ScreenShot
| Created | 2024.07.09 09:58 | Machine | s1_win7_x6403 |
| Filename | SCM_1.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (AIDetectMalware, Windows, Threat, Malicious, score, CoinMiner, S32378657, Tedy, Unsafe, Save, Kryptik, FVKL, puXfYWFTsfG, AGEN, Krypt, Reflo, Detected, GenKryptik, Eldorado, DropperX, R622355, OScope, Miner, ai score=88, GQCB, confidence) | ||
| md5 | 00a69916c649b8f347552f045d9529ef | ||
| sha256 | 962e9a7e391ed22b6567bc43ea2e2e9e8e8750601562a8356ffcb15c649a3ca0 | ||
| ssdeep | 49152:MBeicQuxzs62GFUQsRALUKbtr4y8X2GcIqHwE2:MBeXxYAcAL5r4y8XqwE | ||
| imphash | de41d4e0545d977de6ca665131bb479a | ||
| impfuzzy | 12:FMHHGf5XGXKiEG6eGJyJk6lTpJq/iZJAgRJRJJoARZqRVPXJHqc:FMGf5XGf6ZgJkoDq6ZJ9fjBcV9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x140009398 __C_specific_handler
0x1400093a0 __getmainargs
0x1400093a8 __initenv
0x1400093b0 __iob_func
0x1400093b8 __set_app_type
0x1400093c0 __setusermatherr
0x1400093c8 _amsg_exit
0x1400093d0 _cexit
0x1400093d8 _commode
0x1400093e0 _fmode
0x1400093e8 _initterm
0x1400093f0 _onexit
0x1400093f8 _wcsicmp
0x140009400 _wcsnicmp
0x140009408 abort
0x140009410 calloc
0x140009418 exit
0x140009420 fprintf
0x140009428 free
0x140009430 fwrite
0x140009438 malloc
0x140009440 memcpy
0x140009448 memset
0x140009450 signal
0x140009458 strlen
0x140009460 strncmp
0x140009468 vfprintf
0x140009470 wcscat
0x140009478 wcscpy
0x140009480 wcslen
0x140009488 wcsncmp
KERNEL32.dll
0x140009498 DeleteCriticalSection
0x1400094a0 EnterCriticalSection
0x1400094a8 GetLastError
0x1400094b0 InitializeCriticalSection
0x1400094b8 LeaveCriticalSection
0x1400094c0 SetUnhandledExceptionFilter
0x1400094c8 Sleep
0x1400094d0 TlsGetValue
0x1400094d8 VirtualProtect
0x1400094e0 VirtualQuery
EAT(Export Address Table) is none
msvcrt.dll
0x140009398 __C_specific_handler
0x1400093a0 __getmainargs
0x1400093a8 __initenv
0x1400093b0 __iob_func
0x1400093b8 __set_app_type
0x1400093c0 __setusermatherr
0x1400093c8 _amsg_exit
0x1400093d0 _cexit
0x1400093d8 _commode
0x1400093e0 _fmode
0x1400093e8 _initterm
0x1400093f0 _onexit
0x1400093f8 _wcsicmp
0x140009400 _wcsnicmp
0x140009408 abort
0x140009410 calloc
0x140009418 exit
0x140009420 fprintf
0x140009428 free
0x140009430 fwrite
0x140009438 malloc
0x140009440 memcpy
0x140009448 memset
0x140009450 signal
0x140009458 strlen
0x140009460 strncmp
0x140009468 vfprintf
0x140009470 wcscat
0x140009478 wcscpy
0x140009480 wcslen
0x140009488 wcsncmp
KERNEL32.dll
0x140009498 DeleteCriticalSection
0x1400094a0 EnterCriticalSection
0x1400094a8 GetLastError
0x1400094b0 InitializeCriticalSection
0x1400094b8 LeaveCriticalSection
0x1400094c0 SetUnhandledExceptionFilter
0x1400094c8 Sleep
0x1400094d0 TlsGetValue
0x1400094d8 VirtualProtect
0x1400094e0 VirtualQuery
EAT(Export Address Table) is none