popup

Report - 66c2d861a5b4d_google.exe

PE File PE64
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.08.20 09:45 Machine s1_win7_x6403
Filename 66c2d861a5b4d_google.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score Not founds Behavior Score
1.4
ZERO API file : malware
VT API (file) 20 detected (AIDetectMalware, malicious, high confidence, RisePro, Unsafe, Attribute, HighConfidence, VMProtect, AC suspicious, FileRepMalware, Miner, bfhiu, FkFUO8h2JGR, Real Protect, moderate, score, Sabsik, CoinMiner, confidence, 100%)
md5 8447dbe44aa2ede5d56341e0dc22f319
sha256 11128e278985be292ec748d40794ed3b94392e540be7f0b3c9a718a4fb4fc177
ssdeep 196608:hdclOOMPjOF5YEbRubP8kf+43/lOBv63JYEYjen8rP9Ocx1ZNONC:POWjO89bER6lOBC3LYjen8rlh1vOI
imphash 3fac356340f08f787f93cbf317f090cd
impfuzzy 3:rTGXG9MMGmi/yJOtJh0EEJmRLLn:HUkMGi6mR/
  Network IP location

Signature (3cnts)

Level Description
warning File has been identified by 20 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (2cnts)

Level Name Description Collection
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
pool.hashvault.pro
whois
SG PhoenixNAP 131.153.76.130 mailcious
131.153.76.130
whois
SG PhoenixNAP 131.153.76.130 mailcious

Suricata ids

ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)

PE API

IAT(Import Address Table) Library

msvcrt.dll
 0x140f4c000 __C_specific_handler
KERNEL32.dll
 0x140f4c010 DeleteCriticalSection

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure