ScreenShot
| Created | 2023.03.09 17:42 | Machine | s1_win7_x6403 |
| Filename | LEMMIN.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 31 detected (Tedy, malicious, confidence, Eldorado, Attribute, HighConfidence, high confidence, Kryptik, score, Trojanx, Miner, lfoz, AGEN, CoinMiner, Detected, ai score=80, mJL08voCrEL, susgen, AGENMM) | ||
| md5 | 38aad33a1f0f90c4294abab2a85221eb | ||
| sha256 | 1a72fe969226e84373bd29a8caefc5e46478f550662f2d55c889ffc0a580b491 | ||
| ssdeep | 98304:hXRMxYUKJxO28EJuhT8VArZfrYUyYOep+KM7:wYUK/O2k3VfZxOep+Kk | ||
| imphash | c24ea937b2b0d62e829e8a8faeff5a8d | ||
| impfuzzy | 24:Dfjz+kQYJd1j9Mblif5XGTqqXZPFkomtcqcxvZJF:DfH+kXHslEJGTqqJdk1uqcxLF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14038e254 CreateSemaphoreW
0x14038e25c DeleteCriticalSection
0x14038e264 EnterCriticalSection
0x14038e26c GetLastError
0x14038e274 GetModuleFileNameW
0x14038e27c GetStartupInfoW
0x14038e284 InitializeCriticalSection
0x14038e28c IsDBCSLeadByteEx
0x14038e294 LeaveCriticalSection
0x14038e29c MultiByteToWideChar
0x14038e2a4 ReleaseSemaphore
0x14038e2ac SetLastError
0x14038e2b4 SetUnhandledExceptionFilter
0x14038e2bc Sleep
0x14038e2c4 TlsAlloc
0x14038e2cc TlsFree
0x14038e2d4 TlsGetValue
0x14038e2dc TlsSetValue
0x14038e2e4 VirtualProtect
0x14038e2ec VirtualQuery
0x14038e2f4 WaitForSingleObject
msvcrt.dll
0x14038e304 __C_specific_handler
0x14038e30c ___lc_codepage_func
0x14038e314 ___mb_cur_max_func
0x14038e31c __iob_func
0x14038e324 __set_app_type
0x14038e32c __setusermatherr
0x14038e334 __wgetmainargs
0x14038e33c __winitenv
0x14038e344 _amsg_exit
0x14038e34c _assert
0x14038e354 _cexit
0x14038e35c _commode
0x14038e364 _errno
0x14038e36c _fmode
0x14038e374 _initterm
0x14038e37c _onexit
0x14038e384 _wcmdln
0x14038e38c _wcsicmp
0x14038e394 _wgetenv
0x14038e39c abort
0x14038e3a4 calloc
0x14038e3ac exit
0x14038e3b4 fprintf
0x14038e3bc fputwc
0x14038e3c4 free
0x14038e3cc fwprintf
0x14038e3d4 fwrite
0x14038e3dc localeconv
0x14038e3e4 malloc
0x14038e3ec memcpy
0x14038e3f4 memset
0x14038e3fc realloc
0x14038e404 signal
0x14038e40c strcat
0x14038e414 strerror
0x14038e41c strlen
0x14038e424 strncmp
0x14038e42c strstr
0x14038e434 vfprintf
0x14038e43c wcscat
0x14038e444 wcscpy
0x14038e44c wcslen
0x14038e454 wcsncmp
0x14038e45c wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x14038e254 CreateSemaphoreW
0x14038e25c DeleteCriticalSection
0x14038e264 EnterCriticalSection
0x14038e26c GetLastError
0x14038e274 GetModuleFileNameW
0x14038e27c GetStartupInfoW
0x14038e284 InitializeCriticalSection
0x14038e28c IsDBCSLeadByteEx
0x14038e294 LeaveCriticalSection
0x14038e29c MultiByteToWideChar
0x14038e2a4 ReleaseSemaphore
0x14038e2ac SetLastError
0x14038e2b4 SetUnhandledExceptionFilter
0x14038e2bc Sleep
0x14038e2c4 TlsAlloc
0x14038e2cc TlsFree
0x14038e2d4 TlsGetValue
0x14038e2dc TlsSetValue
0x14038e2e4 VirtualProtect
0x14038e2ec VirtualQuery
0x14038e2f4 WaitForSingleObject
msvcrt.dll
0x14038e304 __C_specific_handler
0x14038e30c ___lc_codepage_func
0x14038e314 ___mb_cur_max_func
0x14038e31c __iob_func
0x14038e324 __set_app_type
0x14038e32c __setusermatherr
0x14038e334 __wgetmainargs
0x14038e33c __winitenv
0x14038e344 _amsg_exit
0x14038e34c _assert
0x14038e354 _cexit
0x14038e35c _commode
0x14038e364 _errno
0x14038e36c _fmode
0x14038e374 _initterm
0x14038e37c _onexit
0x14038e384 _wcmdln
0x14038e38c _wcsicmp
0x14038e394 _wgetenv
0x14038e39c abort
0x14038e3a4 calloc
0x14038e3ac exit
0x14038e3b4 fprintf
0x14038e3bc fputwc
0x14038e3c4 free
0x14038e3cc fwprintf
0x14038e3d4 fwrite
0x14038e3dc localeconv
0x14038e3e4 malloc
0x14038e3ec memcpy
0x14038e3f4 memset
0x14038e3fc realloc
0x14038e404 signal
0x14038e40c strcat
0x14038e414 strerror
0x14038e41c strlen
0x14038e424 strncmp
0x14038e42c strstr
0x14038e434 vfprintf
0x14038e43c wcscat
0x14038e444 wcscpy
0x14038e44c wcslen
0x14038e454 wcsncmp
0x14038e45c wcsstr
EAT(Export Address Table) is none