ScreenShot
| Created | 2021.09.20 10:19 | Machine | s1_win7_x6401 |
| Filename | VideoRecoderDriveMaster.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (malicious, high confidence, Mikey, Save, CoinMiner, RiskTool, Miner, MiscX, Generic ML PUA, Trickbot, Static AI, Malicious PE, AGEN, ai score=87, Wacapew, score, R266451, BitCoinMiner, susgen) | ||
| md5 | 89059c81d1e7400ddfb518e9c7fa026b | ||
| sha256 | afe8ce41cfe6aed40a92574505092c6068576d12e8269d7106b5dc895deb8be8 | ||
| ssdeep | 196608:fN9CcArjuqTq4Ka23sJKyILDU//yGd+BtHu3HR4IWg:fNVAIdWQvIX | ||
| imphash | f42e05ff18601340437f549aa0662876 | ||
| impfuzzy | 6:nEGc1GVooT8zwX9hu7VSN4XBPLRA9MNZvrLP6IIU60:EGqdomwm5k4jDc0 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | themida_packer | themida packer | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1407f3230 GetModuleHandleA
PSAPI.DLL
0x1407f3240 EnumProcessModules
CFGMGR32.dll
0x1407f3250 CM_Open_DevNode_Key
ADVAPI32.dll
0x1407f3260 RegisterEventSourceW
WS2_32.dll
0x1407f3270 getpeername
USER32.dll
0x1407f3280 GetProcessWindowStation
ole32.dll
0x1407f3290 StringFromGUID2
MSWSOCK.dll
0x1407f32a0 GetAcceptExSockaddrs
WINTRUST.dll
0x1407f32b0 CryptCATAdminCalcHashFromFileHandle
CRYPT32.dll
0x1407f32c0 CertEnumCertificatesInStore
EAT(Export Address Table) Library
0x14075ff38 NvOptimusEnablementCuda
kernel32.dll
0x1407f3230 GetModuleHandleA
PSAPI.DLL
0x1407f3240 EnumProcessModules
CFGMGR32.dll
0x1407f3250 CM_Open_DevNode_Key
ADVAPI32.dll
0x1407f3260 RegisterEventSourceW
WS2_32.dll
0x1407f3270 getpeername
USER32.dll
0x1407f3280 GetProcessWindowStation
ole32.dll
0x1407f3290 StringFromGUID2
MSWSOCK.dll
0x1407f32a0 GetAcceptExSockaddrs
WINTRUST.dll
0x1407f32b0 CryptCATAdminCalcHashFromFileHandle
CRYPT32.dll
0x1407f32c0 CertEnumCertificatesInStore
EAT(Export Address Table) Library
0x14075ff38 NvOptimusEnablementCuda