Report - Updater.exe

PE64 PE File
ScreenShot
Created 2023.04.10 09:10 Machine s1_win7_x6403
Filename Updater.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
1
Behavior Score
1.6
ZERO API file : malware
VT API (file) 51 detected (malicious, high confidence, score, Artemis, Kryptik, Vrp3, GenKryptik, Genus, ABRisk, EBYR, Attribute, HighConfidence, GIIA, xavnes, Hosts, jvisvl, FalseSign, Eflw, Nekark, wjaad, R002C0DD623, Generic Reputation PUA, Malware@#38zvo226ygp71, Xmrig, Detected, ai score=79, unsafe, Chgt, tSjl4DNY5BP, susgen)
md5 6fa2a8de3fc30b9c80d12c2ac4ad2e3f
sha256 a2c59381ca2fdba45f345eec78681fc417271e2f3fb65ff9ec06998d90abc9fd
ssdeep 196608:RHkauZatU8wbxg2e/ZPIq3QkZRgj2wpAY7E6XZufNrM1W:RHcsw22eRI2QkjgjLlErH
imphash d3be2dc19ba54f7225d7679c3f791cf7
impfuzzy 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/GbtcqcJvZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcJLF
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 51 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (2cnts)

Level Name Description Collection
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (4cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
pastebin.com US CLOUDFLARENET 104.20.68.143 mailcious
xmr.2miners.com Unknown 162.19.139.184 mailcious
162.19.139.184 Unknown 162.19.139.184 clean
172.67.34.170 US CLOUDFLARENET 172.67.34.170 mailcious

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x1409d029c CloseHandle
 0x1409d02a4 CreateSemaphoreW
 0x1409d02ac DeleteCriticalSection
 0x1409d02b4 EnterCriticalSection
 0x1409d02bc GetCurrentThreadId
 0x1409d02c4 GetLastError
 0x1409d02cc GetStartupInfoA
 0x1409d02d4 InitializeCriticalSection
 0x1409d02dc IsDBCSLeadByteEx
 0x1409d02e4 LeaveCriticalSection
 0x1409d02ec MultiByteToWideChar
 0x1409d02f4 RaiseException
 0x1409d02fc ReleaseSemaphore
 0x1409d0304 RtlCaptureContext
 0x1409d030c RtlLookupFunctionEntry
 0x1409d0314 RtlUnwindEx
 0x1409d031c RtlVirtualUnwind
 0x1409d0324 SetLastError
 0x1409d032c SetUnhandledExceptionFilter
 0x1409d0334 Sleep
 0x1409d033c TlsAlloc
 0x1409d0344 TlsFree
 0x1409d034c TlsGetValue
 0x1409d0354 TlsSetValue
 0x1409d035c VirtualProtect
 0x1409d0364 VirtualQuery
 0x1409d036c WaitForSingleObject
 0x1409d0374 WideCharToMultiByte
msvcrt.dll
 0x1409d0384 __C_specific_handler
 0x1409d038c ___lc_codepage_func
 0x1409d0394 ___mb_cur_max_func
 0x1409d039c __getmainargs
 0x1409d03a4 __initenv
 0x1409d03ac __iob_func
 0x1409d03b4 __set_app_type
 0x1409d03bc __setusermatherr
 0x1409d03c4 _acmdln
 0x1409d03cc _amsg_exit
 0x1409d03d4 _cexit
 0x1409d03dc _commode
 0x1409d03e4 _errno
 0x1409d03ec _fmode
 0x1409d03f4 _initterm
 0x1409d03fc _onexit
 0x1409d0404 _wcsicmp
 0x1409d040c _wcsnicmp
 0x1409d0414 abort
 0x1409d041c calloc
 0x1409d0424 exit
 0x1409d042c fprintf
 0x1409d0434 fputc
 0x1409d043c fputs
 0x1409d0444 fputwc
 0x1409d044c free
 0x1409d0454 fwprintf
 0x1409d045c fwrite
 0x1409d0464 localeconv
 0x1409d046c malloc
 0x1409d0474 memcpy
 0x1409d047c memset
 0x1409d0484 realloc
 0x1409d048c signal
 0x1409d0494 strcat
 0x1409d049c strcmp
 0x1409d04a4 strerror
 0x1409d04ac strlen
 0x1409d04b4 strncmp
 0x1409d04bc strstr
 0x1409d04c4 vfprintf
 0x1409d04cc wcscat
 0x1409d04d4 wcscpy
 0x1409d04dc wcslen
 0x1409d04e4 wcsncmp
 0x1409d04ec wcsstr

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure