ScreenShot
| Created | 2023.10.04 10:30 | Machine | s1_win7_x6403_us |
| Filename | JinxRunner.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | d53171d108afee9cdfcd948f986d5541 | ||
| sha256 | 4be352f2e263f8eb6b1d8c2e66c00fc29ee7144cf2343736afd32d5fd38e3b15 | ||
| ssdeep | 98304:D3xGW8gvQ2gPwWft0+taUMvBP/NGqELiEld2j:LxGXgv38Zi+IUMvBP6LJY | ||
| imphash | f0ea7b7844bbc5bfa9bb32efdcea957c | ||
| impfuzzy | 24:UbVjh9wO+VuT2oLtXOr6kwmDruMztxdEr6tP:GwO+VAXOmGx0oP | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Attempts to create or modify system certificates |
| watch | Detects the presence of Wine emulator |
| notice | Looks up the external IP address |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0xca7040 WriteFile
0xca7048 WriteConsoleW
0xca7050 WaitForMultipleObjects
0xca7058 WaitForSingleObject
0xca7060 VirtualQuery
0xca7068 VirtualFree
0xca7070 VirtualAlloc
0xca7078 TlsAlloc
0xca7080 SwitchToThread
0xca7088 SuspendThread
0xca7090 SetWaitableTimer
0xca7098 SetUnhandledExceptionFilter
0xca70a0 SetProcessPriorityBoost
0xca70a8 SetEvent
0xca70b0 SetErrorMode
0xca70b8 SetConsoleCtrlHandler
0xca70c0 ResumeThread
0xca70c8 PostQueuedCompletionStatus
0xca70d0 LoadLibraryA
0xca70d8 LoadLibraryW
0xca70e0 SetThreadContext
0xca70e8 GetThreadContext
0xca70f0 GetSystemInfo
0xca70f8 GetSystemDirectoryA
0xca7100 GetStdHandle
0xca7108 GetQueuedCompletionStatusEx
0xca7110 GetProcessAffinityMask
0xca7118 GetProcAddress
0xca7120 GetEnvironmentStringsW
0xca7128 GetConsoleMode
0xca7130 FreeEnvironmentStringsW
0xca7138 ExitProcess
0xca7140 DuplicateHandle
0xca7148 CreateWaitableTimerExW
0xca7150 CreateThread
0xca7158 CreateIoCompletionPort
0xca7160 CreateFileA
0xca7168 CreateEventA
0xca7170 CloseHandle
0xca7178 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0xca7040 WriteFile
0xca7048 WriteConsoleW
0xca7050 WaitForMultipleObjects
0xca7058 WaitForSingleObject
0xca7060 VirtualQuery
0xca7068 VirtualFree
0xca7070 VirtualAlloc
0xca7078 TlsAlloc
0xca7080 SwitchToThread
0xca7088 SuspendThread
0xca7090 SetWaitableTimer
0xca7098 SetUnhandledExceptionFilter
0xca70a0 SetProcessPriorityBoost
0xca70a8 SetEvent
0xca70b0 SetErrorMode
0xca70b8 SetConsoleCtrlHandler
0xca70c0 ResumeThread
0xca70c8 PostQueuedCompletionStatus
0xca70d0 LoadLibraryA
0xca70d8 LoadLibraryW
0xca70e0 SetThreadContext
0xca70e8 GetThreadContext
0xca70f0 GetSystemInfo
0xca70f8 GetSystemDirectoryA
0xca7100 GetStdHandle
0xca7108 GetQueuedCompletionStatusEx
0xca7110 GetProcessAffinityMask
0xca7118 GetProcAddress
0xca7120 GetEnvironmentStringsW
0xca7128 GetConsoleMode
0xca7130 FreeEnvironmentStringsW
0xca7138 ExitProcess
0xca7140 DuplicateHandle
0xca7148 CreateWaitableTimerExW
0xca7150 CreateThread
0xca7158 CreateIoCompletionPort
0xca7160 CreateFileA
0xca7168 CreateEventA
0xca7170 CloseHandle
0xca7178 AddVectoredExceptionHandler
EAT(Export Address Table) is none