ScreenShot
| Created | 2023.10.18 07:55 | Machine | s1_win7_x6401 |
| Filename | silent.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 8e0907f52947b06a7b2f4a3ff064ec2d | ||
| sha256 | f5337c8755def6dfe13adfefb348a01d4b569d731e4ee40561587079c0e54486 | ||
| ssdeep | 98304:yzMMH/yXitS8hC0qmtmHTUZ6F8V8s1TQU3Cf/J3+EbL2Is:yo7z8h3qm1Z641lSZ3K | ||
| imphash | f7505c167603909b7180406402fef19e | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/Gbtcqc6ZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcoF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | Communication to multiple IPs on high port numbers possibly indicative of a peer-to-peer (P2P) or non-standard command and control protocol |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
ET POLICY Cryptocurrency Miner Checkin
ET POLICY Cryptocurrency Miner Checkin
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14057028c CloseHandle
0x140570294 CreateSemaphoreW
0x14057029c DeleteCriticalSection
0x1405702a4 EnterCriticalSection
0x1405702ac GetCurrentThreadId
0x1405702b4 GetLastError
0x1405702bc GetStartupInfoA
0x1405702c4 InitializeCriticalSection
0x1405702cc IsDBCSLeadByteEx
0x1405702d4 LeaveCriticalSection
0x1405702dc MultiByteToWideChar
0x1405702e4 RaiseException
0x1405702ec ReleaseSemaphore
0x1405702f4 RtlCaptureContext
0x1405702fc RtlLookupFunctionEntry
0x140570304 RtlUnwindEx
0x14057030c RtlVirtualUnwind
0x140570314 SetLastError
0x14057031c SetUnhandledExceptionFilter
0x140570324 Sleep
0x14057032c TlsAlloc
0x140570334 TlsFree
0x14057033c TlsGetValue
0x140570344 TlsSetValue
0x14057034c VirtualProtect
0x140570354 VirtualQuery
0x14057035c WaitForSingleObject
0x140570364 WideCharToMultiByte
msvcrt.dll
0x140570374 __C_specific_handler
0x14057037c ___lc_codepage_func
0x140570384 ___mb_cur_max_func
0x14057038c __getmainargs
0x140570394 __initenv
0x14057039c __iob_func
0x1405703a4 __set_app_type
0x1405703ac __setusermatherr
0x1405703b4 _acmdln
0x1405703bc _amsg_exit
0x1405703c4 _cexit
0x1405703cc _commode
0x1405703d4 _errno
0x1405703dc _fmode
0x1405703e4 _initterm
0x1405703ec _onexit
0x1405703f4 _wcsicmp
0x1405703fc _wcsnicmp
0x140570404 abort
0x14057040c calloc
0x140570414 exit
0x14057041c fprintf
0x140570424 fputc
0x14057042c fputs
0x140570434 fputwc
0x14057043c free
0x140570444 fwprintf
0x14057044c fwrite
0x140570454 localeconv
0x14057045c malloc
0x140570464 memcpy
0x14057046c memset
0x140570474 realloc
0x14057047c signal
0x140570484 strcmp
0x14057048c strerror
0x140570494 strlen
0x14057049c strncmp
0x1405704a4 vfprintf
0x1405704ac wcscat
0x1405704b4 wcscpy
0x1405704bc wcslen
0x1405704c4 wcsncmp
0x1405704cc wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x14057028c CloseHandle
0x140570294 CreateSemaphoreW
0x14057029c DeleteCriticalSection
0x1405702a4 EnterCriticalSection
0x1405702ac GetCurrentThreadId
0x1405702b4 GetLastError
0x1405702bc GetStartupInfoA
0x1405702c4 InitializeCriticalSection
0x1405702cc IsDBCSLeadByteEx
0x1405702d4 LeaveCriticalSection
0x1405702dc MultiByteToWideChar
0x1405702e4 RaiseException
0x1405702ec ReleaseSemaphore
0x1405702f4 RtlCaptureContext
0x1405702fc RtlLookupFunctionEntry
0x140570304 RtlUnwindEx
0x14057030c RtlVirtualUnwind
0x140570314 SetLastError
0x14057031c SetUnhandledExceptionFilter
0x140570324 Sleep
0x14057032c TlsAlloc
0x140570334 TlsFree
0x14057033c TlsGetValue
0x140570344 TlsSetValue
0x14057034c VirtualProtect
0x140570354 VirtualQuery
0x14057035c WaitForSingleObject
0x140570364 WideCharToMultiByte
msvcrt.dll
0x140570374 __C_specific_handler
0x14057037c ___lc_codepage_func
0x140570384 ___mb_cur_max_func
0x14057038c __getmainargs
0x140570394 __initenv
0x14057039c __iob_func
0x1405703a4 __set_app_type
0x1405703ac __setusermatherr
0x1405703b4 _acmdln
0x1405703bc _amsg_exit
0x1405703c4 _cexit
0x1405703cc _commode
0x1405703d4 _errno
0x1405703dc _fmode
0x1405703e4 _initterm
0x1405703ec _onexit
0x1405703f4 _wcsicmp
0x1405703fc _wcsnicmp
0x140570404 abort
0x14057040c calloc
0x140570414 exit
0x14057041c fprintf
0x140570424 fputc
0x14057042c fputs
0x140570434 fputwc
0x14057043c free
0x140570444 fwprintf
0x14057044c fwrite
0x140570454 localeconv
0x14057045c malloc
0x140570464 memcpy
0x14057046c memset
0x140570474 realloc
0x14057047c signal
0x140570484 strcmp
0x14057048c strerror
0x140570494 strlen
0x14057049c strncmp
0x1405704a4 vfprintf
0x1405704ac wcscat
0x1405704b4 wcscpy
0x1405704bc wcslen
0x1405704c4 wcsncmp
0x1405704cc wcsstr
EAT(Export Address Table) is none