ScreenShot
| Created | 2024.10.14 10:48 | Machine | s1_win7_x6401 |
| Filename | 2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 57 detected (AIDetectMalware, Lumma, Malicious, score, CoinMiner, GenericKD, Unsafe, Vkid, confidence, 100%, Genus, high confidence, multiple detections, DropperX, Bladabindi, Miner, lrnj, TrojanBanker, Kryptik, kschut, CLOUD, bvoen, DownLoad4, LUMMASTEALER, YXEH2Z, Static AI, Suspicious SFX, Detected, ClipBanker, XMRig, Eldorado, Artemis, TrojanPSW, Genetic, QQPass, QQRob, Xfow, gNQyxtA2zTA, PossibleThreat, CWZB3DGW) | ||
| md5 | 53427254779ab9b1dfeab6058bc234c9 | ||
| sha256 | fa54bd6b020260195fb20c0fab6c34dc86f4fd5e32e412a9a35f27f69fd958b6 | ||
| ssdeep | 98304:OskhRCkLDQAgzZEuopBKuA8u7xyZZ3kUPtd7nMfv1pN0Eg0PJAwDyhwhW3miIHXS:23fQAMeuonKuArcz3nPcfviEgkUioBci | ||
| imphash | 75e9596d74d063246ba6f3ac7c5369a0 | ||
| impfuzzy | 48:J9jOXRgLy1XFjsX1Pfc++6W3CYpZGtWXCuniLFH:JdcgLy1XFgX1Pfc++V/7GtWXCuniLFH | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET POLICY Cryptocurrency Miner Checkin
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x436000 GetLastError
0x436004 SetLastError
0x436008 FormatMessageW
0x43600c GetCurrentProcess
0x436010 DeviceIoControl
0x436014 SetFileTime
0x436018 CloseHandle
0x43601c CreateDirectoryW
0x436020 RemoveDirectoryW
0x436024 CreateFileW
0x436028 DeleteFileW
0x43602c CreateHardLinkW
0x436030 GetShortPathNameW
0x436034 GetLongPathNameW
0x436038 MoveFileW
0x43603c GetFileType
0x436040 GetStdHandle
0x436044 WriteFile
0x436048 ReadFile
0x43604c FlushFileBuffers
0x436050 SetEndOfFile
0x436054 SetFilePointer
0x436058 GetCurrentProcessId
0x43605c SetFileAttributesW
0x436060 GetFileAttributesW
0x436064 FindClose
0x436068 FindFirstFileW
0x43606c FindNextFileW
0x436070 InterlockedDecrement
0x436074 GetVersionExW
0x436078 GetCurrentDirectoryW
0x43607c GetFullPathNameW
0x436080 FoldStringW
0x436084 GetModuleFileNameW
0x436088 GetModuleHandleW
0x43608c FindResourceW
0x436090 FreeLibrary
0x436094 GetProcAddress
0x436098 ExitProcess
0x43609c SetThreadExecutionState
0x4360a0 Sleep
0x4360a4 LoadLibraryW
0x4360a8 GetSystemDirectoryW
0x4360ac CompareStringW
0x4360b0 AllocConsole
0x4360b4 FreeConsole
0x4360b8 AttachConsole
0x4360bc WriteConsoleW
0x4360c0 GetProcessAffinityMask
0x4360c4 CreateThread
0x4360c8 SetThreadPriority
0x4360cc InitializeCriticalSection
0x4360d0 EnterCriticalSection
0x4360d4 LeaveCriticalSection
0x4360d8 DeleteCriticalSection
0x4360dc SetEvent
0x4360e0 ResetEvent
0x4360e4 ReleaseSemaphore
0x4360e8 WaitForSingleObject
0x4360ec CreateEventW
0x4360f0 CreateSemaphoreW
0x4360f4 GetSystemTime
0x4360f8 SystemTimeToTzSpecificLocalTime
0x4360fc TzSpecificLocalTimeToSystemTime
0x436100 SystemTimeToFileTime
0x436104 FileTimeToLocalFileTime
0x436108 LocalFileTimeToFileTime
0x43610c FileTimeToSystemTime
0x436110 GetCPInfo
0x436114 IsDBCSLeadByte
0x436118 MultiByteToWideChar
0x43611c WideCharToMultiByte
0x436120 GlobalAlloc
0x436124 LockResource
0x436128 GlobalLock
0x43612c GlobalUnlock
0x436130 GlobalFree
0x436134 LoadResource
0x436138 SizeofResource
0x43613c SetCurrentDirectoryW
0x436140 GetTimeFormatW
0x436144 GetDateFormatW
0x436148 LocalFree
0x43614c GetExitCodeProcess
0x436150 GetLocalTime
0x436154 GetTickCount
0x436158 MapViewOfFile
0x43615c UnmapViewOfFile
0x436160 CreateFileMappingW
0x436164 OpenFileMappingW
0x436168 GetCommandLineW
0x43616c SetEnvironmentVariableW
0x436170 ExpandEnvironmentStringsW
0x436174 GetTempPathW
0x436178 MoveFileExW
0x43617c GetLocaleInfoW
0x436180 GetNumberFormatW
0x436184 DecodePointer
0x436188 SetFilePointerEx
0x43618c GetConsoleMode
0x436190 GetConsoleCP
0x436194 HeapSize
0x436198 SetStdHandle
0x43619c GetProcessHeap
0x4361a0 FreeEnvironmentStringsW
0x4361a4 GetEnvironmentStringsW
0x4361a8 GetCommandLineA
0x4361ac GetOEMCP
0x4361b0 RaiseException
0x4361b4 GetSystemInfo
0x4361b8 VirtualProtect
0x4361bc VirtualQuery
0x4361c0 LoadLibraryExA
0x4361c4 UnhandledExceptionFilter
0x4361c8 SetUnhandledExceptionFilter
0x4361cc TerminateProcess
0x4361d0 IsProcessorFeaturePresent
0x4361d4 IsDebuggerPresent
0x4361d8 GetStartupInfoW
0x4361dc QueryPerformanceCounter
0x4361e0 GetCurrentThreadId
0x4361e4 GetSystemTimeAsFileTime
0x4361e8 InitializeSListHead
0x4361ec RtlUnwind
0x4361f0 EncodePointer
0x4361f4 InitializeCriticalSectionAndSpinCount
0x4361f8 TlsAlloc
0x4361fc TlsGetValue
0x436200 TlsSetValue
0x436204 TlsFree
0x436208 LoadLibraryExW
0x43620c QueryPerformanceFrequency
0x436210 GetModuleHandleExW
0x436214 GetModuleFileNameA
0x436218 GetACP
0x43621c HeapFree
0x436220 HeapReAlloc
0x436224 HeapAlloc
0x436228 GetStringTypeW
0x43622c LCMapStringW
0x436230 FindFirstFileExA
0x436234 FindNextFileA
0x436238 IsValidCodePage
OLEAUT32.dll
0x436240 SysAllocString
0x436244 SysFreeString
0x436248 VariantClear
gdiplus.dll
0x436250 GdipAlloc
0x436254 GdipDisposeImage
0x436258 GdipCloneImage
0x43625c GdipCreateBitmapFromStream
0x436260 GdipCreateBitmapFromStreamICM
0x436264 GdipCreateHBITMAPFromBitmap
0x436268 GdiplusStartup
0x43626c GdiplusShutdown
0x436270 GdipFree
EAT(Export Address Table) Library
KERNEL32.dll
0x436000 GetLastError
0x436004 SetLastError
0x436008 FormatMessageW
0x43600c GetCurrentProcess
0x436010 DeviceIoControl
0x436014 SetFileTime
0x436018 CloseHandle
0x43601c CreateDirectoryW
0x436020 RemoveDirectoryW
0x436024 CreateFileW
0x436028 DeleteFileW
0x43602c CreateHardLinkW
0x436030 GetShortPathNameW
0x436034 GetLongPathNameW
0x436038 MoveFileW
0x43603c GetFileType
0x436040 GetStdHandle
0x436044 WriteFile
0x436048 ReadFile
0x43604c FlushFileBuffers
0x436050 SetEndOfFile
0x436054 SetFilePointer
0x436058 GetCurrentProcessId
0x43605c SetFileAttributesW
0x436060 GetFileAttributesW
0x436064 FindClose
0x436068 FindFirstFileW
0x43606c FindNextFileW
0x436070 InterlockedDecrement
0x436074 GetVersionExW
0x436078 GetCurrentDirectoryW
0x43607c GetFullPathNameW
0x436080 FoldStringW
0x436084 GetModuleFileNameW
0x436088 GetModuleHandleW
0x43608c FindResourceW
0x436090 FreeLibrary
0x436094 GetProcAddress
0x436098 ExitProcess
0x43609c SetThreadExecutionState
0x4360a0 Sleep
0x4360a4 LoadLibraryW
0x4360a8 GetSystemDirectoryW
0x4360ac CompareStringW
0x4360b0 AllocConsole
0x4360b4 FreeConsole
0x4360b8 AttachConsole
0x4360bc WriteConsoleW
0x4360c0 GetProcessAffinityMask
0x4360c4 CreateThread
0x4360c8 SetThreadPriority
0x4360cc InitializeCriticalSection
0x4360d0 EnterCriticalSection
0x4360d4 LeaveCriticalSection
0x4360d8 DeleteCriticalSection
0x4360dc SetEvent
0x4360e0 ResetEvent
0x4360e4 ReleaseSemaphore
0x4360e8 WaitForSingleObject
0x4360ec CreateEventW
0x4360f0 CreateSemaphoreW
0x4360f4 GetSystemTime
0x4360f8 SystemTimeToTzSpecificLocalTime
0x4360fc TzSpecificLocalTimeToSystemTime
0x436100 SystemTimeToFileTime
0x436104 FileTimeToLocalFileTime
0x436108 LocalFileTimeToFileTime
0x43610c FileTimeToSystemTime
0x436110 GetCPInfo
0x436114 IsDBCSLeadByte
0x436118 MultiByteToWideChar
0x43611c WideCharToMultiByte
0x436120 GlobalAlloc
0x436124 LockResource
0x436128 GlobalLock
0x43612c GlobalUnlock
0x436130 GlobalFree
0x436134 LoadResource
0x436138 SizeofResource
0x43613c SetCurrentDirectoryW
0x436140 GetTimeFormatW
0x436144 GetDateFormatW
0x436148 LocalFree
0x43614c GetExitCodeProcess
0x436150 GetLocalTime
0x436154 GetTickCount
0x436158 MapViewOfFile
0x43615c UnmapViewOfFile
0x436160 CreateFileMappingW
0x436164 OpenFileMappingW
0x436168 GetCommandLineW
0x43616c SetEnvironmentVariableW
0x436170 ExpandEnvironmentStringsW
0x436174 GetTempPathW
0x436178 MoveFileExW
0x43617c GetLocaleInfoW
0x436180 GetNumberFormatW
0x436184 DecodePointer
0x436188 SetFilePointerEx
0x43618c GetConsoleMode
0x436190 GetConsoleCP
0x436194 HeapSize
0x436198 SetStdHandle
0x43619c GetProcessHeap
0x4361a0 FreeEnvironmentStringsW
0x4361a4 GetEnvironmentStringsW
0x4361a8 GetCommandLineA
0x4361ac GetOEMCP
0x4361b0 RaiseException
0x4361b4 GetSystemInfo
0x4361b8 VirtualProtect
0x4361bc VirtualQuery
0x4361c0 LoadLibraryExA
0x4361c4 UnhandledExceptionFilter
0x4361c8 SetUnhandledExceptionFilter
0x4361cc TerminateProcess
0x4361d0 IsProcessorFeaturePresent
0x4361d4 IsDebuggerPresent
0x4361d8 GetStartupInfoW
0x4361dc QueryPerformanceCounter
0x4361e0 GetCurrentThreadId
0x4361e4 GetSystemTimeAsFileTime
0x4361e8 InitializeSListHead
0x4361ec RtlUnwind
0x4361f0 EncodePointer
0x4361f4 InitializeCriticalSectionAndSpinCount
0x4361f8 TlsAlloc
0x4361fc TlsGetValue
0x436200 TlsSetValue
0x436204 TlsFree
0x436208 LoadLibraryExW
0x43620c QueryPerformanceFrequency
0x436210 GetModuleHandleExW
0x436214 GetModuleFileNameA
0x436218 GetACP
0x43621c HeapFree
0x436220 HeapReAlloc
0x436224 HeapAlloc
0x436228 GetStringTypeW
0x43622c LCMapStringW
0x436230 FindFirstFileExA
0x436234 FindNextFileA
0x436238 IsValidCodePage
OLEAUT32.dll
0x436240 SysAllocString
0x436244 SysFreeString
0x436248 VariantClear
gdiplus.dll
0x436250 GdipAlloc
0x436254 GdipDisposeImage
0x436258 GdipCloneImage
0x43625c GdipCreateBitmapFromStream
0x436260 GdipCreateBitmapFromStreamICM
0x436264 GdipCreateHBITMAPFromBitmap
0x436268 GdiplusStartup
0x43626c GdiplusShutdown
0x436270 GdipFree
EAT(Export Address Table) Library