ScreenShot
| Created | 2024.01.24 08:13 | Machine | s1_win7_x6401 |
| Filename | FirstZ.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | ffada57f998ed6a72b6ba2f072d2690a | ||
| sha256 | 677f393462e24fb6dba1a47b39e674f485450f91deee6076ccbad9fd5e05bd12 | ||
| ssdeep | 49152:UjBP3/qGrdNJ8VZFhY++Yk/4aLq8wH7mm6qJsSRRjyl:aBPvfrAZF28k/RLbwH7mvcRRjy | ||
| imphash | de41d4e0545d977de6ca665131bb479a | ||
| impfuzzy | 12:FMHHGf5XGXKiEG6eGJyJk6lTpJq/iZJAgRJRJJoARZqRVPXJHqc:FMGf5XGf6ZgJkoDq6ZJ9fjBcV9 | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x14000cd40 __C_specific_handler
0x14000cd48 __getmainargs
0x14000cd50 __initenv
0x14000cd58 __iob_func
0x14000cd60 __set_app_type
0x14000cd68 __setusermatherr
0x14000cd70 _amsg_exit
0x14000cd78 _cexit
0x14000cd80 _commode
0x14000cd88 _fmode
0x14000cd90 _initterm
0x14000cd98 _onexit
0x14000cda0 _wcsicmp
0x14000cda8 _wcsnicmp
0x14000cdb0 abort
0x14000cdb8 calloc
0x14000cdc0 exit
0x14000cdc8 fprintf
0x14000cdd0 free
0x14000cdd8 fwrite
0x14000cde0 malloc
0x14000cde8 memcpy
0x14000cdf0 memset
0x14000cdf8 signal
0x14000ce00 strlen
0x14000ce08 strncmp
0x14000ce10 vfprintf
0x14000ce18 wcscat
0x14000ce20 wcscpy
0x14000ce28 wcslen
0x14000ce30 wcsncmp
KERNEL32.dll
0x14000ce40 DeleteCriticalSection
0x14000ce48 EnterCriticalSection
0x14000ce50 GetLastError
0x14000ce58 InitializeCriticalSection
0x14000ce60 LeaveCriticalSection
0x14000ce68 SetUnhandledExceptionFilter
0x14000ce70 Sleep
0x14000ce78 TlsGetValue
0x14000ce80 VirtualProtect
0x14000ce88 VirtualQuery
EAT(Export Address Table) is none
msvcrt.dll
0x14000cd40 __C_specific_handler
0x14000cd48 __getmainargs
0x14000cd50 __initenv
0x14000cd58 __iob_func
0x14000cd60 __set_app_type
0x14000cd68 __setusermatherr
0x14000cd70 _amsg_exit
0x14000cd78 _cexit
0x14000cd80 _commode
0x14000cd88 _fmode
0x14000cd90 _initterm
0x14000cd98 _onexit
0x14000cda0 _wcsicmp
0x14000cda8 _wcsnicmp
0x14000cdb0 abort
0x14000cdb8 calloc
0x14000cdc0 exit
0x14000cdc8 fprintf
0x14000cdd0 free
0x14000cdd8 fwrite
0x14000cde0 malloc
0x14000cde8 memcpy
0x14000cdf0 memset
0x14000cdf8 signal
0x14000ce00 strlen
0x14000ce08 strncmp
0x14000ce10 vfprintf
0x14000ce18 wcscat
0x14000ce20 wcscpy
0x14000ce28 wcslen
0x14000ce30 wcsncmp
KERNEL32.dll
0x14000ce40 DeleteCriticalSection
0x14000ce48 EnterCriticalSection
0x14000ce50 GetLastError
0x14000ce58 InitializeCriticalSection
0x14000ce60 LeaveCriticalSection
0x14000ce68 SetUnhandledExceptionFilter
0x14000ce70 Sleep
0x14000ce78 TlsGetValue
0x14000ce80 VirtualProtect
0x14000ce88 VirtualQuery
EAT(Export Address Table) is none