ScreenShot
Created | 2023.12.11 19:38 | Machine | s1_win7_x6403 |
Filename | Winlock.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 51 detected (AIDetectMalware, Diztakun, Sdum, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, bzti, jvlqmk, FileRepMalware, Misc, Gencirc, rjbkp, DownLoader45, R002C0XIQ23, Detected, ABRisk, FJKY, Wacatac, score, Artemis, ai score=87, unsafe, Chgt, Generic@AI, RDMK, gIh9sbX, ufqsVZIi1PeOOQ, susgen, Behavior) | ||
md5 | 18563c62462e92e3c81dfe737e3a8997 | ||
sha256 | 3e84a1296556efb107c12d4b936b0e1a1a7a5a70d6ecd3ed7ecff79e4b39bd54 | ||
ssdeep | 49152:88ntDZAcCVT1ZgESZlkBg9HCx6CtcX4EwgGW7XoUPIwEi2xQwqM:vZAcCKMECuX4EwN0RIzxQc | ||
imphash | f67c2d48a0d9fae633478c7ae08a5655 | ||
impfuzzy | 96:dqdSS8bpcfHs8YLrJLE4AzKVXf+ik9sfu7/05W:4ebkzSXfHkGu7/P |
Network IP location
Signature (19cnts)
Level | Description |
---|---|
danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
watch | Attempts to create or modify system certificates |
watch | Disables Windows' Task Manager |
watch | Expresses interest in specific running processes |
watch | Installs itself for autorun at Windows startup |
notice | A process created a hidden window |
notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
notice | Creates a suspicious process |
notice | Creates executable files on the filesystem |
notice | Downloads a file or document from Google Drive |
notice | Drops an executable to the user AppData folder |
notice | Performs some HTTP requests |
notice | Repeatedly searches for a not-found process |
notice | Searches running processes potentially to identify processes for sandbox evasion |
notice | Terminates another process |
notice | Uses Windows utilities for basic Windows functionality |
info | Checks amount of memory in system |
info | Command line console output was observed |
info | Queries for the computername |
Rules (13cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (download) |
danger | Win32_Trojan_Emotet_2_Zero | Win32 Trojan Emotet | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsDLL | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (download) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x486000 None
WINMM.dll
0x4863f8 timeBeginPeriod
0x4863fc joyGetDevCapsW
0x486400 joyGetPosEx
0x486404 timeEndPeriod
KERNEL32.dll
0x486080 MultiByteToWideChar
0x486084 WideCharToMultiByte
0x486088 GlobalAddAtomW
0x48608c GlobalDeleteAtom
0x486090 lstrlenW
0x486094 GetCommandLineW
0x486098 GetExitCodeProcess
0x48609c GlobalAlloc
0x4860a0 GlobalLock
0x4860a4 GlobalUnlock
0x4860a8 SetErrorMode
0x4860ac GetCurrentDirectoryW
0x4860b0 GlobalFree
0x4860b4 LoadLibraryW
0x4860b8 FreeEnvironmentStringsW
0x4860bc GetEnvironmentStringsW
0x4860c0 GetCommandLineA
0x4860c4 FindNextFileA
0x4860c8 FindFirstFileExA
0x4860cc DecodePointer
0x4860d0 GetFileType
0x4860d4 GetProcessHeap
0x4860d8 LCMapStringW
0x4860dc EnumSystemLocalesW
0x4860e0 GetUserDefaultLCID
0x4860e4 IsValidLocale
0x4860e8 GetOEMCP
0x4860ec IsValidCodePage
0x4860f0 GetStringTypeW
0x4860f4 GetCPInfo
0x4860f8 HeapFree
0x4860fc HeapReAlloc
0x486100 HeapAlloc
0x486104 GetStdHandle
0x486108 FindNextFileW
0x48610c GetModuleHandleExW
0x486110 ExitProcess
0x486114 SetEnvironmentVariableW
0x486118 DeleteFileW
0x48611c HeapSize
0x486120 GetACP
0x486124 DeleteCriticalSection
0x486128 LeaveCriticalSection
0x48612c EnterCriticalSection
0x486130 EncodePointer
0x486134 RtlUnwind
0x486138 InitializeSListHead
0x48613c GetCurrentThreadId
0x486140 GetCurrentProcessId
0x486144 GetStartupInfoW
0x486148 IsDebuggerPresent
0x48614c IsProcessorFeaturePresent
0x486150 TerminateProcess
0x486154 GetCurrentProcess
0x486158 SetUnhandledExceptionFilter
0x48615c UnhandledExceptionFilter
0x486160 GetSystemTimeAsFileTime
0x486164 TlsFree
0x486168 TlsSetValue
0x48616c TlsGetValue
0x486170 TlsAlloc
0x486174 InitializeCriticalSectionAndSpinCount
0x486178 SetLastError
0x48617c QueryPerformanceFrequency
0x486180 QueryPerformanceCounter
0x486184 LoadLibraryExA
0x486188 GetModuleHandleW
0x48618c VirtualQuery
0x486190 VirtualProtect
0x486194 GetSystemInfo
0x486198 RaiseException
0x48619c CreateMutexW
0x4861a0 GetModuleFileNameW
0x4861a4 Sleep
0x4861a8 SetCurrentDirectoryW
0x4861ac ReleaseMutex
0x4861b0 WaitForSingleObject
0x4861b4 FindClose
0x4861b8 FindFirstFileW
0x4861bc CloseHandle
0x4861c0 SetFilePointerEx
0x4861c4 SetFilePointer
0x4861c8 WriteFile
0x4861cc GetLastError
0x4861d0 ReadFile
0x4861d4 CreateFileW
0x4861d8 CreateDirectoryW
0x4861dc GetTempFileNameW
0x4861e0 GetTempPathW
0x4861e4 WriteConsoleW
0x4861e8 RemoveDirectoryW
0x4861ec GetVersionExW
0x4861f0 GetLocaleInfoW
0x4861f4 FreeLibrary
0x4861f8 GetProcAddress
0x4861fc LoadLibraryExW
0x486200 SetStdHandle
0x486204 GetConsoleCP
0x486208 GetConsoleMode
0x48620c FlushFileBuffers
0x486210 GetModuleFileNameA
USER32.dll
0x48622c DrawTextW
0x486230 OffsetRect
0x486234 DestroyWindow
0x486238 PostQuitMessage
0x48623c DrawEdge
0x486240 GetUpdateRect
0x486244 DefMDIChildProcW
0x486248 EndPaint
0x48624c BeginPaint
0x486250 InflateRect
0x486254 GetClassNameW
0x486258 GetDlgItemTextW
0x48625c SendDlgItemMessageW
0x486260 EndDialog
0x486264 GetDlgItem
0x486268 SetDlgItemTextW
0x48626c GetTabbedTextExtentW
0x486270 MapVirtualKeyW
0x486274 GetInputState
0x486278 DrawMenuBar
0x48627c SetMenuInfo
0x486280 DestroyMenu
0x486284 LoadMenuIndirectW
0x486288 GetMenuItemCount
0x48628c SetWindowPlacement
0x486290 GetWindowPlacement
0x486294 EndDeferWindowPos
0x486298 DeferWindowPos
0x48629c BeginDeferWindowPos
0x4862a0 GetDesktopWindow
0x4862a4 GetSystemMenu
0x4862a8 UpdateWindow
0x4862ac GetWindow
0x4862b0 RegisterClassW
0x4862b4 RegisterClassExW
0x4862b8 ModifyMenuW
0x4862bc GetMenuStringW
0x4862c0 GetMenuItemID
0x4862c4 DialogBoxParamW
0x4862c8 FillRect
0x4862cc LoadImageW
0x4862d0 LoadIconW
0x4862d4 GetMonitorInfoW
0x4862d8 MonitorFromWindow
0x4862dc GetSystemMetrics
0x4862e0 RedrawWindow
0x4862e4 IsIconic
0x4862e8 IsDialogMessageW
0x4862ec SetTimer
0x4862f0 GetClipboardData
0x4862f4 CloseClipboard
0x4862f8 SetClipboardData
0x4862fc EmptyClipboard
0x486300 OpenClipboard
0x486304 IsClipboardFormatAvailable
0x486308 CheckMenuItem
0x48630c EnableMenuItem
0x486310 GetMenu
0x486314 PtInRect
0x486318 PostMessageW
0x48631c InvalidateRect
0x486320 SetFocus
0x486324 GetFocus
0x486328 CallWindowProcW
0x48632c RemovePropW
0x486330 SetPropW
0x486334 SetWindowLongW
0x486338 GetPropW
0x48633c MessageBoxW
0x486340 GetParent
0x486344 GetActiveWindow
0x486348 ShowCursor
0x48634c SetCapture
0x486350 ReleaseCapture
0x486354 GetKeyState
0x486358 GetWindowRect
0x48635c GetWindowDC
0x486360 SetCursorPos
0x486364 ClientToScreen
0x486368 ScreenToClient
0x48636c GetCursorPos
0x486370 LoadStringW
0x486374 MapWindowPoints
0x486378 SetWindowPos
0x48637c IsZoomed
0x486380 GetWindowLongW
0x486384 AdjustWindowRectEx
0x486388 SendMessageW
0x48638c LockWindowUpdate
0x486390 ShowWindow
0x486394 IsWindowVisible
0x486398 GetClientRect
0x48639c SetWindowTextW
0x4863a0 wsprintfW
0x4863a4 IntersectRect
0x4863a8 KillTimer
0x4863ac DestroyIcon
0x4863b0 GetSubMenu
0x4863b4 DeleteMenu
0x4863b8 GetMenuState
0x4863bc LoadCursorW
0x4863c0 SetCursor
0x4863c4 SystemParametersInfoW
0x4863c8 GetSysColor
0x4863cc ReleaseDC
0x4863d0 CreateIconIndirect
0x4863d4 GetDC
0x4863d8 MsgWaitForMultipleObjects
0x4863dc DispatchMessageW
0x4863e0 TranslateMessage
0x4863e4 TranslateMDISysAccel
0x4863e8 GetMessageW
0x4863ec PeekMessageW
0x4863f0 DialogBoxIndirectParamW
GDI32.dll
0x486014 CreatePalette
0x486018 SelectPalette
0x48601c RealizePalette
0x486020 EnumFontFamiliesExW
0x486024 GetStockObject
0x486028 SelectObject
0x48602c GetTextExtentPointW
0x486030 GetDeviceCaps
0x486034 GetObjectW
0x486038 CreateFontIndirectW
0x48603c DeleteObject
0x486040 CreatePen
0x486044 Rectangle
0x486048 LineTo
0x48604c SetBkColor
0x486050 ExtTextOutW
0x486054 SetTextColor
0x486058 SetBkMode
0x48605c CreateRectRgn
0x486060 GetClipRgn
0x486064 ExcludeClipRect
0x486068 SelectClipRgn
0x48606c SetDIBits
0x486070 CreateCompatibleBitmap
0x486074 CreateSolidBrush
0x486078 CreateBitmap
COMDLG32.dll
0x486008 GetSaveFileNameW
0x48600c GetOpenFileNameW
SHELL32.dll
0x486218 DragFinish
0x48621c DragQueryFileW
0x486220 ShellExecuteExW
0x486224 DragAcceptFiles
EAT(Export Address Table) Library
0x4a2260 AmdPowerXpressRequestHighPerformance
0x4a2264 NvOptimusEnablement
COMCTL32.dll
0x486000 None
WINMM.dll
0x4863f8 timeBeginPeriod
0x4863fc joyGetDevCapsW
0x486400 joyGetPosEx
0x486404 timeEndPeriod
KERNEL32.dll
0x486080 MultiByteToWideChar
0x486084 WideCharToMultiByte
0x486088 GlobalAddAtomW
0x48608c GlobalDeleteAtom
0x486090 lstrlenW
0x486094 GetCommandLineW
0x486098 GetExitCodeProcess
0x48609c GlobalAlloc
0x4860a0 GlobalLock
0x4860a4 GlobalUnlock
0x4860a8 SetErrorMode
0x4860ac GetCurrentDirectoryW
0x4860b0 GlobalFree
0x4860b4 LoadLibraryW
0x4860b8 FreeEnvironmentStringsW
0x4860bc GetEnvironmentStringsW
0x4860c0 GetCommandLineA
0x4860c4 FindNextFileA
0x4860c8 FindFirstFileExA
0x4860cc DecodePointer
0x4860d0 GetFileType
0x4860d4 GetProcessHeap
0x4860d8 LCMapStringW
0x4860dc EnumSystemLocalesW
0x4860e0 GetUserDefaultLCID
0x4860e4 IsValidLocale
0x4860e8 GetOEMCP
0x4860ec IsValidCodePage
0x4860f0 GetStringTypeW
0x4860f4 GetCPInfo
0x4860f8 HeapFree
0x4860fc HeapReAlloc
0x486100 HeapAlloc
0x486104 GetStdHandle
0x486108 FindNextFileW
0x48610c GetModuleHandleExW
0x486110 ExitProcess
0x486114 SetEnvironmentVariableW
0x486118 DeleteFileW
0x48611c HeapSize
0x486120 GetACP
0x486124 DeleteCriticalSection
0x486128 LeaveCriticalSection
0x48612c EnterCriticalSection
0x486130 EncodePointer
0x486134 RtlUnwind
0x486138 InitializeSListHead
0x48613c GetCurrentThreadId
0x486140 GetCurrentProcessId
0x486144 GetStartupInfoW
0x486148 IsDebuggerPresent
0x48614c IsProcessorFeaturePresent
0x486150 TerminateProcess
0x486154 GetCurrentProcess
0x486158 SetUnhandledExceptionFilter
0x48615c UnhandledExceptionFilter
0x486160 GetSystemTimeAsFileTime
0x486164 TlsFree
0x486168 TlsSetValue
0x48616c TlsGetValue
0x486170 TlsAlloc
0x486174 InitializeCriticalSectionAndSpinCount
0x486178 SetLastError
0x48617c QueryPerformanceFrequency
0x486180 QueryPerformanceCounter
0x486184 LoadLibraryExA
0x486188 GetModuleHandleW
0x48618c VirtualQuery
0x486190 VirtualProtect
0x486194 GetSystemInfo
0x486198 RaiseException
0x48619c CreateMutexW
0x4861a0 GetModuleFileNameW
0x4861a4 Sleep
0x4861a8 SetCurrentDirectoryW
0x4861ac ReleaseMutex
0x4861b0 WaitForSingleObject
0x4861b4 FindClose
0x4861b8 FindFirstFileW
0x4861bc CloseHandle
0x4861c0 SetFilePointerEx
0x4861c4 SetFilePointer
0x4861c8 WriteFile
0x4861cc GetLastError
0x4861d0 ReadFile
0x4861d4 CreateFileW
0x4861d8 CreateDirectoryW
0x4861dc GetTempFileNameW
0x4861e0 GetTempPathW
0x4861e4 WriteConsoleW
0x4861e8 RemoveDirectoryW
0x4861ec GetVersionExW
0x4861f0 GetLocaleInfoW
0x4861f4 FreeLibrary
0x4861f8 GetProcAddress
0x4861fc LoadLibraryExW
0x486200 SetStdHandle
0x486204 GetConsoleCP
0x486208 GetConsoleMode
0x48620c FlushFileBuffers
0x486210 GetModuleFileNameA
USER32.dll
0x48622c DrawTextW
0x486230 OffsetRect
0x486234 DestroyWindow
0x486238 PostQuitMessage
0x48623c DrawEdge
0x486240 GetUpdateRect
0x486244 DefMDIChildProcW
0x486248 EndPaint
0x48624c BeginPaint
0x486250 InflateRect
0x486254 GetClassNameW
0x486258 GetDlgItemTextW
0x48625c SendDlgItemMessageW
0x486260 EndDialog
0x486264 GetDlgItem
0x486268 SetDlgItemTextW
0x48626c GetTabbedTextExtentW
0x486270 MapVirtualKeyW
0x486274 GetInputState
0x486278 DrawMenuBar
0x48627c SetMenuInfo
0x486280 DestroyMenu
0x486284 LoadMenuIndirectW
0x486288 GetMenuItemCount
0x48628c SetWindowPlacement
0x486290 GetWindowPlacement
0x486294 EndDeferWindowPos
0x486298 DeferWindowPos
0x48629c BeginDeferWindowPos
0x4862a0 GetDesktopWindow
0x4862a4 GetSystemMenu
0x4862a8 UpdateWindow
0x4862ac GetWindow
0x4862b0 RegisterClassW
0x4862b4 RegisterClassExW
0x4862b8 ModifyMenuW
0x4862bc GetMenuStringW
0x4862c0 GetMenuItemID
0x4862c4 DialogBoxParamW
0x4862c8 FillRect
0x4862cc LoadImageW
0x4862d0 LoadIconW
0x4862d4 GetMonitorInfoW
0x4862d8 MonitorFromWindow
0x4862dc GetSystemMetrics
0x4862e0 RedrawWindow
0x4862e4 IsIconic
0x4862e8 IsDialogMessageW
0x4862ec SetTimer
0x4862f0 GetClipboardData
0x4862f4 CloseClipboard
0x4862f8 SetClipboardData
0x4862fc EmptyClipboard
0x486300 OpenClipboard
0x486304 IsClipboardFormatAvailable
0x486308 CheckMenuItem
0x48630c EnableMenuItem
0x486310 GetMenu
0x486314 PtInRect
0x486318 PostMessageW
0x48631c InvalidateRect
0x486320 SetFocus
0x486324 GetFocus
0x486328 CallWindowProcW
0x48632c RemovePropW
0x486330 SetPropW
0x486334 SetWindowLongW
0x486338 GetPropW
0x48633c MessageBoxW
0x486340 GetParent
0x486344 GetActiveWindow
0x486348 ShowCursor
0x48634c SetCapture
0x486350 ReleaseCapture
0x486354 GetKeyState
0x486358 GetWindowRect
0x48635c GetWindowDC
0x486360 SetCursorPos
0x486364 ClientToScreen
0x486368 ScreenToClient
0x48636c GetCursorPos
0x486370 LoadStringW
0x486374 MapWindowPoints
0x486378 SetWindowPos
0x48637c IsZoomed
0x486380 GetWindowLongW
0x486384 AdjustWindowRectEx
0x486388 SendMessageW
0x48638c LockWindowUpdate
0x486390 ShowWindow
0x486394 IsWindowVisible
0x486398 GetClientRect
0x48639c SetWindowTextW
0x4863a0 wsprintfW
0x4863a4 IntersectRect
0x4863a8 KillTimer
0x4863ac DestroyIcon
0x4863b0 GetSubMenu
0x4863b4 DeleteMenu
0x4863b8 GetMenuState
0x4863bc LoadCursorW
0x4863c0 SetCursor
0x4863c4 SystemParametersInfoW
0x4863c8 GetSysColor
0x4863cc ReleaseDC
0x4863d0 CreateIconIndirect
0x4863d4 GetDC
0x4863d8 MsgWaitForMultipleObjects
0x4863dc DispatchMessageW
0x4863e0 TranslateMessage
0x4863e4 TranslateMDISysAccel
0x4863e8 GetMessageW
0x4863ec PeekMessageW
0x4863f0 DialogBoxIndirectParamW
GDI32.dll
0x486014 CreatePalette
0x486018 SelectPalette
0x48601c RealizePalette
0x486020 EnumFontFamiliesExW
0x486024 GetStockObject
0x486028 SelectObject
0x48602c GetTextExtentPointW
0x486030 GetDeviceCaps
0x486034 GetObjectW
0x486038 CreateFontIndirectW
0x48603c DeleteObject
0x486040 CreatePen
0x486044 Rectangle
0x486048 LineTo
0x48604c SetBkColor
0x486050 ExtTextOutW
0x486054 SetTextColor
0x486058 SetBkMode
0x48605c CreateRectRgn
0x486060 GetClipRgn
0x486064 ExcludeClipRect
0x486068 SelectClipRgn
0x48606c SetDIBits
0x486070 CreateCompatibleBitmap
0x486074 CreateSolidBrush
0x486078 CreateBitmap
COMDLG32.dll
0x486008 GetSaveFileNameW
0x48600c GetOpenFileNameW
SHELL32.dll
0x486218 DragFinish
0x48621c DragQueryFileW
0x486220 ShellExecuteExW
0x486224 DragAcceptFiles
EAT(Export Address Table) Library
0x4a2260 AmdPowerXpressRequestHighPerformance
0x4a2264 NvOptimusEnablement