ScreenShot
| Created | 2023.09.10 09:21 | Machine | s1_win7_x6401 |
| Filename | verify.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (Common, Miner, malicious, high confidence, Molotov, Artemis, unsafe, Kryptik, Vs3l, Eldorado, Attribute, HighConfidence, score, CrypterX, FalseSign, Nsmw, zhbwa, Siggen21, SMOKELOADER, YXDIGZ, GenKryptik, Sabsik, XMRig, CCAN, Detected, R571995, ai score=89, GdSda, DisguisedXMRigMiner, YhzrPCllRHI, Krypt, GIIA, confidence) | ||
| md5 | 73e4f82277d7cb23b3a030e140c50fb2 | ||
| sha256 | ba15633c2ad9ad3ce86df9c28ff4273fab06d771eeb10743eb3396449a0262a0 | ||
| ssdeep | 98304:hL65Ij71XKw6poNpWu/CHrCThPiUf1Qe2KaiOS7vQXZvY/k2l213ncb/VUrZWUUK:h57FD/CeTN1OSUtGPo13cqrZWbsj | ||
| imphash | f7505c167603909b7180406402fef19e | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/Gbtcqc6ZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcoF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1409c928c CloseHandle
0x1409c9294 CreateSemaphoreW
0x1409c929c DeleteCriticalSection
0x1409c92a4 EnterCriticalSection
0x1409c92ac GetCurrentThreadId
0x1409c92b4 GetLastError
0x1409c92bc GetStartupInfoA
0x1409c92c4 InitializeCriticalSection
0x1409c92cc IsDBCSLeadByteEx
0x1409c92d4 LeaveCriticalSection
0x1409c92dc MultiByteToWideChar
0x1409c92e4 RaiseException
0x1409c92ec ReleaseSemaphore
0x1409c92f4 RtlCaptureContext
0x1409c92fc RtlLookupFunctionEntry
0x1409c9304 RtlUnwindEx
0x1409c930c RtlVirtualUnwind
0x1409c9314 SetLastError
0x1409c931c SetUnhandledExceptionFilter
0x1409c9324 Sleep
0x1409c932c TlsAlloc
0x1409c9334 TlsFree
0x1409c933c TlsGetValue
0x1409c9344 TlsSetValue
0x1409c934c VirtualProtect
0x1409c9354 VirtualQuery
0x1409c935c WaitForSingleObject
0x1409c9364 WideCharToMultiByte
msvcrt.dll
0x1409c9374 __C_specific_handler
0x1409c937c ___lc_codepage_func
0x1409c9384 ___mb_cur_max_func
0x1409c938c __getmainargs
0x1409c9394 __initenv
0x1409c939c __iob_func
0x1409c93a4 __set_app_type
0x1409c93ac __setusermatherr
0x1409c93b4 _acmdln
0x1409c93bc _amsg_exit
0x1409c93c4 _cexit
0x1409c93cc _commode
0x1409c93d4 _errno
0x1409c93dc _fmode
0x1409c93e4 _initterm
0x1409c93ec _onexit
0x1409c93f4 _wcsicmp
0x1409c93fc _wcsnicmp
0x1409c9404 abort
0x1409c940c calloc
0x1409c9414 exit
0x1409c941c fprintf
0x1409c9424 fputc
0x1409c942c fputs
0x1409c9434 fputwc
0x1409c943c free
0x1409c9444 fwprintf
0x1409c944c fwrite
0x1409c9454 localeconv
0x1409c945c malloc
0x1409c9464 memcpy
0x1409c946c memset
0x1409c9474 realloc
0x1409c947c signal
0x1409c9484 strcmp
0x1409c948c strerror
0x1409c9494 strlen
0x1409c949c strncmp
0x1409c94a4 vfprintf
0x1409c94ac wcscat
0x1409c94b4 wcscpy
0x1409c94bc wcslen
0x1409c94c4 wcsncmp
0x1409c94cc wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x1409c928c CloseHandle
0x1409c9294 CreateSemaphoreW
0x1409c929c DeleteCriticalSection
0x1409c92a4 EnterCriticalSection
0x1409c92ac GetCurrentThreadId
0x1409c92b4 GetLastError
0x1409c92bc GetStartupInfoA
0x1409c92c4 InitializeCriticalSection
0x1409c92cc IsDBCSLeadByteEx
0x1409c92d4 LeaveCriticalSection
0x1409c92dc MultiByteToWideChar
0x1409c92e4 RaiseException
0x1409c92ec ReleaseSemaphore
0x1409c92f4 RtlCaptureContext
0x1409c92fc RtlLookupFunctionEntry
0x1409c9304 RtlUnwindEx
0x1409c930c RtlVirtualUnwind
0x1409c9314 SetLastError
0x1409c931c SetUnhandledExceptionFilter
0x1409c9324 Sleep
0x1409c932c TlsAlloc
0x1409c9334 TlsFree
0x1409c933c TlsGetValue
0x1409c9344 TlsSetValue
0x1409c934c VirtualProtect
0x1409c9354 VirtualQuery
0x1409c935c WaitForSingleObject
0x1409c9364 WideCharToMultiByte
msvcrt.dll
0x1409c9374 __C_specific_handler
0x1409c937c ___lc_codepage_func
0x1409c9384 ___mb_cur_max_func
0x1409c938c __getmainargs
0x1409c9394 __initenv
0x1409c939c __iob_func
0x1409c93a4 __set_app_type
0x1409c93ac __setusermatherr
0x1409c93b4 _acmdln
0x1409c93bc _amsg_exit
0x1409c93c4 _cexit
0x1409c93cc _commode
0x1409c93d4 _errno
0x1409c93dc _fmode
0x1409c93e4 _initterm
0x1409c93ec _onexit
0x1409c93f4 _wcsicmp
0x1409c93fc _wcsnicmp
0x1409c9404 abort
0x1409c940c calloc
0x1409c9414 exit
0x1409c941c fprintf
0x1409c9424 fputc
0x1409c942c fputs
0x1409c9434 fputwc
0x1409c943c free
0x1409c9444 fwprintf
0x1409c944c fwrite
0x1409c9454 localeconv
0x1409c945c malloc
0x1409c9464 memcpy
0x1409c946c memset
0x1409c9474 realloc
0x1409c947c signal
0x1409c9484 strcmp
0x1409c948c strerror
0x1409c9494 strlen
0x1409c949c strncmp
0x1409c94a4 vfprintf
0x1409c94ac wcscat
0x1409c94b4 wcscpy
0x1409c94bc wcslen
0x1409c94c4 wcsncmp
0x1409c94cc wcsstr
EAT(Export Address Table) is none