ScreenShot
| Created | 2023.08.07 08:28 | Machine | s1_win7_x6401 |
| Filename | latestX.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 40 detected (malicious, high confidence, score, Artemis, Save, Reflo, Kryptik, Eldorado, Attribute, HighConfidence, GenKryptik, GIIA, Molotov, FalseSign, Rcnw, Static AI, Suspicious PE, Xmrig, Detected, R568362, ai score=87, unsafe, tSjl4DNY5BP, Krypt, confidence, 100%) | ||
| md5 | bae29e49e8190bfbbf0d77ffab8de59d | ||
| sha256 | f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87 | ||
| ssdeep | 49152:MMcDmMRlBdzs3EThgR0uEqBXLdcJAbtNmbOHaGhEospqOziZXAfrrARS7JL2ozPX:dcdrCET8XeospuZXAf0EJyocDKIVDT05 | ||
| imphash | d3be2dc19ba54f7225d7679c3f791cf7 | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/GbtcqcJvZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcJLF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (5cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14059c29c CloseHandle
0x14059c2a4 CreateSemaphoreW
0x14059c2ac DeleteCriticalSection
0x14059c2b4 EnterCriticalSection
0x14059c2bc GetCurrentThreadId
0x14059c2c4 GetLastError
0x14059c2cc GetStartupInfoA
0x14059c2d4 InitializeCriticalSection
0x14059c2dc IsDBCSLeadByteEx
0x14059c2e4 LeaveCriticalSection
0x14059c2ec MultiByteToWideChar
0x14059c2f4 RaiseException
0x14059c2fc ReleaseSemaphore
0x14059c304 RtlCaptureContext
0x14059c30c RtlLookupFunctionEntry
0x14059c314 RtlUnwindEx
0x14059c31c RtlVirtualUnwind
0x14059c324 SetLastError
0x14059c32c SetUnhandledExceptionFilter
0x14059c334 Sleep
0x14059c33c TlsAlloc
0x14059c344 TlsFree
0x14059c34c TlsGetValue
0x14059c354 TlsSetValue
0x14059c35c VirtualProtect
0x14059c364 VirtualQuery
0x14059c36c WaitForSingleObject
0x14059c374 WideCharToMultiByte
msvcrt.dll
0x14059c384 __C_specific_handler
0x14059c38c ___lc_codepage_func
0x14059c394 ___mb_cur_max_func
0x14059c39c __getmainargs
0x14059c3a4 __initenv
0x14059c3ac __iob_func
0x14059c3b4 __set_app_type
0x14059c3bc __setusermatherr
0x14059c3c4 _acmdln
0x14059c3cc _amsg_exit
0x14059c3d4 _cexit
0x14059c3dc _commode
0x14059c3e4 _errno
0x14059c3ec _fmode
0x14059c3f4 _initterm
0x14059c3fc _onexit
0x14059c404 _wcsicmp
0x14059c40c _wcsnicmp
0x14059c414 abort
0x14059c41c calloc
0x14059c424 exit
0x14059c42c fprintf
0x14059c434 fputc
0x14059c43c fputs
0x14059c444 fputwc
0x14059c44c free
0x14059c454 fwprintf
0x14059c45c fwrite
0x14059c464 localeconv
0x14059c46c malloc
0x14059c474 memcpy
0x14059c47c memset
0x14059c484 realloc
0x14059c48c signal
0x14059c494 strcat
0x14059c49c strcmp
0x14059c4a4 strerror
0x14059c4ac strlen
0x14059c4b4 strncmp
0x14059c4bc strstr
0x14059c4c4 vfprintf
0x14059c4cc wcscat
0x14059c4d4 wcscpy
0x14059c4dc wcslen
0x14059c4e4 wcsncmp
0x14059c4ec wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x14059c29c CloseHandle
0x14059c2a4 CreateSemaphoreW
0x14059c2ac DeleteCriticalSection
0x14059c2b4 EnterCriticalSection
0x14059c2bc GetCurrentThreadId
0x14059c2c4 GetLastError
0x14059c2cc GetStartupInfoA
0x14059c2d4 InitializeCriticalSection
0x14059c2dc IsDBCSLeadByteEx
0x14059c2e4 LeaveCriticalSection
0x14059c2ec MultiByteToWideChar
0x14059c2f4 RaiseException
0x14059c2fc ReleaseSemaphore
0x14059c304 RtlCaptureContext
0x14059c30c RtlLookupFunctionEntry
0x14059c314 RtlUnwindEx
0x14059c31c RtlVirtualUnwind
0x14059c324 SetLastError
0x14059c32c SetUnhandledExceptionFilter
0x14059c334 Sleep
0x14059c33c TlsAlloc
0x14059c344 TlsFree
0x14059c34c TlsGetValue
0x14059c354 TlsSetValue
0x14059c35c VirtualProtect
0x14059c364 VirtualQuery
0x14059c36c WaitForSingleObject
0x14059c374 WideCharToMultiByte
msvcrt.dll
0x14059c384 __C_specific_handler
0x14059c38c ___lc_codepage_func
0x14059c394 ___mb_cur_max_func
0x14059c39c __getmainargs
0x14059c3a4 __initenv
0x14059c3ac __iob_func
0x14059c3b4 __set_app_type
0x14059c3bc __setusermatherr
0x14059c3c4 _acmdln
0x14059c3cc _amsg_exit
0x14059c3d4 _cexit
0x14059c3dc _commode
0x14059c3e4 _errno
0x14059c3ec _fmode
0x14059c3f4 _initterm
0x14059c3fc _onexit
0x14059c404 _wcsicmp
0x14059c40c _wcsnicmp
0x14059c414 abort
0x14059c41c calloc
0x14059c424 exit
0x14059c42c fprintf
0x14059c434 fputc
0x14059c43c fputs
0x14059c444 fputwc
0x14059c44c free
0x14059c454 fwprintf
0x14059c45c fwrite
0x14059c464 localeconv
0x14059c46c malloc
0x14059c474 memcpy
0x14059c47c memset
0x14059c484 realloc
0x14059c48c signal
0x14059c494 strcat
0x14059c49c strcmp
0x14059c4a4 strerror
0x14059c4ac strlen
0x14059c4b4 strncmp
0x14059c4bc strstr
0x14059c4c4 vfprintf
0x14059c4cc wcscat
0x14059c4d4 wcscpy
0x14059c4dc wcslen
0x14059c4e4 wcsncmp
0x14059c4ec wcsstr
EAT(Export Address Table) is none