ScreenShot
| Created | 2024.10.14 09:44 | Machine | s1_win7_x6401 |
| Filename | 3.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (AIDetectMalware, XMRig, Malicious, score, Coinminer, Whisperer, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, Miner, lrlz, DisguisedXMRigMiner, YhzrPCllRHI, AGEN, Siggen29, R002C0DHJ24, Static AI, Suspicious PE, Detected, GenKryptik, CCAN, Eldorado, R571995, Artemis, GdSda, Gencirc, susgen, GIIA, CWZB3DGW) | ||
| md5 | 6f804d98df32ee28685d8468e619dd87 | ||
| sha256 | 3b567592754e25eaa9246e3b267eebccaa870494c351b87ce2124f3e03a676aa | ||
| ssdeep | 196608:NfZ+pJEfu095vo5n8xnzv0jr+ao/hNJu+y19RERUAc9s:Nsx09xo5m70nm5NJuVRERUAY | ||
| imphash | f7505c167603909b7180406402fef19e | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/Gbtcqc6ZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcoF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1409c428c CloseHandle
0x1409c4294 CreateSemaphoreW
0x1409c429c DeleteCriticalSection
0x1409c42a4 EnterCriticalSection
0x1409c42ac GetCurrentThreadId
0x1409c42b4 GetLastError
0x1409c42bc GetStartupInfoA
0x1409c42c4 InitializeCriticalSection
0x1409c42cc IsDBCSLeadByteEx
0x1409c42d4 LeaveCriticalSection
0x1409c42dc MultiByteToWideChar
0x1409c42e4 RaiseException
0x1409c42ec ReleaseSemaphore
0x1409c42f4 RtlCaptureContext
0x1409c42fc RtlLookupFunctionEntry
0x1409c4304 RtlUnwindEx
0x1409c430c RtlVirtualUnwind
0x1409c4314 SetLastError
0x1409c431c SetUnhandledExceptionFilter
0x1409c4324 Sleep
0x1409c432c TlsAlloc
0x1409c4334 TlsFree
0x1409c433c TlsGetValue
0x1409c4344 TlsSetValue
0x1409c434c VirtualProtect
0x1409c4354 VirtualQuery
0x1409c435c WaitForSingleObject
0x1409c4364 WideCharToMultiByte
msvcrt.dll
0x1409c4374 __C_specific_handler
0x1409c437c ___lc_codepage_func
0x1409c4384 ___mb_cur_max_func
0x1409c438c __getmainargs
0x1409c4394 __initenv
0x1409c439c __iob_func
0x1409c43a4 __set_app_type
0x1409c43ac __setusermatherr
0x1409c43b4 _acmdln
0x1409c43bc _amsg_exit
0x1409c43c4 _cexit
0x1409c43cc _commode
0x1409c43d4 _errno
0x1409c43dc _fmode
0x1409c43e4 _initterm
0x1409c43ec _onexit
0x1409c43f4 _wcsicmp
0x1409c43fc _wcsnicmp
0x1409c4404 abort
0x1409c440c calloc
0x1409c4414 exit
0x1409c441c fprintf
0x1409c4424 fputc
0x1409c442c fputs
0x1409c4434 fputwc
0x1409c443c free
0x1409c4444 fwprintf
0x1409c444c fwrite
0x1409c4454 localeconv
0x1409c445c malloc
0x1409c4464 memcpy
0x1409c446c memset
0x1409c4474 realloc
0x1409c447c signal
0x1409c4484 strcmp
0x1409c448c strerror
0x1409c4494 strlen
0x1409c449c strncmp
0x1409c44a4 vfprintf
0x1409c44ac wcscat
0x1409c44b4 wcscpy
0x1409c44bc wcslen
0x1409c44c4 wcsncmp
0x1409c44cc wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x1409c428c CloseHandle
0x1409c4294 CreateSemaphoreW
0x1409c429c DeleteCriticalSection
0x1409c42a4 EnterCriticalSection
0x1409c42ac GetCurrentThreadId
0x1409c42b4 GetLastError
0x1409c42bc GetStartupInfoA
0x1409c42c4 InitializeCriticalSection
0x1409c42cc IsDBCSLeadByteEx
0x1409c42d4 LeaveCriticalSection
0x1409c42dc MultiByteToWideChar
0x1409c42e4 RaiseException
0x1409c42ec ReleaseSemaphore
0x1409c42f4 RtlCaptureContext
0x1409c42fc RtlLookupFunctionEntry
0x1409c4304 RtlUnwindEx
0x1409c430c RtlVirtualUnwind
0x1409c4314 SetLastError
0x1409c431c SetUnhandledExceptionFilter
0x1409c4324 Sleep
0x1409c432c TlsAlloc
0x1409c4334 TlsFree
0x1409c433c TlsGetValue
0x1409c4344 TlsSetValue
0x1409c434c VirtualProtect
0x1409c4354 VirtualQuery
0x1409c435c WaitForSingleObject
0x1409c4364 WideCharToMultiByte
msvcrt.dll
0x1409c4374 __C_specific_handler
0x1409c437c ___lc_codepage_func
0x1409c4384 ___mb_cur_max_func
0x1409c438c __getmainargs
0x1409c4394 __initenv
0x1409c439c __iob_func
0x1409c43a4 __set_app_type
0x1409c43ac __setusermatherr
0x1409c43b4 _acmdln
0x1409c43bc _amsg_exit
0x1409c43c4 _cexit
0x1409c43cc _commode
0x1409c43d4 _errno
0x1409c43dc _fmode
0x1409c43e4 _initterm
0x1409c43ec _onexit
0x1409c43f4 _wcsicmp
0x1409c43fc _wcsnicmp
0x1409c4404 abort
0x1409c440c calloc
0x1409c4414 exit
0x1409c441c fprintf
0x1409c4424 fputc
0x1409c442c fputs
0x1409c4434 fputwc
0x1409c443c free
0x1409c4444 fwprintf
0x1409c444c fwrite
0x1409c4454 localeconv
0x1409c445c malloc
0x1409c4464 memcpy
0x1409c446c memset
0x1409c4474 realloc
0x1409c447c signal
0x1409c4484 strcmp
0x1409c448c strerror
0x1409c4494 strlen
0x1409c449c strncmp
0x1409c44a4 vfprintf
0x1409c44ac wcscat
0x1409c44b4 wcscpy
0x1409c44bc wcslen
0x1409c44c4 wcsncmp
0x1409c44cc wcsstr
EAT(Export Address Table) is none