ScreenShot
| Created | 2023.09.10 09:21 | Machine | s1_win7_x6403 |
| Filename | VCheck.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (AIDetectMalware, Miner, malicious, high confidence, Siggen21, Molotov, Kryptik, V7sm, Eldorado, Attribute, HighConfidence, score, libb, jzlaqn, DisguisedXMRigMiner, YhzrPCllRHI, zdkhg, Artemis, ai score=89, GenKryptik, Sabsik, XMRig, CCAN, Detected, R571995, unsafe, Chgt, R002H0CI123, FalseSign, Uwhl, Krypt, GIIA, confidence) | ||
| md5 | ad66f35b417643bb5a4840f11d4d7301 | ||
| sha256 | 2d908fba420926ebb4fd1ce3637938fca06bc45c23425674435433a814009f9d | ||
| ssdeep | 98304:tx5+/DsqFXubn614gByduvDEe91dKyWUwqoyBj4fdEVWamPFB1aXMaZq+g1s4hwf:t1qFXW611BHvX1dKyWHBEV0GZqru | ||
| imphash | f7505c167603909b7180406402fef19e | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/Gbtcqc6ZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcoF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14059528c CloseHandle
0x140595294 CreateSemaphoreW
0x14059529c DeleteCriticalSection
0x1405952a4 EnterCriticalSection
0x1405952ac GetCurrentThreadId
0x1405952b4 GetLastError
0x1405952bc GetStartupInfoA
0x1405952c4 InitializeCriticalSection
0x1405952cc IsDBCSLeadByteEx
0x1405952d4 LeaveCriticalSection
0x1405952dc MultiByteToWideChar
0x1405952e4 RaiseException
0x1405952ec ReleaseSemaphore
0x1405952f4 RtlCaptureContext
0x1405952fc RtlLookupFunctionEntry
0x140595304 RtlUnwindEx
0x14059530c RtlVirtualUnwind
0x140595314 SetLastError
0x14059531c SetUnhandledExceptionFilter
0x140595324 Sleep
0x14059532c TlsAlloc
0x140595334 TlsFree
0x14059533c TlsGetValue
0x140595344 TlsSetValue
0x14059534c VirtualProtect
0x140595354 VirtualQuery
0x14059535c WaitForSingleObject
0x140595364 WideCharToMultiByte
msvcrt.dll
0x140595374 __C_specific_handler
0x14059537c ___lc_codepage_func
0x140595384 ___mb_cur_max_func
0x14059538c __getmainargs
0x140595394 __initenv
0x14059539c __iob_func
0x1405953a4 __set_app_type
0x1405953ac __setusermatherr
0x1405953b4 _acmdln
0x1405953bc _amsg_exit
0x1405953c4 _cexit
0x1405953cc _commode
0x1405953d4 _errno
0x1405953dc _fmode
0x1405953e4 _initterm
0x1405953ec _onexit
0x1405953f4 _wcsicmp
0x1405953fc _wcsnicmp
0x140595404 abort
0x14059540c calloc
0x140595414 exit
0x14059541c fprintf
0x140595424 fputc
0x14059542c fputs
0x140595434 fputwc
0x14059543c free
0x140595444 fwprintf
0x14059544c fwrite
0x140595454 localeconv
0x14059545c malloc
0x140595464 memcpy
0x14059546c memset
0x140595474 realloc
0x14059547c signal
0x140595484 strcmp
0x14059548c strerror
0x140595494 strlen
0x14059549c strncmp
0x1405954a4 vfprintf
0x1405954ac wcscat
0x1405954b4 wcscpy
0x1405954bc wcslen
0x1405954c4 wcsncmp
0x1405954cc wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x14059528c CloseHandle
0x140595294 CreateSemaphoreW
0x14059529c DeleteCriticalSection
0x1405952a4 EnterCriticalSection
0x1405952ac GetCurrentThreadId
0x1405952b4 GetLastError
0x1405952bc GetStartupInfoA
0x1405952c4 InitializeCriticalSection
0x1405952cc IsDBCSLeadByteEx
0x1405952d4 LeaveCriticalSection
0x1405952dc MultiByteToWideChar
0x1405952e4 RaiseException
0x1405952ec ReleaseSemaphore
0x1405952f4 RtlCaptureContext
0x1405952fc RtlLookupFunctionEntry
0x140595304 RtlUnwindEx
0x14059530c RtlVirtualUnwind
0x140595314 SetLastError
0x14059531c SetUnhandledExceptionFilter
0x140595324 Sleep
0x14059532c TlsAlloc
0x140595334 TlsFree
0x14059533c TlsGetValue
0x140595344 TlsSetValue
0x14059534c VirtualProtect
0x140595354 VirtualQuery
0x14059535c WaitForSingleObject
0x140595364 WideCharToMultiByte
msvcrt.dll
0x140595374 __C_specific_handler
0x14059537c ___lc_codepage_func
0x140595384 ___mb_cur_max_func
0x14059538c __getmainargs
0x140595394 __initenv
0x14059539c __iob_func
0x1405953a4 __set_app_type
0x1405953ac __setusermatherr
0x1405953b4 _acmdln
0x1405953bc _amsg_exit
0x1405953c4 _cexit
0x1405953cc _commode
0x1405953d4 _errno
0x1405953dc _fmode
0x1405953e4 _initterm
0x1405953ec _onexit
0x1405953f4 _wcsicmp
0x1405953fc _wcsnicmp
0x140595404 abort
0x14059540c calloc
0x140595414 exit
0x14059541c fprintf
0x140595424 fputc
0x14059542c fputs
0x140595434 fputwc
0x14059543c free
0x140595444 fwprintf
0x14059544c fwrite
0x140595454 localeconv
0x14059545c malloc
0x140595464 memcpy
0x14059546c memset
0x140595474 realloc
0x14059547c signal
0x140595484 strcmp
0x14059548c strerror
0x140595494 strlen
0x14059549c strncmp
0x1405954a4 vfprintf
0x1405954ac wcscat
0x1405954b4 wcscpy
0x1405954bc wcslen
0x1405954c4 wcsncmp
0x1405954cc wcsstr
EAT(Export Address Table) is none