ScreenShot
| Created | 2024.10.20 11:19 | Machine | s1_win7_x6401 |
| Filename | rkduajedzcrd.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 59 detected (AIDetectMalware, Reflo, Windows, Threat, Malicious, score, CoinMiner, S32378657, Unsafe, Mint, Zard, Save, Kryptik, FWHP, Genkryptik, kqizrx, qANomcoTHvR, AGEN, Siggen29, R002C0DGU24, Krypt, Detected, ai score=85, Eldorado, DropperX, R622355, OScope, Miner, GdSda, GQCB, confidence) | ||
| md5 | 0838e4e90814a48e6122f4b0a2b2fc5f | ||
| sha256 | 4f63cd101e4bdaacffd9169610b7bb9430de6bf87b9016125a3d76368f3e1fa7 | ||
| ssdeep | 98304:zxrSpzFH7gGBN9CsoC18nY97TGAQ0U06pDcROsKoE5jVMo9xRCJiWug/T:zUpZwsqyVQBQKoENtxREM | ||
| imphash | 203d63d5d9a088e2d84cef737227986b | ||
| impfuzzy | 12:FMHHGf5XGXKiEG6eGJyJk6lTpJq/iZJfMRJRJJoARZqRVPXJHqc:FMGf5XGf6ZgJkoDq6ZJfQfjBcV9 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x14000ac48 __C_specific_handler
0x14000ac50 __getmainargs
0x14000ac58 __initenv
0x14000ac60 __iob_func
0x14000ac68 __set_app_type
0x14000ac70 __setusermatherr
0x14000ac78 _amsg_exit
0x14000ac80 _cexit
0x14000ac88 _commode
0x14000ac90 _fmode
0x14000ac98 _initterm
0x14000aca0 _onexit
0x14000aca8 _wcsicmp
0x14000acb0 _wcsnicmp
0x14000acb8 abort
0x14000acc0 calloc
0x14000acc8 exit
0x14000acd0 fprintf
0x14000acd8 free
0x14000ace0 fwrite
0x14000ace8 malloc
0x14000acf0 memcpy
0x14000acf8 memset
0x14000ad00 signal
0x14000ad08 strlen
0x14000ad10 strncmp
0x14000ad18 vfprintf
0x14000ad20 wcscat
0x14000ad28 wcscpy
0x14000ad30 wcslen
0x14000ad38 wcsncmp
0x14000ad40 wcsstr
KERNEL32.dll
0x14000ad50 DeleteCriticalSection
0x14000ad58 EnterCriticalSection
0x14000ad60 GetLastError
0x14000ad68 InitializeCriticalSection
0x14000ad70 LeaveCriticalSection
0x14000ad78 SetUnhandledExceptionFilter
0x14000ad80 Sleep
0x14000ad88 TlsGetValue
0x14000ad90 VirtualProtect
0x14000ad98 VirtualQuery
EAT(Export Address Table) is none
msvcrt.dll
0x14000ac48 __C_specific_handler
0x14000ac50 __getmainargs
0x14000ac58 __initenv
0x14000ac60 __iob_func
0x14000ac68 __set_app_type
0x14000ac70 __setusermatherr
0x14000ac78 _amsg_exit
0x14000ac80 _cexit
0x14000ac88 _commode
0x14000ac90 _fmode
0x14000ac98 _initterm
0x14000aca0 _onexit
0x14000aca8 _wcsicmp
0x14000acb0 _wcsnicmp
0x14000acb8 abort
0x14000acc0 calloc
0x14000acc8 exit
0x14000acd0 fprintf
0x14000acd8 free
0x14000ace0 fwrite
0x14000ace8 malloc
0x14000acf0 memcpy
0x14000acf8 memset
0x14000ad00 signal
0x14000ad08 strlen
0x14000ad10 strncmp
0x14000ad18 vfprintf
0x14000ad20 wcscat
0x14000ad28 wcscpy
0x14000ad30 wcslen
0x14000ad38 wcsncmp
0x14000ad40 wcsstr
KERNEL32.dll
0x14000ad50 DeleteCriticalSection
0x14000ad58 EnterCriticalSection
0x14000ad60 GetLastError
0x14000ad68 InitializeCriticalSection
0x14000ad70 LeaveCriticalSection
0x14000ad78 SetUnhandledExceptionFilter
0x14000ad80 Sleep
0x14000ad88 TlsGetValue
0x14000ad90 VirtualProtect
0x14000ad98 VirtualQuery
EAT(Export Address Table) is none