ScreenShot
| Created | 2025.02.05 11:22 | Machine | s1_win7_x6403 |
| Filename | cjrimgid.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (AIDetectMalware, Vidar, Malicious, score, Doina, Unsafe, confidence, 100%, high confidence, Mikey, Stealerc, CLASSIC, Redcap, wfunp, Real Protect, Static AI, Suspicious PE, Detected, Sabsik, Artemis, BScope, TrojanPSW, Bandra, Behavior) | ||
| md5 | 807dadd8710a7b570ed237fd7cd1aa4b | ||
| sha256 | 7e18ae103ce6fd596459cf0d5fc49832cdbd19a5780b0f2db934c2b649bc2080 | ||
| ssdeep | 3072:FEFRh0auCcJVwDjwzTC2SCn/FtVQenIuxIGWsnRR9pLTfKvXFD:W3h0aMJ+Hw3Pgen79/CvV | ||
| imphash | 88967e8dc94c2149dd89b55f39e46fa6 | ||
| impfuzzy | 48:pCJ+8JliQqgy4/OTtoLf+6y0WhdbPa4jt4y4rzCLus5KQDw6/lQ5z9loehrw3R7/:pq+IlRqgB/etoLS0W/GnMYlncaC9 | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| watch | Communicates with host for which no DNS query was performed |
| watch | Network activity contains more than one unique useragent |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Telegram Domain (t .me in TLS SNI)
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x41b4a0 ??2@YAPAXI@Z
0x41b4a4 ??3@YAXPAX@Z
0x41b4a8 ??_U@YAPAXI@Z
0x41b4ac ??_V@YAXPAX@Z
0x41b4b0 _itoa_s
0x41b4b4 _splitpath
0x41b4b8 atexit
0x41b4bc free
0x41b4c0 isupper
0x41b4c4 malloc
0x41b4c8 memchr
0x41b4cc memcmp
0x41b4d0 memcpy
0x41b4d4 memmove
0x41b4d8 memset
0x41b4dc rand
0x41b4e0 srand
0x41b4e4 strchr
0x41b4e8 strcpy
0x41b4ec strcpy_s
0x41b4f0 strlen
0x41b4f4 strncpy
0x41b4f8 strstr
0x41b4fc strtok_s
KERNEL32.dll
0x41b504 CloseHandle
0x41b508 CopyFileA
0x41b50c CreateDirectoryA
0x41b510 CreateEventA
0x41b514 CreateFileA
0x41b518 CreateProcessA
0x41b51c CreateThread
0x41b520 CreateToolhelp32Snapshot
0x41b524 DeleteFileA
0x41b528 ExitProcess
0x41b52c ExpandEnvironmentStringsA
0x41b530 FileTimeToSystemTime
0x41b534 FindClose
0x41b538 FindFirstFileA
0x41b53c FindNextFileA
0x41b540 GetComputerNameA
0x41b544 GetComputerNameW
0x41b548 GetCurrentProcess
0x41b54c GetCurrentProcessId
0x41b550 GetDriveTypeA
0x41b554 GetEnvironmentVariableA
0x41b558 GetFileAttributesA
0x41b55c GetFileInformationByHandle
0x41b560 GetFileSize
0x41b564 GetFileSizeEx
0x41b568 GetFileType
0x41b56c GetFullPathNameA
0x41b570 GetLastError
0x41b574 GetLocalTime
0x41b578 GetLocaleInfoA
0x41b57c GetLogicalDriveStringsA
0x41b580 GetLogicalProcessorInformationEx
0x41b584 GetModuleFileNameA
0x41b588 GetProcAddress
0x41b58c GetProcessHeap
0x41b590 GetSystemInfo
0x41b594 GetSystemTime
0x41b598 GetTempPathW
0x41b59c GetTickCount
0x41b5a0 GetTimeZoneInformation
0x41b5a4 GetVolumeInformationA
0x41b5a8 GetWindowsDirectoryA
0x41b5ac GetWindowsDirectoryW
0x41b5b0 GlobalAlloc
0x41b5b4 GlobalFree
0x41b5b8 GlobalLock
0x41b5bc GlobalMemoryStatusEx
0x41b5c0 GlobalSize
0x41b5c4 HeapAlloc
0x41b5c8 HeapFree
0x41b5cc K32GetModuleFileNameExA
0x41b5d0 LoadLibraryW
0x41b5d4 LocalAlloc
0x41b5d8 LocalFree
0x41b5dc OpenEventA
0x41b5e0 OpenProcess
0x41b5e4 Process32First
0x41b5e8 Process32Next
0x41b5ec RaiseException
0x41b5f0 ReadFile
0x41b5f4 ReadProcessMemory
0x41b5f8 SetFilePointer
0x41b5fc Sleep
0x41b600 SystemTimeToFileTime
0x41b604 TerminateProcess
0x41b608 VirtualQueryEx
0x41b60c WaitForSingleObject
0x41b610 WriteFile
0x41b614 lstrcatA
0x41b618 lstrcpyA
0x41b61c lstrlenA
0x41b620 lstrlenW
ADVAPI32.dll
0x41b628 GetCurrentHwProfileA
0x41b62c GetUserNameA
0x41b630 GetUserNameW
0x41b634 RegCloseKey
0x41b638 RegEnumKeyExA
0x41b63c RegGetValueA
0x41b640 RegOpenKeyExA
0x41b644 RegQueryValueExA
api-ms-win-crt-runtime-l1-1-0.dll
0x41b64c _invalid_parameter_noinfo_noreturn
USER32.dll
0x41b654 CharToOemA
0x41b658 CloseDesktop
0x41b65c CloseWindow
0x41b660 CreateDesktopA
0x41b664 EnumDisplayDevicesA
0x41b668 GetDC
0x41b66c GetDesktopWindow
0x41b670 GetKeyboardLayoutList
0x41b674 GetWindowRect
0x41b678 MessageBoxA
0x41b67c OpenDesktopA
0x41b680 ReleaseDC
0x41b684 wsprintfA
0x41b688 wsprintfW
api-ms-win-crt-stdio-l1-1-0.dll
0x41b690 __stdio_common_vsnprintf_s
0x41b694 __stdio_common_vsprintf
GDI32.dll
0x41b69c BitBlt
0x41b6a0 CreateCompatibleBitmap
0x41b6a4 CreateCompatibleDC
0x41b6a8 CreateDCA
0x41b6ac DeleteObject
0x41b6b0 GetDeviceCaps
0x41b6b4 SelectObject
SHELL32.dll
0x41b6bc SHFileOperationA
0x41b6c0 SHGetFolderPathA
0x41b6c4 ShellExecuteExA
0x41b6c8 ShellExecuteExW
ole32.dll
0x41b6d0 CreateStreamOnHGlobal
0x41b6d4 GetHGlobalFromStream
WS2_32.dll
0x41b6dc WSACleanup
0x41b6e0 WSAStartup
0x41b6e4 closesocket
0x41b6e8 connect
0x41b6ec freeaddrinfo
0x41b6f0 getaddrinfo
0x41b6f4 htons
0x41b6f8 recv
0x41b6fc send
0x41b700 socket
SHLWAPI.dll
0x41b708 PathFileExistsA
0x41b70c PathMatchSpecA
0x41b710 None
0x41b714 None
0x41b718 StrStrA
CRYPT32.dll
0x41b720 CryptBinaryToStringA
0x41b724 CryptUnprotectData
WININET.dll
0x41b72c HttpOpenRequestA
0x41b730 HttpQueryInfoA
0x41b734 HttpSendRequestA
0x41b738 InternetCloseHandle
0x41b73c InternetConnectA
0x41b740 InternetCrackUrlA
0x41b744 InternetOpenA
0x41b748 InternetOpenUrlA
0x41b74c InternetReadFile
0x41b750 InternetSetOptionA
crypt.dll
0x41b758 BCryptCloseAlgorithmProvider
0x41b75c BCryptDecrypt
0x41b760 BCryptDestroyKey
0x41b764 BCryptGenerateSymmetricKey
0x41b768 BCryptOpenAlgorithmProvider
0x41b76c BCryptSetProperty
dbghelp.dll
0x41b774 SymCleanup
0x41b778 SymFromAddr
0x41b77c SymGetLineFromAddr64
0x41b780 SymInitialize
0x41b784 SymMatchString
0x41b788 SymSetOptions
EAT(Export Address Table) Library
0x40f48a _UnhandledExceptionFilter@4
msvcrt.dll
0x41b4a0 ??2@YAPAXI@Z
0x41b4a4 ??3@YAXPAX@Z
0x41b4a8 ??_U@YAPAXI@Z
0x41b4ac ??_V@YAXPAX@Z
0x41b4b0 _itoa_s
0x41b4b4 _splitpath
0x41b4b8 atexit
0x41b4bc free
0x41b4c0 isupper
0x41b4c4 malloc
0x41b4c8 memchr
0x41b4cc memcmp
0x41b4d0 memcpy
0x41b4d4 memmove
0x41b4d8 memset
0x41b4dc rand
0x41b4e0 srand
0x41b4e4 strchr
0x41b4e8 strcpy
0x41b4ec strcpy_s
0x41b4f0 strlen
0x41b4f4 strncpy
0x41b4f8 strstr
0x41b4fc strtok_s
KERNEL32.dll
0x41b504 CloseHandle
0x41b508 CopyFileA
0x41b50c CreateDirectoryA
0x41b510 CreateEventA
0x41b514 CreateFileA
0x41b518 CreateProcessA
0x41b51c CreateThread
0x41b520 CreateToolhelp32Snapshot
0x41b524 DeleteFileA
0x41b528 ExitProcess
0x41b52c ExpandEnvironmentStringsA
0x41b530 FileTimeToSystemTime
0x41b534 FindClose
0x41b538 FindFirstFileA
0x41b53c FindNextFileA
0x41b540 GetComputerNameA
0x41b544 GetComputerNameW
0x41b548 GetCurrentProcess
0x41b54c GetCurrentProcessId
0x41b550 GetDriveTypeA
0x41b554 GetEnvironmentVariableA
0x41b558 GetFileAttributesA
0x41b55c GetFileInformationByHandle
0x41b560 GetFileSize
0x41b564 GetFileSizeEx
0x41b568 GetFileType
0x41b56c GetFullPathNameA
0x41b570 GetLastError
0x41b574 GetLocalTime
0x41b578 GetLocaleInfoA
0x41b57c GetLogicalDriveStringsA
0x41b580 GetLogicalProcessorInformationEx
0x41b584 GetModuleFileNameA
0x41b588 GetProcAddress
0x41b58c GetProcessHeap
0x41b590 GetSystemInfo
0x41b594 GetSystemTime
0x41b598 GetTempPathW
0x41b59c GetTickCount
0x41b5a0 GetTimeZoneInformation
0x41b5a4 GetVolumeInformationA
0x41b5a8 GetWindowsDirectoryA
0x41b5ac GetWindowsDirectoryW
0x41b5b0 GlobalAlloc
0x41b5b4 GlobalFree
0x41b5b8 GlobalLock
0x41b5bc GlobalMemoryStatusEx
0x41b5c0 GlobalSize
0x41b5c4 HeapAlloc
0x41b5c8 HeapFree
0x41b5cc K32GetModuleFileNameExA
0x41b5d0 LoadLibraryW
0x41b5d4 LocalAlloc
0x41b5d8 LocalFree
0x41b5dc OpenEventA
0x41b5e0 OpenProcess
0x41b5e4 Process32First
0x41b5e8 Process32Next
0x41b5ec RaiseException
0x41b5f0 ReadFile
0x41b5f4 ReadProcessMemory
0x41b5f8 SetFilePointer
0x41b5fc Sleep
0x41b600 SystemTimeToFileTime
0x41b604 TerminateProcess
0x41b608 VirtualQueryEx
0x41b60c WaitForSingleObject
0x41b610 WriteFile
0x41b614 lstrcatA
0x41b618 lstrcpyA
0x41b61c lstrlenA
0x41b620 lstrlenW
ADVAPI32.dll
0x41b628 GetCurrentHwProfileA
0x41b62c GetUserNameA
0x41b630 GetUserNameW
0x41b634 RegCloseKey
0x41b638 RegEnumKeyExA
0x41b63c RegGetValueA
0x41b640 RegOpenKeyExA
0x41b644 RegQueryValueExA
api-ms-win-crt-runtime-l1-1-0.dll
0x41b64c _invalid_parameter_noinfo_noreturn
USER32.dll
0x41b654 CharToOemA
0x41b658 CloseDesktop
0x41b65c CloseWindow
0x41b660 CreateDesktopA
0x41b664 EnumDisplayDevicesA
0x41b668 GetDC
0x41b66c GetDesktopWindow
0x41b670 GetKeyboardLayoutList
0x41b674 GetWindowRect
0x41b678 MessageBoxA
0x41b67c OpenDesktopA
0x41b680 ReleaseDC
0x41b684 wsprintfA
0x41b688 wsprintfW
api-ms-win-crt-stdio-l1-1-0.dll
0x41b690 __stdio_common_vsnprintf_s
0x41b694 __stdio_common_vsprintf
GDI32.dll
0x41b69c BitBlt
0x41b6a0 CreateCompatibleBitmap
0x41b6a4 CreateCompatibleDC
0x41b6a8 CreateDCA
0x41b6ac DeleteObject
0x41b6b0 GetDeviceCaps
0x41b6b4 SelectObject
SHELL32.dll
0x41b6bc SHFileOperationA
0x41b6c0 SHGetFolderPathA
0x41b6c4 ShellExecuteExA
0x41b6c8 ShellExecuteExW
ole32.dll
0x41b6d0 CreateStreamOnHGlobal
0x41b6d4 GetHGlobalFromStream
WS2_32.dll
0x41b6dc WSACleanup
0x41b6e0 WSAStartup
0x41b6e4 closesocket
0x41b6e8 connect
0x41b6ec freeaddrinfo
0x41b6f0 getaddrinfo
0x41b6f4 htons
0x41b6f8 recv
0x41b6fc send
0x41b700 socket
SHLWAPI.dll
0x41b708 PathFileExistsA
0x41b70c PathMatchSpecA
0x41b710 None
0x41b714 None
0x41b718 StrStrA
CRYPT32.dll
0x41b720 CryptBinaryToStringA
0x41b724 CryptUnprotectData
WININET.dll
0x41b72c HttpOpenRequestA
0x41b730 HttpQueryInfoA
0x41b734 HttpSendRequestA
0x41b738 InternetCloseHandle
0x41b73c InternetConnectA
0x41b740 InternetCrackUrlA
0x41b744 InternetOpenA
0x41b748 InternetOpenUrlA
0x41b74c InternetReadFile
0x41b750 InternetSetOptionA
crypt.dll
0x41b758 BCryptCloseAlgorithmProvider
0x41b75c BCryptDecrypt
0x41b760 BCryptDestroyKey
0x41b764 BCryptGenerateSymmetricKey
0x41b768 BCryptOpenAlgorithmProvider
0x41b76c BCryptSetProperty
dbghelp.dll
0x41b774 SymCleanup
0x41b778 SymFromAddr
0x41b77c SymGetLineFromAddr64
0x41b780 SymInitialize
0x41b784 SymMatchString
0x41b788 SymSetOptions
EAT(Export Address Table) Library
0x40f48a _UnhandledExceptionFilter@4