ScreenShot
| Created | 2025.03.06 11:20 | Machine | s1_win7_x6401 |
| Filename | VERSION_2.DLL | ||
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (Malicious, score, Unsafe, V4em, confidence, high confidence, MalwareX, DllHijack, PredThief, xurmv, Siggen30, Detected, XEGT42, R684503, Artemis, Behavior) | ||
| md5 | 66e8096b9b061550314a82654ce0fabd | ||
| sha256 | c43507b6f2c2cb033d3f55229b20adfde9cda4dfb93dc3db45556847638ec7f8 | ||
| ssdeep | 6144:3FfBi5Kr4x+r+XvG2EsNXgLMBVyynN+XxE0uYeEfdAOIHpTIy:xI5Kr4x+r4vGDstgL0VFNj0uYe24/ | ||
| imphash | ef010df142cc83b7965c91c2e1814b80 | ||
| impfuzzy | 48:JM/pEZOg6KfrBO9rZStjcpKtSSQzlQxCrzMIKjm/mSh6Ljusq:JM/pEZR/fwdOcpKtSSulZAm/BYL6sq | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to identify installed AV products by installation directory |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | One or more potentially interesting buffers were extracted |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Tries to locate where the browsers are installed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1003e048 GetProcessHeap
0x1003e04c FreeLibrary
0x1003e050 CreateProcessA
0x1003e054 MultiByteToWideChar
0x1003e058 GetModuleHandleA
0x1003e05c WideCharToMultiByte
0x1003e060 InitializeCriticalSectionEx
0x1003e064 GetLastError
0x1003e068 RaiseException
0x1003e06c DecodePointer
0x1003e070 DeleteCriticalSection
0x1003e074 ReadFile
0x1003e078 WriteFile
0x1003e07c SetFilePointer
0x1003e080 UnmapViewOfFile
0x1003e084 CreateFileA
0x1003e088 FileTimeToSystemTime
0x1003e08c CloseHandle
0x1003e090 GetLocalTime
0x1003e094 CreateFileMappingA
0x1003e098 SystemTimeToFileTime
0x1003e09c MapViewOfFile
0x1003e0a0 FindNextFileA
0x1003e0a4 FindClose
0x1003e0a8 DeleteFileA
0x1003e0ac FindFirstFileW
0x1003e0b0 FindNextFileW
0x1003e0b4 CreateMutexA
0x1003e0b8 WaitForSingleObject
0x1003e0bc GetFileAttributesW
0x1003e0c0 GetCurrentThreadId
0x1003e0c4 SuspendThread
0x1003e0c8 Sleep
0x1003e0cc GetTempPathA
0x1003e0d0 GetFileAttributesA
0x1003e0d4 CreateThread
0x1003e0d8 SetFileAttributesA
0x1003e0dc ExitProcess
0x1003e0e0 IsWow64Process
0x1003e0e4 GetDriveTypeW
0x1003e0e8 OpenThread
0x1003e0ec SetEnvironmentVariableA
0x1003e0f0 FreeEnvironmentStringsW
0x1003e0f4 GetEnvironmentStringsW
0x1003e0f8 GetCommandLineW
0x1003e0fc GetCommandLineA
0x1003e100 GetProcAddress
0x1003e104 HeapAlloc
0x1003e108 LoadLibraryA
0x1003e10c SetLastError
0x1003e110 HeapFree
0x1003e114 GetModuleFileNameA
0x1003e118 GetVolumeInformationA
0x1003e11c GetTickCount
0x1003e120 GetLogicalDrives
0x1003e124 GetOEMCP
0x1003e128 IsValidCodePage
0x1003e12c FindFirstFileExA
0x1003e130 HeapSize
0x1003e134 EnumSystemLocalesW
0x1003e138 GetUserDefaultLCID
0x1003e13c IsValidLocale
0x1003e140 WriteConsoleW
0x1003e144 FlushFileBuffers
0x1003e148 GetTimeZoneInformation
0x1003e14c GetConsoleCP
0x1003e150 SetStdHandle
0x1003e154 ReadConsoleW
0x1003e158 GetConsoleMode
0x1003e15c SetFilePointerEx
0x1003e160 GetStdHandle
0x1003e164 HeapReAlloc
0x1003e168 GetACP
0x1003e16c GetModuleHandleExW
0x1003e170 TzSpecificLocalTimeToSystemTime
0x1003e174 SetFileTime
0x1003e178 EnterCriticalSection
0x1003e17c LeaveCriticalSection
0x1003e180 InitializeCriticalSectionAndSpinCount
0x1003e184 SetEvent
0x1003e188 ResetEvent
0x1003e18c WaitForSingleObjectEx
0x1003e190 CreateEventW
0x1003e194 GetModuleHandleW
0x1003e198 IsDebuggerPresent
0x1003e19c UnhandledExceptionFilter
0x1003e1a0 SetUnhandledExceptionFilter
0x1003e1a4 GetStartupInfoW
0x1003e1a8 IsProcessorFeaturePresent
0x1003e1ac QueryPerformanceCounter
0x1003e1b0 GetCurrentProcessId
0x1003e1b4 GetSystemTimeAsFileTime
0x1003e1b8 InitializeSListHead
0x1003e1bc GetCurrentProcess
0x1003e1c0 TerminateProcess
0x1003e1c4 GetStringTypeW
0x1003e1c8 EncodePointer
0x1003e1cc TlsAlloc
0x1003e1d0 TlsGetValue
0x1003e1d4 TlsSetValue
0x1003e1d8 TlsFree
0x1003e1dc CompareStringW
0x1003e1e0 LCMapStringW
0x1003e1e4 GetLocaleInfoW
0x1003e1e8 GetCPInfo
0x1003e1ec OutputDebugStringW
0x1003e1f0 RtlUnwind
0x1003e1f4 InterlockedFlushSList
0x1003e1f8 LoadLibraryExW
0x1003e1fc SetEndOfFile
0x1003e200 CreateDirectoryW
0x1003e204 CreateFileW
0x1003e208 GetFileType
USER32.dll
0x1003e21c GetMonitorInfoA
0x1003e220 GetDesktopWindow
0x1003e224 EnumDisplayMonitors
0x1003e228 GetDC
GDI32.dll
0x1003e01c BitBlt
0x1003e020 SaveDC
0x1003e024 SelectObject
0x1003e028 CreateDIBSection
0x1003e02c CreateCompatibleDC
0x1003e030 GetDeviceCaps
0x1003e034 DeleteDC
0x1003e038 RestoreDC
0x1003e03c DeleteObject
0x1003e040 CreateDCA
ADVAPI32.dll
0x1003e000 RegCloseKey
0x1003e004 RegOpenKeyA
0x1003e008 RegQueryValueExA
0x1003e00c RegSetValueExA
0x1003e010 RegOpenKeyExA
0x1003e014 RegCreateKeyA
SHELL32.dll
0x1003e210 SHCreateDirectoryExA
0x1003e214 SHGetFolderPathA
ole32.dll
0x1003e298 CreateStreamOnHGlobal
WINHTTP.dll
0x1003e230 WinHttpQueryAuthSchemes
0x1003e234 WinHttpQueryDataAvailable
0x1003e238 WinHttpReceiveResponse
0x1003e23c WinHttpOpen
0x1003e240 WinHttpQueryHeaders
0x1003e244 WinHttpReadData
0x1003e248 WinHttpOpenRequest
0x1003e24c WinHttpSetOption
0x1003e250 WinHttpCloseHandle
0x1003e254 WinHttpSendRequest
0x1003e258 WinHttpSetCredentials
0x1003e25c WinHttpConnect
ntdll.dll
0x1003e290 RtlGetVersion
gdiplus.dll
0x1003e264 GdiplusStartup
0x1003e268 GdiplusShutdown
0x1003e26c GdipGetImageEncoders
0x1003e270 GdipCloneImage
0x1003e274 GdipSaveImageToStream
0x1003e278 GdipGetImageEncodersSize
0x1003e27c GdipFree
0x1003e280 GdipDisposeImage
0x1003e284 GdipCreateBitmapFromHBITMAP
0x1003e288 GdipAlloc
EAT(Export Address Table) Library
0x100133e0 GetFileVersionInfoA
0x100133f0 GetFileVersionInfoByHandle
0x10013400 GetFileVersionInfoExA
0x10013410 GetFileVersionInfoExW
0x10013420 GetFileVersionInfoSizeA
0x10013430 GetFileVersionInfoSizeExA
0x10013440 GetFileVersionInfoSizeExW
0x10013450 GetFileVersionInfoSizeW
0x10013460 GetFileVersionInfoW
0x10013470 VerFindFileA
0x10013480 VerFindFileW
0x10013490 VerInstallFileA
0x100134a0 VerInstallFileW
0x100134b0 VerLanguageNameA
0x100134c0 VerLanguageNameW
0x100134d0 VerQueryValueA
0x100134e0 VerQueryValueW
KERNEL32.dll
0x1003e048 GetProcessHeap
0x1003e04c FreeLibrary
0x1003e050 CreateProcessA
0x1003e054 MultiByteToWideChar
0x1003e058 GetModuleHandleA
0x1003e05c WideCharToMultiByte
0x1003e060 InitializeCriticalSectionEx
0x1003e064 GetLastError
0x1003e068 RaiseException
0x1003e06c DecodePointer
0x1003e070 DeleteCriticalSection
0x1003e074 ReadFile
0x1003e078 WriteFile
0x1003e07c SetFilePointer
0x1003e080 UnmapViewOfFile
0x1003e084 CreateFileA
0x1003e088 FileTimeToSystemTime
0x1003e08c CloseHandle
0x1003e090 GetLocalTime
0x1003e094 CreateFileMappingA
0x1003e098 SystemTimeToFileTime
0x1003e09c MapViewOfFile
0x1003e0a0 FindNextFileA
0x1003e0a4 FindClose
0x1003e0a8 DeleteFileA
0x1003e0ac FindFirstFileW
0x1003e0b0 FindNextFileW
0x1003e0b4 CreateMutexA
0x1003e0b8 WaitForSingleObject
0x1003e0bc GetFileAttributesW
0x1003e0c0 GetCurrentThreadId
0x1003e0c4 SuspendThread
0x1003e0c8 Sleep
0x1003e0cc GetTempPathA
0x1003e0d0 GetFileAttributesA
0x1003e0d4 CreateThread
0x1003e0d8 SetFileAttributesA
0x1003e0dc ExitProcess
0x1003e0e0 IsWow64Process
0x1003e0e4 GetDriveTypeW
0x1003e0e8 OpenThread
0x1003e0ec SetEnvironmentVariableA
0x1003e0f0 FreeEnvironmentStringsW
0x1003e0f4 GetEnvironmentStringsW
0x1003e0f8 GetCommandLineW
0x1003e0fc GetCommandLineA
0x1003e100 GetProcAddress
0x1003e104 HeapAlloc
0x1003e108 LoadLibraryA
0x1003e10c SetLastError
0x1003e110 HeapFree
0x1003e114 GetModuleFileNameA
0x1003e118 GetVolumeInformationA
0x1003e11c GetTickCount
0x1003e120 GetLogicalDrives
0x1003e124 GetOEMCP
0x1003e128 IsValidCodePage
0x1003e12c FindFirstFileExA
0x1003e130 HeapSize
0x1003e134 EnumSystemLocalesW
0x1003e138 GetUserDefaultLCID
0x1003e13c IsValidLocale
0x1003e140 WriteConsoleW
0x1003e144 FlushFileBuffers
0x1003e148 GetTimeZoneInformation
0x1003e14c GetConsoleCP
0x1003e150 SetStdHandle
0x1003e154 ReadConsoleW
0x1003e158 GetConsoleMode
0x1003e15c SetFilePointerEx
0x1003e160 GetStdHandle
0x1003e164 HeapReAlloc
0x1003e168 GetACP
0x1003e16c GetModuleHandleExW
0x1003e170 TzSpecificLocalTimeToSystemTime
0x1003e174 SetFileTime
0x1003e178 EnterCriticalSection
0x1003e17c LeaveCriticalSection
0x1003e180 InitializeCriticalSectionAndSpinCount
0x1003e184 SetEvent
0x1003e188 ResetEvent
0x1003e18c WaitForSingleObjectEx
0x1003e190 CreateEventW
0x1003e194 GetModuleHandleW
0x1003e198 IsDebuggerPresent
0x1003e19c UnhandledExceptionFilter
0x1003e1a0 SetUnhandledExceptionFilter
0x1003e1a4 GetStartupInfoW
0x1003e1a8 IsProcessorFeaturePresent
0x1003e1ac QueryPerformanceCounter
0x1003e1b0 GetCurrentProcessId
0x1003e1b4 GetSystemTimeAsFileTime
0x1003e1b8 InitializeSListHead
0x1003e1bc GetCurrentProcess
0x1003e1c0 TerminateProcess
0x1003e1c4 GetStringTypeW
0x1003e1c8 EncodePointer
0x1003e1cc TlsAlloc
0x1003e1d0 TlsGetValue
0x1003e1d4 TlsSetValue
0x1003e1d8 TlsFree
0x1003e1dc CompareStringW
0x1003e1e0 LCMapStringW
0x1003e1e4 GetLocaleInfoW
0x1003e1e8 GetCPInfo
0x1003e1ec OutputDebugStringW
0x1003e1f0 RtlUnwind
0x1003e1f4 InterlockedFlushSList
0x1003e1f8 LoadLibraryExW
0x1003e1fc SetEndOfFile
0x1003e200 CreateDirectoryW
0x1003e204 CreateFileW
0x1003e208 GetFileType
USER32.dll
0x1003e21c GetMonitorInfoA
0x1003e220 GetDesktopWindow
0x1003e224 EnumDisplayMonitors
0x1003e228 GetDC
GDI32.dll
0x1003e01c BitBlt
0x1003e020 SaveDC
0x1003e024 SelectObject
0x1003e028 CreateDIBSection
0x1003e02c CreateCompatibleDC
0x1003e030 GetDeviceCaps
0x1003e034 DeleteDC
0x1003e038 RestoreDC
0x1003e03c DeleteObject
0x1003e040 CreateDCA
ADVAPI32.dll
0x1003e000 RegCloseKey
0x1003e004 RegOpenKeyA
0x1003e008 RegQueryValueExA
0x1003e00c RegSetValueExA
0x1003e010 RegOpenKeyExA
0x1003e014 RegCreateKeyA
SHELL32.dll
0x1003e210 SHCreateDirectoryExA
0x1003e214 SHGetFolderPathA
ole32.dll
0x1003e298 CreateStreamOnHGlobal
WINHTTP.dll
0x1003e230 WinHttpQueryAuthSchemes
0x1003e234 WinHttpQueryDataAvailable
0x1003e238 WinHttpReceiveResponse
0x1003e23c WinHttpOpen
0x1003e240 WinHttpQueryHeaders
0x1003e244 WinHttpReadData
0x1003e248 WinHttpOpenRequest
0x1003e24c WinHttpSetOption
0x1003e250 WinHttpCloseHandle
0x1003e254 WinHttpSendRequest
0x1003e258 WinHttpSetCredentials
0x1003e25c WinHttpConnect
ntdll.dll
0x1003e290 RtlGetVersion
gdiplus.dll
0x1003e264 GdiplusStartup
0x1003e268 GdiplusShutdown
0x1003e26c GdipGetImageEncoders
0x1003e270 GdipCloneImage
0x1003e274 GdipSaveImageToStream
0x1003e278 GdipGetImageEncodersSize
0x1003e27c GdipFree
0x1003e280 GdipDisposeImage
0x1003e284 GdipCreateBitmapFromHBITMAP
0x1003e288 GdipAlloc
EAT(Export Address Table) Library
0x100133e0 GetFileVersionInfoA
0x100133f0 GetFileVersionInfoByHandle
0x10013400 GetFileVersionInfoExA
0x10013410 GetFileVersionInfoExW
0x10013420 GetFileVersionInfoSizeA
0x10013430 GetFileVersionInfoSizeExA
0x10013440 GetFileVersionInfoSizeExW
0x10013450 GetFileVersionInfoSizeW
0x10013460 GetFileVersionInfoW
0x10013470 VerFindFileA
0x10013480 VerFindFileW
0x10013490 VerInstallFileA
0x100134a0 VerInstallFileW
0x100134b0 VerLanguageNameA
0x100134c0 VerLanguageNameW
0x100134d0 VerQueryValueA
0x100134e0 VerQueryValueW