ScreenShot
| Created | 2024.02.04 16:45 | Machine | s1_win7_x6401 |
| Filename | art22.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 68bb10f285c0dbab62f5a8ad7c25ee7a | ||
| sha256 | 77dee6099cf3f0bc7cd43f2f44ed61598fc915c30f5ca291338f883c9b86cc1d | ||
| ssdeep | 49152:BWM4CdnWD+27FwZCdg4kP3qroi0a0Kr0jSIv0Jq:07CdnWa27CQdg4kPSoFa09jLvL | ||
| imphash | de41d4e0545d977de6ca665131bb479a | ||
| impfuzzy | 12:FMHHGf5XGXKiEG6eGJyJk6lTpJq/iZJAgRJRJJoARZqRVPXJHqc:FMGf5XGf6ZgJkoDq6ZJ9fjBcV9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
ET POLICY Cryptocurrency Miner Checkin
ET POLICY Cryptocurrency Miner Checkin
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x140009540 __C_specific_handler
0x140009548 __getmainargs
0x140009550 __initenv
0x140009558 __iob_func
0x140009560 __set_app_type
0x140009568 __setusermatherr
0x140009570 _amsg_exit
0x140009578 _cexit
0x140009580 _commode
0x140009588 _fmode
0x140009590 _initterm
0x140009598 _onexit
0x1400095a0 _wcsicmp
0x1400095a8 _wcsnicmp
0x1400095b0 abort
0x1400095b8 calloc
0x1400095c0 exit
0x1400095c8 fprintf
0x1400095d0 free
0x1400095d8 fwrite
0x1400095e0 malloc
0x1400095e8 memcpy
0x1400095f0 memset
0x1400095f8 signal
0x140009600 strlen
0x140009608 strncmp
0x140009610 vfprintf
0x140009618 wcscat
0x140009620 wcscpy
0x140009628 wcslen
0x140009630 wcsncmp
KERNEL32.dll
0x140009640 DeleteCriticalSection
0x140009648 EnterCriticalSection
0x140009650 GetLastError
0x140009658 InitializeCriticalSection
0x140009660 LeaveCriticalSection
0x140009668 SetUnhandledExceptionFilter
0x140009670 Sleep
0x140009678 TlsGetValue
0x140009680 VirtualProtect
0x140009688 VirtualQuery
EAT(Export Address Table) is none
msvcrt.dll
0x140009540 __C_specific_handler
0x140009548 __getmainargs
0x140009550 __initenv
0x140009558 __iob_func
0x140009560 __set_app_type
0x140009568 __setusermatherr
0x140009570 _amsg_exit
0x140009578 _cexit
0x140009580 _commode
0x140009588 _fmode
0x140009590 _initterm
0x140009598 _onexit
0x1400095a0 _wcsicmp
0x1400095a8 _wcsnicmp
0x1400095b0 abort
0x1400095b8 calloc
0x1400095c0 exit
0x1400095c8 fprintf
0x1400095d0 free
0x1400095d8 fwrite
0x1400095e0 malloc
0x1400095e8 memcpy
0x1400095f0 memset
0x1400095f8 signal
0x140009600 strlen
0x140009608 strncmp
0x140009610 vfprintf
0x140009618 wcscat
0x140009620 wcscpy
0x140009628 wcslen
0x140009630 wcsncmp
KERNEL32.dll
0x140009640 DeleteCriticalSection
0x140009648 EnterCriticalSection
0x140009650 GetLastError
0x140009658 InitializeCriticalSection
0x140009660 LeaveCriticalSection
0x140009668 SetUnhandledExceptionFilter
0x140009670 Sleep
0x140009678 TlsGetValue
0x140009680 VirtualProtect
0x140009688 VirtualQuery
EAT(Export Address Table) is none