ScreenShot
| Created | 2024.02.01 07:59 | Machine | s1_win7_x6401 |
| Filename | Apple.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 6467c1d4c14b19a50b3e154be9454e5f | ||
| sha256 | 008e23d54a1e360051a894b171233579d90542580d382a7287d462c2bdad9daa | ||
| ssdeep | 192:7Vf9JqzjLxlxs3eq9q6t4PAq3Q5tfMcm:7Vf9JqXLa3p9qp3N | ||
| imphash | a336492d9dbaa04b23570555b3e678e3 | ||
| impfuzzy | 24:hSsYgMyWNwyWPWUBZhyBSJCfocAbD29hJLzABAihTK4Tg+BbQLSQMu5FT5tY78vH:hSvNg1pQJdH4BMLSQMMtO8vH | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| notice | A process created a hidden window |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Creates executable files on the filesystem |
| notice | Performs some HTTP requests |
| info | Collects information to fingerprint the system (MachineGuid |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Network_Downloader | File Downloader | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
SHELL32.dll
0x140002080 ShellExecuteW
urlmon.dll
0x1400021a0 URLDownloadToFileW
VCRUNTIME140.dll
0x140002090 __C_specific_handler
0x140002098 __current_exception
0x1400020a0 __current_exception_context
0x1400020a8 memset
0x1400020b0 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x1400020f0 _initialize_onexit_table
0x1400020f8 terminate
0x140002100 _seh_filter_exe
0x140002108 _register_onexit_function
0x140002110 _set_app_type
0x140002118 _c_exit
0x140002120 _crt_atexit
0x140002128 _cexit
0x140002130 __p___argv
0x140002138 __p___argc
0x140002140 _register_thread_local_exe_atexit_callback
0x140002148 _exit
0x140002150 exit
0x140002158 _initterm_e
0x140002160 _initterm
0x140002168 _get_initial_narrow_environment
0x140002170 _initialize_narrow_environment
0x140002178 _configure_narrow_argv
api-ms-win-crt-math-l1-1-0.dll
0x1400020e0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140002188 __p__commode
0x140002190 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1400020d0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1400020c0 _set_new_mode
KERNEL32.dll
0x140002000 GetSystemTimeAsFileTime
0x140002008 RtlLookupFunctionEntry
0x140002010 RtlVirtualUnwind
0x140002018 GetModuleHandleW
0x140002020 UnhandledExceptionFilter
0x140002028 SetUnhandledExceptionFilter
0x140002030 GetCurrentProcess
0x140002038 TerminateProcess
0x140002040 IsProcessorFeaturePresent
0x140002048 IsDebuggerPresent
0x140002050 InitializeSListHead
0x140002058 RtlCaptureContext
0x140002060 GetCurrentThreadId
0x140002068 GetCurrentProcessId
0x140002070 QueryPerformanceCounter
EAT(Export Address Table) is none
SHELL32.dll
0x140002080 ShellExecuteW
urlmon.dll
0x1400021a0 URLDownloadToFileW
VCRUNTIME140.dll
0x140002090 __C_specific_handler
0x140002098 __current_exception
0x1400020a0 __current_exception_context
0x1400020a8 memset
0x1400020b0 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x1400020f0 _initialize_onexit_table
0x1400020f8 terminate
0x140002100 _seh_filter_exe
0x140002108 _register_onexit_function
0x140002110 _set_app_type
0x140002118 _c_exit
0x140002120 _crt_atexit
0x140002128 _cexit
0x140002130 __p___argv
0x140002138 __p___argc
0x140002140 _register_thread_local_exe_atexit_callback
0x140002148 _exit
0x140002150 exit
0x140002158 _initterm_e
0x140002160 _initterm
0x140002168 _get_initial_narrow_environment
0x140002170 _initialize_narrow_environment
0x140002178 _configure_narrow_argv
api-ms-win-crt-math-l1-1-0.dll
0x1400020e0 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140002188 __p__commode
0x140002190 _set_fmode
api-ms-win-crt-locale-l1-1-0.dll
0x1400020d0 _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll
0x1400020c0 _set_new_mode
KERNEL32.dll
0x140002000 GetSystemTimeAsFileTime
0x140002008 RtlLookupFunctionEntry
0x140002010 RtlVirtualUnwind
0x140002018 GetModuleHandleW
0x140002020 UnhandledExceptionFilter
0x140002028 SetUnhandledExceptionFilter
0x140002030 GetCurrentProcess
0x140002038 TerminateProcess
0x140002040 IsProcessorFeaturePresent
0x140002048 IsDebuggerPresent
0x140002050 InitializeSListHead
0x140002058 RtlCaptureContext
0x140002060 GetCurrentThreadId
0x140002068 GetCurrentProcessId
0x140002070 QueryPerformanceCounter
EAT(Export Address Table) is none