ScreenShot
| Created | 2024.06.17 13:29 | Machine | s1_win7_x6403 |
| Filename | setup222.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 32 detected (Casdet, malicious, high confidence, Vzf2, Attribute, HighConfidence, MalwareX, zzkxf, Detected, ai score=80, R002H01FD24, PossibleThreat, confidence) | ||
| md5 | 8677376c509f0c66d1f02c6b66d7ef90 | ||
| sha256 | f7afac39d2754ac953bf129ee094c8b092e349cdf35f1ba23c2c76a0229f9e96 | ||
| ssdeep | 1536:xcUkaFWP1/og2gnKHNk9DsMvWhuZMTz2PdA24LhtpgcIPfuaNZ:xchd1/NKU1u+A0fuQ | ||
| imphash | f56402b453896e6c8e5cdd3b6ac705fa | ||
| impfuzzy | 24:qfjBcVpb9L0uBbS6bi690h29HD4Tg94upAbzAKaihfHRtBy7JYDMLSYSySPyjwWp:qfNcVrL5B5rkdk1YwLSYSV0RCS9 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Creates executable files on the filesystem |
| notice | Performs some HTTP requests |
| info | Collects information to fingerprint the system (MachineGuid |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Network_Downloader | File Downloader | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (4cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400082c8 CloseHandle
0x1400082d0 CreateProcessW
0x1400082d8 DeleteCriticalSection
0x1400082e0 EnterCriticalSection
0x1400082e8 GetLastError
0x1400082f0 InitializeCriticalSection
0x1400082f8 LeaveCriticalSection
0x140008300 SetUnhandledExceptionFilter
0x140008308 Sleep
0x140008310 TlsGetValue
0x140008318 VirtualProtect
0x140008320 VirtualQuery
api-ms-win-crt-environment-l1-1-0.dll
0x140008330 __p__environ
0x140008338 __p__wenviron
api-ms-win-crt-heap-l1-1-0.dll
0x140008348 _set_new_mode
0x140008350 calloc
0x140008358 free
0x140008360 malloc
api-ms-win-crt-math-l1-1-0.dll
0x140008370 __setusermatherr
api-ms-win-crt-private-l1-1-0.dll
0x140008380 __C_specific_handler
0x140008388 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x140008398 __p___argc
0x1400083a0 __p___argv
0x1400083a8 __p___wargv
0x1400083b0 _cexit
0x1400083b8 _configure_narrow_argv
0x1400083c0 _configure_wide_argv
0x1400083c8 _crt_at_quick_exit
0x1400083d0 _crt_atexit
0x1400083d8 _exit
0x1400083e0 _initialize_narrow_environment
0x1400083e8 _initialize_wide_environment
0x1400083f0 _initterm
0x1400083f8 _set_app_type
0x140008400 _set_invalid_parameter_handler
0x140008408 abort
0x140008410 exit
0x140008418 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x140008428 __acrt_iob_func
0x140008430 __p__commode
0x140008438 __p__fmode
0x140008440 __stdio_common_vfprintf
0x140008448 __stdio_common_vfwprintf
0x140008450 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x140008460 strlen
0x140008468 strncmp
api-ms-win-crt-time-l1-1-0.dll
0x140008478 __daylight
0x140008480 __timezone
0x140008488 __tzname
0x140008490 _tzset
urlmon.dll
0x1400084a0 URLDownloadToFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x1400082c8 CloseHandle
0x1400082d0 CreateProcessW
0x1400082d8 DeleteCriticalSection
0x1400082e0 EnterCriticalSection
0x1400082e8 GetLastError
0x1400082f0 InitializeCriticalSection
0x1400082f8 LeaveCriticalSection
0x140008300 SetUnhandledExceptionFilter
0x140008308 Sleep
0x140008310 TlsGetValue
0x140008318 VirtualProtect
0x140008320 VirtualQuery
api-ms-win-crt-environment-l1-1-0.dll
0x140008330 __p__environ
0x140008338 __p__wenviron
api-ms-win-crt-heap-l1-1-0.dll
0x140008348 _set_new_mode
0x140008350 calloc
0x140008358 free
0x140008360 malloc
api-ms-win-crt-math-l1-1-0.dll
0x140008370 __setusermatherr
api-ms-win-crt-private-l1-1-0.dll
0x140008380 __C_specific_handler
0x140008388 memcpy
api-ms-win-crt-runtime-l1-1-0.dll
0x140008398 __p___argc
0x1400083a0 __p___argv
0x1400083a8 __p___wargv
0x1400083b0 _cexit
0x1400083b8 _configure_narrow_argv
0x1400083c0 _configure_wide_argv
0x1400083c8 _crt_at_quick_exit
0x1400083d0 _crt_atexit
0x1400083d8 _exit
0x1400083e0 _initialize_narrow_environment
0x1400083e8 _initialize_wide_environment
0x1400083f0 _initterm
0x1400083f8 _set_app_type
0x140008400 _set_invalid_parameter_handler
0x140008408 abort
0x140008410 exit
0x140008418 signal
api-ms-win-crt-stdio-l1-1-0.dll
0x140008428 __acrt_iob_func
0x140008430 __p__commode
0x140008438 __p__fmode
0x140008440 __stdio_common_vfprintf
0x140008448 __stdio_common_vfwprintf
0x140008450 fwrite
api-ms-win-crt-string-l1-1-0.dll
0x140008460 strlen
0x140008468 strncmp
api-ms-win-crt-time-l1-1-0.dll
0x140008478 __daylight
0x140008480 __timezone
0x140008488 __tzname
0x140008490 _tzset
urlmon.dll
0x1400084a0 URLDownloadToFileW
EAT(Export Address Table) is none