ScreenShot
| Created | 2024.07.01 11:02 | Machine | s1_win7_x6401 |
| Filename | 64.jpg.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (TyphonWinekD, Dacic, malicious, moderate confidence, score, Misc, BitCoinMiner, Unsafe, Dump, Save, CoinMiner, Artemis, RiskTool, onmh, jtfznt, Falcomp, Cont, HackTool, mG1beY8gyNI, PotentialRisk, Siggen26, Tool, R002C0DJO22, high, XMRig Miner, atob, Detected, GrayWare, ApplicUnwnt@#1986kfx5hwc5p, DisguisedXMRigMiner, Miner, Gencirc, ai score=89, susgen, confidence, 100%) | ||
| md5 | 72762b7ac7c6dfdc7b1c3b3a5171103a | ||
| sha256 | ecc5a64d97d4adb41ed9332e4c0f5dc7dc02a64a77817438d27fc31c69f7c1d3 | ||
| ssdeep | 49152:TgCwUI2zMCsThgKx7epXo6Ekk6Jy63g9iugMN51fP:Tg9msFgs6u6rk2FgYugMr | ||
| imphash | d42b2c3f8eae481e901bdd791980197f | ||
| impfuzzy | 6:oaGVKXKBJAEoZ/OEGDzyRXcct5w2AxyTO6XcO0:oaWdABZG/DzO5w2A+O6X/0 | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| watch | Detects Virtual Machines through their custom firmware |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Checks amount of memory in system |
| info | Queries for the computername |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x1406d158c LsaClose
crypt.dll
0x1406d159c BCryptGenRandom
CRYPT32.dll
0x1406d15ac CertOpenStore
KERNEL32.DLL
0x1406d15bc LoadLibraryA
0x1406d15c4 ExitProcess
0x1406d15cc GetProcAddress
0x1406d15d4 VirtualProtect
ole32.dll
0x1406d15e4 CoInitializeEx
USER32.dll
0x1406d15f4 ShowWindow
USERENV.dll
0x1406d1604 GetUserProfileDirectoryW
WS2_32.dll
0x1406d1614 ioctlsocket
EAT(Export Address Table) is none
ADVAPI32.dll
0x1406d158c LsaClose
crypt.dll
0x1406d159c BCryptGenRandom
CRYPT32.dll
0x1406d15ac CertOpenStore
KERNEL32.DLL
0x1406d15bc LoadLibraryA
0x1406d15c4 ExitProcess
0x1406d15cc GetProcAddress
0x1406d15d4 VirtualProtect
ole32.dll
0x1406d15e4 CoInitializeEx
USER32.dll
0x1406d15f4 ShowWindow
USERENV.dll
0x1406d1604 GetUserProfileDirectoryW
WS2_32.dll
0x1406d1614 ioctlsocket
EAT(Export Address Table) is none