ScreenShot
| Created | 2025.02.05 11:25 | Machine | s1_win7_x6403 |
| Filename | DevMI.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetectMalware, Reflo, Malicious, score, Ghanarava, Artemis, Unsafe, Whisperer, confidence, 100%, GenusB, DGFE, high confidence, CrypterX, Tedy, Xmrig, Kryptik, tSjl4DNY5BP, AGEN, Siggen3, R011C0DJ424, Static AI, Malicious PE, Detected, GenKryptik, Malware@#17w52gkpjwpu4, Eldorado, R570072, Chgt, X8wxGA, susgen, GIIA) | ||
| md5 | 5f2f1ae240812065799e8c05d3a01aa7 | ||
| sha256 | adad69d9a6bf24c7739cc25cf4def1b96d05accc349ed86e9200d404c039ad03 | ||
| ssdeep | 98304:nFgc9lwquOMw7CRBgZXLzpYyAVIAPs0yFPJ+m0gfEOIdVZZMxy9/qbnbWYwhgI2Z:n2O6qLMwQKZXLzcqAPs08PJ+m0kEOIzi | ||
| imphash | d3be2dc19ba54f7225d7679c3f791cf7 | ||
| impfuzzy | 24:1fPJx+kTdF0tWJd1jIlMblRf5XG6qXZgJkomvlA/GbtcqcJvZJF:1fPL+kT6kSslJJG6qJgk1vm/GbuqcJLF | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1405c729c CloseHandle
0x1405c72a4 CreateSemaphoreW
0x1405c72ac DeleteCriticalSection
0x1405c72b4 EnterCriticalSection
0x1405c72bc GetCurrentThreadId
0x1405c72c4 GetLastError
0x1405c72cc GetStartupInfoA
0x1405c72d4 InitializeCriticalSection
0x1405c72dc IsDBCSLeadByteEx
0x1405c72e4 LeaveCriticalSection
0x1405c72ec MultiByteToWideChar
0x1405c72f4 RaiseException
0x1405c72fc ReleaseSemaphore
0x1405c7304 RtlCaptureContext
0x1405c730c RtlLookupFunctionEntry
0x1405c7314 RtlUnwindEx
0x1405c731c RtlVirtualUnwind
0x1405c7324 SetLastError
0x1405c732c SetUnhandledExceptionFilter
0x1405c7334 Sleep
0x1405c733c TlsAlloc
0x1405c7344 TlsFree
0x1405c734c TlsGetValue
0x1405c7354 TlsSetValue
0x1405c735c VirtualProtect
0x1405c7364 VirtualQuery
0x1405c736c WaitForSingleObject
0x1405c7374 WideCharToMultiByte
msvcrt.dll
0x1405c7384 __C_specific_handler
0x1405c738c ___lc_codepage_func
0x1405c7394 ___mb_cur_max_func
0x1405c739c __getmainargs
0x1405c73a4 __initenv
0x1405c73ac __iob_func
0x1405c73b4 __set_app_type
0x1405c73bc __setusermatherr
0x1405c73c4 _acmdln
0x1405c73cc _amsg_exit
0x1405c73d4 _cexit
0x1405c73dc _commode
0x1405c73e4 _errno
0x1405c73ec _fmode
0x1405c73f4 _initterm
0x1405c73fc _onexit
0x1405c7404 _wcsicmp
0x1405c740c _wcsnicmp
0x1405c7414 abort
0x1405c741c calloc
0x1405c7424 exit
0x1405c742c fprintf
0x1405c7434 fputc
0x1405c743c fputs
0x1405c7444 fputwc
0x1405c744c free
0x1405c7454 fwprintf
0x1405c745c fwrite
0x1405c7464 localeconv
0x1405c746c malloc
0x1405c7474 memcpy
0x1405c747c memset
0x1405c7484 realloc
0x1405c748c signal
0x1405c7494 strcat
0x1405c749c strcmp
0x1405c74a4 strerror
0x1405c74ac strlen
0x1405c74b4 strncmp
0x1405c74bc strstr
0x1405c74c4 vfprintf
0x1405c74cc wcscat
0x1405c74d4 wcscpy
0x1405c74dc wcslen
0x1405c74e4 wcsncmp
0x1405c74ec wcsstr
EAT(Export Address Table) is none
KERNEL32.dll
0x1405c729c CloseHandle
0x1405c72a4 CreateSemaphoreW
0x1405c72ac DeleteCriticalSection
0x1405c72b4 EnterCriticalSection
0x1405c72bc GetCurrentThreadId
0x1405c72c4 GetLastError
0x1405c72cc GetStartupInfoA
0x1405c72d4 InitializeCriticalSection
0x1405c72dc IsDBCSLeadByteEx
0x1405c72e4 LeaveCriticalSection
0x1405c72ec MultiByteToWideChar
0x1405c72f4 RaiseException
0x1405c72fc ReleaseSemaphore
0x1405c7304 RtlCaptureContext
0x1405c730c RtlLookupFunctionEntry
0x1405c7314 RtlUnwindEx
0x1405c731c RtlVirtualUnwind
0x1405c7324 SetLastError
0x1405c732c SetUnhandledExceptionFilter
0x1405c7334 Sleep
0x1405c733c TlsAlloc
0x1405c7344 TlsFree
0x1405c734c TlsGetValue
0x1405c7354 TlsSetValue
0x1405c735c VirtualProtect
0x1405c7364 VirtualQuery
0x1405c736c WaitForSingleObject
0x1405c7374 WideCharToMultiByte
msvcrt.dll
0x1405c7384 __C_specific_handler
0x1405c738c ___lc_codepage_func
0x1405c7394 ___mb_cur_max_func
0x1405c739c __getmainargs
0x1405c73a4 __initenv
0x1405c73ac __iob_func
0x1405c73b4 __set_app_type
0x1405c73bc __setusermatherr
0x1405c73c4 _acmdln
0x1405c73cc _amsg_exit
0x1405c73d4 _cexit
0x1405c73dc _commode
0x1405c73e4 _errno
0x1405c73ec _fmode
0x1405c73f4 _initterm
0x1405c73fc _onexit
0x1405c7404 _wcsicmp
0x1405c740c _wcsnicmp
0x1405c7414 abort
0x1405c741c calloc
0x1405c7424 exit
0x1405c742c fprintf
0x1405c7434 fputc
0x1405c743c fputs
0x1405c7444 fputwc
0x1405c744c free
0x1405c7454 fwprintf
0x1405c745c fwrite
0x1405c7464 localeconv
0x1405c746c malloc
0x1405c7474 memcpy
0x1405c747c memset
0x1405c7484 realloc
0x1405c748c signal
0x1405c7494 strcat
0x1405c749c strcmp
0x1405c74a4 strerror
0x1405c74ac strlen
0x1405c74b4 strncmp
0x1405c74bc strstr
0x1405c74c4 vfprintf
0x1405c74cc wcscat
0x1405c74d4 wcscpy
0x1405c74dc wcslen
0x1405c74e4 wcsncmp
0x1405c74ec wcsstr
EAT(Export Address Table) is none