popup

Report - NewApp.exe

PE File PE64
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.10.06 12:48 Machine s1_win7_x6401
Filename NewApp.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
6
 Behavior Score
2.4
ZERO API file : clean
VT API (file) 43 detected (AIDetectMalware, GenCBL, Malicious, score, Artemis, Unsafe, GenericKD, confidence, Attribute, HighConfidence, high confidence, MalwareX, xbsxlv, Vigorf, k4sAFfFHdvK, Nekark, dtgmb, Detected, GenKryptik, XMRig, Coinminer, YVANKN, R669480, Chgt, FalseSign, Simw, susgen)
md5 2eea3ddbfc81544b54a4ac5028a30805
sha256 ab043bb5ec1911f462c0e6341efb93c2760f097becc0c01ecbd02e5949b10025
ssdeep 98304:CtK2disEKWIAN9rDUQ60m+E+3syUSIkJEhxfAF8p4uc6X1zl7As/WO+H:C3bErIYeQ3nEIsyU2Y48CgzdAsuOy
imphash 4def7148f41037b3bc9c17dcf019fe56
impfuzzy 3:rTGXG9MMGmi/yJOtJh0EEJmRLLZsBO7oAAJo1MO/OywSx2AEZsWBJAEPwS9KTXzW:HUkMGi6mRxslJoZ/O4ErBJAEHGDW
  Network IP location

Signature (5cnts)

Level Description
danger File has been identified by 43 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
notice The executable is likely packed with VMProtect
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (2cnts)

Level Name Description Collection
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (5cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
xmr-eu1.nanopool.org
whois
DE OVH SAS 51.89.23.91 mailcious
pastebin.com
whois
US CLOUDFLARENET 104.20.3.235 mailcious
51.15.193.130
whois
FR Online S.a.s. 51.15.193.130 mailcious
104.20.4.235
whois
US CLOUDFLARENET 104.20.4.235 mailcious
54.37.232.103
whois
FR OVH SAS 54.37.232.103 clean

Suricata ids

ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)

PE API

IAT(Import Address Table) Library

msvcrt.dll
 0x1405b6000 __C_specific_handler
KERNEL32.dll
 0x1405b6010 DeleteCriticalSection
KERNEL32.dll
 0x1405b6020 HeapAlloc
 0x1405b6028 HeapFree
 0x1405b6030 ExitProcess
 0x1405b6038 GetModuleHandleA
 0x1405b6040 LoadLibraryA
 0x1405b6048 GetProcAddress

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure