popup

Report - sold.exe

CoinMiner PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.10.14 18:00 Machine s1_win7_x6401
Filename sold.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
4
 Behavior Score
1.6
ZERO API file : malware
VT API (file) 41 detected (malicious, high confidence, score, Artemis, Unsafe, Donut, confidence, Eldorado, GenericKDZ, FileRepMalware, InjectNET, azqfo, kcloud, Sabsik, R444976, ai score=81, R002H09JB21)
md5 3c46298cfa8e5755a58aee34d65cb397
sha256 7c7a666762a9ddf937c9cec874b597523bc0dd2ca10624db4f1c72430462a60e
ssdeep 49152:BiweEMqhHu2nY4rN5P+hi/JHdxAUBhqNniDphm1/J:BXSqkIY4rN5mhsuUBcNIbmT
imphash 02549ff92b49cce693542fc9afb10102
impfuzzy 6:HMJqX0syYJxSBS0H5sD4sIWvXoFliPEcn:sJqGMY58E6PXn
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 41 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (3cnts)

Level Name Description Collection
danger CoinMiner_IN CoinMiner binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

msvcrt.dll
 0x5f396c malloc
 0x5f3974 memset
 0x5f397c _get_pgmptr
 0x5f3984 getenv
 0x5f398c sprintf
 0x5f3994 __argc
 0x5f399c __argv
 0x5f39a4 _environ
 0x5f39ac _XcptFilter
 0x5f39b4 __set_app_type
 0x5f39bc _controlfp
 0x5f39c4 __getmainargs
 0x5f39cc exit
kernel32.dll
 0x5f39dc Sleep
 0x5f39e4 CreateProcessA
 0x5f39ec SetUnhandledExceptionFilter

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure