popup

Report - 66b331646d2cd_123p.exe

PE File PE64
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.08.12 09:47 Machine s1_win7_x6403
Filename 66b331646d2cd_123p.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score Not founds Behavior Score
1.8
ZERO API file : malware
VT API (file) 52 detected (AIDetectMalware, VMProtect, Malicious, score, Expiro, GenericKD, Unsafe, CoinMiner, Vvff, high confidence, AC suspicious, MalwareX, Miner, bfevm, FkFUO8h2JGR, zkvhe, Siggen29, PRIVATELOADER, YXEHGZ, Real Protect, moderate, ai score=88, Sabsik, ApplicUnwnt@#1ne0wlp1fejjb, Artemis, Chgt, Rsmw, WpOdV8U1Q, confidence, bpgnf)
md5 27b14ad026da76c1111174c6b4ba6aba
sha256 bef765aff3d916d8be504b604c0dc37afe3fd76260fe158508b778b5e4b85ddf
ssdeep 196608:tSiB9/zPAW0ILyawlf9Ul33DqL4zDefJglqYnkFTdl434Mfr:tX97fB6iXvkFTf4zj
imphash 3fac356340f08f787f93cbf317f090cd
impfuzzy 3:rTGXG9MMGmi/yJOtJh0EEJmRLLn:HUkMGi6mR/
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 52 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (2cnts)

Level Name Description Collection
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
pool.hashvault.pro
whois
SG PhoenixNAP 131.153.76.130 mailcious
131.153.76.130
whois
SG PhoenixNAP 131.153.76.130 mailcious

Suricata ids

ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)

PE API

IAT(Import Address Table) Library

msvcrt.dll
 0x140f2a000 __C_specific_handler
KERNEL32.dll
 0x140f2a010 DeleteCriticalSection

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure