ScreenShot
| Created | 2024.01.22 12:35 | Machine | s1_win7_x6401 |
| Filename | rty27.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 90ab18d69c8c28f797acf90b61d656df | ||
| sha256 | 909e4623b8a2fcc82c150fd92a7d85bfdd7d506ec8b8dbf7655ada67885e0417 | ||
| ssdeep | 3072:oVZTMYQ0qIN6NtVcOXHK5ULK2NUPj0ZeyRS6CSfKVu1xgCAWU8fvJqxEm4x1ESuS:YMnt3HP2PPjqp/1fvoxEvTE | ||
| imphash | a7a19cad0c2c193feb43fc00c1b6b502 | ||
| impfuzzy | 96:oxTXtlgqbmQzBWqUGaeXXm/zjVrablqApjV5qeWY+5RN/:oxT3m+BWM7XXm/zBnyfWN/ | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Performs some HTTP requests |
| info | Collects information to fingerprint the system (MachineGuid |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (4cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x100001000 RegOpenKeyExW
0x100001008 RegQueryValueExW
0x100001010 RegCloseKey
0x100001018 EventWrite
0x100001020 EventRegister
0x100001028 EventUnregister
0x100001030 RegCreateKeyExW
0x100001038 RegSetValueExW
KERNEL32.dll
0x100001130 GetLastError
0x100001138 HeapFree
0x100001140 GetProcessHeap
0x100001148 HeapAlloc
0x100001150 GetCurrentThreadId
0x100001158 GetTickCount
0x100001160 QueryPerformanceCounter
0x100001168 GetModuleHandleW
0x100001170 SetUnhandledExceptionFilter
0x100001178 GetStartupInfoW
0x100001180 Sleep
0x100001188 LocalFree
0x100001190 GetSystemTimeAsFileTime
0x100001198 TerminateProcess
0x1000011a0 GetCurrentProcess
0x1000011a8 UnhandledExceptionFilter
0x1000011b0 RtlVirtualUnwind
0x1000011b8 RtlLookupFunctionEntry
0x1000011c0 RtlCaptureContext
0x1000011c8 CreateMutexW
0x1000011d0 GetTickCount64
0x1000011d8 VerifyVersionInfoW
0x1000011e0 VerSetConditionMask
0x1000011e8 MulDiv
0x1000011f0 CloseHandle
0x1000011f8 GetCurrentProcessId
GDI32.dll
0x100001078 Polyline
0x100001080 SetBkColor
0x100001088 CreateSolidBrush
0x100001090 CreatePen
0x100001098 DeleteObject
0x1000010a0 GetDeviceCaps
0x1000010a8 CreateFontIndirectW
0x1000010b0 GetObjectW
0x1000010b8 CreateCompatibleDC
0x1000010c0 SelectObject
0x1000010c8 GdiAlphaBlend
0x1000010d0 BitBlt
0x1000010d8 DeleteDC
0x1000010e0 GetStockObject
0x1000010e8 GdiSetBatchLimit
0x1000010f0 SetTextColor
0x1000010f8 GetTextMetricsW
0x100001100 PatBlt
0x100001108 CreateCompatibleBitmap
0x100001110 SetStretchBltMode
0x100001118 StretchBlt
0x100001120 SetBkMode
USER32.dll
0x100001290 IsDlgButtonChecked
0x100001298 CheckRadioButton
0x1000012a0 EnumDisplaySettingsW
0x1000012a8 EnumDisplayDevicesW
0x1000012b0 ChangeDisplaySettingsExW
0x1000012b8 GetSysColor
0x1000012c0 CopyImage
0x1000012c8 LoadBitmapW
0x1000012d0 DestroyWindow
0x1000012d8 CreateWindowExW
0x1000012e0 DrawTextW
0x1000012e8 CheckDlgButton
0x1000012f0 MapWindowPoints
0x1000012f8 FillRect
0x100001300 RedrawWindow
0x100001308 IsCharAlphaNumericW
0x100001310 MessageBoxW
0x100001318 SystemParametersInfoW
0x100001320 SetFocus
0x100001328 SetWindowLongW
0x100001330 GetParent
0x100001338 PostMessageW
0x100001340 EnableWindow
0x100001348 ShowWindow
0x100001350 DialogBoxParamW
0x100001358 KillTimer
0x100001360 SetTimer
0x100001368 EndDialog
0x100001370 SetForegroundWindow
0x100001378 FindWindowW
0x100001380 RegisterClassExW
0x100001388 LoadCursorW
0x100001390 DefWindowProcW
0x100001398 SetWindowTextW
0x1000013a0 SendMessageW
0x1000013a8 EndPaint
0x1000013b0 GetSysColorBrush
0x1000013b8 FrameRect
0x1000013c0 BeginPaint
0x1000013c8 DrawFocusRect
0x1000013d0 GetWindowLongW
0x1000013d8 GetFocus
0x1000013e0 InvalidateRect
0x1000013e8 SetWindowLongPtrW
0x1000013f0 SetDlgItemTextW
0x1000013f8 GetDlgItem
0x100001400 GetClientRect
0x100001408 MapDialogRect
0x100001410 SendDlgItemMessageW
0x100001418 SendMessageTimeoutW
0x100001420 SetWindowPos
0x100001428 PtInRect
0x100001430 GetWindowRect
0x100001438 GetSystemMetrics
0x100001440 GetProcessDefaultLayout
0x100001448 ReleaseDC
0x100001450 LoadStringW
0x100001458 GetDC
0x100001460 GetWindowLongPtrW
0x100001468 TrackMouseEvent
msvcrt.dll
0x1000014c0 _wtoi
0x1000014c8 __set_app_type
0x1000014d0 _fmode
0x1000014d8 memcpy
0x1000014e0 __setusermatherr
0x1000014e8 _amsg_exit
0x1000014f0 _initterm
0x1000014f8 memset
0x100001500 _unlock
0x100001508 __dllonexit
0x100001510 _lock
0x100001518 _onexit
0x100001520 ??1type_info@@UEAA@XZ
0x100001528 ?terminate@@YAXXZ
0x100001530 _commode
0x100001538 _acmdln
0x100001540 exit
0x100001548 _cexit
0x100001550 memcmp
0x100001558 _vsnwprintf
0x100001560 _purecall
0x100001568 free
0x100001570 realloc
0x100001578 wcschr
0x100001580 ??0exception@@QEAA@AEBQEBDH@Z
0x100001588 ?what@exception@@UEBAPEBDXZ
0x100001590 _ismbblead
0x100001598 _exit
0x1000015a0 _XcptFilter
0x1000015a8 __C_specific_handler
0x1000015b0 __getmainargs
0x1000015b8 _callnewh
0x1000015c0 malloc
0x1000015c8 _CxxThrowException
0x1000015d0 ??0exception@@QEAA@AEBV0@@Z
0x1000015d8 ??1exception@@UEAA@XZ
ntdll.dll
0x1000015e8 WinSqmAddToStream
0x1000015f0 WinSqmIncrementDWORD
SETUPAPI.dll
0x100001260 SetupDiDestroyDeviceInfoList
0x100001268 SetupDiGetDeviceInstanceIdW
0x100001270 SetupDiGetDeviceInterfaceDetailW
0x100001278 SetupDiGetClassDevsW
0x100001280 SetupDiOpenDeviceInterfaceW
UxTheme.dll
0x100001478 CloseThemeData
0x100001480 GetThemeSysFont
0x100001488 GetThemeSysColor
0x100001490 GetThemeColor
0x100001498 GetThemeFont
0x1000014a0 OpenThemeData
0x1000014a8 IsThemeActive
0x1000014b0 DrawThemeParentBackground
OLEACC.dll
0x100001208 CreateStdAccessibleObject
0x100001210 LresultFromObject
ole32.dll
0x100001600 CoInitializeSecurity
0x100001608 CoUninitialize
0x100001610 CoInitializeEx
0x100001618 CoSetProxyBlanket
0x100001620 StringFromGUID2
0x100001628 CoGetObject
0x100001630 CoCreateInstance
OLEAUT32.dll
0x100001220 SafeArrayGetLBound
0x100001228 SysAllocString
0x100001230 SysFreeString
0x100001238 SafeArrayGetUBound
0x100001240 SafeArrayGetElement
0x100001248 VariantInit
0x100001250 VariantClear
COMCTL32.dll
0x100001048 PropertySheetW
0x100001050 None
0x100001058 InitCommonControlsEx
DWrite.dll
0x100001068 DWriteCreateFactory
EAT(Export Address Table) is none
ADVAPI32.dll
0x100001000 RegOpenKeyExW
0x100001008 RegQueryValueExW
0x100001010 RegCloseKey
0x100001018 EventWrite
0x100001020 EventRegister
0x100001028 EventUnregister
0x100001030 RegCreateKeyExW
0x100001038 RegSetValueExW
KERNEL32.dll
0x100001130 GetLastError
0x100001138 HeapFree
0x100001140 GetProcessHeap
0x100001148 HeapAlloc
0x100001150 GetCurrentThreadId
0x100001158 GetTickCount
0x100001160 QueryPerformanceCounter
0x100001168 GetModuleHandleW
0x100001170 SetUnhandledExceptionFilter
0x100001178 GetStartupInfoW
0x100001180 Sleep
0x100001188 LocalFree
0x100001190 GetSystemTimeAsFileTime
0x100001198 TerminateProcess
0x1000011a0 GetCurrentProcess
0x1000011a8 UnhandledExceptionFilter
0x1000011b0 RtlVirtualUnwind
0x1000011b8 RtlLookupFunctionEntry
0x1000011c0 RtlCaptureContext
0x1000011c8 CreateMutexW
0x1000011d0 GetTickCount64
0x1000011d8 VerifyVersionInfoW
0x1000011e0 VerSetConditionMask
0x1000011e8 MulDiv
0x1000011f0 CloseHandle
0x1000011f8 GetCurrentProcessId
GDI32.dll
0x100001078 Polyline
0x100001080 SetBkColor
0x100001088 CreateSolidBrush
0x100001090 CreatePen
0x100001098 DeleteObject
0x1000010a0 GetDeviceCaps
0x1000010a8 CreateFontIndirectW
0x1000010b0 GetObjectW
0x1000010b8 CreateCompatibleDC
0x1000010c0 SelectObject
0x1000010c8 GdiAlphaBlend
0x1000010d0 BitBlt
0x1000010d8 DeleteDC
0x1000010e0 GetStockObject
0x1000010e8 GdiSetBatchLimit
0x1000010f0 SetTextColor
0x1000010f8 GetTextMetricsW
0x100001100 PatBlt
0x100001108 CreateCompatibleBitmap
0x100001110 SetStretchBltMode
0x100001118 StretchBlt
0x100001120 SetBkMode
USER32.dll
0x100001290 IsDlgButtonChecked
0x100001298 CheckRadioButton
0x1000012a0 EnumDisplaySettingsW
0x1000012a8 EnumDisplayDevicesW
0x1000012b0 ChangeDisplaySettingsExW
0x1000012b8 GetSysColor
0x1000012c0 CopyImage
0x1000012c8 LoadBitmapW
0x1000012d0 DestroyWindow
0x1000012d8 CreateWindowExW
0x1000012e0 DrawTextW
0x1000012e8 CheckDlgButton
0x1000012f0 MapWindowPoints
0x1000012f8 FillRect
0x100001300 RedrawWindow
0x100001308 IsCharAlphaNumericW
0x100001310 MessageBoxW
0x100001318 SystemParametersInfoW
0x100001320 SetFocus
0x100001328 SetWindowLongW
0x100001330 GetParent
0x100001338 PostMessageW
0x100001340 EnableWindow
0x100001348 ShowWindow
0x100001350 DialogBoxParamW
0x100001358 KillTimer
0x100001360 SetTimer
0x100001368 EndDialog
0x100001370 SetForegroundWindow
0x100001378 FindWindowW
0x100001380 RegisterClassExW
0x100001388 LoadCursorW
0x100001390 DefWindowProcW
0x100001398 SetWindowTextW
0x1000013a0 SendMessageW
0x1000013a8 EndPaint
0x1000013b0 GetSysColorBrush
0x1000013b8 FrameRect
0x1000013c0 BeginPaint
0x1000013c8 DrawFocusRect
0x1000013d0 GetWindowLongW
0x1000013d8 GetFocus
0x1000013e0 InvalidateRect
0x1000013e8 SetWindowLongPtrW
0x1000013f0 SetDlgItemTextW
0x1000013f8 GetDlgItem
0x100001400 GetClientRect
0x100001408 MapDialogRect
0x100001410 SendDlgItemMessageW
0x100001418 SendMessageTimeoutW
0x100001420 SetWindowPos
0x100001428 PtInRect
0x100001430 GetWindowRect
0x100001438 GetSystemMetrics
0x100001440 GetProcessDefaultLayout
0x100001448 ReleaseDC
0x100001450 LoadStringW
0x100001458 GetDC
0x100001460 GetWindowLongPtrW
0x100001468 TrackMouseEvent
msvcrt.dll
0x1000014c0 _wtoi
0x1000014c8 __set_app_type
0x1000014d0 _fmode
0x1000014d8 memcpy
0x1000014e0 __setusermatherr
0x1000014e8 _amsg_exit
0x1000014f0 _initterm
0x1000014f8 memset
0x100001500 _unlock
0x100001508 __dllonexit
0x100001510 _lock
0x100001518 _onexit
0x100001520 ??1type_info@@UEAA@XZ
0x100001528 ?terminate@@YAXXZ
0x100001530 _commode
0x100001538 _acmdln
0x100001540 exit
0x100001548 _cexit
0x100001550 memcmp
0x100001558 _vsnwprintf
0x100001560 _purecall
0x100001568 free
0x100001570 realloc
0x100001578 wcschr
0x100001580 ??0exception@@QEAA@AEBQEBDH@Z
0x100001588 ?what@exception@@UEBAPEBDXZ
0x100001590 _ismbblead
0x100001598 _exit
0x1000015a0 _XcptFilter
0x1000015a8 __C_specific_handler
0x1000015b0 __getmainargs
0x1000015b8 _callnewh
0x1000015c0 malloc
0x1000015c8 _CxxThrowException
0x1000015d0 ??0exception@@QEAA@AEBV0@@Z
0x1000015d8 ??1exception@@UEAA@XZ
ntdll.dll
0x1000015e8 WinSqmAddToStream
0x1000015f0 WinSqmIncrementDWORD
SETUPAPI.dll
0x100001260 SetupDiDestroyDeviceInfoList
0x100001268 SetupDiGetDeviceInstanceIdW
0x100001270 SetupDiGetDeviceInterfaceDetailW
0x100001278 SetupDiGetClassDevsW
0x100001280 SetupDiOpenDeviceInterfaceW
UxTheme.dll
0x100001478 CloseThemeData
0x100001480 GetThemeSysFont
0x100001488 GetThemeSysColor
0x100001490 GetThemeColor
0x100001498 GetThemeFont
0x1000014a0 OpenThemeData
0x1000014a8 IsThemeActive
0x1000014b0 DrawThemeParentBackground
OLEACC.dll
0x100001208 CreateStdAccessibleObject
0x100001210 LresultFromObject
ole32.dll
0x100001600 CoInitializeSecurity
0x100001608 CoUninitialize
0x100001610 CoInitializeEx
0x100001618 CoSetProxyBlanket
0x100001620 StringFromGUID2
0x100001628 CoGetObject
0x100001630 CoCreateInstance
OLEAUT32.dll
0x100001220 SafeArrayGetLBound
0x100001228 SysAllocString
0x100001230 SysFreeString
0x100001238 SafeArrayGetUBound
0x100001240 SafeArrayGetElement
0x100001248 VariantInit
0x100001250 VariantClear
COMCTL32.dll
0x100001048 PropertySheetW
0x100001050 None
0x100001058 InitCommonControlsEx
DWrite.dll
0x100001068 DWriteCreateFactory
EAT(Export Address Table) is none