ScreenShot
| Created | 2024.12.15 17:31 | Machine | s1_win7_x6403 |
| Filename | TPB-1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 54 detected (AIDetectMalware, Vidar, Malicious, score, selfdel, Lazy, Unsafe, Save, confidence, 100%, TrojanPSW, GenusT, EDYQ, Attribute, HighConfidence, high confidence, ivky, ccmw, Stealerc, AoJmJPuispO, bzhvf, Real Protect, high, Static AI, Malicious PE, Detected, HeurC, KVMH017, Wacatac, R684336, Artemis, Gencirc, yMpoOsPj11o, B9nj) | ||
| md5 | 760370c2aa2829b5fec688d12da0535f | ||
| sha256 | a3a6cde465591377afc5f656f72a00799398fd2541b60391bcb8f62b8f8cace3 | ||
| ssdeep | 6144:fVpxoBb+6pIE70i+cif0o5HDl5nUnOpvJ3wpUfcx+43+jyQ/DmPvugK/alI1DB4E:6Ii+cni3h3wpUy+5jyqevlMfQWt | ||
| imphash | ca581f09771447392309160929ad1578 | ||
| impfuzzy | 48:pCJ+8Jyqgq4P3mWCwDNFhXfXCIVE4j4rzukfLus0W5KQvmv6SlNz9c:pq+IyqgpP3mW5DNF5fXE8tfL1c | ||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Attempts to create or modify system certificates |
| watch | Communicates with host for which no DNS query was performed |
| watch | Network activity contains more than one unique useragent |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET INFO TLS Handshake Failure
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x45ab50 ??2@YAPAXI@Z
0x45ab54 ??3@YAXPAX@Z
0x45ab58 ??_U@YAPAXI@Z
0x45ab5c ??_V@YAXPAX@Z
0x45ab60 _splitpath
0x45ab64 _time64
0x45ab68 _wtoi64
0x45ab6c atexit
0x45ab70 free
0x45ab74 isupper
0x45ab78 malloc
0x45ab7c memchr
0x45ab80 memcmp
0x45ab84 memcpy
0x45ab88 memmove
0x45ab8c memset
0x45ab90 rand
0x45ab94 srand
0x45ab98 strchr
0x45ab9c strcmp
0x45aba0 strcpy
0x45aba4 strcpy_s
0x45aba8 strlen
0x45abac strncpy
0x45abb0 strstr
0x45abb4 strtok_s
KERNEL32.dll
0x45abbc CloseHandle
0x45abc0 ConvertDefaultLocale
0x45abc4 CreateDirectoryA
0x45abc8 CreateFileA
0x45abcc CreateFileMappingA
0x45abd0 CreateFileW
0x45abd4 CreateProcessA
0x45abd8 CreateThread
0x45abdc ExitProcess
0x45abe0 FileTimeToSystemTime
0x45abe4 FindClose
0x45abe8 FindFirstFileA
0x45abec FindNextFileA
0x45abf0 FreeLibrary
0x45abf4 GetComputerNameA
0x45abf8 GetCurrentProcess
0x45abfc GetDriveTypeA
0x45ac00 GetFileInformationByHandle
0x45ac04 GetFileSize
0x45ac08 GetLastError
0x45ac0c GetLocalTime
0x45ac10 GetLogicalDriveStringsA
0x45ac14 GetLogicalProcessorInformationEx
0x45ac18 GetModuleHandleA
0x45ac1c GetProcessHeap
0x45ac20 GetTempPathW
0x45ac24 GetThreadContext
0x45ac28 GetTickCount
0x45ac2c GlobalMemoryStatusEx
0x45ac30 HeapAlloc
0x45ac34 HeapFree
0x45ac38 InitializeCriticalSectionEx
0x45ac3c K32EnumProcessModules
0x45ac40 K32GetModuleBaseNameA
0x45ac44 MapViewOfFile
0x45ac48 MultiByteToWideChar
0x45ac4c OpenProcess
0x45ac50 RaiseException
0x45ac54 ReadFile
0x45ac58 ReadProcessMemory
0x45ac5c SetCriticalSectionSpinCount
0x45ac60 SetFilePointer
0x45ac64 SetThreadContext
0x45ac68 Sleep
0x45ac6c SystemTimeToFileTime
0x45ac70 UnmapViewOfFile
0x45ac74 VirtualAlloc
0x45ac78 VirtualAllocEx
0x45ac7c VirtualAllocExNuma
0x45ac80 VirtualFree
0x45ac84 VirtualQueryEx
0x45ac88 WaitForSingleObject
0x45ac8c WriteFile
0x45ac90 WriteProcessMemory
0x45ac94 lstrcatA
0x45ac98 lstrcmpiW
0x45ac9c lstrcpyA
0x45aca0 lstrcpynA
0x45aca4 lstrlenA
GDI32.dll
0x45acac CreateDCA
0x45acb0 GetDeviceCaps
USER32.dll
0x45acb8 CharToOemA
0x45acbc CloseDesktop
0x45acc0 CreateDesktopA
0x45acc4 GetDesktopWindow
0x45acc8 GetWindowContextHelpId
0x45accc GetWindowLongW
0x45acd0 IsDialogMessageW
0x45acd4 IsWindowVisible
0x45acd8 MessageBoxA
0x45acdc OpenDesktopA
0x45ace0 RegisterClassW
0x45ace4 ReleaseDC
0x45ace8 wsprintfA
0x45acec wsprintfW
ADVAPI32.dll
0x45acf4 GetCurrentHwProfileA
0x45acf8 GetUserNameA
0x45acfc RegGetValueA
0x45ad00 RegOpenKeyExA
api-ms-win-crt-runtime-l1-1-0.dll
0x45ad08 _invalid_parameter_noinfo_noreturn
ole32.dll
0x45ad10 CoCreateInstance
OLEAUT32.dll
0x45ad18 SysAllocString
0x45ad1c SysFreeString
SHELL32.dll
0x45ad24 SHFileOperationA
0x45ad28 SHGetFolderPathA
WS2_32.dll
0x45ad30 WSACleanup
0x45ad34 WSAStartup
0x45ad38 closesocket
0x45ad3c connect
0x45ad40 freeaddrinfo
0x45ad44 getaddrinfo
0x45ad48 htons
0x45ad4c recv
0x45ad50 send
0x45ad54 socket
SHLWAPI.dll
0x45ad5c PathFileExistsA
0x45ad60 None
EAT(Export Address Table) is none
msvcrt.dll
0x45ab50 ??2@YAPAXI@Z
0x45ab54 ??3@YAXPAX@Z
0x45ab58 ??_U@YAPAXI@Z
0x45ab5c ??_V@YAXPAX@Z
0x45ab60 _splitpath
0x45ab64 _time64
0x45ab68 _wtoi64
0x45ab6c atexit
0x45ab70 free
0x45ab74 isupper
0x45ab78 malloc
0x45ab7c memchr
0x45ab80 memcmp
0x45ab84 memcpy
0x45ab88 memmove
0x45ab8c memset
0x45ab90 rand
0x45ab94 srand
0x45ab98 strchr
0x45ab9c strcmp
0x45aba0 strcpy
0x45aba4 strcpy_s
0x45aba8 strlen
0x45abac strncpy
0x45abb0 strstr
0x45abb4 strtok_s
KERNEL32.dll
0x45abbc CloseHandle
0x45abc0 ConvertDefaultLocale
0x45abc4 CreateDirectoryA
0x45abc8 CreateFileA
0x45abcc CreateFileMappingA
0x45abd0 CreateFileW
0x45abd4 CreateProcessA
0x45abd8 CreateThread
0x45abdc ExitProcess
0x45abe0 FileTimeToSystemTime
0x45abe4 FindClose
0x45abe8 FindFirstFileA
0x45abec FindNextFileA
0x45abf0 FreeLibrary
0x45abf4 GetComputerNameA
0x45abf8 GetCurrentProcess
0x45abfc GetDriveTypeA
0x45ac00 GetFileInformationByHandle
0x45ac04 GetFileSize
0x45ac08 GetLastError
0x45ac0c GetLocalTime
0x45ac10 GetLogicalDriveStringsA
0x45ac14 GetLogicalProcessorInformationEx
0x45ac18 GetModuleHandleA
0x45ac1c GetProcessHeap
0x45ac20 GetTempPathW
0x45ac24 GetThreadContext
0x45ac28 GetTickCount
0x45ac2c GlobalMemoryStatusEx
0x45ac30 HeapAlloc
0x45ac34 HeapFree
0x45ac38 InitializeCriticalSectionEx
0x45ac3c K32EnumProcessModules
0x45ac40 K32GetModuleBaseNameA
0x45ac44 MapViewOfFile
0x45ac48 MultiByteToWideChar
0x45ac4c OpenProcess
0x45ac50 RaiseException
0x45ac54 ReadFile
0x45ac58 ReadProcessMemory
0x45ac5c SetCriticalSectionSpinCount
0x45ac60 SetFilePointer
0x45ac64 SetThreadContext
0x45ac68 Sleep
0x45ac6c SystemTimeToFileTime
0x45ac70 UnmapViewOfFile
0x45ac74 VirtualAlloc
0x45ac78 VirtualAllocEx
0x45ac7c VirtualAllocExNuma
0x45ac80 VirtualFree
0x45ac84 VirtualQueryEx
0x45ac88 WaitForSingleObject
0x45ac8c WriteFile
0x45ac90 WriteProcessMemory
0x45ac94 lstrcatA
0x45ac98 lstrcmpiW
0x45ac9c lstrcpyA
0x45aca0 lstrcpynA
0x45aca4 lstrlenA
GDI32.dll
0x45acac CreateDCA
0x45acb0 GetDeviceCaps
USER32.dll
0x45acb8 CharToOemA
0x45acbc CloseDesktop
0x45acc0 CreateDesktopA
0x45acc4 GetDesktopWindow
0x45acc8 GetWindowContextHelpId
0x45accc GetWindowLongW
0x45acd0 IsDialogMessageW
0x45acd4 IsWindowVisible
0x45acd8 MessageBoxA
0x45acdc OpenDesktopA
0x45ace0 RegisterClassW
0x45ace4 ReleaseDC
0x45ace8 wsprintfA
0x45acec wsprintfW
ADVAPI32.dll
0x45acf4 GetCurrentHwProfileA
0x45acf8 GetUserNameA
0x45acfc RegGetValueA
0x45ad00 RegOpenKeyExA
api-ms-win-crt-runtime-l1-1-0.dll
0x45ad08 _invalid_parameter_noinfo_noreturn
ole32.dll
0x45ad10 CoCreateInstance
OLEAUT32.dll
0x45ad18 SysAllocString
0x45ad1c SysFreeString
SHELL32.dll
0x45ad24 SHFileOperationA
0x45ad28 SHGetFolderPathA
WS2_32.dll
0x45ad30 WSACleanup
0x45ad34 WSAStartup
0x45ad38 closesocket
0x45ad3c connect
0x45ad40 freeaddrinfo
0x45ad44 getaddrinfo
0x45ad48 htons
0x45ad4c recv
0x45ad50 send
0x45ad54 socket
SHLWAPI.dll
0x45ad5c PathFileExistsA
0x45ad60 None
EAT(Export Address Table) is none