ScreenShot
| Created | 2021.10.14 17:24 | Machine | s1_win7_x6402 |
| Filename | 6666.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (Donut, malicious, high confidence, InjectNET, GenericKD, Unsafe, Save, confidence, FileRepMalware, Static AI, Suspicious PE, ai score=81, Wacapew, Coinminer, XAWQC7, score, Artemis, Egei, PossibleThreat) | ||
| md5 | f8d8071d3e0163eb4e816ec49d0b2e8e | ||
| sha256 | 40387bebfe97eea9c90425caf5519019dfc0e7425bb238246ec9f7bb5d621293 | ||
| ssdeep | 98304:OLNK0pjI5mEL7GDDfPuuGqrrb+mQHNRbueqhweM2KHa/fbtXv:ORKE0oCGfnuIvINsBhtdX9v | ||
| imphash | eee7e8ea7851d0d9fb30f40a1b0d6c51 | ||
| impfuzzy | 6:HMJMH/JLGDgJLgJtXIKFJQQZ/OIA+m1BJAEnERGDfA7VSNLAcPh/MKm:sJ8ZGoQtXJxZGb9AJcDfA5kLfP9m | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | NPKI_Zero | File included NPKI | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0xb5a000 malloc
kernel32.dll
0xb5a010 Sleep
kernel32.dll
0xb5a020 LocalAlloc
0xb5a028 LocalFree
0xb5a030 GetModuleFileNameW
0xb5a038 GetProcessAffinityMask
0xb5a040 SetProcessAffinityMask
0xb5a048 SetThreadAffinityMask
0xb5a050 Sleep
0xb5a058 ExitProcess
0xb5a060 FreeLibrary
0xb5a068 LoadLibraryA
0xb5a070 GetModuleHandleA
0xb5a078 GetProcAddress
USER32.dll
0xb5a088 GetProcessWindowStation
0xb5a090 GetUserObjectInformationW
EAT(Export Address Table) is none
msvcrt.dll
0xb5a000 malloc
kernel32.dll
0xb5a010 Sleep
kernel32.dll
0xb5a020 LocalAlloc
0xb5a028 LocalFree
0xb5a030 GetModuleFileNameW
0xb5a038 GetProcessAffinityMask
0xb5a040 SetProcessAffinityMask
0xb5a048 SetThreadAffinityMask
0xb5a050 Sleep
0xb5a058 ExitProcess
0xb5a060 FreeLibrary
0xb5a068 LoadLibraryA
0xb5a070 GetModuleHandleA
0xb5a078 GetProcAddress
USER32.dll
0xb5a088 GetProcessWindowStation
0xb5a090 GetUserObjectInformationW
EAT(Export Address Table) is none