ScreenShot
| Created | 2023.09.25 07:45 | Machine | s1_win7_x6403 |
| Filename | g.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 3 detected (AIDetectMalware, Neshta, FileInfector, R606856) | ||
| md5 | ddffc2d90d856636988bf603f0383d9e | ||
| sha256 | 37162a151d67a271fa53fe8a32805ba3bcafeada5687e25ec55cf1d81840b2fd | ||
| ssdeep | 6144:b2vYg/KfSIBMDgW0L4FWa1yYMOgWQOb+071y6rpz0V:VgGSIu8OshYMUQOe6+ | ||
| imphash | ad93bccd3325bb814d5a573c3780f75f | ||
| impfuzzy | 24:FMX135W3MauM8S8DoelQtWOovbOGMUD10BvgJy0Dk2TZWylLLyoOXRKg07Gy5u9f:+35W3MfZo5x3614pt2TZxJzOYGyXWT | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET INFO TLS Handshake Failure
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14005cfb8 RegCloseKey
0x14005cfc0 RegOpenKeyW
0x14005cfc8 RegQueryValueExW
SHELL32.dll
0x14005cfd8 ShellExecuteW
KERNEL32.dll
0x14005cfe8 AcquireSRWLockExclusive
0x14005cff0 CancelIo
0x14005cff8 CloseHandle
0x14005d000 CompareStringW
0x14005d008 ConnectNamedPipe
0x14005d010 CreateEventW
0x14005d018 CreateFileW
0x14005d020 CreateNamedPipeW
0x14005d028 DeleteCriticalSection
0x14005d030 DisconnectNamedPipe
0x14005d038 EncodePointer
0x14005d040 EnterCriticalSection
0x14005d048 EnumSystemLocalesW
0x14005d050 ExitProcess
0x14005d058 FindClose
0x14005d060 FindFirstFileExW
0x14005d068 FindNextFileW
0x14005d070 FlsAlloc
0x14005d078 FlsFree
0x14005d080 FlsGetValue
0x14005d088 FlsSetValue
0x14005d090 FlushFileBuffers
0x14005d098 FreeEnvironmentStringsW
0x14005d0a0 FreeLibrary
0x14005d0a8 GetACP
0x14005d0b0 GetCPInfo
0x14005d0b8 GetCommandLineA
0x14005d0c0 GetCommandLineW
0x14005d0c8 GetConsoleMode
0x14005d0d0 GetConsoleOutputCP
0x14005d0d8 GetCurrentProcess
0x14005d0e0 GetCurrentProcessId
0x14005d0e8 GetCurrentThreadId
0x14005d0f0 GetDateFormatW
0x14005d0f8 GetEnvironmentStringsW
0x14005d100 GetFileSizeEx
0x14005d108 GetFileType
0x14005d110 GetLastError
0x14005d118 GetLocaleInfoW
0x14005d120 GetModuleFileNameW
0x14005d128 GetModuleHandleExW
0x14005d130 GetModuleHandleW
0x14005d138 GetOEMCP
0x14005d140 GetOverlappedResult
0x14005d148 GetProcAddress
0x14005d150 GetProcessHeap
0x14005d158 GetStartupInfoW
0x14005d160 GetStdHandle
0x14005d168 GetStringTypeW
0x14005d170 GetSystemTimeAsFileTime
0x14005d178 GetTimeFormatW
0x14005d180 GetTimeZoneInformation
0x14005d188 GetUserDefaultLCID
0x14005d190 HeapAlloc
0x14005d198 HeapFree
0x14005d1a0 HeapReAlloc
0x14005d1a8 HeapSize
0x14005d1b0 InitializeCriticalSectionAndSpinCount
0x14005d1b8 InitializeSListHead
0x14005d1c0 IsDebuggerPresent
0x14005d1c8 IsProcessorFeaturePresent
0x14005d1d0 IsValidCodePage
0x14005d1d8 IsValidLocale
0x14005d1e0 LCMapStringW
0x14005d1e8 LeaveCriticalSection
0x14005d1f0 LoadLibraryExW
0x14005d1f8 MultiByteToWideChar
0x14005d200 OutputDebugStringW
0x14005d208 QueryPerformanceCounter
0x14005d210 RaiseException
0x14005d218 ReadConsoleW
0x14005d220 ReadFile
0x14005d228 ReleaseSRWLockExclusive
0x14005d230 ResetEvent
0x14005d238 RtlCaptureContext
0x14005d240 RtlLookupFunctionEntry
0x14005d248 RtlPcToFileHeader
0x14005d250 RtlUnwind
0x14005d258 RtlUnwindEx
0x14005d260 RtlVirtualUnwind
0x14005d268 SetEnvironmentVariableW
0x14005d270 SetEvent
0x14005d278 SetFilePointerEx
0x14005d280 SetLastError
0x14005d288 SetStdHandle
0x14005d290 SetUnhandledExceptionFilter
0x14005d298 SleepConditionVariableSRW
0x14005d2a0 TerminateProcess
0x14005d2a8 TlsAlloc
0x14005d2b0 TlsFree
0x14005d2b8 TlsGetValue
0x14005d2c0 TlsSetValue
0x14005d2c8 UnhandledExceptionFilter
0x14005d2d0 WaitForSingleObject
0x14005d2d8 WaitForSingleObjectEx
0x14005d2e0 WakeAllConditionVariable
0x14005d2e8 WideCharToMultiByte
0x14005d2f0 WriteConsoleW
0x14005d2f8 WriteFile
EAT(Export Address Table) is none
ADVAPI32.dll
0x14005cfb8 RegCloseKey
0x14005cfc0 RegOpenKeyW
0x14005cfc8 RegQueryValueExW
SHELL32.dll
0x14005cfd8 ShellExecuteW
KERNEL32.dll
0x14005cfe8 AcquireSRWLockExclusive
0x14005cff0 CancelIo
0x14005cff8 CloseHandle
0x14005d000 CompareStringW
0x14005d008 ConnectNamedPipe
0x14005d010 CreateEventW
0x14005d018 CreateFileW
0x14005d020 CreateNamedPipeW
0x14005d028 DeleteCriticalSection
0x14005d030 DisconnectNamedPipe
0x14005d038 EncodePointer
0x14005d040 EnterCriticalSection
0x14005d048 EnumSystemLocalesW
0x14005d050 ExitProcess
0x14005d058 FindClose
0x14005d060 FindFirstFileExW
0x14005d068 FindNextFileW
0x14005d070 FlsAlloc
0x14005d078 FlsFree
0x14005d080 FlsGetValue
0x14005d088 FlsSetValue
0x14005d090 FlushFileBuffers
0x14005d098 FreeEnvironmentStringsW
0x14005d0a0 FreeLibrary
0x14005d0a8 GetACP
0x14005d0b0 GetCPInfo
0x14005d0b8 GetCommandLineA
0x14005d0c0 GetCommandLineW
0x14005d0c8 GetConsoleMode
0x14005d0d0 GetConsoleOutputCP
0x14005d0d8 GetCurrentProcess
0x14005d0e0 GetCurrentProcessId
0x14005d0e8 GetCurrentThreadId
0x14005d0f0 GetDateFormatW
0x14005d0f8 GetEnvironmentStringsW
0x14005d100 GetFileSizeEx
0x14005d108 GetFileType
0x14005d110 GetLastError
0x14005d118 GetLocaleInfoW
0x14005d120 GetModuleFileNameW
0x14005d128 GetModuleHandleExW
0x14005d130 GetModuleHandleW
0x14005d138 GetOEMCP
0x14005d140 GetOverlappedResult
0x14005d148 GetProcAddress
0x14005d150 GetProcessHeap
0x14005d158 GetStartupInfoW
0x14005d160 GetStdHandle
0x14005d168 GetStringTypeW
0x14005d170 GetSystemTimeAsFileTime
0x14005d178 GetTimeFormatW
0x14005d180 GetTimeZoneInformation
0x14005d188 GetUserDefaultLCID
0x14005d190 HeapAlloc
0x14005d198 HeapFree
0x14005d1a0 HeapReAlloc
0x14005d1a8 HeapSize
0x14005d1b0 InitializeCriticalSectionAndSpinCount
0x14005d1b8 InitializeSListHead
0x14005d1c0 IsDebuggerPresent
0x14005d1c8 IsProcessorFeaturePresent
0x14005d1d0 IsValidCodePage
0x14005d1d8 IsValidLocale
0x14005d1e0 LCMapStringW
0x14005d1e8 LeaveCriticalSection
0x14005d1f0 LoadLibraryExW
0x14005d1f8 MultiByteToWideChar
0x14005d200 OutputDebugStringW
0x14005d208 QueryPerformanceCounter
0x14005d210 RaiseException
0x14005d218 ReadConsoleW
0x14005d220 ReadFile
0x14005d228 ReleaseSRWLockExclusive
0x14005d230 ResetEvent
0x14005d238 RtlCaptureContext
0x14005d240 RtlLookupFunctionEntry
0x14005d248 RtlPcToFileHeader
0x14005d250 RtlUnwind
0x14005d258 RtlUnwindEx
0x14005d260 RtlVirtualUnwind
0x14005d268 SetEnvironmentVariableW
0x14005d270 SetEvent
0x14005d278 SetFilePointerEx
0x14005d280 SetLastError
0x14005d288 SetStdHandle
0x14005d290 SetUnhandledExceptionFilter
0x14005d298 SleepConditionVariableSRW
0x14005d2a0 TerminateProcess
0x14005d2a8 TlsAlloc
0x14005d2b0 TlsFree
0x14005d2b8 TlsGetValue
0x14005d2c0 TlsSetValue
0x14005d2c8 UnhandledExceptionFilter
0x14005d2d0 WaitForSingleObject
0x14005d2d8 WaitForSingleObjectEx
0x14005d2e0 WakeAllConditionVariable
0x14005d2e8 WideCharToMultiByte
0x14005d2f0 WriteConsoleW
0x14005d2f8 WriteFile
EAT(Export Address Table) is none