ScreenShot
| Created | 2023.07.27 10:20 | Machine | s1_win7_x6403 |
| Filename | 11.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (malicious, high confidence, score, Barys, Artemis, Save, GenKryptik, Eldorado, Attribute, HighConfidence, GIIA, Miner, lhhk, CrypterX, Nekark, qntvn, R002C0DGP23, Xmrig, Coinminer, YN14T1, Detected, R570073, ai score=82, unsafe, Kryptik, tSjl4DNY5BP, Krypt, confidence, 100%) | ||
| md5 | 0fe4cd989e5b3992e9bf3b118f838436 | ||
| sha256 | bf9afe70f71b3fdba34f67e6274f39cbe170da5d8b3b50857465fae59b7d090d | ||
| ssdeep | 196608:/16zy2/eMamgcaYhrvkRnRacvf8Li+DsA8hK9//IJMrk:/sd/eDmgca8cLacvf8EY3m | ||
| imphash | d3be2dc19ba54f7225d7679c3f791cf7 | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/GbtcqcJvZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcJLF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1409cd29c CloseHandle
0x1409cd2a4 CreateSemaphoreW
0x1409cd2ac DeleteCriticalSection
0x1409cd2b4 EnterCriticalSection
0x1409cd2bc GetCurrentThreadId
0x1409cd2c4 GetLastError
0x1409cd2cc GetStartupInfoA
0x1409cd2d4 InitializeCriticalSection
0x1409cd2dc IsDBCSLeadByteEx
0x1409cd2e4 LeaveCriticalSection
0x1409cd2ec MultiByteToWideChar
0x1409cd2f4 RaiseException
0x1409cd2fc ReleaseSemaphore
0x1409cd304 RtlCaptureContext
0x1409cd30c RtlLookupFunctionEntry
0x1409cd314 RtlUnwindEx
0x1409cd31c RtlVirtualUnwind
0x1409cd324 SetLastError
0x1409cd32c SetUnhandledExceptionFilter
0x1409cd334 Sleep
0x1409cd33c TlsAlloc
0x1409cd344 TlsFree
0x1409cd34c TlsGetValue
0x1409cd354 TlsSetValue
0x1409cd35c VirtualProtect
0x1409cd364 VirtualQuery
0x1409cd36c WaitForSingleObject
0x1409cd374 WideCharToMultiByte
msvcrt.dll
0x1409cd384 __C_specific_handler
0x1409cd38c ___lc_codepage_func
0x1409cd394 ___mb_cur_max_func
0x1409cd39c __getmainargs
0x1409cd3a4 __initenv
0x1409cd3ac __iob_func
0x1409cd3b4 __set_app_type
0x1409cd3bc __setusermatherr
0x1409cd3c4 _acmdln
0x1409cd3cc _amsg_exit
0x1409cd3d4 _cexit
0x1409cd3dc _commode
0x1409cd3e4 _errno
0x1409cd3ec _fmode
0x1409cd3f4 _initterm
0x1409cd3fc _onexit
0x1409cd404 _wcsicmp
0x1409cd40c _wcsnicmp
0x1409cd414 abort
0x1409cd41c calloc
0x1409cd424 exit
0x1409cd42c fprintf
0x1409cd434 fputc
0x1409cd43c fputs
0x1409cd444 fputwc
0x1409cd44c free
0x1409cd454 fwprintf
0x1409cd45c fwrite
0x1409cd464 localeconv
0x1409cd46c malloc
0x1409cd474 memcpy
0x1409cd47c memset
0x1409cd484 realloc
0x1409cd48c signal
0x1409cd494 strcat
0x1409cd49c strcmp
0x1409cd4a4 strerror
0x1409cd4ac strlen
0x1409cd4b4 strncmp
0x1409cd4bc strstr
0x1409cd4c4 vfprintf
0x1409cd4cc wcscat
0x1409cd4d4 wcscpy
0x1409cd4dc wcslen
0x1409cd4e4 wcsncmp
0x1409cd4ec wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x1409cd29c CloseHandle
0x1409cd2a4 CreateSemaphoreW
0x1409cd2ac DeleteCriticalSection
0x1409cd2b4 EnterCriticalSection
0x1409cd2bc GetCurrentThreadId
0x1409cd2c4 GetLastError
0x1409cd2cc GetStartupInfoA
0x1409cd2d4 InitializeCriticalSection
0x1409cd2dc IsDBCSLeadByteEx
0x1409cd2e4 LeaveCriticalSection
0x1409cd2ec MultiByteToWideChar
0x1409cd2f4 RaiseException
0x1409cd2fc ReleaseSemaphore
0x1409cd304 RtlCaptureContext
0x1409cd30c RtlLookupFunctionEntry
0x1409cd314 RtlUnwindEx
0x1409cd31c RtlVirtualUnwind
0x1409cd324 SetLastError
0x1409cd32c SetUnhandledExceptionFilter
0x1409cd334 Sleep
0x1409cd33c TlsAlloc
0x1409cd344 TlsFree
0x1409cd34c TlsGetValue
0x1409cd354 TlsSetValue
0x1409cd35c VirtualProtect
0x1409cd364 VirtualQuery
0x1409cd36c WaitForSingleObject
0x1409cd374 WideCharToMultiByte
msvcrt.dll
0x1409cd384 __C_specific_handler
0x1409cd38c ___lc_codepage_func
0x1409cd394 ___mb_cur_max_func
0x1409cd39c __getmainargs
0x1409cd3a4 __initenv
0x1409cd3ac __iob_func
0x1409cd3b4 __set_app_type
0x1409cd3bc __setusermatherr
0x1409cd3c4 _acmdln
0x1409cd3cc _amsg_exit
0x1409cd3d4 _cexit
0x1409cd3dc _commode
0x1409cd3e4 _errno
0x1409cd3ec _fmode
0x1409cd3f4 _initterm
0x1409cd3fc _onexit
0x1409cd404 _wcsicmp
0x1409cd40c _wcsnicmp
0x1409cd414 abort
0x1409cd41c calloc
0x1409cd424 exit
0x1409cd42c fprintf
0x1409cd434 fputc
0x1409cd43c fputs
0x1409cd444 fputwc
0x1409cd44c free
0x1409cd454 fwprintf
0x1409cd45c fwrite
0x1409cd464 localeconv
0x1409cd46c malloc
0x1409cd474 memcpy
0x1409cd47c memset
0x1409cd484 realloc
0x1409cd48c signal
0x1409cd494 strcat
0x1409cd49c strcmp
0x1409cd4a4 strerror
0x1409cd4ac strlen
0x1409cd4b4 strncmp
0x1409cd4bc strstr
0x1409cd4c4 vfprintf
0x1409cd4cc wcscat
0x1409cd4d4 wcscpy
0x1409cd4dc wcslen
0x1409cd4e4 wcsncmp
0x1409cd4ec wcsstr
EAT(Export Address Table) is none