStringTypeA
0x426124 GetStringTypeW
0x426128 GetConsoleCP
0x42612c GetConsoleMode
0x426130 SetStdHandle
0x426134 WriteConsoleA
0x426138 GetConsoleOutputCP
0x42613c WriteConsoleW
0x426140 GetCurrentProcess
0x426144 FlushFileBuffers
0x426148 SetFilePointer
0x42614c WriteFile
0x426150 InterlockedIncrement
0x426154 TlsFree
0x426158 DeleteCriticalSection
0x42615c LocalReAlloc
0x426160 TlsSetValue
0x426164 TlsAlloc
0x426168 InitializeCriticalSection
0x42616c GlobalHandle
0x426170 GlobalReAlloc
0x426174 EnterCriticalSection
0x426178 TlsGetValue
0x42617c LeaveCriticalSection
0x426180 LocalAlloc
0x426184 GlobalFlags
0x426188 WritePrivateProfileStringA
0x42618c FormatMessageA
0x426190 LocalFree
0x426194 MulDiv
0x426198 lstrlenA
0x42619c GlobalGetAtomNameA
0x4261a0 GlobalFindAtomA
0x4261a4 MultiByteToWideChar
0x4261a8 lstrcmpW
0x4261ac GetVersionExA
0x4261b0 InterlockedDecrement
0x4261b4 GetModuleFileNameW
0x4261b8 GlobalUnlock
0x4261bc GlobalFree
0x4261c0 FreeResource
0x4261c4 GetCurrentProcessId
0x4261c8 GetLastError
0x4261cc SetLastError
0x4261d0 GlobalAddAtomA
0x4261d4 CloseHandle
0x4261d8 GlobalDeleteAtom
0x4261dc GetCurrentThread
0x4261e0 GetCurrentThreadId
0x4261e4 ConvertDefaultLocale
0x4261e8 EnumResourceLanguagesA
0x4261ec GetModuleFileNameA
0x4261f0 GetLocaleInfoA
0x4261f4 LoadLibraryA
0x4261f8 WideCharToMultiByte
0x4261fc CompareStringA
0x426200 FindResourceA
0x426204 LoadResource
0x426208 LockResource
0x42620c SizeofResource
0x426210 InterlockedExchange
0x426214 GlobalLock
0x426218 lstrcmpA
0x42621c GlobalAlloc
0x426220 FreeLibrary
0x426224 GetModuleHandleA
0x426228 GetProcAddress
GDI32.dll
0x426028 SetMapMode
0x42602c ScaleViewportExtEx
0x426030 SetWindowExtEx
0x426034 ScaleWindowExtEx
0x426038 DeleteDC
0x42603c GetStockObject
0x426040 OffsetViewportOrgEx
0x426044 GetDeviceCaps
0x426048 SetViewportOrgEx
0x42604c SelectObject
0x426050 Escape
0x426054 ExtTextOutA
0x426058 RestoreDC
0x42605c SaveDC
0x426060 GetObjectA
0x426064 SetBkColor
0x426068 SetTextColor
0x42606c GetClipBox
0x426070 CreateBitmap
0x426074 TextOutA
0x426078 RectVisible
0x42607c PtVisible
0x426080 DeleteObject
0x426084 SetViewportExtEx
WINSPOOL.DRV
0x4263f4 DocumentPropertiesA
0x4263f8 OpenPrinterA
0x4263fc ClosePrinter
ADVAPI32.dll
0x426000 RegSetValueExA
0x426004 RegCreateKeyExA
0x426008 RegQueryValueA
0x42600c RegOpenKeyA
0x426010 RegEnumKeyA
0x426014 RegDeleteKeyA
0x426018 RegOpenKeyExA
0x42601c RegQueryValueExA
0x426020 RegCloseKey
OLEAUT32.dll
0x42623c VariantClear
0x426240 VariantChangeType
0x426244 VariantInit
kernel32.dll
0x42e6f8 GetProcessHeap
0x42e6fc ReadFile
0x42e700 GetLocalTime
0x42e704 lstrcmpiA
0x42e708 CreateMutexA
0x42e70c GetSystemDefaultLangID
0x42e710 GetAtomNameA
0x42e714 ExpandEnvironmentStringsA
0x42e718 GetUserDefaultUILanguage
EAT(Export Address Table) is none