popup

Report - mine2.exe

Confuser .NET PE File PE64
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2022.05.19 11:12 Machine s1_win7_x6401
Filename mine2.exe
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
AI Score
4
 Behavior Score
4.4
ZERO API file : clean
VT API (file) 28 detected (malicious, moderate confidence, score, Artemis, Unsafe, Save, GenKryptik, FSPN, R002H0DEI22, FileRepMalware, Misc, Pijt, Generic ML PUA, Outbreak, kcloud, Phonzy, Static AI, Malicious PE, susgen, confidence)
md5 be75e9e51767b5a59536afbbf9ffafbc
sha256 30a4788b9d7eb3c50403737f4af3882b79ba75b8201d53aefb359336f5763745
ssdeep 12288:MbewlQtfYJM9j+lVfZ+GsZEw2dkjH/+4x8g8+OK8sMcUHywVbRKfwLvFB:MbewefYJSqlnaaD4mci+OKDUHyulDf
imphash
impfuzzy 3::
  Network IP location

Signature (11cnts)

Level Description
warning File has been identified by 28 AntiVirus engines on VirusTotal as malicious
watch A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations.
watch Communicates with host for which no DNS query was performed
notice A process attempted to delay the analysis task.
notice Allocates read-write-execute memory (usually to unpack itself)
notice Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Collects information to fingerprint the system (MachineGuid
info Queries for the computername

Rules (3cnts)

Level Name Description Collection
watch ConfuserEx_Zero Confuser .NET binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
172.67.188.70
whois
US CLOUDFLARENET 172.67.188.70 clean

Suricata ids

PE API

IAT(Import Address Table) is none

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure