ScreenShot
| Created | 2023.05.09 09:05 | Machine | s1_win7_x6403 |
| Filename | 009.jpg | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 59 detected (MoywakA, Yakes, malicious, high confidence, Zepto, Sirefef, Unsafe, CoinMiner, Kraziomel, ZexaF, tuW@aCI8f4c, JNGX, Attribute, HighConfidence, dahmou, Phzx, Malware@#2j8aj70gyakn9, AGEN, BtcMine, ai score=80, score, BitCoinMiner, R102015, RogueMiner, Kryptik, CLOUD, BHFyySM93QQ, Malicious PE, BCRZ, FileRepMetagen, Genetic, confidence, 100%, QVM20) | ||
| md5 | baa51dc77e43c436c429a9131ce4b152 | ||
| sha256 | 3a730aa52628321eea3dc14017a82e0da0ffbd72404de098f6c3e3809466af21 | ||
| ssdeep | 6144:XxgO8BdlEW0hpTunf3ll2RVdLXbn1pLaAow0G:iOWFo0nfVq1p3oV | ||
| imphash | d3c395c79a26c436198307a9acf41f30 | ||
| impfuzzy | 24:v1mRyrreOdLv4XJfsOV1+NsZZZj8TccurPOovZ2cbkV4+ee1ChkmFsuY:ZdwXeO3ZZZdmk2c6Tee1CjFK | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| watch | Disables proxy possibly for traffic interception |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x40147a UpdateResourceA
0x40147e SetConsoleTitleA
0x401482 OpenProfileUserMapping
0x401486 FileTimeToSystemTime
0x40148a GetSystemWindowsDirectoryA
0x40148e EnumCalendarInfoExA
0x401492 Process32Next
0x401496 IsValidLocale
0x40149a ReleaseSemaphore
0x40149e GetCommModemStatus
0x4014a2 ExitVDM
0x4014a6 GetFileSize
0x4014aa GetProfileIntA
0x4014ae GetCurrentDirectoryA
0x4014b2 VirtualAlloc
0x4014b6 SetThreadAffinityMask
0x4014ba SetCommState
0x4014be GetCPInfo
0x4014c2 GetConsoleTitleA
0x4014c6 RequestWakeupLatency
0x4014ca ReadConsoleInputA
0x4014ce GetSystemDefaultLCID
0x4014d2 GetSystemDefaultLCID
0x4014d6 GetStartupInfoA
0x4014da GetConsoleCommandHistoryLengthA
0x4014de EnumCalendarInfoA
0x4014e2 WriteConsoleInputA
0x4014e6 GetSystemTime
0x4014ea MultiByteToWideChar
0x4014ee ConnectNamedPipe
KERNEL32.DLL
0x4014f6 GetEnvironmentVariableA
0x4014fa GetModuleFileNameA
0x4014fe EnumSystemGeoID
0x401502 GetCommandLineA
0x401506 UnregisterWait
0x40150a GetProcessId
0x40150e Heap32ListNext
0x401512 OpenSemaphoreA
0x401516 GetConsoleAliasExesA
0x40151a FileTimeToLocalFileTime
0x40151e SetLocalTime
0x401522 SystemTimeToTzSpecificLocalTime
0x401526 GetWindowsDirectoryA
0x40152a GetProcessId
0x40152e GetDiskFreeSpaceExA
0x401532 OpenWaitableTimerA
0x401536 LocalFileTimeToFileTime
0x40153a SetVDMCurrentDirectories
0x40153e GetConsoleAliasA
0x401542 GetThreadPriority
0x401546 FlushFileBuffers
0x40154a HeapCompact
0x40154e GetEnvironmentVariableA
0x401552 QueryInformationJobObject
0x401556 GlobalDeleteAtom
MPR
0x40155e WNetCancelConnectionW
EAT(Export Address Table) is none
KERNEL32.DLL
0x40147a UpdateResourceA
0x40147e SetConsoleTitleA
0x401482 OpenProfileUserMapping
0x401486 FileTimeToSystemTime
0x40148a GetSystemWindowsDirectoryA
0x40148e EnumCalendarInfoExA
0x401492 Process32Next
0x401496 IsValidLocale
0x40149a ReleaseSemaphore
0x40149e GetCommModemStatus
0x4014a2 ExitVDM
0x4014a6 GetFileSize
0x4014aa GetProfileIntA
0x4014ae GetCurrentDirectoryA
0x4014b2 VirtualAlloc
0x4014b6 SetThreadAffinityMask
0x4014ba SetCommState
0x4014be GetCPInfo
0x4014c2 GetConsoleTitleA
0x4014c6 RequestWakeupLatency
0x4014ca ReadConsoleInputA
0x4014ce GetSystemDefaultLCID
0x4014d2 GetSystemDefaultLCID
0x4014d6 GetStartupInfoA
0x4014da GetConsoleCommandHistoryLengthA
0x4014de EnumCalendarInfoA
0x4014e2 WriteConsoleInputA
0x4014e6 GetSystemTime
0x4014ea MultiByteToWideChar
0x4014ee ConnectNamedPipe
KERNEL32.DLL
0x4014f6 GetEnvironmentVariableA
0x4014fa GetModuleFileNameA
0x4014fe EnumSystemGeoID
0x401502 GetCommandLineA
0x401506 UnregisterWait
0x40150a GetProcessId
0x40150e Heap32ListNext
0x401512 OpenSemaphoreA
0x401516 GetConsoleAliasExesA
0x40151a FileTimeToLocalFileTime
0x40151e SetLocalTime
0x401522 SystemTimeToTzSpecificLocalTime
0x401526 GetWindowsDirectoryA
0x40152a GetProcessId
0x40152e GetDiskFreeSpaceExA
0x401532 OpenWaitableTimerA
0x401536 LocalFileTimeToFileTime
0x40153a SetVDMCurrentDirectories
0x40153e GetConsoleAliasA
0x401542 GetThreadPriority
0x401546 FlushFileBuffers
0x40154a HeapCompact
0x40154e GetEnvironmentVariableA
0x401552 QueryInformationJobObject
0x401556 GlobalDeleteAtom
MPR
0x40155e WNetCancelConnectionW
EAT(Export Address Table) is none