ScreenShot
| Created | 2024.10.14 10:45 | Machine | s1_win7_x6401 |
| Filename | CoinBaseUpdate.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 55 detected (AIDetectMalware, Lumma, Unsafe, Lazy, Vp1f, Genus, malicious, high confidence, a variant of WinGo, MalwareX, TrojanPSW, CLASSIC, fvurn, LUMMASTEALER, YXEIEZ, moderate, score, Static AI, Suspicious PE, Detected, Malware@#nrzbzweszuqs, Acll, Artemis, Wingo, Chgt, QQPass, QQRob, Wmhl, susgen) | ||
| md5 | 93e5096b71b800b873d28fe2c9e825f0 | ||
| sha256 | 4209036f5f98e658e2f62066c77968ccc0937064ca9a7869408c265bbee43b99 | ||
| ssdeep | 49152:we4HNyF1BaIOkqT0qnwGkAa1BLj9O1Q5rseiwVUtiuITu0wMCZUdT7ijZ3M6r0v3:D4HNzkqY3Gk0dDtiuIrdT7IcC0v4+cJ | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xc66be0 WriteFile
0xc66be4 WriteConsoleW
0xc66be8 WerSetFlags
0xc66bec WerGetFlags
0xc66bf0 WaitForMultipleObjects
0xc66bf4 WaitForSingleObject
0xc66bf8 VirtualQuery
0xc66bfc VirtualFree
0xc66c00 VirtualAlloc
0xc66c04 TlsAlloc
0xc66c08 SwitchToThread
0xc66c0c SuspendThread
0xc66c10 SetWaitableTimer
0xc66c14 SetUnhandledExceptionFilter
0xc66c18 SetProcessPriorityBoost
0xc66c1c SetEvent
0xc66c20 SetErrorMode
0xc66c24 SetConsoleCtrlHandler
0xc66c28 ResumeThread
0xc66c2c RaiseFailFastException
0xc66c30 PostQueuedCompletionStatus
0xc66c34 LoadLibraryW
0xc66c38 LoadLibraryExW
0xc66c3c SetThreadContext
0xc66c40 GetThreadContext
0xc66c44 GetSystemInfo
0xc66c48 GetSystemDirectoryA
0xc66c4c GetStdHandle
0xc66c50 GetQueuedCompletionStatusEx
0xc66c54 GetProcessAffinityMask
0xc66c58 GetProcAddress
0xc66c5c GetErrorMode
0xc66c60 GetEnvironmentStringsW
0xc66c64 GetCurrentThreadId
0xc66c68 GetConsoleMode
0xc66c6c FreeEnvironmentStringsW
0xc66c70 ExitProcess
0xc66c74 DuplicateHandle
0xc66c78 CreateWaitableTimerExW
0xc66c7c CreateThread
0xc66c80 CreateIoCompletionPort
0xc66c84 CreateEventA
0xc66c88 CloseHandle
0xc66c8c AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0xc66be0 WriteFile
0xc66be4 WriteConsoleW
0xc66be8 WerSetFlags
0xc66bec WerGetFlags
0xc66bf0 WaitForMultipleObjects
0xc66bf4 WaitForSingleObject
0xc66bf8 VirtualQuery
0xc66bfc VirtualFree
0xc66c00 VirtualAlloc
0xc66c04 TlsAlloc
0xc66c08 SwitchToThread
0xc66c0c SuspendThread
0xc66c10 SetWaitableTimer
0xc66c14 SetUnhandledExceptionFilter
0xc66c18 SetProcessPriorityBoost
0xc66c1c SetEvent
0xc66c20 SetErrorMode
0xc66c24 SetConsoleCtrlHandler
0xc66c28 ResumeThread
0xc66c2c RaiseFailFastException
0xc66c30 PostQueuedCompletionStatus
0xc66c34 LoadLibraryW
0xc66c38 LoadLibraryExW
0xc66c3c SetThreadContext
0xc66c40 GetThreadContext
0xc66c44 GetSystemInfo
0xc66c48 GetSystemDirectoryA
0xc66c4c GetStdHandle
0xc66c50 GetQueuedCompletionStatusEx
0xc66c54 GetProcessAffinityMask
0xc66c58 GetProcAddress
0xc66c5c GetErrorMode
0xc66c60 GetEnvironmentStringsW
0xc66c64 GetCurrentThreadId
0xc66c68 GetConsoleMode
0xc66c6c FreeEnvironmentStringsW
0xc66c70 ExitProcess
0xc66c74 DuplicateHandle
0xc66c78 CreateWaitableTimerExW
0xc66c7c CreateThread
0xc66c80 CreateIoCompletionPort
0xc66c84 CreateEventA
0xc66c88 CloseHandle
0xc66c8c AddVectoredExceptionHandler
EAT(Export Address Table) is none