Report - uYtF.exe

PE File PE64
ScreenShot
Created 2024.06.24 07:35 Machine s1_win7_x6403
Filename uYtF.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
11
Behavior Score
1.4
ZERO API file : clean
VT API (file) 55 detected (AIDetectMalware, Miner, Windows, Threat, Malicious, score, CoinMiner, S32378657, Tedy, Unsafe, Kryptik, kotlga, puXfYWFTsfG, AGEN, Siggen28, AMADEY, YXEFUZ, Krypt, Outbreak, Detected, ai score=85, GenKryptik, Eldorado, DropperX, R622355, OScope, GdSda, Pgil, 7wV1, J+tp4g, Static AI, Malicious PE, susgen, GQCB, confidence)
md5 4691a9fe21f8589b793ea16f0d1749f1
sha256 63733ff3b794ebd7566103c8a37f7de862348ffacf130661f2c544dea8cde904
ssdeep 49152:F9/HgTHqHoKCMrALmVS0VcfxXke6QHwpIdRgxh4+nAfHI:F9/HgTHyRrALmyfxXk5pIdRgxhTnu
imphash de41d4e0545d977de6ca665131bb479a
impfuzzy 12:FMHHGf5XGXKiEG6eGJyJk6lTpJq/iZJAgRJRJJoARZqRVPXJHqc:FMGf5XGf6ZgJkoDq6ZJ9fjBcV9
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 55 AntiVirus engines on VirusTotal as malicious
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (2cnts)

Level Name Description Collection
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
pool.hashvault.pro SG PhoenixNAP 131.153.76.130 mailcious
125.253.92.50 AU FireNet Pty Ltd 125.253.92.50 clean

Suricata ids

PE API

IAT(Import Address Table) Library

msvcrt.dll
 0x140009320 __C_specific_handler
 0x140009328 __getmainargs
 0x140009330 __initenv
 0x140009338 __iob_func
 0x140009340 __set_app_type
 0x140009348 __setusermatherr
 0x140009350 _amsg_exit
 0x140009358 _cexit
 0x140009360 _commode
 0x140009368 _fmode
 0x140009370 _initterm
 0x140009378 _onexit
 0x140009380 _wcsicmp
 0x140009388 _wcsnicmp
 0x140009390 abort
 0x140009398 calloc
 0x1400093a0 exit
 0x1400093a8 fprintf
 0x1400093b0 free
 0x1400093b8 fwrite
 0x1400093c0 malloc
 0x1400093c8 memcpy
 0x1400093d0 memset
 0x1400093d8 signal
 0x1400093e0 strlen
 0x1400093e8 strncmp
 0x1400093f0 vfprintf
 0x1400093f8 wcscat
 0x140009400 wcscpy
 0x140009408 wcslen
 0x140009410 wcsncmp
KERNEL32.dll
 0x140009420 DeleteCriticalSection
 0x140009428 EnterCriticalSection
 0x140009430 GetLastError
 0x140009438 InitializeCriticalSection
 0x140009440 LeaveCriticalSection
 0x140009448 SetUnhandledExceptionFilter
 0x140009450 Sleep
 0x140009458 TlsGetValue
 0x140009460 VirtualProtect
 0x140009468 VirtualQuery

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure