ScreenShot
| Created | 2023.10.11 18:36 | Machine | s1_win7_x6401 |
| Filename | build.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 35 detected (AIDetectMalware, CoinMiner, BitCoinMiner, Save, CryptoMiner, malicious, Attribute, HighConfidence, score, Miner, likx, PotentialRisk, moderate, Static AI, Malicious PE, ai score=89, Wacapew, Miner3, R531330, DisguisedXMRigMiner, HQz6cHWySWC, grayware, confidence) | ||
| md5 | 71535cb29a844c48321528d0fdfdb6d9 | ||
| sha256 | f959f9e6fe2e6481464be41310edd6750a530ab0dad2cfa6f173f08ecde1f477 | ||
| ssdeep | 24576:geUxJ+g3UjYv9N0407bXha7DfVugRqK0xtmJCaaUcs/2VwV/xq8EdGlNZ6pBiGwI:grxJdT/07oHp7RCajqh8yGlNDGwk | ||
| imphash | bb388b5fb16beacfa2a7403d25eaa8c4 | ||
| impfuzzy | 6:oaGVKXnWZRXvYBJAEoZ/OEGDzyRXcYi5w2AxyTO6XcO0:oaWlxwABZG/DzEi5w2A+O6X/0 | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Created a service where a service was also not started |
| watch | Detects Virtual Machines through their custom firmware |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Checks amount of memory in system |
| info | Queries for the computername |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1407732b8 LsaClose
crypt.dll
0x1407732c8 BCryptGenRandom
CRYPT32.dll
0x1407732d8 CertOpenStore
IPHLPAPI.DLL
0x1407732e8 GetAdaptersAddresses
KERNEL32.DLL
0x1407732f8 LoadLibraryA
0x140773300 ExitProcess
0x140773308 GetProcAddress
0x140773310 VirtualProtect
ole32.dll
0x140773320 CoInitializeEx
PSAPI.DLL
0x140773330 GetProcessMemoryInfo
USER32.dll
0x140773340 ShowWindow
USERENV.dll
0x140773350 GetUserProfileDirectoryW
WS2_32.dll
0x140773360 ioctlsocket
EAT(Export Address Table) is none
ADVAPI32.dll
0x1407732b8 LsaClose
crypt.dll
0x1407732c8 BCryptGenRandom
CRYPT32.dll
0x1407732d8 CertOpenStore
IPHLPAPI.DLL
0x1407732e8 GetAdaptersAddresses
KERNEL32.DLL
0x1407732f8 LoadLibraryA
0x140773300 ExitProcess
0x140773308 GetProcAddress
0x140773310 VirtualProtect
ole32.dll
0x140773320 CoInitializeEx
PSAPI.DLL
0x140773330 GetProcessMemoryInfo
USER32.dll
0x140773340 ShowWindow
USERENV.dll
0x140773350 GetUserProfileDirectoryW
WS2_32.dll
0x140773360 ioctlsocket
EAT(Export Address Table) is none