ScreenShot
| Created | 2024.11.07 13:56 | Machine | s1_win7_x6401 |
| Filename | nxmr.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 58 detected (AIDetectMalware, XMRig, Malicious, score, Coinminer, Unsafe, Whisperer, Save, confidence, 100%, high confidence, Kryptik, Miner, lsat, DisguisedXMRigMiner, YhzrPCllRHI, AGEN, Siggen29, R002C0DIS24, Detected, CCAN, Eldorado, R570044, Artemis, MalwareVision, Chgt, Gencirc, susgen, GenKryptik, GIIA, CWZB3DGW) | ||
| md5 | 13b26b2c7048a92d6a843c1302618fad | ||
| sha256 | 1753ad35ece25ab9a19048c70062e9170f495e313d7355ebbba59c38f5d90256 | ||
| ssdeep | 98304:ZMknXV8IFUX81qQ6lLYhJ/N0TB4HBDxWcLKamiwPZhsSZLZ1wpxGN:ZBnXV86UiqrlLY/8AW6YZPZf6HGN | ||
| imphash | f7505c167603909b7180406402fef19e | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/Gbtcqc6ZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcoF | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14059228c CloseHandle
0x140592294 CreateSemaphoreW
0x14059229c DeleteCriticalSection
0x1405922a4 EnterCriticalSection
0x1405922ac GetCurrentThreadId
0x1405922b4 GetLastError
0x1405922bc GetStartupInfoA
0x1405922c4 InitializeCriticalSection
0x1405922cc IsDBCSLeadByteEx
0x1405922d4 LeaveCriticalSection
0x1405922dc MultiByteToWideChar
0x1405922e4 RaiseException
0x1405922ec ReleaseSemaphore
0x1405922f4 RtlCaptureContext
0x1405922fc RtlLookupFunctionEntry
0x140592304 RtlUnwindEx
0x14059230c RtlVirtualUnwind
0x140592314 SetLastError
0x14059231c SetUnhandledExceptionFilter
0x140592324 Sleep
0x14059232c TlsAlloc
0x140592334 TlsFree
0x14059233c TlsGetValue
0x140592344 TlsSetValue
0x14059234c VirtualProtect
0x140592354 VirtualQuery
0x14059235c WaitForSingleObject
0x140592364 WideCharToMultiByte
msvcrt.dll
0x140592374 __C_specific_handler
0x14059237c ___lc_codepage_func
0x140592384 ___mb_cur_max_func
0x14059238c __getmainargs
0x140592394 __initenv
0x14059239c __iob_func
0x1405923a4 __set_app_type
0x1405923ac __setusermatherr
0x1405923b4 _acmdln
0x1405923bc _amsg_exit
0x1405923c4 _cexit
0x1405923cc _commode
0x1405923d4 _errno
0x1405923dc _fmode
0x1405923e4 _initterm
0x1405923ec _onexit
0x1405923f4 _wcsicmp
0x1405923fc _wcsnicmp
0x140592404 abort
0x14059240c calloc
0x140592414 exit
0x14059241c fprintf
0x140592424 fputc
0x14059242c fputs
0x140592434 fputwc
0x14059243c free
0x140592444 fwprintf
0x14059244c fwrite
0x140592454 localeconv
0x14059245c malloc
0x140592464 memcpy
0x14059246c memset
0x140592474 realloc
0x14059247c signal
0x140592484 strcmp
0x14059248c strerror
0x140592494 strlen
0x14059249c strncmp
0x1405924a4 vfprintf
0x1405924ac wcscat
0x1405924b4 wcscpy
0x1405924bc wcslen
0x1405924c4 wcsncmp
0x1405924cc wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x14059228c CloseHandle
0x140592294 CreateSemaphoreW
0x14059229c DeleteCriticalSection
0x1405922a4 EnterCriticalSection
0x1405922ac GetCurrentThreadId
0x1405922b4 GetLastError
0x1405922bc GetStartupInfoA
0x1405922c4 InitializeCriticalSection
0x1405922cc IsDBCSLeadByteEx
0x1405922d4 LeaveCriticalSection
0x1405922dc MultiByteToWideChar
0x1405922e4 RaiseException
0x1405922ec ReleaseSemaphore
0x1405922f4 RtlCaptureContext
0x1405922fc RtlLookupFunctionEntry
0x140592304 RtlUnwindEx
0x14059230c RtlVirtualUnwind
0x140592314 SetLastError
0x14059231c SetUnhandledExceptionFilter
0x140592324 Sleep
0x14059232c TlsAlloc
0x140592334 TlsFree
0x14059233c TlsGetValue
0x140592344 TlsSetValue
0x14059234c VirtualProtect
0x140592354 VirtualQuery
0x14059235c WaitForSingleObject
0x140592364 WideCharToMultiByte
msvcrt.dll
0x140592374 __C_specific_handler
0x14059237c ___lc_codepage_func
0x140592384 ___mb_cur_max_func
0x14059238c __getmainargs
0x140592394 __initenv
0x14059239c __iob_func
0x1405923a4 __set_app_type
0x1405923ac __setusermatherr
0x1405923b4 _acmdln
0x1405923bc _amsg_exit
0x1405923c4 _cexit
0x1405923cc _commode
0x1405923d4 _errno
0x1405923dc _fmode
0x1405923e4 _initterm
0x1405923ec _onexit
0x1405923f4 _wcsicmp
0x1405923fc _wcsnicmp
0x140592404 abort
0x14059240c calloc
0x140592414 exit
0x14059241c fprintf
0x140592424 fputc
0x14059242c fputs
0x140592434 fputwc
0x14059243c free
0x140592444 fwprintf
0x14059244c fwrite
0x140592454 localeconv
0x14059245c malloc
0x140592464 memcpy
0x14059246c memset
0x140592474 realloc
0x14059247c signal
0x140592484 strcmp
0x14059248c strerror
0x140592494 strlen
0x14059249c strncmp
0x1405924a4 vfprintf
0x1405924ac wcscat
0x1405924b4 wcscpy
0x1405924bc wcslen
0x1405924c4 wcsncmp
0x1405924cc wcsstr
EAT(Export Address Table) is none