ScreenShot
| Created | 2021.06.14 14:15 | Machine | s1_win7_x6401 |
| Filename | msvc.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 43 detected (malicious, high confidence, GenericKD, Artemis, CoinMiner, ali1004001, confidence, EFRC, Miner, Eanh, XMRig Miner, TOOLXMR, Static AI, Malicious PE, AGEN, ai score=89, score, Miner3, BitCoinMiner, HackTool, CLASSIC, Unsafe) | ||
| md5 | 8499a6b941c62297c4ed8149f2c181fb | ||
| sha256 | 92d91382245569b874ae5d0cdb3049864e20b93824a065521c3a2f7800d62bee | ||
| ssdeep | 24576:UaQ/2ZCdibELOLihGiiiw7J0I02p5BvDNRQxH8JZPjd8nBPeaQPC9Ye:dQ/2YdDiLic3tH02pX6H87bhkYe | ||
| imphash | 51c447071e60b3aae3e78e5705fadc80 | ||
| impfuzzy | 96:rsdtQXzX1wjakHcGxvfc6iLrYRhoiqVFtuG6LnBEWXqoiYr:yWjFeakSLyuiKSrmWx | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| watch | Created a service where a service was also not started |
| watch | Detects Virtual Machines through their custom firmware |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
WS2_32.dll
0x140136718 htonl
0x140136720 WSASetLastError
0x140136728 WSAStartup
0x140136730 select
0x140136738 WSARecvFrom
0x140136740 WSASocketW
0x140136748 WSASend
0x140136750 WSARecv
0x140136758 WSAIoctl
0x140136760 socket
0x140136768 shutdown
0x140136770 setsockopt
0x140136778 getsockopt
0x140136780 ioctlsocket
0x140136788 closesocket
0x140136790 ind
0x140136798 FreeAddrInfoW
0x1401367a0 GetAddrInfoW
0x1401367a8 WSAGetLastError
0x1401367b0 htons
USERENV.dll
0x140136708 GetUserProfileDirectoryW
KERNEL32.dll
0x140136098 SetStdHandle
0x1401360a0 WriteConsoleW
0x1401360a8 SetConsoleTitleA
0x1401360b0 GetStdHandle
0x1401360b8 SetConsoleMode
0x1401360c0 GetConsoleMode
0x1401360c8 ExpandEnvironmentStringsA
0x1401360d0 GetSystemFirmwareTable
0x1401360d8 HeapFree
0x1401360e0 HeapAlloc
0x1401360e8 GetProcessHeap
0x1401360f0 MultiByteToWideChar
0x1401360f8 SetThreadAffinityMask
0x140136100 SetPriorityClass
0x140136108 GetCurrentProcess
0x140136110 SetThreadPriority
0x140136118 GetSystemPowerStatus
0x140136120 Sleep
0x140136128 GetCurrentThread
0x140136130 GetProcAddress
0x140136138 GetModuleHandleW
0x140136140 GetTickCount
0x140136148 CloseHandle
0x140136150 FreeConsole
0x140136158 GetConsoleWindow
0x140136160 VirtualProtect
0x140136168 VirtualFree
0x140136170 VirtualAlloc
0x140136178 GetLargePageMinimum
0x140136180 LocalAlloc
0x140136188 GetLastError
0x140136190 LocalFree
0x140136198 FlushInstructionCache
0x1401361a0 GetCurrentThreadId
0x1401361a8 AddVectoredExceptionHandler
0x1401361b0 DeviceIoControl
0x1401361b8 GetModuleFileNameW
0x1401361c0 CreateFileW
0x1401361c8 GetFileType
0x1401361d0 PostQueuedCompletionStatus
0x1401361d8 CreateFileA
0x1401361e0 DuplicateHandle
0x1401361e8 SetEvent
0x1401361f0 ResetEvent
0x1401361f8 WaitForSingleObject
0x140136200 CreateEventA
0x140136208 QueueUserWorkItem
0x140136210 RegisterWaitForSingleObject
0x140136218 UnregisterWait
0x140136220 WideCharToMultiByte
0x140136228 GetNumberOfConsoleInputEvents
0x140136230 ReadConsoleInputW
0x140136238 ReadConsoleW
0x140136240 FillConsoleOutputCharacterW
0x140136248 FillConsoleOutputAttribute
0x140136250 GetConsoleCursorInfo
0x140136258 SetConsoleCursorInfo
0x140136260 GetConsoleScreenBufferInfo
0x140136268 SetConsoleCursorPosition
0x140136270 SetConsoleTextAttribute
0x140136278 WriteConsoleInputW
0x140136280 GetEnvironmentStringsW
0x140136288 FreeEnvironmentStringsW
0x140136290 GetEnvironmentVariableW
0x140136298 SetEnvironmentVariableW
0x1401362a0 SetCurrentDirectoryW
0x1401362a8 GetCurrentDirectoryW
0x1401362b0 GetTempPathW
0x1401362b8 SetLastError
0x1401362c0 QueryPerformanceCounter
0x1401362c8 QueryPerformanceFrequency
0x1401362d0 InitializeCriticalSection
0x1401362d8 EnterCriticalSection
0x1401362e0 LeaveCriticalSection
0x1401362e8 GetCurrentProcessId
0x1401362f0 GlobalMemoryStatusEx
0x1401362f8 GetSystemInfo
0x140136300 GetSystemTimeAsFileTime
0x140136308 GetCommandLineA
0x140136310 CreateDirectoryW
0x140136318 FindClose
0x140136320 FindFirstFileW
0x140136328 FindNextFileW
0x140136330 FlushFileBuffers
0x140136338 GetDiskFreeSpaceW
0x140136340 GetFileAttributesW
0x140136348 GetFileInformationByHandle
0x140136350 GetFileSizeEx
0x140136358 GetFinalPathNameByHandleW
0x140136360 GetFullPathNameW
0x140136368 ReadFile
0x140136370 RemoveDirectoryW
0x140136378 SetFilePointerEx
0x140136380 SetFileTime
0x140136388 WriteFile
0x140136390 MapViewOfFile
0x140136398 FlushViewOfFile
0x1401363a0 UnmapViewOfFile
0x1401363a8 CreateFileMappingA
0x1401363b0 ReOpenFile
0x1401363b8 CopyFileW
0x1401363c0 MoveFileExW
0x1401363c8 CreateHardLinkW
0x1401363d0 GetFileInformationByHandleEx
0x1401363d8 CreateSymbolicLinkW
0x1401363e0 SetConsoleCtrlHandler
0x1401363e8 GetLongPathNameW
0x1401363f0 GetShortPathNameW
0x1401363f8 CreateIoCompletionPort
0x140136400 ReadDirectoryChangesW
0x140136408 SetHandleInformation
0x140136410 CancelIo
0x140136418 SwitchToThread
0x140136420 RtlUnwind
0x140136428 FreeLibrary
0x140136430 LoadLibraryExW
0x140136438 FormatMessageA
0x140136440 SetErrorMode
0x140136448 GetQueuedCompletionStatus
0x140136450 ConnectNamedPipe
0x140136458 PeekNamedPipe
0x140136460 CreateNamedPipeW
0x140136468 CancelIoEx
0x140136470 CancelSynchronousIo
0x140136478 DeleteCriticalSection
0x140136480 TerminateProcess
0x140136488 GetExitCodeProcess
0x140136490 UnregisterWaitEx
0x140136498 LCMapStringW
0x1401364a0 DebugBreak
0x1401364a8 TryEnterCriticalSection
0x1401364b0 InitializeConditionVariable
0x1401364b8 WakeConditionVariable
0x1401364c0 WakeAllConditionVariable
0x1401364c8 SleepConditionVariableCS
0x1401364d0 ReleaseSemaphore
0x1401364d8 ResumeThread
0x1401364e0 TlsAlloc
0x1401364e8 TlsGetValue
0x1401364f0 TlsSetValue
0x1401364f8 TlsFree
0x140136500 GetNativeSystemInfo
0x140136508 CreateSemaphoreA
0x140136510 GetModuleHandleA
0x140136518 LoadLibraryA
0x140136520 GetStartupInfoW
0x140136528 RaiseException
0x140136530 RtlPcToFileHeader
0x140136538 RtlUnwindEx
0x140136540 InitializeSListHead
0x140136548 IsDebuggerPresent
0x140136550 IsProcessorFeaturePresent
0x140136558 SetUnhandledExceptionFilter
0x140136560 UnhandledExceptionFilter
0x140136568 RtlVirtualUnwind
0x140136570 RtlLookupFunctionEntry
0x140136578 RtlCaptureContext
0x140136580 GetCommandLineW
0x140136588 CreateThread
0x140136590 ExitThread
0x140136598 FreeLibraryAndExitThread
0x1401365a0 GetModuleHandleExW
0x1401365a8 GetFileAttributesExW
0x1401365b0 SetFileAttributesW
0x1401365b8 GetConsoleOutputCP
0x1401365c0 ExitProcess
0x1401365c8 CompareStringW
0x1401365d0 GetLocaleInfoW
0x1401365d8 IsValidLocale
0x1401365e0 GetUserDefaultLCID
0x1401365e8 EnumSystemLocalesW
0x1401365f0 HeapReAlloc
0x1401365f8 GetTimeZoneInformation
0x140136600 HeapSize
0x140136608 FindFirstFileExW
0x140136610 IsValidCodePage
0x140136618 GetACP
0x140136620 GetOEMCP
0x140136628 SetEndOfFile
0x140136630 SetFileCompletionNotificationModes
0x140136638 InitializeSRWLock
0x140136640 ReleaseSRWLockExclusive
0x140136648 AcquireSRWLockExclusive
0x140136650 InitializeCriticalSectionEx
0x140136658 WaitForSingleObjectEx
0x140136660 GetExitCodeThread
0x140136668 SleepConditionVariableSRW
0x140136670 EncodePointer
0x140136678 DecodePointer
0x140136680 LCMapStringEx
0x140136688 CompareStringEx
0x140136690 GetCPInfo
0x140136698 GetStringTypeW
0x1401366a0 InitializeCriticalSectionAndSpinCount
0x1401366a8 CreateEventW
USER32.dll
0x1401366c8 GetSystemMetrics
0x1401366d0 MapVirtualKeyW
0x1401366d8 DispatchMessageA
0x1401366e0 TranslateMessage
0x1401366e8 GetMessageA
0x1401366f0 ShowWindow
0x1401366f8 GetLastInputInfo
SHELL32.dll
0x1401366b8 SHGetSpecialFolderPathA
ADVAPI32.dll
0x140136000 SystemFunction036
0x140136008 GetUserNameW
0x140136010 CreateServiceW
0x140136018 QueryServiceStatus
0x140136020 CloseServiceHandle
0x140136028 OpenSCManagerW
0x140136030 QueryServiceConfigA
0x140136038 DeleteService
0x140136040 ControlService
0x140136048 StartServiceW
0x140136050 OpenServiceW
0x140136058 LookupPrivilegeValueW
0x140136060 AdjustTokenPrivileges
0x140136068 OpenProcessToken
0x140136070 LsaOpenPolicy
0x140136078 LsaAddAccountRights
0x140136080 LsaClose
0x140136088 GetTokenInformation
EAT(Export Address Table) is none
WS2_32.dll
0x140136718 htonl
0x140136720 WSASetLastError
0x140136728 WSAStartup
0x140136730 select
0x140136738 WSARecvFrom
0x140136740 WSASocketW
0x140136748 WSASend
0x140136750 WSARecv
0x140136758 WSAIoctl
0x140136760 socket
0x140136768 shutdown
0x140136770 setsockopt
0x140136778 getsockopt
0x140136780 ioctlsocket
0x140136788 closesocket
0x140136790 ind
0x140136798 FreeAddrInfoW
0x1401367a0 GetAddrInfoW
0x1401367a8 WSAGetLastError
0x1401367b0 htons
USERENV.dll
0x140136708 GetUserProfileDirectoryW
KERNEL32.dll
0x140136098 SetStdHandle
0x1401360a0 WriteConsoleW
0x1401360a8 SetConsoleTitleA
0x1401360b0 GetStdHandle
0x1401360b8 SetConsoleMode
0x1401360c0 GetConsoleMode
0x1401360c8 ExpandEnvironmentStringsA
0x1401360d0 GetSystemFirmwareTable
0x1401360d8 HeapFree
0x1401360e0 HeapAlloc
0x1401360e8 GetProcessHeap
0x1401360f0 MultiByteToWideChar
0x1401360f8 SetThreadAffinityMask
0x140136100 SetPriorityClass
0x140136108 GetCurrentProcess
0x140136110 SetThreadPriority
0x140136118 GetSystemPowerStatus
0x140136120 Sleep
0x140136128 GetCurrentThread
0x140136130 GetProcAddress
0x140136138 GetModuleHandleW
0x140136140 GetTickCount
0x140136148 CloseHandle
0x140136150 FreeConsole
0x140136158 GetConsoleWindow
0x140136160 VirtualProtect
0x140136168 VirtualFree
0x140136170 VirtualAlloc
0x140136178 GetLargePageMinimum
0x140136180 LocalAlloc
0x140136188 GetLastError
0x140136190 LocalFree
0x140136198 FlushInstructionCache
0x1401361a0 GetCurrentThreadId
0x1401361a8 AddVectoredExceptionHandler
0x1401361b0 DeviceIoControl
0x1401361b8 GetModuleFileNameW
0x1401361c0 CreateFileW
0x1401361c8 GetFileType
0x1401361d0 PostQueuedCompletionStatus
0x1401361d8 CreateFileA
0x1401361e0 DuplicateHandle
0x1401361e8 SetEvent
0x1401361f0 ResetEvent
0x1401361f8 WaitForSingleObject
0x140136200 CreateEventA
0x140136208 QueueUserWorkItem
0x140136210 RegisterWaitForSingleObject
0x140136218 UnregisterWait
0x140136220 WideCharToMultiByte
0x140136228 GetNumberOfConsoleInputEvents
0x140136230 ReadConsoleInputW
0x140136238 ReadConsoleW
0x140136240 FillConsoleOutputCharacterW
0x140136248 FillConsoleOutputAttribute
0x140136250 GetConsoleCursorInfo
0x140136258 SetConsoleCursorInfo
0x140136260 GetConsoleScreenBufferInfo
0x140136268 SetConsoleCursorPosition
0x140136270 SetConsoleTextAttribute
0x140136278 WriteConsoleInputW
0x140136280 GetEnvironmentStringsW
0x140136288 FreeEnvironmentStringsW
0x140136290 GetEnvironmentVariableW
0x140136298 SetEnvironmentVariableW
0x1401362a0 SetCurrentDirectoryW
0x1401362a8 GetCurrentDirectoryW
0x1401362b0 GetTempPathW
0x1401362b8 SetLastError
0x1401362c0 QueryPerformanceCounter
0x1401362c8 QueryPerformanceFrequency
0x1401362d0 InitializeCriticalSection
0x1401362d8 EnterCriticalSection
0x1401362e0 LeaveCriticalSection
0x1401362e8 GetCurrentProcessId
0x1401362f0 GlobalMemoryStatusEx
0x1401362f8 GetSystemInfo
0x140136300 GetSystemTimeAsFileTime
0x140136308 GetCommandLineA
0x140136310 CreateDirectoryW
0x140136318 FindClose
0x140136320 FindFirstFileW
0x140136328 FindNextFileW
0x140136330 FlushFileBuffers
0x140136338 GetDiskFreeSpaceW
0x140136340 GetFileAttributesW
0x140136348 GetFileInformationByHandle
0x140136350 GetFileSizeEx
0x140136358 GetFinalPathNameByHandleW
0x140136360 GetFullPathNameW
0x140136368 ReadFile
0x140136370 RemoveDirectoryW
0x140136378 SetFilePointerEx
0x140136380 SetFileTime
0x140136388 WriteFile
0x140136390 MapViewOfFile
0x140136398 FlushViewOfFile
0x1401363a0 UnmapViewOfFile
0x1401363a8 CreateFileMappingA
0x1401363b0 ReOpenFile
0x1401363b8 CopyFileW
0x1401363c0 MoveFileExW
0x1401363c8 CreateHardLinkW
0x1401363d0 GetFileInformationByHandleEx
0x1401363d8 CreateSymbolicLinkW
0x1401363e0 SetConsoleCtrlHandler
0x1401363e8 GetLongPathNameW
0x1401363f0 GetShortPathNameW
0x1401363f8 CreateIoCompletionPort
0x140136400 ReadDirectoryChangesW
0x140136408 SetHandleInformation
0x140136410 CancelIo
0x140136418 SwitchToThread
0x140136420 RtlUnwind
0x140136428 FreeLibrary
0x140136430 LoadLibraryExW
0x140136438 FormatMessageA
0x140136440 SetErrorMode
0x140136448 GetQueuedCompletionStatus
0x140136450 ConnectNamedPipe
0x140136458 PeekNamedPipe
0x140136460 CreateNamedPipeW
0x140136468 CancelIoEx
0x140136470 CancelSynchronousIo
0x140136478 DeleteCriticalSection
0x140136480 TerminateProcess
0x140136488 GetExitCodeProcess
0x140136490 UnregisterWaitEx
0x140136498 LCMapStringW
0x1401364a0 DebugBreak
0x1401364a8 TryEnterCriticalSection
0x1401364b0 InitializeConditionVariable
0x1401364b8 WakeConditionVariable
0x1401364c0 WakeAllConditionVariable
0x1401364c8 SleepConditionVariableCS
0x1401364d0 ReleaseSemaphore
0x1401364d8 ResumeThread
0x1401364e0 TlsAlloc
0x1401364e8 TlsGetValue
0x1401364f0 TlsSetValue
0x1401364f8 TlsFree
0x140136500 GetNativeSystemInfo
0x140136508 CreateSemaphoreA
0x140136510 GetModuleHandleA
0x140136518 LoadLibraryA
0x140136520 GetStartupInfoW
0x140136528 RaiseException
0x140136530 RtlPcToFileHeader
0x140136538 RtlUnwindEx
0x140136540 InitializeSListHead
0x140136548 IsDebuggerPresent
0x140136550 IsProcessorFeaturePresent
0x140136558 SetUnhandledExceptionFilter
0x140136560 UnhandledExceptionFilter
0x140136568 RtlVirtualUnwind
0x140136570 RtlLookupFunctionEntry
0x140136578 RtlCaptureContext
0x140136580 GetCommandLineW
0x140136588 CreateThread
0x140136590 ExitThread
0x140136598 FreeLibraryAndExitThread
0x1401365a0 GetModuleHandleExW
0x1401365a8 GetFileAttributesExW
0x1401365b0 SetFileAttributesW
0x1401365b8 GetConsoleOutputCP
0x1401365c0 ExitProcess
0x1401365c8 CompareStringW
0x1401365d0 GetLocaleInfoW
0x1401365d8 IsValidLocale
0x1401365e0 GetUserDefaultLCID
0x1401365e8 EnumSystemLocalesW
0x1401365f0 HeapReAlloc
0x1401365f8 GetTimeZoneInformation
0x140136600 HeapSize
0x140136608 FindFirstFileExW
0x140136610 IsValidCodePage
0x140136618 GetACP
0x140136620 GetOEMCP
0x140136628 SetEndOfFile
0x140136630 SetFileCompletionNotificationModes
0x140136638 InitializeSRWLock
0x140136640 ReleaseSRWLockExclusive
0x140136648 AcquireSRWLockExclusive
0x140136650 InitializeCriticalSectionEx
0x140136658 WaitForSingleObjectEx
0x140136660 GetExitCodeThread
0x140136668 SleepConditionVariableSRW
0x140136670 EncodePointer
0x140136678 DecodePointer
0x140136680 LCMapStringEx
0x140136688 CompareStringEx
0x140136690 GetCPInfo
0x140136698 GetStringTypeW
0x1401366a0 InitializeCriticalSectionAndSpinCount
0x1401366a8 CreateEventW
USER32.dll
0x1401366c8 GetSystemMetrics
0x1401366d0 MapVirtualKeyW
0x1401366d8 DispatchMessageA
0x1401366e0 TranslateMessage
0x1401366e8 GetMessageA
0x1401366f0 ShowWindow
0x1401366f8 GetLastInputInfo
SHELL32.dll
0x1401366b8 SHGetSpecialFolderPathA
ADVAPI32.dll
0x140136000 SystemFunction036
0x140136008 GetUserNameW
0x140136010 CreateServiceW
0x140136018 QueryServiceStatus
0x140136020 CloseServiceHandle
0x140136028 OpenSCManagerW
0x140136030 QueryServiceConfigA
0x140136038 DeleteService
0x140136040 ControlService
0x140136048 StartServiceW
0x140136050 OpenServiceW
0x140136058 LookupPrivilegeValueW
0x140136060 AdjustTokenPrivileges
0x140136068 OpenProcessToken
0x140136070 LsaOpenPolicy
0x140136078 LsaAddAccountRights
0x140136080 LsaClose
0x140136088 GetTokenInformation
EAT(Export Address Table) is none