ScreenShot
| Created | 2023.04.26 18:08 | Machine | s1_win7_x6401 |
| Filename | nxmr.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (Miner, Tedy, Artemis, Kryptik, Vthc, malicious, confidence, 100%, ABRisk, GBRM, Attribute, HighConfidence, high confidence, GenKryptik, GIIA, score, lgdo, Imnw, AGEN, Inject4, Sabsik, Xmrig, Detected, R571995, ai score=86, unsafe, Chgt, R002H0CDM23, DisguisedXMRigMiner, YhzrPCllRHI, Krypt) | ||
| md5 | 41ab08c1955fce44bfd0c76a64d1945a | ||
| sha256 | dd12cb27b3867341bf6ca48715756500d3ec56c19b21bb1c1290806aa74cb493 | ||
| ssdeep | 98304:vavlQIN33nVKboT7MAwtCUxDwoQtKjnX6Og6X2XcNlfYWzdgIT3:vIlQIN33nVKboT7MAwtCYzQQjn46yQls | ||
| imphash | f7505c167603909b7180406402fef19e | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/Gbtcqc6ZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcoF | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14057128c CloseHandle
0x140571294 CreateSemaphoreW
0x14057129c DeleteCriticalSection
0x1405712a4 EnterCriticalSection
0x1405712ac GetCurrentThreadId
0x1405712b4 GetLastError
0x1405712bc GetStartupInfoA
0x1405712c4 InitializeCriticalSection
0x1405712cc IsDBCSLeadByteEx
0x1405712d4 LeaveCriticalSection
0x1405712dc MultiByteToWideChar
0x1405712e4 RaiseException
0x1405712ec ReleaseSemaphore
0x1405712f4 RtlCaptureContext
0x1405712fc RtlLookupFunctionEntry
0x140571304 RtlUnwindEx
0x14057130c RtlVirtualUnwind
0x140571314 SetLastError
0x14057131c SetUnhandledExceptionFilter
0x140571324 Sleep
0x14057132c TlsAlloc
0x140571334 TlsFree
0x14057133c TlsGetValue
0x140571344 TlsSetValue
0x14057134c VirtualProtect
0x140571354 VirtualQuery
0x14057135c WaitForSingleObject
0x140571364 WideCharToMultiByte
msvcrt.dll
0x140571374 __C_specific_handler
0x14057137c ___lc_codepage_func
0x140571384 ___mb_cur_max_func
0x14057138c __getmainargs
0x140571394 __initenv
0x14057139c __iob_func
0x1405713a4 __set_app_type
0x1405713ac __setusermatherr
0x1405713b4 _acmdln
0x1405713bc _amsg_exit
0x1405713c4 _cexit
0x1405713cc _commode
0x1405713d4 _errno
0x1405713dc _fmode
0x1405713e4 _initterm
0x1405713ec _onexit
0x1405713f4 _wcsicmp
0x1405713fc _wcsnicmp
0x140571404 abort
0x14057140c calloc
0x140571414 exit
0x14057141c fprintf
0x140571424 fputc
0x14057142c fputs
0x140571434 fputwc
0x14057143c free
0x140571444 fwprintf
0x14057144c fwrite
0x140571454 localeconv
0x14057145c malloc
0x140571464 memcpy
0x14057146c memset
0x140571474 realloc
0x14057147c signal
0x140571484 strcmp
0x14057148c strerror
0x140571494 strlen
0x14057149c strncmp
0x1405714a4 vfprintf
0x1405714ac wcscat
0x1405714b4 wcscpy
0x1405714bc wcslen
0x1405714c4 wcsncmp
0x1405714cc wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x14057128c CloseHandle
0x140571294 CreateSemaphoreW
0x14057129c DeleteCriticalSection
0x1405712a4 EnterCriticalSection
0x1405712ac GetCurrentThreadId
0x1405712b4 GetLastError
0x1405712bc GetStartupInfoA
0x1405712c4 InitializeCriticalSection
0x1405712cc IsDBCSLeadByteEx
0x1405712d4 LeaveCriticalSection
0x1405712dc MultiByteToWideChar
0x1405712e4 RaiseException
0x1405712ec ReleaseSemaphore
0x1405712f4 RtlCaptureContext
0x1405712fc RtlLookupFunctionEntry
0x140571304 RtlUnwindEx
0x14057130c RtlVirtualUnwind
0x140571314 SetLastError
0x14057131c SetUnhandledExceptionFilter
0x140571324 Sleep
0x14057132c TlsAlloc
0x140571334 TlsFree
0x14057133c TlsGetValue
0x140571344 TlsSetValue
0x14057134c VirtualProtect
0x140571354 VirtualQuery
0x14057135c WaitForSingleObject
0x140571364 WideCharToMultiByte
msvcrt.dll
0x140571374 __C_specific_handler
0x14057137c ___lc_codepage_func
0x140571384 ___mb_cur_max_func
0x14057138c __getmainargs
0x140571394 __initenv
0x14057139c __iob_func
0x1405713a4 __set_app_type
0x1405713ac __setusermatherr
0x1405713b4 _acmdln
0x1405713bc _amsg_exit
0x1405713c4 _cexit
0x1405713cc _commode
0x1405713d4 _errno
0x1405713dc _fmode
0x1405713e4 _initterm
0x1405713ec _onexit
0x1405713f4 _wcsicmp
0x1405713fc _wcsnicmp
0x140571404 abort
0x14057140c calloc
0x140571414 exit
0x14057141c fprintf
0x140571424 fputc
0x14057142c fputs
0x140571434 fputwc
0x14057143c free
0x140571444 fwprintf
0x14057144c fwrite
0x140571454 localeconv
0x14057145c malloc
0x140571464 memcpy
0x14057146c memset
0x140571474 realloc
0x14057147c signal
0x140571484 strcmp
0x14057148c strerror
0x140571494 strlen
0x14057149c strncmp
0x1405714a4 vfprintf
0x1405714ac wcscat
0x1405714b4 wcscpy
0x1405714bc wcslen
0x1405714c4 wcsncmp
0x1405714cc wcsstr
EAT(Export Address Table) is none