ScreenShot
| Created | 2024.08.05 09:36 | Machine | s1_win7_x6403 |
| Filename | test.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (AIDetectMalware, BitCoinMiner, malicious, moderate confidence, score, Miner, Unsafe, Save, Attribute, HighConfidence, CoinMiner, Artemis, CoinminerX, Miners, yFwsfpS6ZqD, Tool, BtcMine, Real Protect, XMRig Miner, Detected, XMRig, RiskTool, Eldorado, R526983, R002H07H424, Bitminer, ai score=78, grayware, confidence, 100%, HackTool) | ||
| md5 | be924fd44ff6878d0666320a6161ad70 | ||
| sha256 | 283ece83572923032a368088751b611aee0d866be61d048935d9b5ca3d344a70 | ||
| ssdeep | 49152:emTKVJmW4ODgtXsxlh+WzMKZB1KfdW8EbmC6MIq6eYCq0yJHoJSzvMvUw2n:4mW4ODyXsxj+WAKZzKFNEbmC6+6eYCwY | ||
| imphash | 8591292e0f274357f3fd24d7fa5756bb | ||
| impfuzzy | 6:oI8wKXnWZRXvYBJAEoZ/OEGDzyRXJychbK1/Q5w2AxyTO6l:oSlxwABZG/DzFQ5w2A+O6l | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | Queries for the computername |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140b11dc8 FreeSid
CRYPT32.dll
0x140b11dd8 CertOpenStore
IPHLPAPI.DLL
0x140b11de8 GetAdaptersAddresses
KERNEL32.DLL
0x140b11df8 LoadLibraryA
0x140b11e00 ExitProcess
0x140b11e08 GetProcAddress
0x140b11e10 VirtualProtect
msvcrt.dll
0x140b11e20 atof
ole32.dll
0x140b11e30 CoInitializeEx
SHELL32.dll
0x140b11e40 SHGetSpecialFolderPathA
USER32.dll
0x140b11e50 ShowWindow
USERENV.dll
0x140b11e60 GetUserProfileDirectoryW
WS2_32.dll
0x140b11e70 ind
EAT(Export Address Table) is none
ADVAPI32.dll
0x140b11dc8 FreeSid
CRYPT32.dll
0x140b11dd8 CertOpenStore
IPHLPAPI.DLL
0x140b11de8 GetAdaptersAddresses
KERNEL32.DLL
0x140b11df8 LoadLibraryA
0x140b11e00 ExitProcess
0x140b11e08 GetProcAddress
0x140b11e10 VirtualProtect
msvcrt.dll
0x140b11e20 atof
ole32.dll
0x140b11e30 CoInitializeEx
SHELL32.dll
0x140b11e40 SHGetSpecialFolderPathA
USER32.dll
0x140b11e50 ShowWindow
USERENV.dll
0x140b11e60 GetUserProfileDirectoryW
WS2_32.dll
0x140b11e70 ind
EAT(Export Address Table) is none