Report - chrone.exe

Themida Generic Malware PE File PE64
ScreenShot
Created 2024.11.11 09:42 Machine s1_win7_x6403
Filename chrone.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
3
Behavior Score
1.8
ZERO API
VT API (file) 36 detected (Themida, Malicious, score, Expiro, Unsafe, confidence, GenericKD, Attribute, HighConfidence, high confidence, MalwareX, xbudmp, AMADEY, YXEKIZ, high, Detected, Nekark, cmnrn, XMRig, Wacatac, 8PCFIE, AGEN, Chgt, PossibleThreat)
md5 ce3a6f4d1ebe823841187d30e9f143ab
sha256 98d0e67d779ed43bcac753a9af22326e0024390d703c7c4e6601917ce6ff96bc
ssdeep 196608:hzdwgzwexbsur9a32K7/jiJuxhdPjk2+g0C:vwKFxImc97/jKuxPbk2nl
imphash 2eabe9054cad5152567f0699947a2c5b
impfuzzy 3:sBv:A
  Network IP location

Signature (4cnts)

Level Description
danger File has been identified by 36 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (4cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
warning themida_packer themida packer binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x14050d045 lstrcpy

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure