ScreenShot
| Created | 2024.10.14 09:44 | Machine | s1_win7_x6403 |
| Filename | biib.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 52 detected (Malicious, score, Coinminer, Unsafe, Save, confidence, 100%, Whisperer, Attribute, HighConfidence, high confidence, Kryptik, XMRig, DisguisedXMRigMiner, YhzrPCllRHI, AGEN, R002C0DHQ24, Static AI, Suspicious PE, Detected, GenKryptik, Eldorado, R571995, Artemis, GdSda, Gencirc, susgen, GIIA, Miner, CWZB3DGW) | ||
| md5 | a0104e86682a3dc4ce82b3099bad96a0 | ||
| sha256 | 0393a858bb73c8b9546f6cced6140ad93fe27b3de5fdaf48682454c6d7608801 | ||
| ssdeep | 196608:fbujxpCtnCw82MieMhT6f8n/uD5oGgWZNro56iH+xp:fbujCtnbhT6f8w5ojW89Q | ||
| imphash | f7505c167603909b7180406402fef19e | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/Gbtcqc6ZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcoF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1409c528c CloseHandle
0x1409c5294 CreateSemaphoreW
0x1409c529c DeleteCriticalSection
0x1409c52a4 EnterCriticalSection
0x1409c52ac GetCurrentThreadId
0x1409c52b4 GetLastError
0x1409c52bc GetStartupInfoA
0x1409c52c4 InitializeCriticalSection
0x1409c52cc IsDBCSLeadByteEx
0x1409c52d4 LeaveCriticalSection
0x1409c52dc MultiByteToWideChar
0x1409c52e4 RaiseException
0x1409c52ec ReleaseSemaphore
0x1409c52f4 RtlCaptureContext
0x1409c52fc RtlLookupFunctionEntry
0x1409c5304 RtlUnwindEx
0x1409c530c RtlVirtualUnwind
0x1409c5314 SetLastError
0x1409c531c SetUnhandledExceptionFilter
0x1409c5324 Sleep
0x1409c532c TlsAlloc
0x1409c5334 TlsFree
0x1409c533c TlsGetValue
0x1409c5344 TlsSetValue
0x1409c534c VirtualProtect
0x1409c5354 VirtualQuery
0x1409c535c WaitForSingleObject
0x1409c5364 WideCharToMultiByte
msvcrt.dll
0x1409c5374 __C_specific_handler
0x1409c537c ___lc_codepage_func
0x1409c5384 ___mb_cur_max_func
0x1409c538c __getmainargs
0x1409c5394 __initenv
0x1409c539c __iob_func
0x1409c53a4 __set_app_type
0x1409c53ac __setusermatherr
0x1409c53b4 _acmdln
0x1409c53bc _amsg_exit
0x1409c53c4 _cexit
0x1409c53cc _commode
0x1409c53d4 _errno
0x1409c53dc _fmode
0x1409c53e4 _initterm
0x1409c53ec _onexit
0x1409c53f4 _wcsicmp
0x1409c53fc _wcsnicmp
0x1409c5404 abort
0x1409c540c calloc
0x1409c5414 exit
0x1409c541c fprintf
0x1409c5424 fputc
0x1409c542c fputs
0x1409c5434 fputwc
0x1409c543c free
0x1409c5444 fwprintf
0x1409c544c fwrite
0x1409c5454 localeconv
0x1409c545c malloc
0x1409c5464 memcpy
0x1409c546c memset
0x1409c5474 realloc
0x1409c547c signal
0x1409c5484 strcmp
0x1409c548c strerror
0x1409c5494 strlen
0x1409c549c strncmp
0x1409c54a4 vfprintf
0x1409c54ac wcscat
0x1409c54b4 wcscpy
0x1409c54bc wcslen
0x1409c54c4 wcsncmp
0x1409c54cc wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x1409c528c CloseHandle
0x1409c5294 CreateSemaphoreW
0x1409c529c DeleteCriticalSection
0x1409c52a4 EnterCriticalSection
0x1409c52ac GetCurrentThreadId
0x1409c52b4 GetLastError
0x1409c52bc GetStartupInfoA
0x1409c52c4 InitializeCriticalSection
0x1409c52cc IsDBCSLeadByteEx
0x1409c52d4 LeaveCriticalSection
0x1409c52dc MultiByteToWideChar
0x1409c52e4 RaiseException
0x1409c52ec ReleaseSemaphore
0x1409c52f4 RtlCaptureContext
0x1409c52fc RtlLookupFunctionEntry
0x1409c5304 RtlUnwindEx
0x1409c530c RtlVirtualUnwind
0x1409c5314 SetLastError
0x1409c531c SetUnhandledExceptionFilter
0x1409c5324 Sleep
0x1409c532c TlsAlloc
0x1409c5334 TlsFree
0x1409c533c TlsGetValue
0x1409c5344 TlsSetValue
0x1409c534c VirtualProtect
0x1409c5354 VirtualQuery
0x1409c535c WaitForSingleObject
0x1409c5364 WideCharToMultiByte
msvcrt.dll
0x1409c5374 __C_specific_handler
0x1409c537c ___lc_codepage_func
0x1409c5384 ___mb_cur_max_func
0x1409c538c __getmainargs
0x1409c5394 __initenv
0x1409c539c __iob_func
0x1409c53a4 __set_app_type
0x1409c53ac __setusermatherr
0x1409c53b4 _acmdln
0x1409c53bc _amsg_exit
0x1409c53c4 _cexit
0x1409c53cc _commode
0x1409c53d4 _errno
0x1409c53dc _fmode
0x1409c53e4 _initterm
0x1409c53ec _onexit
0x1409c53f4 _wcsicmp
0x1409c53fc _wcsnicmp
0x1409c5404 abort
0x1409c540c calloc
0x1409c5414 exit
0x1409c541c fprintf
0x1409c5424 fputc
0x1409c542c fputs
0x1409c5434 fputwc
0x1409c543c free
0x1409c5444 fwprintf
0x1409c544c fwrite
0x1409c5454 localeconv
0x1409c545c malloc
0x1409c5464 memcpy
0x1409c546c memset
0x1409c5474 realloc
0x1409c547c signal
0x1409c5484 strcmp
0x1409c548c strerror
0x1409c5494 strlen
0x1409c549c strncmp
0x1409c54a4 vfprintf
0x1409c54ac wcscat
0x1409c54b4 wcscpy
0x1409c54bc wcslen
0x1409c54c4 wcsncmp
0x1409c54cc wcsstr
EAT(Export Address Table) is none