ScreenShot
| Created | 2024.10.30 09:31 | Machine | s1_win7_x6401 |
| Filename | m.dat | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 53 detected (AIDetectMalware, Starter, Malicious, score, Dump, Dacic, BitCoinMiner, Unsafe, GenericKD, confidence, 100%, many, high confidence, a variant of Generik, MVPLCEB, Miner, Coinminer, kaajnb, HackTool, XMRMiner, CLASSIC, aemwb, Siggen29, MALXMR, SMBBS, Static AI, Malicious SFX, Detected, GrayWare, DisguisedXMRigMiner, ABRisk, IIZZ, Artemis, WinGo, Shellcoderunner, Bzlw, RFJWQSbKDgk) | ||
| md5 | f6814a59c53218b84eb943ef07fcb74c | ||
| sha256 | c7eaff9d735d8eef42c73be4c093f7b31cf7d0df18c98d135eb915c13409d077 | ||
| ssdeep | 98304:fyzs10ZzmBarm735MyHkWKA7kFCQi7MahHr5Gt40JY8:fyQfBamD5QM7Mms4ah | ||
| imphash | e2a1496c94d52a035fe47259ee6587b7 | ||
| impfuzzy | 48:J9jOX8LKc1XFjsX1Pfc++6WQYgebtSXCBinUb:JdJLKc1XFgX1Pfc++VVnbtSXCBink | ||
Network IP location
Signature (22cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| watch | Created a process named as a common system process |
| watch | Created a service where a service was also not started |
| watch | Deletes executed files from disk |
| watch | Drops a binary and executes it |
| watch | Installs itself for autorun at Windows startup |
| watch | One or more non-whitelisted processes were created |
| watch | Operates on local firewall's policies and settings |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Foreign language identified in PE resource |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (24cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | XMRig_Miner_IN | XMRig Miner | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE64 | (no description) | binaries (download) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140037000 GetLastError
0x140037008 SetLastError
0x140037010 FormatMessageW
0x140037018 GetCurrentProcess
0x140037020 DeviceIoControl
0x140037028 SetFileTime
0x140037030 CloseHandle
0x140037038 CreateDirectoryW
0x140037040 RemoveDirectoryW
0x140037048 CreateFileW
0x140037050 DeleteFileW
0x140037058 CreateHardLinkW
0x140037060 GetShortPathNameW
0x140037068 GetLongPathNameW
0x140037070 MoveFileW
0x140037078 GetFileType
0x140037080 GetStdHandle
0x140037088 WriteFile
0x140037090 ReadFile
0x140037098 FlushFileBuffers
0x1400370a0 SetEndOfFile
0x1400370a8 SetFilePointer
0x1400370b0 SetFileAttributesW
0x1400370b8 GetFileAttributesW
0x1400370c0 FindClose
0x1400370c8 FindFirstFileW
0x1400370d0 FindNextFileW
0x1400370d8 GetVersionExW
0x1400370e0 GetCurrentDirectoryW
0x1400370e8 GetFullPathNameW
0x1400370f0 FoldStringW
0x1400370f8 GetModuleFileNameW
0x140037100 GetModuleHandleW
0x140037108 FindResourceW
0x140037110 FreeLibrary
0x140037118 GetProcAddress
0x140037120 GetCurrentProcessId
0x140037128 ExitProcess
0x140037130 SetThreadExecutionState
0x140037138 Sleep
0x140037140 LoadLibraryW
0x140037148 GetSystemDirectoryW
0x140037150 CompareStringW
0x140037158 AllocConsole
0x140037160 FreeConsole
0x140037168 AttachConsole
0x140037170 WriteConsoleW
0x140037178 GetProcessAffinityMask
0x140037180 CreateThread
0x140037188 SetThreadPriority
0x140037190 InitializeCriticalSection
0x140037198 EnterCriticalSection
0x1400371a0 LeaveCriticalSection
0x1400371a8 DeleteCriticalSection
0x1400371b0 SetEvent
0x1400371b8 ResetEvent
0x1400371c0 ReleaseSemaphore
0x1400371c8 WaitForSingleObject
0x1400371d0 CreateEventW
0x1400371d8 CreateSemaphoreW
0x1400371e0 GetSystemTime
0x1400371e8 SystemTimeToTzSpecificLocalTime
0x1400371f0 TzSpecificLocalTimeToSystemTime
0x1400371f8 SystemTimeToFileTime
0x140037200 FileTimeToLocalFileTime
0x140037208 LocalFileTimeToFileTime
0x140037210 FileTimeToSystemTime
0x140037218 GetCPInfo
0x140037220 IsDBCSLeadByte
0x140037228 MultiByteToWideChar
0x140037230 WideCharToMultiByte
0x140037238 GlobalAlloc
0x140037240 LockResource
0x140037248 GlobalLock
0x140037250 GlobalUnlock
0x140037258 GlobalFree
0x140037260 LoadResource
0x140037268 SizeofResource
0x140037270 SetCurrentDirectoryW
0x140037278 GetExitCodeProcess
0x140037280 GetLocalTime
0x140037288 GetTickCount
0x140037290 MapViewOfFile
0x140037298 UnmapViewOfFile
0x1400372a0 CreateFileMappingW
0x1400372a8 OpenFileMappingW
0x1400372b0 GetCommandLineW
0x1400372b8 SetEnvironmentVariableW
0x1400372c0 ExpandEnvironmentStringsW
0x1400372c8 GetTempPathW
0x1400372d0 MoveFileExW
0x1400372d8 GetLocaleInfoW
0x1400372e0 GetTimeFormatW
0x1400372e8 GetDateFormatW
0x1400372f0 GetNumberFormatW
0x1400372f8 SetFilePointerEx
0x140037300 GetConsoleMode
0x140037308 GetConsoleCP
0x140037310 HeapSize
0x140037318 SetStdHandle
0x140037320 GetProcessHeap
0x140037328 FreeEnvironmentStringsW
0x140037330 RaiseException
0x140037338 GetSystemInfo
0x140037340 VirtualProtect
0x140037348 VirtualQuery
0x140037350 LoadLibraryExA
0x140037358 RtlCaptureContext
0x140037360 RtlLookupFunctionEntry
0x140037368 RtlVirtualUnwind
0x140037370 IsDebuggerPresent
0x140037378 UnhandledExceptionFilter
0x140037380 SetUnhandledExceptionFilter
0x140037388 GetStartupInfoW
0x140037390 IsProcessorFeaturePresent
0x140037398 QueryPerformanceCounter
0x1400373a0 GetCurrentThreadId
0x1400373a8 GetSystemTimeAsFileTime
0x1400373b0 InitializeSListHead
0x1400373b8 RtlUnwindEx
0x1400373c0 RtlPcToFileHeader
0x1400373c8 EncodePointer
0x1400373d0 InitializeCriticalSectionAndSpinCount
0x1400373d8 TlsAlloc
0x1400373e0 TlsGetValue
0x1400373e8 TlsSetValue
0x1400373f0 TlsFree
0x1400373f8 LoadLibraryExW
0x140037400 QueryPerformanceFrequency
0x140037408 TerminateProcess
0x140037410 GetModuleHandleExW
0x140037418 GetModuleFileNameA
0x140037420 GetACP
0x140037428 HeapFree
0x140037430 HeapAlloc
0x140037438 HeapReAlloc
0x140037440 GetStringTypeW
0x140037448 LCMapStringW
0x140037450 FindFirstFileExA
0x140037458 FindNextFileA
0x140037460 IsValidCodePage
0x140037468 GetOEMCP
0x140037470 GetCommandLineA
0x140037478 GetEnvironmentStringsW
gdiplus.dll
0x140037488 GdiplusShutdown
0x140037490 GdiplusStartup
0x140037498 GdipCreateHBITMAPFromBitmap
0x1400374a0 GdipCreateBitmapFromStream
0x1400374a8 GdipDisposeImage
0x1400374b0 GdipCloneImage
0x1400374b8 GdipFree
0x1400374c0 GdipAlloc
EAT(Export Address Table) Library
KERNEL32.dll
0x140037000 GetLastError
0x140037008 SetLastError
0x140037010 FormatMessageW
0x140037018 GetCurrentProcess
0x140037020 DeviceIoControl
0x140037028 SetFileTime
0x140037030 CloseHandle
0x140037038 CreateDirectoryW
0x140037040 RemoveDirectoryW
0x140037048 CreateFileW
0x140037050 DeleteFileW
0x140037058 CreateHardLinkW
0x140037060 GetShortPathNameW
0x140037068 GetLongPathNameW
0x140037070 MoveFileW
0x140037078 GetFileType
0x140037080 GetStdHandle
0x140037088 WriteFile
0x140037090 ReadFile
0x140037098 FlushFileBuffers
0x1400370a0 SetEndOfFile
0x1400370a8 SetFilePointer
0x1400370b0 SetFileAttributesW
0x1400370b8 GetFileAttributesW
0x1400370c0 FindClose
0x1400370c8 FindFirstFileW
0x1400370d0 FindNextFileW
0x1400370d8 GetVersionExW
0x1400370e0 GetCurrentDirectoryW
0x1400370e8 GetFullPathNameW
0x1400370f0 FoldStringW
0x1400370f8 GetModuleFileNameW
0x140037100 GetModuleHandleW
0x140037108 FindResourceW
0x140037110 FreeLibrary
0x140037118 GetProcAddress
0x140037120 GetCurrentProcessId
0x140037128 ExitProcess
0x140037130 SetThreadExecutionState
0x140037138 Sleep
0x140037140 LoadLibraryW
0x140037148 GetSystemDirectoryW
0x140037150 CompareStringW
0x140037158 AllocConsole
0x140037160 FreeConsole
0x140037168 AttachConsole
0x140037170 WriteConsoleW
0x140037178 GetProcessAffinityMask
0x140037180 CreateThread
0x140037188 SetThreadPriority
0x140037190 InitializeCriticalSection
0x140037198 EnterCriticalSection
0x1400371a0 LeaveCriticalSection
0x1400371a8 DeleteCriticalSection
0x1400371b0 SetEvent
0x1400371b8 ResetEvent
0x1400371c0 ReleaseSemaphore
0x1400371c8 WaitForSingleObject
0x1400371d0 CreateEventW
0x1400371d8 CreateSemaphoreW
0x1400371e0 GetSystemTime
0x1400371e8 SystemTimeToTzSpecificLocalTime
0x1400371f0 TzSpecificLocalTimeToSystemTime
0x1400371f8 SystemTimeToFileTime
0x140037200 FileTimeToLocalFileTime
0x140037208 LocalFileTimeToFileTime
0x140037210 FileTimeToSystemTime
0x140037218 GetCPInfo
0x140037220 IsDBCSLeadByte
0x140037228 MultiByteToWideChar
0x140037230 WideCharToMultiByte
0x140037238 GlobalAlloc
0x140037240 LockResource
0x140037248 GlobalLock
0x140037250 GlobalUnlock
0x140037258 GlobalFree
0x140037260 LoadResource
0x140037268 SizeofResource
0x140037270 SetCurrentDirectoryW
0x140037278 GetExitCodeProcess
0x140037280 GetLocalTime
0x140037288 GetTickCount
0x140037290 MapViewOfFile
0x140037298 UnmapViewOfFile
0x1400372a0 CreateFileMappingW
0x1400372a8 OpenFileMappingW
0x1400372b0 GetCommandLineW
0x1400372b8 SetEnvironmentVariableW
0x1400372c0 ExpandEnvironmentStringsW
0x1400372c8 GetTempPathW
0x1400372d0 MoveFileExW
0x1400372d8 GetLocaleInfoW
0x1400372e0 GetTimeFormatW
0x1400372e8 GetDateFormatW
0x1400372f0 GetNumberFormatW
0x1400372f8 SetFilePointerEx
0x140037300 GetConsoleMode
0x140037308 GetConsoleCP
0x140037310 HeapSize
0x140037318 SetStdHandle
0x140037320 GetProcessHeap
0x140037328 FreeEnvironmentStringsW
0x140037330 RaiseException
0x140037338 GetSystemInfo
0x140037340 VirtualProtect
0x140037348 VirtualQuery
0x140037350 LoadLibraryExA
0x140037358 RtlCaptureContext
0x140037360 RtlLookupFunctionEntry
0x140037368 RtlVirtualUnwind
0x140037370 IsDebuggerPresent
0x140037378 UnhandledExceptionFilter
0x140037380 SetUnhandledExceptionFilter
0x140037388 GetStartupInfoW
0x140037390 IsProcessorFeaturePresent
0x140037398 QueryPerformanceCounter
0x1400373a0 GetCurrentThreadId
0x1400373a8 GetSystemTimeAsFileTime
0x1400373b0 InitializeSListHead
0x1400373b8 RtlUnwindEx
0x1400373c0 RtlPcToFileHeader
0x1400373c8 EncodePointer
0x1400373d0 InitializeCriticalSectionAndSpinCount
0x1400373d8 TlsAlloc
0x1400373e0 TlsGetValue
0x1400373e8 TlsSetValue
0x1400373f0 TlsFree
0x1400373f8 LoadLibraryExW
0x140037400 QueryPerformanceFrequency
0x140037408 TerminateProcess
0x140037410 GetModuleHandleExW
0x140037418 GetModuleFileNameA
0x140037420 GetACP
0x140037428 HeapFree
0x140037430 HeapAlloc
0x140037438 HeapReAlloc
0x140037440 GetStringTypeW
0x140037448 LCMapStringW
0x140037450 FindFirstFileExA
0x140037458 FindNextFileA
0x140037460 IsValidCodePage
0x140037468 GetOEMCP
0x140037470 GetCommandLineA
0x140037478 GetEnvironmentStringsW
gdiplus.dll
0x140037488 GdiplusShutdown
0x140037490 GdiplusStartup
0x140037498 GdipCreateHBITMAPFromBitmap
0x1400374a0 GdipCreateBitmapFromStream
0x1400374a8 GdipDisposeImage
0x1400374b0 GdipCloneImage
0x1400374b8 GdipFree
0x1400374c0 GdipAlloc
EAT(Export Address Table) Library