ScreenShot
| Created | 2024.06.24 07:35 | Machine | s1_win7_x6403 |
| Filename | uYtF.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 55 detected (AIDetectMalware, Miner, Windows, Threat, Malicious, score, CoinMiner, S32378657, Tedy, Unsafe, Kryptik, kotlga, puXfYWFTsfG, AGEN, Siggen28, AMADEY, YXEFUZ, Krypt, Outbreak, Detected, ai score=85, GenKryptik, Eldorado, DropperX, R622355, OScope, GdSda, Pgil, 7wV1, J+tp4g, Static AI, Malicious PE, susgen, GQCB, confidence) | ||
| md5 | 4691a9fe21f8589b793ea16f0d1749f1 | ||
| sha256 | 63733ff3b794ebd7566103c8a37f7de862348ffacf130661f2c544dea8cde904 | ||
| ssdeep | 49152:F9/HgTHqHoKCMrALmVS0VcfxXke6QHwpIdRgxh4+nAfHI:F9/HgTHyRrALmyfxXk5pIdRgxhTnu | ||
| imphash | de41d4e0545d977de6ca665131bb479a | ||
| impfuzzy | 12:FMHHGf5XGXKiEG6eGJyJk6lTpJq/iZJAgRJRJJoARZqRVPXJHqc:FMGf5XGf6ZgJkoDq6ZJ9fjBcV9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x140009320 __C_specific_handler
0x140009328 __getmainargs
0x140009330 __initenv
0x140009338 __iob_func
0x140009340 __set_app_type
0x140009348 __setusermatherr
0x140009350 _amsg_exit
0x140009358 _cexit
0x140009360 _commode
0x140009368 _fmode
0x140009370 _initterm
0x140009378 _onexit
0x140009380 _wcsicmp
0x140009388 _wcsnicmp
0x140009390 abort
0x140009398 calloc
0x1400093a0 exit
0x1400093a8 fprintf
0x1400093b0 free
0x1400093b8 fwrite
0x1400093c0 malloc
0x1400093c8 memcpy
0x1400093d0 memset
0x1400093d8 signal
0x1400093e0 strlen
0x1400093e8 strncmp
0x1400093f0 vfprintf
0x1400093f8 wcscat
0x140009400 wcscpy
0x140009408 wcslen
0x140009410 wcsncmp
KERNEL32.dll
0x140009420 DeleteCriticalSection
0x140009428 EnterCriticalSection
0x140009430 GetLastError
0x140009438 InitializeCriticalSection
0x140009440 LeaveCriticalSection
0x140009448 SetUnhandledExceptionFilter
0x140009450 Sleep
0x140009458 TlsGetValue
0x140009460 VirtualProtect
0x140009468 VirtualQuery
EAT(Export Address Table) is none
msvcrt.dll
0x140009320 __C_specific_handler
0x140009328 __getmainargs
0x140009330 __initenv
0x140009338 __iob_func
0x140009340 __set_app_type
0x140009348 __setusermatherr
0x140009350 _amsg_exit
0x140009358 _cexit
0x140009360 _commode
0x140009368 _fmode
0x140009370 _initterm
0x140009378 _onexit
0x140009380 _wcsicmp
0x140009388 _wcsnicmp
0x140009390 abort
0x140009398 calloc
0x1400093a0 exit
0x1400093a8 fprintf
0x1400093b0 free
0x1400093b8 fwrite
0x1400093c0 malloc
0x1400093c8 memcpy
0x1400093d0 memset
0x1400093d8 signal
0x1400093e0 strlen
0x1400093e8 strncmp
0x1400093f0 vfprintf
0x1400093f8 wcscat
0x140009400 wcscpy
0x140009408 wcslen
0x140009410 wcsncmp
KERNEL32.dll
0x140009420 DeleteCriticalSection
0x140009428 EnterCriticalSection
0x140009430 GetLastError
0x140009438 InitializeCriticalSection
0x140009440 LeaveCriticalSection
0x140009448 SetUnhandledExceptionFilter
0x140009450 Sleep
0x140009458 TlsGetValue
0x140009460 VirtualProtect
0x140009468 VirtualQuery
EAT(Export Address Table) is none