Report - mine.exe

Generic Malware Themida Packer UPX PE64 OS Processor Check PE File

ScreenShot

Info
Location map


Created	2021.08.11 17:53	Machine	s1_win7_x6402
Filename	mine.exe
Type	PE32+ executable (GUI) x86-64, for MS Windows
AI Score	5	Behavior Score	3.4
ZERO API	file : malware
VT API (file)	34 detected (Hacktool, BypassUAC, GenericKD, Unsafe, malicious, GenCBL, abxx, DangerousSig, UMal, kaelz@0, MulDrop18, Artemis, susgen, kcloud, Sabsik, Kryptik, R436355, ai score=88, Behavior, confidence)
md5	cba619ceefd476c9cc3f35b5263e6276
sha256	69e7a10168bf96ba60f06987affd48857cd9cda1a518509f435b8b43110feacf
ssdeep	98304:DJIhjzhUmi32EM/H6ygOsEL2QwHFHB2ajjMtW2U2M:DJI5hOG/3gOSjHrjjjMtMz
imphash	a56f115ee5ef2625bd949acaeec66b76
impfuzzy	3:sUx2AEn:nEn

Network IP location

Signature (7cnts)

Level	Description
danger	File has been identified by 34 AntiVirus engines on VirusTotal as malicious
watch	DEP was bypassed by marking part of the stack executable by the process mine.exe
watch	Tries to unhook Windows functions monitored by Cuckoo
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (6cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
warning	themida_packer	themida packer	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	OS_Processor_Check_Zero	OS Processor Check	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x1400bc048 GetModuleHandleA

EAT(Export Address Table) is none

Similarity measure (PE file only) - Checking for service failure