ScreenShot
| Created | 2024.10.21 14:05 | Machine | s1_win7_x6403 |
| Filename | xmrig.exe | ||
| Type | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (XMRig, Suspicioustrojan, GenericKD, Unsafe, CoinMiner, Vzdk, grayware, confidence, malicious, moderate confidence, CoinminerX, RiskTool, BitCoinMiner, Miners, BtcMine, ksmeao, HackTool, d6adNePEXuT, Tool, IB24, Real Protect, moderate, score, miner, XMRig Miner, avcl, Detected, ApplicUnwnt@#2xdbnb4nsbj8a, Eldorado, R665781, Artemis, Gencirc, c8hWjG0qv4M, susgen) | ||
| md5 | 43f595460b2fca77561c63e8a80178dd | ||
| sha256 | 7dc50338d476cd0dfdfcf48dc7dbff682d6d04458c6ce2808f35779606576532 | ||
| ssdeep | 49152:Ttx3zeCE99IyWGKUpZTGttu7FfdKRiIsA37SWje3b9VJMsdnee6GrhpIfI9umCzY:TrM9BpYttuBdK4FA3mWMbfN73r0fCulc | ||
| imphash | 17fb7e76da9d0e277bd22cf9f3d5242c | ||
| impfuzzy | 6:oI8wKXS/0ZZRXvYBJAEoZ/OEGDzyRXJ8bzudbB5w2AxyTO6l:oSt0vxwABZG/DzIb5w2A+O6l | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | One or more processes crashed |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x140c42ddc FreeSid
CRYPT32.dll
0x140c42dec CertOpenStore
dbghelp.dll
0x140c42dfc SymGetOptions
IPHLPAPI.DLL
0x140c42e0c GetAdaptersAddresses
KERNEL32.DLL
0x140c42e1c LoadLibraryA
0x140c42e24 ExitProcess
0x140c42e2c GetProcAddress
0x140c42e34 VirtualProtect
msvcrt.dll
0x140c42e44 atof
ole32.dll
0x140c42e54 CoTaskMemFree
SHELL32.dll
0x140c42e64 SHGetKnownFolderPath
USER32.dll
0x140c42e74 ShowWindow
USERENV.dll
0x140c42e84 GetUserProfileDirectoryW
WS2_32.dll
0x140c42e94 ind
EAT(Export Address Table) is none
ADVAPI32.dll
0x140c42ddc FreeSid
CRYPT32.dll
0x140c42dec CertOpenStore
dbghelp.dll
0x140c42dfc SymGetOptions
IPHLPAPI.DLL
0x140c42e0c GetAdaptersAddresses
KERNEL32.DLL
0x140c42e1c LoadLibraryA
0x140c42e24 ExitProcess
0x140c42e2c GetProcAddress
0x140c42e34 VirtualProtect
msvcrt.dll
0x140c42e44 atof
ole32.dll
0x140c42e54 CoTaskMemFree
SHELL32.dll
0x140c42e64 SHGetKnownFolderPath
USER32.dll
0x140c42e74 ShowWindow
USERENV.dll
0x140c42e84 GetUserProfileDirectoryW
WS2_32.dll
0x140c42e94 ind
EAT(Export Address Table) is none