ScreenShot
| Created | 2024.03.21 07:23 | Machine | s1_win7_x6401 |
| Filename | rty45.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 36 detected (HanuwLimziAC, Fabookie, malicious, high confidence, score, BadFile, unsafe, Attribute, HighConfidence, GenericRXAA, CLASSIC, AGEN, DownLoader45, PRIVATELOADER, YXECTZ, Outbreak, Detected, P9O46O, DropperX, R593159, Chgt, Oader, Ncnw, confidence, 100%) | ||
| md5 | a3cc4a0054f5c47f3513117efaf2f335 | ||
| sha256 | cefe1e1d4b0be963ecf7da33972135afa8920826b7e71fb7281d4e688e4af5bf | ||
| ssdeep | 6144:x7u5RwxzF2LrCrQk1tUeJpj/4iM8wangu2+UvQ/KpmOq:x72yxzF2LWrQkL/4lRKMvQ/Kp | ||
| imphash | 287240fab1f223abb090ff96769db3f7 | ||
| impfuzzy | 96:A1rEfUm8auoA5gU1lgWnLBOH3XP/cof+ep3f0uGS7eX0yoBneWoN9:A1rasaA5N0H3HGep3sPfX0yoBneLN9 | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x100001000 TraceMessage
0x100001008 GetTraceLoggerHandle
0x100001010 GetTraceEnableLevel
0x100001018 GetTraceEnableFlags
0x100001020 RegisterTraceGuidsW
0x100001028 UnregisterTraceGuids
0x100001030 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x100001038 RegOpenKeyExW
0x100001040 CloseTrace
0x100001048 InitiateShutdownW
0x100001050 OpenSCManagerW
0x100001058 OpenServiceW
0x100001060 ControlService
0x100001068 OpenProcessToken
0x100001070 RegCloseKey
0x100001078 CloseServiceHandle
0x100001080 CreateWellKnownSid
0x100001088 CheckTokenMembership
0x100001090 LookupPrivilegeValueW
0x100001098 AdjustTokenPrivileges
0x1000010a0 StartTraceW
0x1000010a8 EnableTrace
0x1000010b0 GetTokenInformation
0x1000010b8 RegQueryValueExW
0x1000010c0 RegQueryInfoKeyW
0x1000010c8 InitializeSecurityDescriptor
0x1000010d0 SetEntriesInAclW
0x1000010d8 SetSecurityDescriptorOwner
0x1000010e0 SetSecurityDescriptorGroup
0x1000010e8 SetSecurityDescriptorDacl
0x1000010f0 DuplicateToken
0x1000010f8 DuplicateTokenEx
0x100001100 RegisterEventSourceW
0x100001108 ReportEventW
0x100001110 DeregisterEventSource
0x100001118 ControlTraceW
KERNEL32.dll
0x1000011f0 FileTimeToLocalFileTime
0x1000011f8 GetTimeFormatW
0x100001200 GetDateFormatW
0x100001208 GetUserDefaultLCID
0x100001210 GetLocaleInfoW
0x100001218 FindVolumeClose
0x100001220 FindNextVolumeW
0x100001228 FindFirstVolumeW
0x100001230 GetWindowsDirectoryW
0x100001238 GetVolumeNameForVolumeMountPointW
0x100001240 GetVolumePathNameW
0x100001248 GetVolumePathNamesForVolumeNameW
0x100001250 ExpandEnvironmentStringsW
0x100001258 GetVolumeInformationW
0x100001260 GetDriveTypeW
0x100001268 MoveFileExW
0x100001270 DeviceIoControl
0x100001278 FileTimeToSystemTime
0x100001280 FindNextFileW
0x100001288 FindFirstFileW
0x100001290 FormatMessageW
0x100001298 UnhandledExceptionFilter
0x1000012a0 TerminateProcess
0x1000012a8 GetCurrentProcessId
0x1000012b0 GetCurrentThreadId
0x1000012b8 GetTickCount
0x1000012c0 QueryPerformanceCounter
0x1000012c8 GetModuleHandleW
0x1000012d0 SetUnhandledExceptionFilter
0x1000012d8 GetStartupInfoW
0x1000012e0 Sleep
0x1000012e8 InitializeCriticalSection
0x1000012f0 CreateFileW
0x1000012f8 EncodePointer
0x100001300 DecodePointer
0x100001308 GetProcAddress
0x100001310 DeleteCriticalSection
0x100001318 SetLastError
0x100001320 HeapSetInformation
0x100001328 SetErrorMode
0x100001330 CreateEventW
0x100001338 WaitForSingleObject
0x100001340 SetEvent
0x100001348 RegisterApplicationRestart
0x100001350 GetCurrentProcess
0x100001358 GlobalFree
0x100001360 GetCommandLineW
0x100001368 CreateProcessW
0x100001370 CreateThread
0x100001378 OpenProcess
0x100001380 GetSystemTimeAsFileTime
0x100001388 LoadLibraryW
0x100001390 FreeLibrary
0x100001398 GetFileAttributesW
0x1000013a0 DeleteFileW
0x1000013a8 CreateDirectoryW
0x1000013b0 SetThreadPreferredUILanguages
0x1000013b8 GetTimeZoneInformation
0x1000013c0 LoadLibraryExW
0x1000013c8 InitializeCriticalSectionAndSpinCount
0x1000013d0 EnterCriticalSection
0x1000013d8 LeaveCriticalSection
0x1000013e0 FindClose
0x1000013e8 GetLastError
0x1000013f0 LocalFree
0x1000013f8 CloseHandle
GDI32.dll
0x100001180 SetBkMode
0x100001188 DeleteDC
0x100001190 GdiFlush
0x100001198 SelectObject
0x1000011a0 SetLayout
0x1000011a8 CreateCompatibleDC
0x1000011b0 ExtTextOutW
0x1000011b8 SetBkColor
0x1000011c0 CreateDIBSection
0x1000011c8 GetDeviceCaps
0x1000011d0 CreateFontIndirectW
0x1000011d8 SetTextColor
0x1000011e0 DeleteObject
USER32.dll
0x100001488 GetDesktopWindow
0x100001490 GetWindowThreadProcessId
0x100001498 EnumWindows
0x1000014a0 MessageBoxW
0x1000014a8 SendMessageTimeoutW
0x1000014b0 EndPaint
0x1000014b8 MapWindowPoints
0x1000014c0 CopyRect
0x1000014c8 GetWindowTextW
0x1000014d0 GetWindowRect
0x1000014d8 BeginPaint
0x1000014e0 GetAncestor
0x1000014e8 GetClassNameW
0x1000014f0 GetDlgItemTextW
0x1000014f8 SetDlgItemTextW
0x100001500 MsgWaitForMultipleObjectsEx
0x100001508 DispatchMessageW
0x100001510 PeekMessageW
0x100001518 LoadStringW
0x100001520 SystemParametersInfoW
0x100001528 LoadIconW
0x100001530 SetForegroundWindow
0x100001538 CreateDialogParamW
0x100001540 ShowWindow
0x100001548 DestroyWindow
0x100001550 DialogBoxParamW
0x100001558 RegisterWindowMessageW
0x100001560 GetDC
0x100001568 ReleaseDC
0x100001570 SetWindowLongPtrW
0x100001578 PostMessageW
0x100001580 GetParent
0x100001588 GetDlgItem
0x100001590 GetSystemMetrics
0x100001598 GetSysColor
0x1000015a0 SetWindowPos
0x1000015a8 GetSysColorBrush
0x1000015b0 EndDialog
0x1000015b8 SetFocus
0x1000015c0 GetKeyState
0x1000015c8 SetWindowLongW
0x1000015d0 GetWindowLongW
0x1000015d8 UpdateWindow
0x1000015e0 GetClientRect
0x1000015e8 SetWindowTextW
0x1000015f0 SetClassLongPtrW
0x1000015f8 GetWindowLongPtrW
0x100001600 IsWindow
0x100001608 CallWindowProcW
0x100001610 SendMessageW
0x100001618 EnableWindow
0x100001620 DrawFrameControl
0x100001628 OffsetRect
0x100001630 InflateRect
msvcrt.dll
0x100001640 wcschr
0x100001648 _wcsnicmp
0x100001650 _wcsicmp
0x100001658 ??2@YAPEAX_K@Z
0x100001660 __getmainargs
0x100001668 __C_specific_handler
0x100001670 _XcptFilter
0x100001678 _exit
0x100001680 _ismbblead
0x100001688 _cexit
0x100001690 exit
0x100001698 _acmdln
0x1000016a0 _initterm
0x1000016a8 ??3@YAXPEAX@Z
0x1000016b0 __setusermatherr
0x1000016b8 _commode
0x1000016c0 _fmode
0x1000016c8 __set_app_type
0x1000016d0 _unlock
0x1000016d8 __dllonexit
0x1000016e0 _lock
0x1000016e8 _onexit
0x1000016f0 ?terminate@@YAXXZ
0x1000016f8 memset
0x100001700 memcmp
0x100001708 iswspace
0x100001710 _amsg_exit
0x100001718 _vscwprintf
0x100001720 memcpy
0x100001728 _vsnwprintf
0x100001730 strchr
0x100001738 memmove
SHELL32.dll
0x100001428 ShellExecuteExW
0x100001430 SHGetStockIconInfo
0x100001438 CommandLineToArgvW
ole32.dll
0x1000017c8 CoCreateInstance
0x1000017d0 CoTaskMemAlloc
0x1000017d8 CLSIDFromString
0x1000017e0 CoInitializeSecurity
0x1000017e8 CoTaskMemRealloc
0x1000017f0 CoInitializeEx
0x1000017f8 CoTaskMemFree
0x100001800 CoUninitialize
OLEAUT32.dll
0x100001408 SysFreeString
0x100001410 SysAllocString
0x100001418 SysStringLen
COMCTL32.dll
0x100001128 CreatePropertySheetPageW
0x100001130 PropertySheetW
0x100001138 DestroyPropertySheetPage
0x100001140 None
0x100001148 InitCommonControlsEx
0x100001150 ImageList_Create
0x100001158 ImageList_Add
0x100001160 ImageList_AddMasked
0x100001168 ImageList_Destroy
0x100001170 None
ntdll.dll
0x100001748 RtlCaptureContext
0x100001750 RtlLookupFunctionEntry
0x100001758 RtlLookupElementGenericTableAvl
0x100001760 RtlInsertElementGenericTableAvl
0x100001768 RtlInitializeGenericTableAvl
0x100001770 RtlEnumerateGenericTableAvl
0x100001778 RtlDeleteElementGenericTableAvl
0x100001780 WinSqmAddToStreamEx
0x100001788 WinSqmIncrementDWORD
0x100001790 WinSqmAddToStream
0x100001798 NtShutdownSystem
0x1000017a0 RtlGetLastNtStatus
0x1000017a8 RtlVirtualUnwind
0x1000017b0 EtwTraceMessage
0x1000017b8 RtlNtStatusToDosError
SRCORE.dll
0x100001470 SrFreeRpPropArray
0x100001478 SrFreeRestoreStatus
SPP.dll
0x100001448 SxTracerDebuggerBreak
0x100001450 SxTracerShouldTrackFailure
0x100001458 SxTracerGetThreadContextRetail
0x100001460 SppFreeExternalGroupPropArray
EAT(Export Address Table) is none
ADVAPI32.dll
0x100001000 TraceMessage
0x100001008 GetTraceLoggerHandle
0x100001010 GetTraceEnableLevel
0x100001018 GetTraceEnableFlags
0x100001020 RegisterTraceGuidsW
0x100001028 UnregisterTraceGuids
0x100001030 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x100001038 RegOpenKeyExW
0x100001040 CloseTrace
0x100001048 InitiateShutdownW
0x100001050 OpenSCManagerW
0x100001058 OpenServiceW
0x100001060 ControlService
0x100001068 OpenProcessToken
0x100001070 RegCloseKey
0x100001078 CloseServiceHandle
0x100001080 CreateWellKnownSid
0x100001088 CheckTokenMembership
0x100001090 LookupPrivilegeValueW
0x100001098 AdjustTokenPrivileges
0x1000010a0 StartTraceW
0x1000010a8 EnableTrace
0x1000010b0 GetTokenInformation
0x1000010b8 RegQueryValueExW
0x1000010c0 RegQueryInfoKeyW
0x1000010c8 InitializeSecurityDescriptor
0x1000010d0 SetEntriesInAclW
0x1000010d8 SetSecurityDescriptorOwner
0x1000010e0 SetSecurityDescriptorGroup
0x1000010e8 SetSecurityDescriptorDacl
0x1000010f0 DuplicateToken
0x1000010f8 DuplicateTokenEx
0x100001100 RegisterEventSourceW
0x100001108 ReportEventW
0x100001110 DeregisterEventSource
0x100001118 ControlTraceW
KERNEL32.dll
0x1000011f0 FileTimeToLocalFileTime
0x1000011f8 GetTimeFormatW
0x100001200 GetDateFormatW
0x100001208 GetUserDefaultLCID
0x100001210 GetLocaleInfoW
0x100001218 FindVolumeClose
0x100001220 FindNextVolumeW
0x100001228 FindFirstVolumeW
0x100001230 GetWindowsDirectoryW
0x100001238 GetVolumeNameForVolumeMountPointW
0x100001240 GetVolumePathNameW
0x100001248 GetVolumePathNamesForVolumeNameW
0x100001250 ExpandEnvironmentStringsW
0x100001258 GetVolumeInformationW
0x100001260 GetDriveTypeW
0x100001268 MoveFileExW
0x100001270 DeviceIoControl
0x100001278 FileTimeToSystemTime
0x100001280 FindNextFileW
0x100001288 FindFirstFileW
0x100001290 FormatMessageW
0x100001298 UnhandledExceptionFilter
0x1000012a0 TerminateProcess
0x1000012a8 GetCurrentProcessId
0x1000012b0 GetCurrentThreadId
0x1000012b8 GetTickCount
0x1000012c0 QueryPerformanceCounter
0x1000012c8 GetModuleHandleW
0x1000012d0 SetUnhandledExceptionFilter
0x1000012d8 GetStartupInfoW
0x1000012e0 Sleep
0x1000012e8 InitializeCriticalSection
0x1000012f0 CreateFileW
0x1000012f8 EncodePointer
0x100001300 DecodePointer
0x100001308 GetProcAddress
0x100001310 DeleteCriticalSection
0x100001318 SetLastError
0x100001320 HeapSetInformation
0x100001328 SetErrorMode
0x100001330 CreateEventW
0x100001338 WaitForSingleObject
0x100001340 SetEvent
0x100001348 RegisterApplicationRestart
0x100001350 GetCurrentProcess
0x100001358 GlobalFree
0x100001360 GetCommandLineW
0x100001368 CreateProcessW
0x100001370 CreateThread
0x100001378 OpenProcess
0x100001380 GetSystemTimeAsFileTime
0x100001388 LoadLibraryW
0x100001390 FreeLibrary
0x100001398 GetFileAttributesW
0x1000013a0 DeleteFileW
0x1000013a8 CreateDirectoryW
0x1000013b0 SetThreadPreferredUILanguages
0x1000013b8 GetTimeZoneInformation
0x1000013c0 LoadLibraryExW
0x1000013c8 InitializeCriticalSectionAndSpinCount
0x1000013d0 EnterCriticalSection
0x1000013d8 LeaveCriticalSection
0x1000013e0 FindClose
0x1000013e8 GetLastError
0x1000013f0 LocalFree
0x1000013f8 CloseHandle
GDI32.dll
0x100001180 SetBkMode
0x100001188 DeleteDC
0x100001190 GdiFlush
0x100001198 SelectObject
0x1000011a0 SetLayout
0x1000011a8 CreateCompatibleDC
0x1000011b0 ExtTextOutW
0x1000011b8 SetBkColor
0x1000011c0 CreateDIBSection
0x1000011c8 GetDeviceCaps
0x1000011d0 CreateFontIndirectW
0x1000011d8 SetTextColor
0x1000011e0 DeleteObject
USER32.dll
0x100001488 GetDesktopWindow
0x100001490 GetWindowThreadProcessId
0x100001498 EnumWindows
0x1000014a0 MessageBoxW
0x1000014a8 SendMessageTimeoutW
0x1000014b0 EndPaint
0x1000014b8 MapWindowPoints
0x1000014c0 CopyRect
0x1000014c8 GetWindowTextW
0x1000014d0 GetWindowRect
0x1000014d8 BeginPaint
0x1000014e0 GetAncestor
0x1000014e8 GetClassNameW
0x1000014f0 GetDlgItemTextW
0x1000014f8 SetDlgItemTextW
0x100001500 MsgWaitForMultipleObjectsEx
0x100001508 DispatchMessageW
0x100001510 PeekMessageW
0x100001518 LoadStringW
0x100001520 SystemParametersInfoW
0x100001528 LoadIconW
0x100001530 SetForegroundWindow
0x100001538 CreateDialogParamW
0x100001540 ShowWindow
0x100001548 DestroyWindow
0x100001550 DialogBoxParamW
0x100001558 RegisterWindowMessageW
0x100001560 GetDC
0x100001568 ReleaseDC
0x100001570 SetWindowLongPtrW
0x100001578 PostMessageW
0x100001580 GetParent
0x100001588 GetDlgItem
0x100001590 GetSystemMetrics
0x100001598 GetSysColor
0x1000015a0 SetWindowPos
0x1000015a8 GetSysColorBrush
0x1000015b0 EndDialog
0x1000015b8 SetFocus
0x1000015c0 GetKeyState
0x1000015c8 SetWindowLongW
0x1000015d0 GetWindowLongW
0x1000015d8 UpdateWindow
0x1000015e0 GetClientRect
0x1000015e8 SetWindowTextW
0x1000015f0 SetClassLongPtrW
0x1000015f8 GetWindowLongPtrW
0x100001600 IsWindow
0x100001608 CallWindowProcW
0x100001610 SendMessageW
0x100001618 EnableWindow
0x100001620 DrawFrameControl
0x100001628 OffsetRect
0x100001630 InflateRect
msvcrt.dll
0x100001640 wcschr
0x100001648 _wcsnicmp
0x100001650 _wcsicmp
0x100001658 ??2@YAPEAX_K@Z
0x100001660 __getmainargs
0x100001668 __C_specific_handler
0x100001670 _XcptFilter
0x100001678 _exit
0x100001680 _ismbblead
0x100001688 _cexit
0x100001690 exit
0x100001698 _acmdln
0x1000016a0 _initterm
0x1000016a8 ??3@YAXPEAX@Z
0x1000016b0 __setusermatherr
0x1000016b8 _commode
0x1000016c0 _fmode
0x1000016c8 __set_app_type
0x1000016d0 _unlock
0x1000016d8 __dllonexit
0x1000016e0 _lock
0x1000016e8 _onexit
0x1000016f0 ?terminate@@YAXXZ
0x1000016f8 memset
0x100001700 memcmp
0x100001708 iswspace
0x100001710 _amsg_exit
0x100001718 _vscwprintf
0x100001720 memcpy
0x100001728 _vsnwprintf
0x100001730 strchr
0x100001738 memmove
SHELL32.dll
0x100001428 ShellExecuteExW
0x100001430 SHGetStockIconInfo
0x100001438 CommandLineToArgvW
ole32.dll
0x1000017c8 CoCreateInstance
0x1000017d0 CoTaskMemAlloc
0x1000017d8 CLSIDFromString
0x1000017e0 CoInitializeSecurity
0x1000017e8 CoTaskMemRealloc
0x1000017f0 CoInitializeEx
0x1000017f8 CoTaskMemFree
0x100001800 CoUninitialize
OLEAUT32.dll
0x100001408 SysFreeString
0x100001410 SysAllocString
0x100001418 SysStringLen
COMCTL32.dll
0x100001128 CreatePropertySheetPageW
0x100001130 PropertySheetW
0x100001138 DestroyPropertySheetPage
0x100001140 None
0x100001148 InitCommonControlsEx
0x100001150 ImageList_Create
0x100001158 ImageList_Add
0x100001160 ImageList_AddMasked
0x100001168 ImageList_Destroy
0x100001170 None
ntdll.dll
0x100001748 RtlCaptureContext
0x100001750 RtlLookupFunctionEntry
0x100001758 RtlLookupElementGenericTableAvl
0x100001760 RtlInsertElementGenericTableAvl
0x100001768 RtlInitializeGenericTableAvl
0x100001770 RtlEnumerateGenericTableAvl
0x100001778 RtlDeleteElementGenericTableAvl
0x100001780 WinSqmAddToStreamEx
0x100001788 WinSqmIncrementDWORD
0x100001790 WinSqmAddToStream
0x100001798 NtShutdownSystem
0x1000017a0 RtlGetLastNtStatus
0x1000017a8 RtlVirtualUnwind
0x1000017b0 EtwTraceMessage
0x1000017b8 RtlNtStatusToDosError
SRCORE.dll
0x100001470 SrFreeRpPropArray
0x100001478 SrFreeRestoreStatus
SPP.dll
0x100001448 SxTracerDebuggerBreak
0x100001450 SxTracerShouldTrackFailure
0x100001458 SxTracerGetThreadContextRetail
0x100001460 SppFreeExternalGroupPropArray
EAT(Export Address Table) is none