ScreenShot
| Created | 2022.04.20 18:28 | Machine | s1_win7_x6401 |
| Filename | miner.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (Llac, tr9v, malicious, high confidence, GenericKD, Artemis, Unsafe, Coinminer, multiple detections, MALXMR, TIAOODFG, BtcMine, gkgmjq, Miner, Dzki, Malware@#3msdpzbn7ulkn, AGEN, Tool, Generic Reputation PUA, esqhh, ASMalwS, kcloud, BitCoinMiner, Misc, ai score=100, HackTool, MinerCfg, JSON, CLASSIC, YzY0OuaRwu11xB+z, GenAsa, htgRXaI3boM, Static AI, Malicious SFX, confidence, 100%) | ||
| md5 | 1d4810932ddefc16e8e43ce05736ebee | ||
| sha256 | c56afbc1f38f8ed551fc4dc24f70117cc70f357413990e19d6218dd53442dd63 | ||
| ssdeep | 196608:bIAKDUQeuqnccRVwZ91SbQFCWtLlLUsxrCAYFIvGA7jV9F:kDURpVwZaQFCWFlLUsxrClFjQ9F | ||
| imphash | 3274eb31a09f62e60543d12bd4fbf1e2 | ||
| impfuzzy | 96:dgq8N4+fc0X1pg5pIiOL5RaunHd+qWymNuKk7KD:hMFDiW1HdVWhNZhD | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Foreign language identified in PE resource |
| info | This executable has a PDB path |
Rules (14cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
COMCTL32.dll
0x42a028 InitCommonControlsEx
SHLWAPI.dll
0x42a27c SHAutoComplete
KERNEL32.dll
0x42a054 ReadFile
0x42a058 FlushFileBuffers
0x42a05c GetFileAttributesW
0x42a060 SetFileAttributesW
0x42a064 FindClose
0x42a068 FindNextFileW
0x42a06c FindFirstFileW
0x42a070 GetCurrentDirectoryW
0x42a074 GetFullPathNameW
0x42a078 GetModuleFileNameW
0x42a07c FindResourceW
0x42a080 GetModuleHandleW
0x42a084 FreeLibrary
0x42a088 GetProcAddress
0x42a08c LoadLibraryW
0x42a090 GetCurrentProcessId
0x42a094 GetLocaleInfoW
0x42a098 GetNumberFormatW
0x42a09c ExpandEnvironmentStringsW
0x42a0a0 WaitForSingleObject
0x42a0a4 GetDateFormatW
0x42a0a8 GetTimeFormatW
0x42a0ac FileTimeToSystemTime
0x42a0b0 FileTimeToLocalFileTime
0x42a0b4 GetExitCodeProcess
0x42a0b8 GetTempPathW
0x42a0bc MoveFileExW
0x42a0c0 Sleep
0x42a0c4 UnmapViewOfFile
0x42a0c8 MapViewOfFile
0x42a0cc GetCommandLineW
0x42a0d0 CreateFileMappingW
0x42a0d4 GetTickCount
0x42a0d8 SetEnvironmentVariableW
0x42a0dc OpenFileMappingW
0x42a0e0 InitializeCriticalSection
0x42a0e4 DeleteCriticalSection
0x42a0e8 EnterCriticalSection
0x42a0ec LeaveCriticalSection
0x42a0f0 CreateThread
0x42a0f4 GetProcessAffinityMask
0x42a0f8 ReleaseSemaphore
0x42a0fc ResetEvent
0x42a100 SetEvent
0x42a104 SetThreadPriority
0x42a108 CreateEventW
0x42a10c CreateSemaphoreW
0x42a110 SystemTimeToFileTime
0x42a114 GetSystemTime
0x42a118 SystemTimeToTzSpecificLocalTime
0x42a11c TzSpecificLocalTimeToSystemTime
0x42a120 WideCharToMultiByte
0x42a124 SetFileTime
0x42a128 GetFileType
0x42a12c IsDBCSLeadByte
0x42a130 GetCPInfo
0x42a134 GlobalAlloc
0x42a138 SetCurrentDirectoryW
0x42a13c WriteConsoleW
0x42a140 GetConsoleOutputCP
0x42a144 WriteConsoleA
0x42a148 SetStdHandle
0x42a14c GetLocaleInfoA
0x42a150 GetStringTypeW
0x42a154 GetStringTypeA
0x42a158 LoadLibraryA
0x42a15c GetConsoleMode
0x42a160 GetConsoleCP
0x42a164 InitializeCriticalSectionAndSpinCount
0x42a168 QueryPerformanceCounter
0x42a16c SetHandleCount
0x42a170 GetEnvironmentStringsW
0x42a174 FreeEnvironmentStringsW
0x42a178 GetEnvironmentStrings
0x42a17c FreeEnvironmentStringsA
0x42a180 GetModuleHandleA
0x42a184 LCMapStringW
0x42a188 LCMapStringA
0x42a18c IsValidCodePage
0x42a190 GetOEMCP
0x42a194 GetACP
0x42a198 GetModuleFileNameA
0x42a19c ExitProcess
0x42a1a0 HeapSize
0x42a1a4 IsDebuggerPresent
0x42a1a8 SetUnhandledExceptionFilter
0x42a1ac UnhandledExceptionFilter
0x42a1b0 TerminateProcess
0x42a1b4 VirtualAlloc
0x42a1b8 VirtualFree
0x42a1bc HeapCreate
0x42a1c0 InterlockedDecrement
0x42a1c4 GetCurrentThreadId
0x42a1c8 InterlockedIncrement
0x42a1cc TlsFree
0x42a1d0 TlsSetValue
0x42a1d4 TlsAlloc
0x42a1d8 TlsGetValue
0x42a1dc GetStartupInfoA
0x42a1e0 SetEndOfFile
0x42a1e4 SetFilePointer
0x42a1e8 WriteFile
0x42a1ec GetStdHandle
0x42a1f0 GetLongPathNameW
0x42a1f4 GetShortPathNameW
0x42a1f8 CompareStringW
0x42a1fc MoveFileW
0x42a200 CreateFileW
0x42a204 CreateDirectoryW
0x42a208 DeviceIoControl
0x42a20c RemoveDirectoryW
0x42a210 DeleteFileW
0x42a214 CreateHardLinkW
0x42a218 GetCurrentProcess
0x42a21c CloseHandle
0x42a220 SetLastError
0x42a224 GetLastError
0x42a228 CreateFileA
0x42a22c MultiByteToWideChar
0x42a230 GetCommandLineA
0x42a234 RaiseException
0x42a238 GetSystemTimeAsFileTime
0x42a23c HeapAlloc
0x42a240 HeapReAlloc
0x42a244 HeapFree
0x42a248 RtlUnwind
USER32.dll
0x42a284 EnableWindow
0x42a288 GetDlgItem
0x42a28c ShowWindow
0x42a290 SetWindowLongW
0x42a294 FindWindowExW
0x42a298 GetParent
0x42a29c MapWindowPoints
0x42a2a0 CreateWindowExW
0x42a2a4 UpdateWindow
0x42a2a8 LoadCursorW
0x42a2ac RegisterClassExW
0x42a2b0 DefWindowProcW
0x42a2b4 DestroyWindow
0x42a2b8 CopyRect
0x42a2bc IsWindow
0x42a2c0 OemToCharBuffA
0x42a2c4 LoadIconW
0x42a2c8 LoadBitmapW
0x42a2cc PostMessageW
0x42a2d0 SetForegroundWindow
0x42a2d4 MessageBoxW
0x42a2d8 WaitForInputIdle
0x42a2dc IsWindowVisible
0x42a2e0 DialogBoxParamW
0x42a2e4 DestroyIcon
0x42a2e8 SetFocus
0x42a2ec GetClassNameW
0x42a2f0 SendDlgItemMessageW
0x42a2f4 EndDialog
0x42a2f8 GetDlgItemTextW
0x42a2fc SetDlgItemTextW
0x42a300 wvsprintfW
0x42a304 SendMessageW
0x42a308 GetDC
0x42a30c ReleaseDC
0x42a310 PeekMessageW
0x42a314 GetMessageW
0x42a318 TranslateMessage
0x42a31c DispatchMessageW
0x42a320 LoadStringW
0x42a324 GetWindowRect
0x42a328 GetClientRect
0x42a32c SetWindowPos
0x42a330 GetWindowTextW
0x42a334 SetWindowTextW
0x42a338 GetSystemMetrics
0x42a33c GetWindow
0x42a340 GetWindowLongW
0x42a344 GetSysColor
GDI32.dll
0x42a040 GetObjectW
0x42a044 DeleteObject
0x42a048 GetDeviceCaps
0x42a04c CreateDIBSection
COMDLG32.dll
0x42a030 GetSaveFileNameW
0x42a034 CommDlgExtendedError
0x42a038 GetOpenFileNameW
ADVAPI32.dll
0x42a000 RegOpenKeyExW
0x42a004 RegQueryValueExW
0x42a008 RegCreateKeyExW
0x42a00c RegSetValueExW
0x42a010 RegCloseKey
0x42a014 SetFileSecurityW
0x42a018 OpenProcessToken
0x42a01c LookupPrivilegeValueW
0x42a020 AdjustTokenPrivileges
SHELL32.dll
0x42a258 SHGetMalloc
0x42a25c SHGetSpecialFolderLocation
0x42a260 SHGetFileInfoW
0x42a264 ShellExecuteExW
0x42a268 SHChangeNotify
0x42a26c SHFileOperationW
0x42a270 SHBrowseForFolderW
0x42a274 SHGetPathFromIDListW
ole32.dll
0x42a34c CLSIDFromString
0x42a350 CoCreateInstance
0x42a354 OleInitialize
0x42a358 OleUninitialize
0x42a35c CreateStreamOnHGlobal
OLEAUT32.dll
0x42a250 VariantInit
EAT(Export Address Table) Library
COMCTL32.dll
0x42a028 InitCommonControlsEx
SHLWAPI.dll
0x42a27c SHAutoComplete
KERNEL32.dll
0x42a054 ReadFile
0x42a058 FlushFileBuffers
0x42a05c GetFileAttributesW
0x42a060 SetFileAttributesW
0x42a064 FindClose
0x42a068 FindNextFileW
0x42a06c FindFirstFileW
0x42a070 GetCurrentDirectoryW
0x42a074 GetFullPathNameW
0x42a078 GetModuleFileNameW
0x42a07c FindResourceW
0x42a080 GetModuleHandleW
0x42a084 FreeLibrary
0x42a088 GetProcAddress
0x42a08c LoadLibraryW
0x42a090 GetCurrentProcessId
0x42a094 GetLocaleInfoW
0x42a098 GetNumberFormatW
0x42a09c ExpandEnvironmentStringsW
0x42a0a0 WaitForSingleObject
0x42a0a4 GetDateFormatW
0x42a0a8 GetTimeFormatW
0x42a0ac FileTimeToSystemTime
0x42a0b0 FileTimeToLocalFileTime
0x42a0b4 GetExitCodeProcess
0x42a0b8 GetTempPathW
0x42a0bc MoveFileExW
0x42a0c0 Sleep
0x42a0c4 UnmapViewOfFile
0x42a0c8 MapViewOfFile
0x42a0cc GetCommandLineW
0x42a0d0 CreateFileMappingW
0x42a0d4 GetTickCount
0x42a0d8 SetEnvironmentVariableW
0x42a0dc OpenFileMappingW
0x42a0e0 InitializeCriticalSection
0x42a0e4 DeleteCriticalSection
0x42a0e8 EnterCriticalSection
0x42a0ec LeaveCriticalSection
0x42a0f0 CreateThread
0x42a0f4 GetProcessAffinityMask
0x42a0f8 ReleaseSemaphore
0x42a0fc ResetEvent
0x42a100 SetEvent
0x42a104 SetThreadPriority
0x42a108 CreateEventW
0x42a10c CreateSemaphoreW
0x42a110 SystemTimeToFileTime
0x42a114 GetSystemTime
0x42a118 SystemTimeToTzSpecificLocalTime
0x42a11c TzSpecificLocalTimeToSystemTime
0x42a120 WideCharToMultiByte
0x42a124 SetFileTime
0x42a128 GetFileType
0x42a12c IsDBCSLeadByte
0x42a130 GetCPInfo
0x42a134 GlobalAlloc
0x42a138 SetCurrentDirectoryW
0x42a13c WriteConsoleW
0x42a140 GetConsoleOutputCP
0x42a144 WriteConsoleA
0x42a148 SetStdHandle
0x42a14c GetLocaleInfoA
0x42a150 GetStringTypeW
0x42a154 GetStringTypeA
0x42a158 LoadLibraryA
0x42a15c GetConsoleMode
0x42a160 GetConsoleCP
0x42a164 InitializeCriticalSectionAndSpinCount
0x42a168 QueryPerformanceCounter
0x42a16c SetHandleCount
0x42a170 GetEnvironmentStringsW
0x42a174 FreeEnvironmentStringsW
0x42a178 GetEnvironmentStrings
0x42a17c FreeEnvironmentStringsA
0x42a180 GetModuleHandleA
0x42a184 LCMapStringW
0x42a188 LCMapStringA
0x42a18c IsValidCodePage
0x42a190 GetOEMCP
0x42a194 GetACP
0x42a198 GetModuleFileNameA
0x42a19c ExitProcess
0x42a1a0 HeapSize
0x42a1a4 IsDebuggerPresent
0x42a1a8 SetUnhandledExceptionFilter
0x42a1ac UnhandledExceptionFilter
0x42a1b0 TerminateProcess
0x42a1b4 VirtualAlloc
0x42a1b8 VirtualFree
0x42a1bc HeapCreate
0x42a1c0 InterlockedDecrement
0x42a1c4 GetCurrentThreadId
0x42a1c8 InterlockedIncrement
0x42a1cc TlsFree
0x42a1d0 TlsSetValue
0x42a1d4 TlsAlloc
0x42a1d8 TlsGetValue
0x42a1dc GetStartupInfoA
0x42a1e0 SetEndOfFile
0x42a1e4 SetFilePointer
0x42a1e8 WriteFile
0x42a1ec GetStdHandle
0x42a1f0 GetLongPathNameW
0x42a1f4 GetShortPathNameW
0x42a1f8 CompareStringW
0x42a1fc MoveFileW
0x42a200 CreateFileW
0x42a204 CreateDirectoryW
0x42a208 DeviceIoControl
0x42a20c RemoveDirectoryW
0x42a210 DeleteFileW
0x42a214 CreateHardLinkW
0x42a218 GetCurrentProcess
0x42a21c CloseHandle
0x42a220 SetLastError
0x42a224 GetLastError
0x42a228 CreateFileA
0x42a22c MultiByteToWideChar
0x42a230 GetCommandLineA
0x42a234 RaiseException
0x42a238 GetSystemTimeAsFileTime
0x42a23c HeapAlloc
0x42a240 HeapReAlloc
0x42a244 HeapFree
0x42a248 RtlUnwind
USER32.dll
0x42a284 EnableWindow
0x42a288 GetDlgItem
0x42a28c ShowWindow
0x42a290 SetWindowLongW
0x42a294 FindWindowExW
0x42a298 GetParent
0x42a29c MapWindowPoints
0x42a2a0 CreateWindowExW
0x42a2a4 UpdateWindow
0x42a2a8 LoadCursorW
0x42a2ac RegisterClassExW
0x42a2b0 DefWindowProcW
0x42a2b4 DestroyWindow
0x42a2b8 CopyRect
0x42a2bc IsWindow
0x42a2c0 OemToCharBuffA
0x42a2c4 LoadIconW
0x42a2c8 LoadBitmapW
0x42a2cc PostMessageW
0x42a2d0 SetForegroundWindow
0x42a2d4 MessageBoxW
0x42a2d8 WaitForInputIdle
0x42a2dc IsWindowVisible
0x42a2e0 DialogBoxParamW
0x42a2e4 DestroyIcon
0x42a2e8 SetFocus
0x42a2ec GetClassNameW
0x42a2f0 SendDlgItemMessageW
0x42a2f4 EndDialog
0x42a2f8 GetDlgItemTextW
0x42a2fc SetDlgItemTextW
0x42a300 wvsprintfW
0x42a304 SendMessageW
0x42a308 GetDC
0x42a30c ReleaseDC
0x42a310 PeekMessageW
0x42a314 GetMessageW
0x42a318 TranslateMessage
0x42a31c DispatchMessageW
0x42a320 LoadStringW
0x42a324 GetWindowRect
0x42a328 GetClientRect
0x42a32c SetWindowPos
0x42a330 GetWindowTextW
0x42a334 SetWindowTextW
0x42a338 GetSystemMetrics
0x42a33c GetWindow
0x42a340 GetWindowLongW
0x42a344 GetSysColor
GDI32.dll
0x42a040 GetObjectW
0x42a044 DeleteObject
0x42a048 GetDeviceCaps
0x42a04c CreateDIBSection
COMDLG32.dll
0x42a030 GetSaveFileNameW
0x42a034 CommDlgExtendedError
0x42a038 GetOpenFileNameW
ADVAPI32.dll
0x42a000 RegOpenKeyExW
0x42a004 RegQueryValueExW
0x42a008 RegCreateKeyExW
0x42a00c RegSetValueExW
0x42a010 RegCloseKey
0x42a014 SetFileSecurityW
0x42a018 OpenProcessToken
0x42a01c LookupPrivilegeValueW
0x42a020 AdjustTokenPrivileges
SHELL32.dll
0x42a258 SHGetMalloc
0x42a25c SHGetSpecialFolderLocation
0x42a260 SHGetFileInfoW
0x42a264 ShellExecuteExW
0x42a268 SHChangeNotify
0x42a26c SHFileOperationW
0x42a270 SHBrowseForFolderW
0x42a274 SHGetPathFromIDListW
ole32.dll
0x42a34c CLSIDFromString
0x42a350 CoCreateInstance
0x42a354 OleInitialize
0x42a358 OleUninitialize
0x42a35c CreateStreamOnHGlobal
OLEAUT32.dll
0x42a250 VariantInit
EAT(Export Address Table) Library