ScreenShot
| Created | 2024.09.30 11:27 | Machine | s1_win7_x6402 |
| Filename | useraccount.aspx.exe | ||
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (Common, Malicious, score, Artemis, GenericKD, Unsafe, Vxgw, Attribute, HighConfidence, Windows, Matanbuchus, DropperX, wiclm, YXEIDZ, Static AI, Suspicious PE, Detected, Malware@#1ii52gohnvh6q, Wacatac, ABTrojan, GRGG, Chgt, Gencirc, susgen, B9nj) | ||
| md5 | 9b73c82d8f0e6cae3bce7b2fc98b3383 | ||
| sha256 | 795778587d86ee3aa3d2f628e8d3994b8735c5528413b4298afac8b6a683aefb | ||
| ssdeep | 24576:5st4JVMa25rIlp/sMHlzU0+oIkxcwLkwz:5Z7Ma2QZ5HlzU0+o+y | ||
| imphash | ef2ca5265ff67c2cbad59c3dd4c595fe | ||
| impfuzzy | 48:SciN4Kr+rZZ99jXDBWestmWzcLrzS5EByzlh2/nDESeA0SQM6ACRzDzGV+cZALSw:SciN4Kr+rj3XoestmWzcPEXkqvD | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET INFO TLS Handshake Failure
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1009b010 SetEnvironmentVariableW
0x1009b014 CloseHandle
0x1009b018 GetLastError
0x1009b01c SetLastError
0x1009b020 HeapAlloc
0x1009b024 HeapReAlloc
0x1009b028 GetProcessHeap
0x1009b02c GetCurrentProcess
0x1009b030 GetCurrentProcessId
0x1009b034 ExitProcess
0x1009b038 GetCurrentThread
0x1009b03c GetCurrentThreadId
0x1009b040 CreateProcessW
0x1009b044 GetCurrentProcessorNumber
0x1009b048 GetTickCount
0x1009b04c GetWindowsDirectoryW
0x1009b050 GetLargePageMinimum
0x1009b054 GetModuleHandleA
0x1009b058 lstrlenA
0x1009b05c lstrlenW
0x1009b060 IsBadReadPtr
0x1009b064 IsValidCodePage
0x1009b068 GetACP
0x1009b06c GetSystemDefaultUILanguage
0x1009b070 GetUserDefaultLangID
0x1009b074 GetSystemDefaultLangID
0x1009b078 GetSystemDefaultLCID
0x1009b07c GetThreadUILanguage
0x1009b080 GetOEMCP
0x1009b084 WriteConsoleW
0x1009b088 CreateFileW
0x1009b08c SetFilePointerEx
0x1009b090 GetEnvironmentVariableW
0x1009b094 GetConsoleMode
0x1009b098 GetConsoleOutputCP
0x1009b09c WriteFile
0x1009b0a0 FlushFileBuffers
0x1009b0a4 SetStdHandle
0x1009b0a8 HeapSize
0x1009b0ac GetStringTypeW
0x1009b0b0 GetFileType
0x1009b0b4 GetStdHandle
0x1009b0b8 LCMapStringW
0x1009b0bc FreeEnvironmentStringsW
0x1009b0c0 GetEnvironmentStringsW
0x1009b0c4 WideCharToMultiByte
0x1009b0c8 MultiByteToWideChar
0x1009b0cc GetCPInfo
0x1009b0d0 FindNextFileW
0x1009b0d4 FindFirstFileExW
0x1009b0d8 FindClose
0x1009b0dc HeapFree
0x1009b0e0 GetModuleFileNameW
0x1009b0e4 GetModuleHandleExW
0x1009b0e8 RaiseException
0x1009b0ec LoadLibraryExW
0x1009b0f0 GetProcAddress
0x1009b0f4 FreeLibrary
0x1009b0f8 DecodePointer
0x1009b0fc TlsFree
0x1009b100 GetEnvironmentStrings
0x1009b104 GetCommandLineW
0x1009b108 GetCommandLineA
0x1009b10c TlsSetValue
0x1009b110 TlsGetValue
0x1009b114 TlsAlloc
0x1009b118 InitializeCriticalSectionAndSpinCount
0x1009b11c DeleteCriticalSection
0x1009b120 IsProcessorFeaturePresent
0x1009b124 IsDebuggerPresent
0x1009b128 UnhandledExceptionFilter
0x1009b12c SetUnhandledExceptionFilter
0x1009b130 GetStartupInfoW
0x1009b134 GetModuleHandleW
0x1009b138 QueryPerformanceCounter
0x1009b13c GetSystemTimeAsFileTime
0x1009b140 InitializeSListHead
0x1009b144 TerminateProcess
0x1009b148 RtlUnwind
0x1009b14c InterlockedFlushSList
0x1009b150 EncodePointer
0x1009b154 EnterCriticalSection
0x1009b158 LeaveCriticalSection
USER32.dll
0x1009b174 GetDesktopWindow
0x1009b178 EndPaint
0x1009b17c BeginPaint
0x1009b180 ArrangeIconicWindows
0x1009b184 GetTopWindow
0x1009b188 GetShellWindow
0x1009b18c GetParent
0x1009b190 GetCaretPos
0x1009b194 GetCaretBlinkTime
0x1009b198 GetCursor
0x1009b19c GetCursorPos
0x1009b1a0 GetWindowTextLengthA
0x1009b1a4 GetUpdateRect
0x1009b1a8 GetWindowDC
0x1009b1ac GetForegroundWindow
0x1009b1b0 EndMenu
0x1009b1b4 DestroyMenu
0x1009b1b8 GetMenu
0x1009b1bc IsWindowEnabled
0x1009b1c0 IsWindowUnicode
0x1009b1c4 GetCapture
0x1009b1c8 GetFocus
0x1009b1cc GetActiveWindow
0x1009b1d0 GetDialogBaseUnits
0x1009b1d4 GetDlgCtrlID
0x1009b1d8 IsZoomed
0x1009b1dc AnyPopup
0x1009b1e0 IsIconic
0x1009b1e4 IsWindowVisible
0x1009b1e8 EndDeferWindowPos
0x1009b1ec BeginDeferWindowPos
0x1009b1f0 OpenIcon
0x1009b1f4 IsWindow
0x1009b1f8 GetDoubleClickTime
0x1009b1fc IsWow64Message
0x1009b200 GetMessageExtraInfo
0x1009b204 GetMessageTime
0x1009b208 GetMessagePos
0x1009b20c wsprintfW
0x1009b210 GetLastActivePopup
ADVAPI32.dll
0x1009b000 RegCreateKeyExW
0x1009b004 RegCloseKey
0x1009b008 RegSetValueExW
SHELL32.dll
0x1009b160 SHCreateDirectoryExW
SHLWAPI.dll
0x1009b168 StrCmpIW
0x1009b16c PathAppendW
EAT(Export Address Table) Library
0x10053490 DllInstall
0x1008e820 DllUpdate
0x1005bb40 InitDll
0x1005bba0 ThreadFunction
0x10062f20 curl_easy_cleanup
0x10063ce0 curl_easy_init
0x10065a20 curl_easy_perform
0x100669e0 curl_easy_setopt
KERNEL32.dll
0x1009b010 SetEnvironmentVariableW
0x1009b014 CloseHandle
0x1009b018 GetLastError
0x1009b01c SetLastError
0x1009b020 HeapAlloc
0x1009b024 HeapReAlloc
0x1009b028 GetProcessHeap
0x1009b02c GetCurrentProcess
0x1009b030 GetCurrentProcessId
0x1009b034 ExitProcess
0x1009b038 GetCurrentThread
0x1009b03c GetCurrentThreadId
0x1009b040 CreateProcessW
0x1009b044 GetCurrentProcessorNumber
0x1009b048 GetTickCount
0x1009b04c GetWindowsDirectoryW
0x1009b050 GetLargePageMinimum
0x1009b054 GetModuleHandleA
0x1009b058 lstrlenA
0x1009b05c lstrlenW
0x1009b060 IsBadReadPtr
0x1009b064 IsValidCodePage
0x1009b068 GetACP
0x1009b06c GetSystemDefaultUILanguage
0x1009b070 GetUserDefaultLangID
0x1009b074 GetSystemDefaultLangID
0x1009b078 GetSystemDefaultLCID
0x1009b07c GetThreadUILanguage
0x1009b080 GetOEMCP
0x1009b084 WriteConsoleW
0x1009b088 CreateFileW
0x1009b08c SetFilePointerEx
0x1009b090 GetEnvironmentVariableW
0x1009b094 GetConsoleMode
0x1009b098 GetConsoleOutputCP
0x1009b09c WriteFile
0x1009b0a0 FlushFileBuffers
0x1009b0a4 SetStdHandle
0x1009b0a8 HeapSize
0x1009b0ac GetStringTypeW
0x1009b0b0 GetFileType
0x1009b0b4 GetStdHandle
0x1009b0b8 LCMapStringW
0x1009b0bc FreeEnvironmentStringsW
0x1009b0c0 GetEnvironmentStringsW
0x1009b0c4 WideCharToMultiByte
0x1009b0c8 MultiByteToWideChar
0x1009b0cc GetCPInfo
0x1009b0d0 FindNextFileW
0x1009b0d4 FindFirstFileExW
0x1009b0d8 FindClose
0x1009b0dc HeapFree
0x1009b0e0 GetModuleFileNameW
0x1009b0e4 GetModuleHandleExW
0x1009b0e8 RaiseException
0x1009b0ec LoadLibraryExW
0x1009b0f0 GetProcAddress
0x1009b0f4 FreeLibrary
0x1009b0f8 DecodePointer
0x1009b0fc TlsFree
0x1009b100 GetEnvironmentStrings
0x1009b104 GetCommandLineW
0x1009b108 GetCommandLineA
0x1009b10c TlsSetValue
0x1009b110 TlsGetValue
0x1009b114 TlsAlloc
0x1009b118 InitializeCriticalSectionAndSpinCount
0x1009b11c DeleteCriticalSection
0x1009b120 IsProcessorFeaturePresent
0x1009b124 IsDebuggerPresent
0x1009b128 UnhandledExceptionFilter
0x1009b12c SetUnhandledExceptionFilter
0x1009b130 GetStartupInfoW
0x1009b134 GetModuleHandleW
0x1009b138 QueryPerformanceCounter
0x1009b13c GetSystemTimeAsFileTime
0x1009b140 InitializeSListHead
0x1009b144 TerminateProcess
0x1009b148 RtlUnwind
0x1009b14c InterlockedFlushSList
0x1009b150 EncodePointer
0x1009b154 EnterCriticalSection
0x1009b158 LeaveCriticalSection
USER32.dll
0x1009b174 GetDesktopWindow
0x1009b178 EndPaint
0x1009b17c BeginPaint
0x1009b180 ArrangeIconicWindows
0x1009b184 GetTopWindow
0x1009b188 GetShellWindow
0x1009b18c GetParent
0x1009b190 GetCaretPos
0x1009b194 GetCaretBlinkTime
0x1009b198 GetCursor
0x1009b19c GetCursorPos
0x1009b1a0 GetWindowTextLengthA
0x1009b1a4 GetUpdateRect
0x1009b1a8 GetWindowDC
0x1009b1ac GetForegroundWindow
0x1009b1b0 EndMenu
0x1009b1b4 DestroyMenu
0x1009b1b8 GetMenu
0x1009b1bc IsWindowEnabled
0x1009b1c0 IsWindowUnicode
0x1009b1c4 GetCapture
0x1009b1c8 GetFocus
0x1009b1cc GetActiveWindow
0x1009b1d0 GetDialogBaseUnits
0x1009b1d4 GetDlgCtrlID
0x1009b1d8 IsZoomed
0x1009b1dc AnyPopup
0x1009b1e0 IsIconic
0x1009b1e4 IsWindowVisible
0x1009b1e8 EndDeferWindowPos
0x1009b1ec BeginDeferWindowPos
0x1009b1f0 OpenIcon
0x1009b1f4 IsWindow
0x1009b1f8 GetDoubleClickTime
0x1009b1fc IsWow64Message
0x1009b200 GetMessageExtraInfo
0x1009b204 GetMessageTime
0x1009b208 GetMessagePos
0x1009b20c wsprintfW
0x1009b210 GetLastActivePopup
ADVAPI32.dll
0x1009b000 RegCreateKeyExW
0x1009b004 RegCloseKey
0x1009b008 RegSetValueExW
SHELL32.dll
0x1009b160 SHCreateDirectoryExW
SHLWAPI.dll
0x1009b168 StrCmpIW
0x1009b16c PathAppendW
EAT(Export Address Table) Library
0x10053490 DllInstall
0x1008e820 DllUpdate
0x1005bb40 InitDll
0x1005bba0 ThreadFunction
0x10062f20 curl_easy_cleanup
0x10063ce0 curl_easy_init
0x10065a20 curl_easy_perform
0x100669e0 curl_easy_setopt