ScreenShot
| Created | 2024.10.09 13:01 | Machine | s1_win7_x6401 |
| Filename | asdz2.png | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 58 detected (AIDetectMalware, Malicious, score, CoinMiner, S32378657, FWEM, Unsafe, Mint, Zard, Save, Windows, Threat, Kryptik, Zusy, kpuodh, puXfYWFTsfG, AGEN, Siggen29, R002C0DFT24, Krypt, Static AI, Malicious PE, Detected, GenKryptik, Eldorado, DropperX, R622355, OScope, Miner, GdSda, susgen, GQCB, Tedy) | ||
| md5 | 61d3abff46a6bd2946925542c7d30397 | ||
| sha256 | b1a351ee61443b8558934dca6b2fa9efb0a6d2d18bae61ace5a761596604dbfa | ||
| ssdeep | 49152:e+CCncEUAhZfuFtUasR7NICKP6Fhjf+POnLcjzlfXhITNE1u5xY13oNV:c8cMhZfuF6asRxm6Flf++olfX2u1OY13 | ||
| imphash | de41d4e0545d977de6ca665131bb479a | ||
| impfuzzy | 12:FMHHGf5XGXKiEG6eGJyJk6lTpJq/iZJAgRJRJJoARZqRVPXJHqc:FMGf5XGf6ZgJkoDq6ZJ9fjBcV9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x14000cd10 __C_specific_handler
0x14000cd18 __getmainargs
0x14000cd20 __initenv
0x14000cd28 __iob_func
0x14000cd30 __set_app_type
0x14000cd38 __setusermatherr
0x14000cd40 _amsg_exit
0x14000cd48 _cexit
0x14000cd50 _commode
0x14000cd58 _fmode
0x14000cd60 _initterm
0x14000cd68 _onexit
0x14000cd70 _wcsicmp
0x14000cd78 _wcsnicmp
0x14000cd80 abort
0x14000cd88 calloc
0x14000cd90 exit
0x14000cd98 fprintf
0x14000cda0 free
0x14000cda8 fwrite
0x14000cdb0 malloc
0x14000cdb8 memcpy
0x14000cdc0 memset
0x14000cdc8 signal
0x14000cdd0 strlen
0x14000cdd8 strncmp
0x14000cde0 vfprintf
0x14000cde8 wcscat
0x14000cdf0 wcscpy
0x14000cdf8 wcslen
0x14000ce00 wcsncmp
KERNEL32.dll
0x14000ce10 DeleteCriticalSection
0x14000ce18 EnterCriticalSection
0x14000ce20 GetLastError
0x14000ce28 InitializeCriticalSection
0x14000ce30 LeaveCriticalSection
0x14000ce38 SetUnhandledExceptionFilter
0x14000ce40 Sleep
0x14000ce48 TlsGetValue
0x14000ce50 VirtualProtect
0x14000ce58 VirtualQuery
EAT(Export Address Table) is none
msvcrt.dll
0x14000cd10 __C_specific_handler
0x14000cd18 __getmainargs
0x14000cd20 __initenv
0x14000cd28 __iob_func
0x14000cd30 __set_app_type
0x14000cd38 __setusermatherr
0x14000cd40 _amsg_exit
0x14000cd48 _cexit
0x14000cd50 _commode
0x14000cd58 _fmode
0x14000cd60 _initterm
0x14000cd68 _onexit
0x14000cd70 _wcsicmp
0x14000cd78 _wcsnicmp
0x14000cd80 abort
0x14000cd88 calloc
0x14000cd90 exit
0x14000cd98 fprintf
0x14000cda0 free
0x14000cda8 fwrite
0x14000cdb0 malloc
0x14000cdb8 memcpy
0x14000cdc0 memset
0x14000cdc8 signal
0x14000cdd0 strlen
0x14000cdd8 strncmp
0x14000cde0 vfprintf
0x14000cde8 wcscat
0x14000cdf0 wcscpy
0x14000cdf8 wcslen
0x14000ce00 wcsncmp
KERNEL32.dll
0x14000ce10 DeleteCriticalSection
0x14000ce18 EnterCriticalSection
0x14000ce20 GetLastError
0x14000ce28 InitializeCriticalSection
0x14000ce30 LeaveCriticalSection
0x14000ce38 SetUnhandledExceptionFilter
0x14000ce40 Sleep
0x14000ce48 TlsGetValue
0x14000ce50 VirtualProtect
0x14000ce58 VirtualQuery
EAT(Export Address Table) is none