ScreenShot
| Created | 2024.06.19 09:56 | Machine | s1_win7_x6401 |
| Filename | blob.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetectMalware, Miner, Windows, Threat, Malicious, score, CoinMiner, S32378657, Tedy, Unsafe, Save, Kryptik, Artemis, koqvgm, puXfYWFTsfG, AGEN, Inject5, AMADEY, YXEFQZ, Krypt, Outbreak, Detected, ai score=88, GenKryptik, XMRig, Reflo, Eldorado, DropperX, R622355, OScope, GdSda, Gencirc, Static AI, Malicious PE, susgen, GQCB, confidence) | ||
| md5 | fbfbe4ee13baecac3e7d16bec24cf079 | ||
| sha256 | 3d65e5f78fa228a79d279fd903b45e584effe6b680d3a3adcb582985de62d01e | ||
| ssdeep | 49152:0GXNqt3/rQCbVuI1SjuNVASD++6ozKQ/hD5xkmIW3vFqbrBeL9SSKl:0Gm3/rQCbVuIioc9ihD5KmjteALgl | ||
| imphash | de41d4e0545d977de6ca665131bb479a | ||
| impfuzzy | 12:FMHHGf5XGXKiEG6eGJyJk6lTpJq/iZJAgRJRJJoARZqRVPXJHqc:FMGf5XGf6ZgJkoDq6ZJ9fjBcV9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x140009308 __C_specific_handler
0x140009310 __getmainargs
0x140009318 __initenv
0x140009320 __iob_func
0x140009328 __set_app_type
0x140009330 __setusermatherr
0x140009338 _amsg_exit
0x140009340 _cexit
0x140009348 _commode
0x140009350 _fmode
0x140009358 _initterm
0x140009360 _onexit
0x140009368 _wcsicmp
0x140009370 _wcsnicmp
0x140009378 abort
0x140009380 calloc
0x140009388 exit
0x140009390 fprintf
0x140009398 free
0x1400093a0 fwrite
0x1400093a8 malloc
0x1400093b0 memcpy
0x1400093b8 memset
0x1400093c0 signal
0x1400093c8 strlen
0x1400093d0 strncmp
0x1400093d8 vfprintf
0x1400093e0 wcscat
0x1400093e8 wcscpy
0x1400093f0 wcslen
0x1400093f8 wcsncmp
KERNEL32.dll
0x140009408 DeleteCriticalSection
0x140009410 EnterCriticalSection
0x140009418 GetLastError
0x140009420 InitializeCriticalSection
0x140009428 LeaveCriticalSection
0x140009430 SetUnhandledExceptionFilter
0x140009438 Sleep
0x140009440 TlsGetValue
0x140009448 VirtualProtect
0x140009450 VirtualQuery
EAT(Export Address Table) is none
msvcrt.dll
0x140009308 __C_specific_handler
0x140009310 __getmainargs
0x140009318 __initenv
0x140009320 __iob_func
0x140009328 __set_app_type
0x140009330 __setusermatherr
0x140009338 _amsg_exit
0x140009340 _cexit
0x140009348 _commode
0x140009350 _fmode
0x140009358 _initterm
0x140009360 _onexit
0x140009368 _wcsicmp
0x140009370 _wcsnicmp
0x140009378 abort
0x140009380 calloc
0x140009388 exit
0x140009390 fprintf
0x140009398 free
0x1400093a0 fwrite
0x1400093a8 malloc
0x1400093b0 memcpy
0x1400093b8 memset
0x1400093c0 signal
0x1400093c8 strlen
0x1400093d0 strncmp
0x1400093d8 vfprintf
0x1400093e0 wcscat
0x1400093e8 wcscpy
0x1400093f0 wcslen
0x1400093f8 wcsncmp
KERNEL32.dll
0x140009408 DeleteCriticalSection
0x140009410 EnterCriticalSection
0x140009418 GetLastError
0x140009420 InitializeCriticalSection
0x140009428 LeaveCriticalSection
0x140009430 SetUnhandledExceptionFilter
0x140009438 Sleep
0x140009440 TlsGetValue
0x140009448 VirtualProtect
0x140009450 VirtualQuery
EAT(Export Address Table) is none