ScreenShot
| Created | 2023.09.16 14:09 | Machine | s1_win7_x6403 |
| Filename | minerxd.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (AIDetectMalware, malicious, high confidence, GenericKD, Artemis, unsafe, Rozena, Vp5q, confidence, 100%, Eldorado, Attribute, HighConfidence, xbeauj, MalwareX, Tzfl, EPACK, Gen2, MulDrop23, Static AI, Suspicious PE, Detected, ai score=83, Wacatac, Malgent, score, CoinMiner, Chgt, R002H0DIF23, kC3zMNTE3QN, Outbreak) | ||
| md5 | 0e9cc5c2145bae2f6ab41f186dac87d1 | ||
| sha256 | 0949ed19896c7add471a5caa7fd5018113d602921a185d911f0cbbadb0ce35c8 | ||
| ssdeep | 98304:w8ZEl7sMD+0Jz27AoQDu4oI87ozUUG77J6mzRLmvV7FLcVXaR:w4mgMD+0Jz2cDu4e6mzNmthL+C | ||
| imphash | 0fdd3d21d2193b717f076a70dfaa659c | ||
| impfuzzy | 12:YRJRJJoARZqRVPXJHqV0MHHGf5XGXKiEG6eGJwk6lm/GaJqniZJn:8fjBcVK0MGf5XGf6Zykom/GCqiZJn | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | ftp_command | ftp command | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14052c198 DeleteCriticalSection
0x14052c1a0 EnterCriticalSection
0x14052c1a8 GetLastError
0x14052c1b0 InitializeCriticalSection
0x14052c1b8 LeaveCriticalSection
0x14052c1c0 SetUnhandledExceptionFilter
0x14052c1c8 Sleep
0x14052c1d0 TlsGetValue
0x14052c1d8 VirtualProtect
0x14052c1e0 VirtualQuery
msvcrt.dll
0x14052c1f0 __C_specific_handler
0x14052c1f8 __getmainargs
0x14052c200 __initenv
0x14052c208 __iob_func
0x14052c210 __set_app_type
0x14052c218 __setusermatherr
0x14052c220 _amsg_exit
0x14052c228 _cexit
0x14052c230 _commode
0x14052c238 _fmode
0x14052c240 _initterm
0x14052c248 _onexit
0x14052c250 abort
0x14052c258 calloc
0x14052c260 exit
0x14052c268 fprintf
0x14052c270 fputs
0x14052c278 free
0x14052c280 malloc
0x14052c288 memset
0x14052c290 signal
0x14052c298 strlen
0x14052c2a0 strncmp
0x14052c2a8 vfprintf
0x14052c2b0 wcscat
0x14052c2b8 wcscpy
0x14052c2c0 wcslen
0x14052c2c8 wcsncmp
0x14052c2d0 wcsstr
0x14052c2d8 _wcsnicmp
0x14052c2e0 _wcsicmp
EAT(Export Address Table) is none
KERNEL32.dll
0x14052c198 DeleteCriticalSection
0x14052c1a0 EnterCriticalSection
0x14052c1a8 GetLastError
0x14052c1b0 InitializeCriticalSection
0x14052c1b8 LeaveCriticalSection
0x14052c1c0 SetUnhandledExceptionFilter
0x14052c1c8 Sleep
0x14052c1d0 TlsGetValue
0x14052c1d8 VirtualProtect
0x14052c1e0 VirtualQuery
msvcrt.dll
0x14052c1f0 __C_specific_handler
0x14052c1f8 __getmainargs
0x14052c200 __initenv
0x14052c208 __iob_func
0x14052c210 __set_app_type
0x14052c218 __setusermatherr
0x14052c220 _amsg_exit
0x14052c228 _cexit
0x14052c230 _commode
0x14052c238 _fmode
0x14052c240 _initterm
0x14052c248 _onexit
0x14052c250 abort
0x14052c258 calloc
0x14052c260 exit
0x14052c268 fprintf
0x14052c270 fputs
0x14052c278 free
0x14052c280 malloc
0x14052c288 memset
0x14052c290 signal
0x14052c298 strlen
0x14052c2a0 strncmp
0x14052c2a8 vfprintf
0x14052c2b0 wcscat
0x14052c2b8 wcscpy
0x14052c2c0 wcslen
0x14052c2c8 wcsncmp
0x14052c2d0 wcsstr
0x14052c2d8 _wcsnicmp
0x14052c2e0 _wcsicmp
EAT(Export Address Table) is none