popup

Report - Miner.exe

PE File PE64
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.09.23 09:46 Machine s1_win7_x6401
Filename Miner.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
5
 Behavior Score
1.6
ZERO API file : clean
VT API (file) 45 detected (Common, BitCoinMiner, GenericKD, Neshta, FileInfector, Bsymem, malicious, ABRisk, KXAH, Attribute, HighConfidence, high confidence, Kryptik, anmg, st3Tlmfo8PG, EPACK, Gen2, R002C0DH223, Miner, Outbreak, RiskTool, score, R533455, ai score=89, unsafe, GdSda, Gencirc, IiVD9AIAznk, Static AI, Suspicious PE, susgen, AGENMM, confidence, 100%)
md5 b286969b55a9dbb7c7fb450772107ac1
sha256 e953bb0c7b8a595c6980f434c2fdd59ca1140df29854dd1c906f9dfcde779c76
ssdeep 49152:I/HRfSRKPhC6K9iDR3Zibb/O9m4Ujc2GCdLx9E:I/0KJC6KMd3Ka9nHryz
imphash 6d202c3810d03f7e3764b68c4d73109f
impfuzzy 24:Dfjn+kQYJd1j9Mblif5XGTqqXZPFkomtcqcCZJF:DfL+kXHslEJGTqqJdk1uqcAF
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 45 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer

Rules (2cnts)

Level Name Description Collection
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
stratum.ravenminer.com
whois
NL Oracle Svenska AB 130.162.153.207 clean
130.162.153.207
whois
NL Oracle Svenska AB 130.162.153.207 clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x1401fb23c CreateSemaphoreW
 0x1401fb244 DeleteCriticalSection
 0x1401fb24c EnterCriticalSection
 0x1401fb254 GetLastError
 0x1401fb25c GetStartupInfoW
 0x1401fb264 InitializeCriticalSection
 0x1401fb26c IsDBCSLeadByteEx
 0x1401fb274 LeaveCriticalSection
 0x1401fb27c MultiByteToWideChar
 0x1401fb284 ReleaseSemaphore
 0x1401fb28c SetLastError
 0x1401fb294 SetUnhandledExceptionFilter
 0x1401fb29c Sleep
 0x1401fb2a4 TlsAlloc
 0x1401fb2ac TlsFree
 0x1401fb2b4 TlsGetValue
 0x1401fb2bc TlsSetValue
 0x1401fb2c4 VirtualProtect
 0x1401fb2cc VirtualQuery
 0x1401fb2d4 WaitForSingleObject
msvcrt.dll
 0x1401fb2e4 __C_specific_handler
 0x1401fb2ec ___lc_codepage_func
 0x1401fb2f4 ___mb_cur_max_func
 0x1401fb2fc __iob_func
 0x1401fb304 __set_app_type
 0x1401fb30c __setusermatherr
 0x1401fb314 __wgetmainargs
 0x1401fb31c __winitenv
 0x1401fb324 _amsg_exit
 0x1401fb32c _assert
 0x1401fb334 _cexit
 0x1401fb33c _commode
 0x1401fb344 _errno
 0x1401fb34c _fmode
 0x1401fb354 _initterm
 0x1401fb35c _onexit
 0x1401fb364 _wcmdln
 0x1401fb36c _wcsicmp
 0x1401fb374 _wgetenv
 0x1401fb37c abort
 0x1401fb384 calloc
 0x1401fb38c exit
 0x1401fb394 fprintf
 0x1401fb39c fputwc
 0x1401fb3a4 free
 0x1401fb3ac fwprintf
 0x1401fb3b4 fwrite
 0x1401fb3bc localeconv
 0x1401fb3c4 malloc
 0x1401fb3cc memcpy
 0x1401fb3d4 memset
 0x1401fb3dc realloc
 0x1401fb3e4 signal
 0x1401fb3ec strerror
 0x1401fb3f4 strlen
 0x1401fb3fc strncmp
 0x1401fb404 vfprintf
 0x1401fb40c wcscat
 0x1401fb414 wcscpy
 0x1401fb41c wcslen
 0x1401fb424 wcsncmp
 0x1401fb42c wcsstr

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure