ScreenShot
| Created | 2024.04.29 14:39 | Machine | s1_win7_x6401 |
| Filename | Exodus.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (AIDetectMalware, Miner, Malicious, score, S32361963, GenericKD, Tedy, CoinMiner, Kryptik, Vfkh, Attribute, HighConfidence, high confidence, Zusy, puXfYWFTsfG, AGEN, Siggen28, SMOKELOADER, YXEDZZ, Krypt, Detected, GenKryptik, XMRig, Malware@#3kmsw4y8kq8u7, Eldorado, DropperX, R622355, OScope, GdSda, Kzfl, ai score=82, GQCB) | ||
| md5 | 3b43da1be0c39802b78f6b2c55c4d7e6 | ||
| sha256 | 00f5cb420d8caf253b67e22714104ce1fb2d75341286c6e3ff31f527e7e5f5eb | ||
| ssdeep | 49152:tq+bulp7HM3wpNbmZTfpuentlEt4TNBKpjQBHYKiLz01AkC:tq+EZHM3AsZfpuulEt4TNBY0BeU1Ak | ||
| imphash | de41d4e0545d977de6ca665131bb479a | ||
| impfuzzy | 12:FMHHGf5XGXKiEG6eGJyJk6lTpJq/iZJAgRJRJJoARZqRVPXJHqc:FMGf5XGf6ZgJkoDq6ZJ9fjBcV9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | HelloXD_Ransomware | HelloXD Ransomware | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x14000a760 __C_specific_handler
0x14000a768 __getmainargs
0x14000a770 __initenv
0x14000a778 __iob_func
0x14000a780 __set_app_type
0x14000a788 __setusermatherr
0x14000a790 _amsg_exit
0x14000a798 _cexit
0x14000a7a0 _commode
0x14000a7a8 _fmode
0x14000a7b0 _initterm
0x14000a7b8 _onexit
0x14000a7c0 _wcsicmp
0x14000a7c8 _wcsnicmp
0x14000a7d0 abort
0x14000a7d8 calloc
0x14000a7e0 exit
0x14000a7e8 fprintf
0x14000a7f0 free
0x14000a7f8 fwrite
0x14000a800 malloc
0x14000a808 memcpy
0x14000a810 memset
0x14000a818 signal
0x14000a820 strlen
0x14000a828 strncmp
0x14000a830 vfprintf
0x14000a838 wcscat
0x14000a840 wcscpy
0x14000a848 wcslen
0x14000a850 wcsncmp
KERNEL32.dll
0x14000a860 DeleteCriticalSection
0x14000a868 EnterCriticalSection
0x14000a870 GetLastError
0x14000a878 InitializeCriticalSection
0x14000a880 LeaveCriticalSection
0x14000a888 SetUnhandledExceptionFilter
0x14000a890 Sleep
0x14000a898 TlsGetValue
0x14000a8a0 VirtualProtect
0x14000a8a8 VirtualQuery
EAT(Export Address Table) is none
msvcrt.dll
0x14000a760 __C_specific_handler
0x14000a768 __getmainargs
0x14000a770 __initenv
0x14000a778 __iob_func
0x14000a780 __set_app_type
0x14000a788 __setusermatherr
0x14000a790 _amsg_exit
0x14000a798 _cexit
0x14000a7a0 _commode
0x14000a7a8 _fmode
0x14000a7b0 _initterm
0x14000a7b8 _onexit
0x14000a7c0 _wcsicmp
0x14000a7c8 _wcsnicmp
0x14000a7d0 abort
0x14000a7d8 calloc
0x14000a7e0 exit
0x14000a7e8 fprintf
0x14000a7f0 free
0x14000a7f8 fwrite
0x14000a800 malloc
0x14000a808 memcpy
0x14000a810 memset
0x14000a818 signal
0x14000a820 strlen
0x14000a828 strncmp
0x14000a830 vfprintf
0x14000a838 wcscat
0x14000a840 wcscpy
0x14000a848 wcslen
0x14000a850 wcsncmp
KERNEL32.dll
0x14000a860 DeleteCriticalSection
0x14000a868 EnterCriticalSection
0x14000a870 GetLastError
0x14000a878 InitializeCriticalSection
0x14000a880 LeaveCriticalSection
0x14000a888 SetUnhandledExceptionFilter
0x14000a890 Sleep
0x14000a898 TlsGetValue
0x14000a8a0 VirtualProtect
0x14000a8a8 VirtualQuery
EAT(Export Address Table) is none