ScreenShot
| Created | 2023.10.16 12:50 | Machine | s1_win7_x6401 |
| Filename | My2.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (AIDetectMalware, GenericKD, Artemis, Rozena, V2ty, CoinMiner, malicious, confidence, Attribute, HighConfidence, high confidence, score, xbfbdl, MalwareX, VqtQRH5PzKH, qeorb, Siggen21, LGOOGLOADER, YXDJLZ, Detected, ai score=83, Malware@#xxi7fw61adj5, Eldorado, R608024, unsafe, FalseSign, Jqil) | ||
| md5 | df280925e135481b26e921dd1221e359 | ||
| sha256 | 710a3e1beda67e1c543ba04423bfb0ba643815582310c0b3d03d03e071c894b8 | ||
| ssdeep | 98304:Po/+yDDRT0Vzalb9K8K+ZR+wc6cw5FTEsDNJZe6w43eK:A/+yHxlb9K8K+rYq9NJZeD43eK | ||
| imphash | cfc2f6e0ad47e701959f21a8d2a686e9 | ||
| impfuzzy | 12:YRJRJJoARZqRVPXJHqV0MHHGf5XGXKiEG6eGJwk6lm/GaJqfZJVZJn:8fjBcVK0MGf5XGf6Zykom/GCqxvZJn | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14053e1a8 DeleteCriticalSection
0x14053e1b0 EnterCriticalSection
0x14053e1b8 GetLastError
0x14053e1c0 InitializeCriticalSection
0x14053e1c8 LeaveCriticalSection
0x14053e1d0 SetUnhandledExceptionFilter
0x14053e1d8 Sleep
0x14053e1e0 TlsGetValue
0x14053e1e8 VirtualProtect
0x14053e1f0 VirtualQuery
msvcrt.dll
0x14053e200 __C_specific_handler
0x14053e208 __getmainargs
0x14053e210 __initenv
0x14053e218 __iob_func
0x14053e220 __set_app_type
0x14053e228 __setusermatherr
0x14053e230 _amsg_exit
0x14053e238 _cexit
0x14053e240 _commode
0x14053e248 _fmode
0x14053e250 _initterm
0x14053e258 _onexit
0x14053e260 abort
0x14053e268 calloc
0x14053e270 exit
0x14053e278 fprintf
0x14053e280 fputs
0x14053e288 free
0x14053e290 malloc
0x14053e298 memset
0x14053e2a0 signal
0x14053e2a8 strcat
0x14053e2b0 strlen
0x14053e2b8 strncmp
0x14053e2c0 strstr
0x14053e2c8 vfprintf
0x14053e2d0 wcscat
0x14053e2d8 wcscpy
0x14053e2e0 wcslen
0x14053e2e8 wcsncmp
0x14053e2f0 wcsstr
0x14053e2f8 _wcsnicmp
0x14053e300 _wcsicmp
EAT(Export Address Table) is none
KERNEL32.dll
0x14053e1a8 DeleteCriticalSection
0x14053e1b0 EnterCriticalSection
0x14053e1b8 GetLastError
0x14053e1c0 InitializeCriticalSection
0x14053e1c8 LeaveCriticalSection
0x14053e1d0 SetUnhandledExceptionFilter
0x14053e1d8 Sleep
0x14053e1e0 TlsGetValue
0x14053e1e8 VirtualProtect
0x14053e1f0 VirtualQuery
msvcrt.dll
0x14053e200 __C_specific_handler
0x14053e208 __getmainargs
0x14053e210 __initenv
0x14053e218 __iob_func
0x14053e220 __set_app_type
0x14053e228 __setusermatherr
0x14053e230 _amsg_exit
0x14053e238 _cexit
0x14053e240 _commode
0x14053e248 _fmode
0x14053e250 _initterm
0x14053e258 _onexit
0x14053e260 abort
0x14053e268 calloc
0x14053e270 exit
0x14053e278 fprintf
0x14053e280 fputs
0x14053e288 free
0x14053e290 malloc
0x14053e298 memset
0x14053e2a0 signal
0x14053e2a8 strcat
0x14053e2b0 strlen
0x14053e2b8 strncmp
0x14053e2c0 strstr
0x14053e2c8 vfprintf
0x14053e2d0 wcscat
0x14053e2d8 wcscpy
0x14053e2e0 wcslen
0x14053e2e8 wcsncmp
0x14053e2f0 wcsstr
0x14053e2f8 _wcsnicmp
0x14053e300 _wcsicmp
EAT(Export Address Table) is none