popup

Report - Emit64.exe

Malicious Library PE File PE64
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2022.12.10 15:07 Machine s1_win7_x6401
Filename Emit64.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
3
 Behavior Score
1.6
ZERO API file : malware
VT API (file) 31 detected (GenericKD, V1rl, malicious, Attribute, HighConfidence, high confidence, score, high, Coinminer, XPLRXX, ai score=83, Gozi, Wacatac, Detected, Artemis, Static AI, Suspicious PE, susgen, PossibleThreat, PALLAS, confidence)
md5 7a5155b804e592d83f8319cbdb27e164
sha256 5eb7b2fd13264f066b10946539eff6be750647de246cf791e57ca4c17b0b9c31
ssdeep 196608:Y6khIBSOhjcHmRfm+kXHqxafG8Sc+5jECye/4MqG2naCGI/:Y6khXw8yf9kXEaOG+4Cf4MqG2najI
imphash 5d92ae5c85df45b698eb8cb62ab35a7e
impfuzzy 6:/rGBgkMGiQjXA8VyH/JLGMZ/OiBJAEnERGDW:yvMHIw8sZGMZGqAJcDW
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 31 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x140767000 CreateSemaphoreW
msvcrt.dll
 0x140767010 __C_specific_handler
KERNEL32.dll
 0x140767020 GetSystemTimeAsFileTime
USER32.dll
 0x140767030 CharUpperBuffW
KERNEL32.dll
 0x140767040 LocalAlloc
 0x140767048 LocalFree
 0x140767050 GetModuleFileNameW
 0x140767058 ExitProcess
 0x140767060 LoadLibraryA
 0x140767068 GetModuleHandleA
 0x140767070 GetProcAddress

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure