ScreenShot
| Created | 2024.09.03 09:32 | Machine | s1_win7_x6403 |
| Filename | ModSkin_Eng.exe | ||
| Type | PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (AIDetectMalware, DllInject, malicious, high confidence, PUPXAD, Jalapeno, Unsafe, CoinMiner, Vjty, Attribute, HighConfidence, AGen, NE potentially unsafe, GenericRXAA, TrojanX, Msilheracles, Miner, adbh, CLOUD, pndrm, R002C0XDM24, high, score, Generic Reputation PUA, Static AI, Malicious PE, Detected, ai score=87, Wacatac, Casdet, ABMiner, ESYX, Chgt, Gencirc, susgen, confidence) | ||
| md5 | 251506af767bc121f5e65970488030c1 | ||
| sha256 | 24f9581c4c049a77f803fd49bd07186960d913063bd24f735d6a8c8aefd3b037 | ||
| ssdeep | 24576:evRd6SaQq7fasmvoSRd6SkaaSeKAjg4ErzRd6S:er6SaQq7fasm96SkFKAjg4Erf6S | ||
| imphash | 3170940b28704bc5d652dfd321762d42 | ||
| impfuzzy | 96:/0gCGus2OocDZVzkcsIpLmo1/JgJjJfbYkxUXgQCNO48bg9yv5sQ72:cItt5gDfV8bUn | ||
Network IP location
Signature (12cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to create or modify system certificates |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Foreign language identified in PE resource |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | ConfuserEx_Zero | Confuser .NET | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | Is_DotNET_EXE | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
MSVCP140.dll
0x14000b058 ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x14000b060 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x14000b068 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x14000b070 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x14000b078 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x14000b080 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x14000b088 ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x14000b090 ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x14000b098 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x14000b0a0 ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x14000b0a8 ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x14000b0b0 ?_Throw_Cpp_error@std@@YAXH@Z
0x14000b0b8 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x14000b0c0 _Thrd_detach
0x14000b0c8 _Cnd_do_broadcast_at_thread_exit
0x14000b0d0 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x14000b0d8 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x14000b0e0 ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x14000b0e8 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x14000b0f0 ?_Xlength_error@std@@YAXPEBD@Z
0x14000b0f8 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x14000b100 ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x14000b108 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x14000b110 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x14000b118 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
0x14000b120 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x14000b128 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14000b130 _Query_perf_frequency
0x14000b138 _Query_perf_counter
0x14000b140 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x14000b148 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x14000b150 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14000b158 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14000b160 ??0_Lockit@std@@QEAA@H@Z
0x14000b168 ??Bid@locale@std@@QEAA_KXZ
0x14000b170 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x14000b178 ??1_Lockit@std@@QEAA@XZ
0x14000b180 _Xtime_get_ticks
0x14000b188 ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
0x14000b190 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x14000b198 _Thrd_sleep
0x14000b1a0 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x14000b1a8 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x14000b1b0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x14000b1b8 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
api-ms-win-crt-heap-l1-1-0.dll
0x14000b250 malloc
0x14000b258 free
0x14000b260 _callnewh
api-ms-win-crt-runtime-l1-1-0.dll
0x14000b270 terminate
0x14000b278 _invalid_parameter_noinfo_noreturn
0x14000b280 _cexit
0x14000b288 _beginthreadex
0x14000b290 abort
VCRUNTIME140.dll
0x14000b1c8 __current_exception_context
0x14000b1d0 __current_exception
0x14000b1d8 _CxxThrowException
0x14000b1e0 __std_exception_destroy
0x14000b1e8 __std_exception_copy
0x14000b1f0 memcpy
0x14000b1f8 __FrameUnwindFilter
0x14000b200 __CxxUnregisterExceptionObject
0x14000b208 __CxxDetectRethrow
0x14000b210 __CxxRegisterExceptionObject
0x14000b218 __CxxExceptionFilter
0x14000b220 __CxxQueryExceptionSize
0x14000b228 memmove
KERNEL32.dll
0x14000b020 GetCurrentProcessId
0x14000b028 QueryPerformanceCounter
0x14000b030 Sleep
0x14000b038 WideCharToMultiByte
0x14000b040 GetSystemTimeAsFileTime
0x14000b048 GetCurrentThreadId
ADVAPI32.dll
0x14000b000 LookupPrivilegeValueW
0x14000b008 OpenProcessToken
0x14000b010 AdjustTokenPrivileges
api-ms-win-crt-stdio-l1-1-0.dll
0x14000b2a0 fgetc
0x14000b2a8 _get_stream_buffer_pointers
0x14000b2b0 fflush
0x14000b2b8 fwrite
0x14000b2c0 fclose
0x14000b2c8 setvbuf
0x14000b2d0 fsetpos
0x14000b2d8 fgetpos
0x14000b2e0 fread
0x14000b2e8 _fseeki64
0x14000b2f0 ungetc
0x14000b2f8 fputc
api-ms-win-crt-filesystem-l1-1-0.dll
0x14000b238 _unlock_file
0x14000b240 _lock_file
api-ms-win-crt-time-l1-1-0.dll
0x14000b308 _time64
api-ms-win-crt-utility-l1-1-0.dll
0x14000b318 srand
mscoree.dll
0x14000b328 _CorExeMain
EAT(Export Address Table) is none
MSVCP140.dll
0x14000b058 ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x14000b060 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x14000b068 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x14000b070 ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x14000b078 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
0x14000b080 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
0x14000b088 ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x14000b090 ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x14000b098 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
0x14000b0a0 ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
0x14000b0a8 ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
0x14000b0b0 ?_Throw_Cpp_error@std@@YAXH@Z
0x14000b0b8 ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x14000b0c0 _Thrd_detach
0x14000b0c8 _Cnd_do_broadcast_at_thread_exit
0x14000b0d0 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x14000b0d8 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
0x14000b0e0 ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
0x14000b0e8 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
0x14000b0f0 ?_Xlength_error@std@@YAXPEBD@Z
0x14000b0f8 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
0x14000b100 ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
0x14000b108 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
0x14000b110 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
0x14000b118 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
0x14000b120 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x14000b128 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14000b130 _Query_perf_frequency
0x14000b138 _Query_perf_counter
0x14000b140 ?always_noconv@codecvt_base@std@@QEBA_NXZ
0x14000b148 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
0x14000b150 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14000b158 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
0x14000b160 ??0_Lockit@std@@QEAA@H@Z
0x14000b168 ??Bid@locale@std@@QEAA_KXZ
0x14000b170 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
0x14000b178 ??1_Lockit@std@@QEAA@XZ
0x14000b180 _Xtime_get_ticks
0x14000b188 ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
0x14000b190 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
0x14000b198 _Thrd_sleep
0x14000b1a0 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
0x14000b1a8 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
0x14000b1b0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
0x14000b1b8 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
api-ms-win-crt-heap-l1-1-0.dll
0x14000b250 malloc
0x14000b258 free
0x14000b260 _callnewh
api-ms-win-crt-runtime-l1-1-0.dll
0x14000b270 terminate
0x14000b278 _invalid_parameter_noinfo_noreturn
0x14000b280 _cexit
0x14000b288 _beginthreadex
0x14000b290 abort
VCRUNTIME140.dll
0x14000b1c8 __current_exception_context
0x14000b1d0 __current_exception
0x14000b1d8 _CxxThrowException
0x14000b1e0 __std_exception_destroy
0x14000b1e8 __std_exception_copy
0x14000b1f0 memcpy
0x14000b1f8 __FrameUnwindFilter
0x14000b200 __CxxUnregisterExceptionObject
0x14000b208 __CxxDetectRethrow
0x14000b210 __CxxRegisterExceptionObject
0x14000b218 __CxxExceptionFilter
0x14000b220 __CxxQueryExceptionSize
0x14000b228 memmove
KERNEL32.dll
0x14000b020 GetCurrentProcessId
0x14000b028 QueryPerformanceCounter
0x14000b030 Sleep
0x14000b038 WideCharToMultiByte
0x14000b040 GetSystemTimeAsFileTime
0x14000b048 GetCurrentThreadId
ADVAPI32.dll
0x14000b000 LookupPrivilegeValueW
0x14000b008 OpenProcessToken
0x14000b010 AdjustTokenPrivileges
api-ms-win-crt-stdio-l1-1-0.dll
0x14000b2a0 fgetc
0x14000b2a8 _get_stream_buffer_pointers
0x14000b2b0 fflush
0x14000b2b8 fwrite
0x14000b2c0 fclose
0x14000b2c8 setvbuf
0x14000b2d0 fsetpos
0x14000b2d8 fgetpos
0x14000b2e0 fread
0x14000b2e8 _fseeki64
0x14000b2f0 ungetc
0x14000b2f8 fputc
api-ms-win-crt-filesystem-l1-1-0.dll
0x14000b238 _unlock_file
0x14000b240 _lock_file
api-ms-win-crt-time-l1-1-0.dll
0x14000b308 _time64
api-ms-win-crt-utility-l1-1-0.dll
0x14000b318 srand
mscoree.dll
0x14000b328 _CorExeMain
EAT(Export Address Table) is none