ScreenShot
| Created | 2021.10.15 18:06 | Machine | s1_win7_x6403_us |
| Filename | 6666.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 21 detected (GenericKD, Save, Eldorado, Malicious, Donut, FileRepMalware, Ramnit, Coinminer, E0LE8Y, Sabsik, score, Artemis, ai score=87, Static AI, Suspicious PE, Unsafe, Behavior, susgen) | ||
| md5 | f95a35e8c3f3f57b3f347bd6c8180bee | ||
| sha256 | 369b61bc5522ec08fe546958192325de94d7f70d4f8c2cee16ec62be03bc54ca | ||
| ssdeep | 98304:O/0W35kaNtSgmTCNK0pjI5mEL7GDDfPuuGqrrb+OWOkisXb2Da/dqcx2vCNM/:O8SVNtc0KE0oCGfnuI5Kixy26NM | ||
| imphash | 929562f2e79c9b7ae727e708b0a946bb | ||
| impfuzzy | 12:sJqGMY58E6PXJfZGoQtXJxZGb9AJcDfA5kLfP9m:oqGJ54VQtXJHc9NDI5Q8 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | NPKI_Zero | File included NPKI | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0xb4b000 malloc
0xb4b008 memset
0xb4b010 _get_pgmptr
0xb4b018 getenv
0xb4b020 sprintf
0xb4b028 __argc
0xb4b030 __argv
0xb4b038 _environ
0xb4b040 _XcptFilter
0xb4b048 __set_app_type
0xb4b050 _controlfp
0xb4b058 __getmainargs
0xb4b060 exit
kernel32.dll
0xb4b070 Sleep
0xb4b078 CreateProcessA
0xb4b080 SetUnhandledExceptionFilter
kernel32.dll
0xb4b090 LocalAlloc
0xb4b098 LocalFree
0xb4b0a0 GetModuleFileNameW
0xb4b0a8 GetProcessAffinityMask
0xb4b0b0 SetProcessAffinityMask
0xb4b0b8 SetThreadAffinityMask
0xb4b0c0 Sleep
0xb4b0c8 ExitProcess
0xb4b0d0 FreeLibrary
0xb4b0d8 LoadLibraryA
0xb4b0e0 GetModuleHandleA
0xb4b0e8 GetProcAddress
USER32.dll
0xb4b0f8 GetProcessWindowStation
0xb4b100 GetUserObjectInformationW
EAT(Export Address Table) is none
msvcrt.dll
0xb4b000 malloc
0xb4b008 memset
0xb4b010 _get_pgmptr
0xb4b018 getenv
0xb4b020 sprintf
0xb4b028 __argc
0xb4b030 __argv
0xb4b038 _environ
0xb4b040 _XcptFilter
0xb4b048 __set_app_type
0xb4b050 _controlfp
0xb4b058 __getmainargs
0xb4b060 exit
kernel32.dll
0xb4b070 Sleep
0xb4b078 CreateProcessA
0xb4b080 SetUnhandledExceptionFilter
kernel32.dll
0xb4b090 LocalAlloc
0xb4b098 LocalFree
0xb4b0a0 GetModuleFileNameW
0xb4b0a8 GetProcessAffinityMask
0xb4b0b0 SetProcessAffinityMask
0xb4b0b8 SetThreadAffinityMask
0xb4b0c0 Sleep
0xb4b0c8 ExitProcess
0xb4b0d0 FreeLibrary
0xb4b0d8 LoadLibraryA
0xb4b0e0 GetModuleHandleA
0xb4b0e8 GetProcAddress
USER32.dll
0xb4b0f8 GetProcessWindowStation
0xb4b100 GetUserObjectInformationW
EAT(Export Address Table) is none