ScreenShot
| Created | 2025.03.08 12:49 | Machine | s1_win7_x6403 |
| Filename | sqVWjvh.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (Common, Vidar, Malicious, score, Ghanarava, Lazy, Unsafe, Save, confidence, 100%, Genus, Attribute, HighConfidence, high confidence, AdwareX, TrojanPSW, CLASSIC, tcybl, Real Protect, moderate, Static AI, Malicious PE, Detected, GrayWare, Wacapew, Wacatac, Artemis, Bandra, susgen) | ||
| md5 | da8846245fb9ec49a3223f7731236c7f | ||
| sha256 | a54c3a619f8fc2f69b09098a45f880c352de39c568235de9f988fce9bf8c6f48 | ||
| ssdeep | 3072:aVvH8RuVrLyEj/S2CUGACcceJd/klDHa/R8mxu3s8Ql5u:KH8RuRLlzgUd6a/Asll5u | ||
| imphash | 351fbae162a7dacb0ecda3be35f09973 | ||
| impfuzzy | 48:pCJ+8JKqgy4/OTtCLf+6y0WhdbPa4jt4y4rzCLs5KQDw6/lQ5z9loehrw3R7oC6/:pq+IKqgB/etCLS0W/GYMYlncaC4 | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| watch | Communicates with host for which no DNS query was performed |
| watch | Network activity contains more than one unique useragent |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x420278 ??2@YAPAXI@Z
0x42027c ??3@YAXPAX@Z
0x420280 ??_U@YAPAXI@Z
0x420284 ??_V@YAXPAX@Z
0x420288 _splitpath
0x42028c atexit
0x420290 free
0x420294 isupper
0x420298 malloc
0x42029c memchr
0x4202a0 memcmp
0x4202a4 memcpy
0x4202a8 memmove
0x4202ac memset
0x4202b0 rand
0x4202b4 srand
0x4202b8 strchr
0x4202bc strcpy
0x4202c0 strcpy_s
0x4202c4 strlen
0x4202c8 strncpy
0x4202cc strstr
0x4202d0 strtok_s
KERNEL32.dll
0x4202d8 CloseHandle
0x4202dc CopyFileA
0x4202e0 CreateDirectoryA
0x4202e4 CreateEventA
0x4202e8 CreateFileA
0x4202ec CreateProcessA
0x4202f0 CreateThread
0x4202f4 CreateToolhelp32Snapshot
0x4202f8 DeleteFileA
0x4202fc ExitProcess
0x420300 ExpandEnvironmentStringsA
0x420304 FileTimeToSystemTime
0x420308 FindClose
0x42030c FindFirstFileA
0x420310 FindNextFileA
0x420314 GetComputerNameA
0x420318 GetComputerNameW
0x42031c GetCurrentProcessId
0x420320 GetDriveTypeA
0x420324 GetEnvironmentVariableA
0x420328 GetFileAttributesA
0x42032c GetFileInformationByHandle
0x420330 GetFileSize
0x420334 GetFileSizeEx
0x420338 GetFileType
0x42033c GetFullPathNameA
0x420340 GetLastError
0x420344 GetLocalTime
0x420348 GetLocaleInfoA
0x42034c GetLogicalDriveStringsA
0x420350 GetLogicalProcessorInformationEx
0x420354 GetModuleFileNameA
0x420358 GetProcAddress
0x42035c GetProcessHeap
0x420360 GetSystemInfo
0x420364 GetSystemTime
0x420368 GetTempPathW
0x42036c GetTickCount
0x420370 GetTimeZoneInformation
0x420374 GetVolumeInformationA
0x420378 GetWindowsDirectoryA
0x42037c GetWindowsDirectoryW
0x420380 GlobalAlloc
0x420384 GlobalFree
0x420388 GlobalLock
0x42038c GlobalMemoryStatusEx
0x420390 GlobalSize
0x420394 HeapAlloc
0x420398 HeapFree
0x42039c K32GetModuleFileNameExA
0x4203a0 LoadLibraryW
0x4203a4 LocalAlloc
0x4203a8 LocalFree
0x4203ac OpenEventA
0x4203b0 OpenProcess
0x4203b4 Process32First
0x4203b8 Process32Next
0x4203bc RaiseException
0x4203c0 ReadFile
0x4203c4 ReadProcessMemory
0x4203c8 SetFilePointer
0x4203cc Sleep
0x4203d0 SystemTimeToFileTime
0x4203d4 TerminateProcess
0x4203d8 VirtualQueryEx
0x4203dc WaitForSingleObject
0x4203e0 WriteFile
0x4203e4 lstrcatA
0x4203e8 lstrcpyA
0x4203ec lstrlenA
0x4203f0 lstrlenW
ADVAPI32.dll
0x4203f8 GetCurrentHwProfileA
0x4203fc GetUserNameA
0x420400 GetUserNameW
0x420404 RegCloseKey
0x420408 RegEnumKeyExA
0x42040c RegGetValueA
0x420410 RegOpenKeyExA
0x420414 RegQueryValueExA
api-ms-win-crt-runtime-l1-1-0.dll
0x42041c _invalid_parameter_noinfo_noreturn
USER32.dll
0x420424 CharToOemA
0x420428 CloseDesktop
0x42042c CloseWindow
0x420430 CreateDesktopA
0x420434 EnumDisplayDevicesA
0x420438 GetDC
0x42043c GetDesktopWindow
0x420440 GetKeyboardLayoutList
0x420444 GetWindowRect
0x420448 OpenDesktopA
0x42044c ReleaseDC
0x420450 wsprintfA
0x420454 wsprintfW
api-ms-win-crt-stdio-l1-1-0.dll
0x42045c __stdio_common_vsnprintf_s
0x420460 __stdio_common_vsprintf
GDI32.dll
0x420468 BitBlt
0x42046c CreateCompatibleBitmap
0x420470 CreateCompatibleDC
0x420474 CreateDCA
0x420478 DeleteObject
0x42047c GetDeviceCaps
0x420480 SelectObject
SHELL32.dll
0x420488 SHFileOperationA
0x42048c SHGetFolderPathA
0x420490 ShellExecuteExA
0x420494 ShellExecuteExW
ole32.dll
0x42049c CreateStreamOnHGlobal
0x4204a0 GetHGlobalFromStream
WS2_32.dll
0x4204a8 WSACleanup
0x4204ac WSAStartup
0x4204b0 closesocket
0x4204b4 connect
0x4204b8 freeaddrinfo
0x4204bc getaddrinfo
0x4204c0 htons
0x4204c4 recv
0x4204c8 send
0x4204cc socket
SHLWAPI.dll
0x4204d4 PathFileExistsA
0x4204d8 PathMatchSpecA
0x4204dc None
0x4204e0 None
0x4204e4 StrStrA
CRYPT32.dll
0x4204ec CryptBinaryToStringA
0x4204f0 CryptUnprotectData
WININET.dll
0x4204f8 HttpOpenRequestA
0x4204fc HttpQueryInfoA
0x420500 HttpSendRequestA
0x420504 InternetCloseHandle
0x420508 InternetConnectA
0x42050c InternetCrackUrlA
0x420510 InternetOpenA
0x420514 InternetOpenUrlA
0x420518 InternetReadFile
0x42051c InternetSetOptionA
crypt.dll
0x420524 BCryptCloseAlgorithmProvider
0x420528 BCryptDecrypt
0x42052c BCryptDestroyKey
0x420530 BCryptGenerateSymmetricKey
0x420534 BCryptOpenAlgorithmProvider
0x420538 BCryptSetProperty
dbghelp.dll
0x420540 SymMatchString
EAT(Export Address Table) is none
msvcrt.dll
0x420278 ??2@YAPAXI@Z
0x42027c ??3@YAXPAX@Z
0x420280 ??_U@YAPAXI@Z
0x420284 ??_V@YAXPAX@Z
0x420288 _splitpath
0x42028c atexit
0x420290 free
0x420294 isupper
0x420298 malloc
0x42029c memchr
0x4202a0 memcmp
0x4202a4 memcpy
0x4202a8 memmove
0x4202ac memset
0x4202b0 rand
0x4202b4 srand
0x4202b8 strchr
0x4202bc strcpy
0x4202c0 strcpy_s
0x4202c4 strlen
0x4202c8 strncpy
0x4202cc strstr
0x4202d0 strtok_s
KERNEL32.dll
0x4202d8 CloseHandle
0x4202dc CopyFileA
0x4202e0 CreateDirectoryA
0x4202e4 CreateEventA
0x4202e8 CreateFileA
0x4202ec CreateProcessA
0x4202f0 CreateThread
0x4202f4 CreateToolhelp32Snapshot
0x4202f8 DeleteFileA
0x4202fc ExitProcess
0x420300 ExpandEnvironmentStringsA
0x420304 FileTimeToSystemTime
0x420308 FindClose
0x42030c FindFirstFileA
0x420310 FindNextFileA
0x420314 GetComputerNameA
0x420318 GetComputerNameW
0x42031c GetCurrentProcessId
0x420320 GetDriveTypeA
0x420324 GetEnvironmentVariableA
0x420328 GetFileAttributesA
0x42032c GetFileInformationByHandle
0x420330 GetFileSize
0x420334 GetFileSizeEx
0x420338 GetFileType
0x42033c GetFullPathNameA
0x420340 GetLastError
0x420344 GetLocalTime
0x420348 GetLocaleInfoA
0x42034c GetLogicalDriveStringsA
0x420350 GetLogicalProcessorInformationEx
0x420354 GetModuleFileNameA
0x420358 GetProcAddress
0x42035c GetProcessHeap
0x420360 GetSystemInfo
0x420364 GetSystemTime
0x420368 GetTempPathW
0x42036c GetTickCount
0x420370 GetTimeZoneInformation
0x420374 GetVolumeInformationA
0x420378 GetWindowsDirectoryA
0x42037c GetWindowsDirectoryW
0x420380 GlobalAlloc
0x420384 GlobalFree
0x420388 GlobalLock
0x42038c GlobalMemoryStatusEx
0x420390 GlobalSize
0x420394 HeapAlloc
0x420398 HeapFree
0x42039c K32GetModuleFileNameExA
0x4203a0 LoadLibraryW
0x4203a4 LocalAlloc
0x4203a8 LocalFree
0x4203ac OpenEventA
0x4203b0 OpenProcess
0x4203b4 Process32First
0x4203b8 Process32Next
0x4203bc RaiseException
0x4203c0 ReadFile
0x4203c4 ReadProcessMemory
0x4203c8 SetFilePointer
0x4203cc Sleep
0x4203d0 SystemTimeToFileTime
0x4203d4 TerminateProcess
0x4203d8 VirtualQueryEx
0x4203dc WaitForSingleObject
0x4203e0 WriteFile
0x4203e4 lstrcatA
0x4203e8 lstrcpyA
0x4203ec lstrlenA
0x4203f0 lstrlenW
ADVAPI32.dll
0x4203f8 GetCurrentHwProfileA
0x4203fc GetUserNameA
0x420400 GetUserNameW
0x420404 RegCloseKey
0x420408 RegEnumKeyExA
0x42040c RegGetValueA
0x420410 RegOpenKeyExA
0x420414 RegQueryValueExA
api-ms-win-crt-runtime-l1-1-0.dll
0x42041c _invalid_parameter_noinfo_noreturn
USER32.dll
0x420424 CharToOemA
0x420428 CloseDesktop
0x42042c CloseWindow
0x420430 CreateDesktopA
0x420434 EnumDisplayDevicesA
0x420438 GetDC
0x42043c GetDesktopWindow
0x420440 GetKeyboardLayoutList
0x420444 GetWindowRect
0x420448 OpenDesktopA
0x42044c ReleaseDC
0x420450 wsprintfA
0x420454 wsprintfW
api-ms-win-crt-stdio-l1-1-0.dll
0x42045c __stdio_common_vsnprintf_s
0x420460 __stdio_common_vsprintf
GDI32.dll
0x420468 BitBlt
0x42046c CreateCompatibleBitmap
0x420470 CreateCompatibleDC
0x420474 CreateDCA
0x420478 DeleteObject
0x42047c GetDeviceCaps
0x420480 SelectObject
SHELL32.dll
0x420488 SHFileOperationA
0x42048c SHGetFolderPathA
0x420490 ShellExecuteExA
0x420494 ShellExecuteExW
ole32.dll
0x42049c CreateStreamOnHGlobal
0x4204a0 GetHGlobalFromStream
WS2_32.dll
0x4204a8 WSACleanup
0x4204ac WSAStartup
0x4204b0 closesocket
0x4204b4 connect
0x4204b8 freeaddrinfo
0x4204bc getaddrinfo
0x4204c0 htons
0x4204c4 recv
0x4204c8 send
0x4204cc socket
SHLWAPI.dll
0x4204d4 PathFileExistsA
0x4204d8 PathMatchSpecA
0x4204dc None
0x4204e0 None
0x4204e4 StrStrA
CRYPT32.dll
0x4204ec CryptBinaryToStringA
0x4204f0 CryptUnprotectData
WININET.dll
0x4204f8 HttpOpenRequestA
0x4204fc HttpQueryInfoA
0x420500 HttpSendRequestA
0x420504 InternetCloseHandle
0x420508 InternetConnectA
0x42050c InternetCrackUrlA
0x420510 InternetOpenA
0x420514 InternetOpenUrlA
0x420518 InternetReadFile
0x42051c InternetSetOptionA
crypt.dll
0x420524 BCryptCloseAlgorithmProvider
0x420528 BCryptDecrypt
0x42052c BCryptDestroyKey
0x420530 BCryptGenerateSymmetricKey
0x420534 BCryptOpenAlgorithmProvider
0x420538 BCryptSetProperty
dbghelp.dll
0x420540 SymMatchString
EAT(Export Address Table) is none