ScreenShot
| Created | 2025.01.12 15:14 | Machine | s1_win7_x6403 |
| Filename | gem2.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 56 detected (AIDetectMalware, Reflo, Malicious, score, CoinMiner, S31892093, Kryptik, Unsafe, Mint, Zard, V55t, confidence, Windows, Threat, Zusy, BankBot, kuspky, puXfYWFTsfG, AGEN, Krypt, Static AI, Suspicious PE, Detected, GenKryptik, Malware@#2aikcmy8k7e64, Eldorado, FWEM, OScope, Miner, GdSda, susgen, GQCB) | ||
| md5 | 990a3f3b1273510f210fb9b541da219f | ||
| sha256 | 35a8d03f86ae6f92424d6424fe0805d338eccedff177b400182102685299022c | ||
| ssdeep | 49152:lYul8CapE2jLY0vFhbkQbIptv1xZ4ayOIYDIGC3FYKjPgz+WWrS2sWioLyVQGMNx:lYLCGYYbkQbytvVeOIerC1zPgSWW/pio | ||
| imphash | de41d4e0545d977de6ca665131bb479a | ||
| impfuzzy | 12:FMHHGf5XGXKiEG6eGJyJk6lTpJq/iZJAgRJRJJoARZqRVPXJHqc:FMGf5XGf6ZgJkoDq6ZJ9fjBcV9 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x14000cb10 __C_specific_handler
0x14000cb18 __getmainargs
0x14000cb20 __initenv
0x14000cb28 __iob_func
0x14000cb30 __set_app_type
0x14000cb38 __setusermatherr
0x14000cb40 _amsg_exit
0x14000cb48 _cexit
0x14000cb50 _commode
0x14000cb58 _fmode
0x14000cb60 _initterm
0x14000cb68 _onexit
0x14000cb70 _wcsicmp
0x14000cb78 _wcsnicmp
0x14000cb80 abort
0x14000cb88 calloc
0x14000cb90 exit
0x14000cb98 fprintf
0x14000cba0 free
0x14000cba8 fwrite
0x14000cbb0 malloc
0x14000cbb8 memcpy
0x14000cbc0 memset
0x14000cbc8 signal
0x14000cbd0 strlen
0x14000cbd8 strncmp
0x14000cbe0 vfprintf
0x14000cbe8 wcscat
0x14000cbf0 wcscpy
0x14000cbf8 wcslen
0x14000cc00 wcsncmp
KERNEL32.dll
0x14000cc10 DeleteCriticalSection
0x14000cc18 EnterCriticalSection
0x14000cc20 GetLastError
0x14000cc28 InitializeCriticalSection
0x14000cc30 LeaveCriticalSection
0x14000cc38 SetUnhandledExceptionFilter
0x14000cc40 Sleep
0x14000cc48 TlsGetValue
0x14000cc50 VirtualProtect
0x14000cc58 VirtualQuery
EAT(Export Address Table) is none
msvcrt.dll
0x14000cb10 __C_specific_handler
0x14000cb18 __getmainargs
0x14000cb20 __initenv
0x14000cb28 __iob_func
0x14000cb30 __set_app_type
0x14000cb38 __setusermatherr
0x14000cb40 _amsg_exit
0x14000cb48 _cexit
0x14000cb50 _commode
0x14000cb58 _fmode
0x14000cb60 _initterm
0x14000cb68 _onexit
0x14000cb70 _wcsicmp
0x14000cb78 _wcsnicmp
0x14000cb80 abort
0x14000cb88 calloc
0x14000cb90 exit
0x14000cb98 fprintf
0x14000cba0 free
0x14000cba8 fwrite
0x14000cbb0 malloc
0x14000cbb8 memcpy
0x14000cbc0 memset
0x14000cbc8 signal
0x14000cbd0 strlen
0x14000cbd8 strncmp
0x14000cbe0 vfprintf
0x14000cbe8 wcscat
0x14000cbf0 wcscpy
0x14000cbf8 wcslen
0x14000cc00 wcsncmp
KERNEL32.dll
0x14000cc10 DeleteCriticalSection
0x14000cc18 EnterCriticalSection
0x14000cc20 GetLastError
0x14000cc28 InitializeCriticalSection
0x14000cc30 LeaveCriticalSection
0x14000cc38 SetUnhandledExceptionFilter
0x14000cc40 Sleep
0x14000cc48 TlsGetValue
0x14000cc50 VirtualProtect
0x14000cc58 VirtualQuery
EAT(Export Address Table) is none