ScreenShot
| Created | 2025.03.13 09:53 | Machine | s1_win7_x6401 |
| Filename | Service.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (Malicious, score, Unsafe, GenericKD, Save, confidence, 100%, Coinminer, high confidence, MalwareX, AGEN, Static AI, Suspicious PE, Detected, GrayWare, Cayunamer, C8ILZ9, ABTrojan, KYZC, Artemis, Chgt, PE04C9V, PossibleThreat, A9nj) | ||
| md5 | c6063e70d5165d1186696d84a18576b2 | ||
| sha256 | 31bbfded45a9815b54db6f95ea71498dc8c18eede71a3a6810bdf5b37ab5f56b | ||
| ssdeep | 3072:bjTaw17mBiuYusL/ZWNLgAlkVQFFpeC/e6PTFsNpN8LCAlSFtkSmjJ53u8mWPowV:Sifus7QniVQFFAC/PFSAGf3mNJ/ | ||
| imphash | 130fc8026b4bf89fff6e2a7baf60ffea | ||
| impfuzzy | 24:dDn40NjFu9QHZJOajTcpVWclKAWjeDY02thTBg3JBl39WuPLOovbOxv4GM+9RFZj:46cpV5zWjdthTBgPpn63RdFZa9MYZud | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Looks up the external IP address |
| notice | Performs some HTTP requests |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET POLICY External IP Lookup api.ipify.org
ET POLICY External IP Lookup api.ipify.org
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14002f000 GetLastError
0x14002f008 CloseHandle
0x14002f010 GetConsoleWindow
0x14002f018 CreateProcessA
0x14002f020 Sleep
0x14002f028 GetComputerNameA
0x14002f030 GetExitCodeProcess
0x14002f038 SetEndOfFile
0x14002f040 WriteConsoleW
0x14002f048 HeapSize
0x14002f050 CreateDirectoryA
0x14002f058 WaitForSingleObject
0x14002f060 CreateFileW
0x14002f068 GetProcessHeap
0x14002f070 SetStdHandle
0x14002f078 SetEnvironmentVariableW
0x14002f080 FreeEnvironmentStringsW
0x14002f088 GetEnvironmentStringsW
0x14002f090 GetOEMCP
0x14002f098 GetACP
0x14002f0a0 IsValidCodePage
0x14002f0a8 FindNextFileW
0x14002f0b0 FindFirstFileExW
0x14002f0b8 FindClose
0x14002f0c0 HeapReAlloc
0x14002f0c8 ReadConsoleW
0x14002f0d0 ReadFile
0x14002f0d8 EnumSystemLocalesW
0x14002f0e0 WideCharToMultiByte
0x14002f0e8 GetCurrentThreadId
0x14002f0f0 WaitForSingleObjectEx
0x14002f0f8 GetExitCodeThread
0x14002f100 EnterCriticalSection
0x14002f108 LeaveCriticalSection
0x14002f110 InitializeCriticalSectionEx
0x14002f118 DeleteCriticalSection
0x14002f120 EncodePointer
0x14002f128 DecodePointer
0x14002f130 MultiByteToWideChar
0x14002f138 LCMapStringEx
0x14002f140 ReleaseSRWLockExclusive
0x14002f148 AcquireSRWLockExclusive
0x14002f150 TryAcquireSRWLockExclusive
0x14002f158 WakeAllConditionVariable
0x14002f160 QueryPerformanceCounter
0x14002f168 GetSystemTimeAsFileTime
0x14002f170 GetModuleHandleW
0x14002f178 GetProcAddress
0x14002f180 GetStringTypeW
0x14002f188 GetCPInfo
0x14002f190 RtlCaptureContext
0x14002f198 RtlLookupFunctionEntry
0x14002f1a0 RtlVirtualUnwind
0x14002f1a8 UnhandledExceptionFilter
0x14002f1b0 SetUnhandledExceptionFilter
0x14002f1b8 GetCurrentProcess
0x14002f1c0 TerminateProcess
0x14002f1c8 IsProcessorFeaturePresent
0x14002f1d0 GetCurrentProcessId
0x14002f1d8 InitializeSListHead
0x14002f1e0 IsDebuggerPresent
0x14002f1e8 GetStartupInfoW
0x14002f1f0 RtlUnwindEx
0x14002f1f8 RtlPcToFileHeader
0x14002f200 RaiseException
0x14002f208 SetLastError
0x14002f210 InitializeCriticalSectionAndSpinCount
0x14002f218 TlsAlloc
0x14002f220 TlsGetValue
0x14002f228 TlsSetValue
0x14002f230 TlsFree
0x14002f238 FreeLibrary
0x14002f240 LoadLibraryExW
0x14002f248 CreateThread
0x14002f250 ExitThread
0x14002f258 FreeLibraryAndExitThread
0x14002f260 GetModuleHandleExW
0x14002f268 GetStdHandle
0x14002f270 WriteFile
0x14002f278 GetModuleFileNameW
0x14002f280 ExitProcess
0x14002f288 GetCommandLineA
0x14002f290 GetCommandLineW
0x14002f298 GetFileSizeEx
0x14002f2a0 SetFilePointerEx
0x14002f2a8 GetFileType
0x14002f2b0 HeapAlloc
0x14002f2b8 FlushFileBuffers
0x14002f2c0 GetConsoleOutputCP
0x14002f2c8 GetConsoleMode
0x14002f2d0 HeapFree
0x14002f2d8 FlsAlloc
0x14002f2e0 FlsGetValue
0x14002f2e8 FlsSetValue
0x14002f2f0 FlsFree
0x14002f2f8 CompareStringW
0x14002f300 LCMapStringW
0x14002f308 GetLocaleInfoW
0x14002f310 IsValidLocale
0x14002f318 GetUserDefaultLCID
0x14002f320 RtlUnwind
USER32.dll
0x14002f348 ShowWindow
SHELL32.dll
0x14002f330 SHGetFolderPathA
0x14002f338 ShellExecuteA
WS2_32.dll
0x14002f380 connect
0x14002f388 recv
0x14002f390 htons
0x14002f398 WSAGetLastError
0x14002f3a0 send
0x14002f3a8 WSAStartup
0x14002f3b0 inet_pton
0x14002f3b8 closesocket
0x14002f3c0 WSACleanup
0x14002f3c8 socket
WININET.dll
0x14002f358 InternetOpenUrlA
0x14002f360 InternetOpenA
0x14002f368 InternetCloseHandle
0x14002f370 InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x14002f000 GetLastError
0x14002f008 CloseHandle
0x14002f010 GetConsoleWindow
0x14002f018 CreateProcessA
0x14002f020 Sleep
0x14002f028 GetComputerNameA
0x14002f030 GetExitCodeProcess
0x14002f038 SetEndOfFile
0x14002f040 WriteConsoleW
0x14002f048 HeapSize
0x14002f050 CreateDirectoryA
0x14002f058 WaitForSingleObject
0x14002f060 CreateFileW
0x14002f068 GetProcessHeap
0x14002f070 SetStdHandle
0x14002f078 SetEnvironmentVariableW
0x14002f080 FreeEnvironmentStringsW
0x14002f088 GetEnvironmentStringsW
0x14002f090 GetOEMCP
0x14002f098 GetACP
0x14002f0a0 IsValidCodePage
0x14002f0a8 FindNextFileW
0x14002f0b0 FindFirstFileExW
0x14002f0b8 FindClose
0x14002f0c0 HeapReAlloc
0x14002f0c8 ReadConsoleW
0x14002f0d0 ReadFile
0x14002f0d8 EnumSystemLocalesW
0x14002f0e0 WideCharToMultiByte
0x14002f0e8 GetCurrentThreadId
0x14002f0f0 WaitForSingleObjectEx
0x14002f0f8 GetExitCodeThread
0x14002f100 EnterCriticalSection
0x14002f108 LeaveCriticalSection
0x14002f110 InitializeCriticalSectionEx
0x14002f118 DeleteCriticalSection
0x14002f120 EncodePointer
0x14002f128 DecodePointer
0x14002f130 MultiByteToWideChar
0x14002f138 LCMapStringEx
0x14002f140 ReleaseSRWLockExclusive
0x14002f148 AcquireSRWLockExclusive
0x14002f150 TryAcquireSRWLockExclusive
0x14002f158 WakeAllConditionVariable
0x14002f160 QueryPerformanceCounter
0x14002f168 GetSystemTimeAsFileTime
0x14002f170 GetModuleHandleW
0x14002f178 GetProcAddress
0x14002f180 GetStringTypeW
0x14002f188 GetCPInfo
0x14002f190 RtlCaptureContext
0x14002f198 RtlLookupFunctionEntry
0x14002f1a0 RtlVirtualUnwind
0x14002f1a8 UnhandledExceptionFilter
0x14002f1b0 SetUnhandledExceptionFilter
0x14002f1b8 GetCurrentProcess
0x14002f1c0 TerminateProcess
0x14002f1c8 IsProcessorFeaturePresent
0x14002f1d0 GetCurrentProcessId
0x14002f1d8 InitializeSListHead
0x14002f1e0 IsDebuggerPresent
0x14002f1e8 GetStartupInfoW
0x14002f1f0 RtlUnwindEx
0x14002f1f8 RtlPcToFileHeader
0x14002f200 RaiseException
0x14002f208 SetLastError
0x14002f210 InitializeCriticalSectionAndSpinCount
0x14002f218 TlsAlloc
0x14002f220 TlsGetValue
0x14002f228 TlsSetValue
0x14002f230 TlsFree
0x14002f238 FreeLibrary
0x14002f240 LoadLibraryExW
0x14002f248 CreateThread
0x14002f250 ExitThread
0x14002f258 FreeLibraryAndExitThread
0x14002f260 GetModuleHandleExW
0x14002f268 GetStdHandle
0x14002f270 WriteFile
0x14002f278 GetModuleFileNameW
0x14002f280 ExitProcess
0x14002f288 GetCommandLineA
0x14002f290 GetCommandLineW
0x14002f298 GetFileSizeEx
0x14002f2a0 SetFilePointerEx
0x14002f2a8 GetFileType
0x14002f2b0 HeapAlloc
0x14002f2b8 FlushFileBuffers
0x14002f2c0 GetConsoleOutputCP
0x14002f2c8 GetConsoleMode
0x14002f2d0 HeapFree
0x14002f2d8 FlsAlloc
0x14002f2e0 FlsGetValue
0x14002f2e8 FlsSetValue
0x14002f2f0 FlsFree
0x14002f2f8 CompareStringW
0x14002f300 LCMapStringW
0x14002f308 GetLocaleInfoW
0x14002f310 IsValidLocale
0x14002f318 GetUserDefaultLCID
0x14002f320 RtlUnwind
USER32.dll
0x14002f348 ShowWindow
SHELL32.dll
0x14002f330 SHGetFolderPathA
0x14002f338 ShellExecuteA
WS2_32.dll
0x14002f380 connect
0x14002f388 recv
0x14002f390 htons
0x14002f398 WSAGetLastError
0x14002f3a0 send
0x14002f3a8 WSAStartup
0x14002f3b0 inet_pton
0x14002f3b8 closesocket
0x14002f3c0 WSACleanup
0x14002f3c8 socket
WININET.dll
0x14002f358 InternetOpenUrlA
0x14002f360 InternetOpenA
0x14002f368 InternetCloseHandle
0x14002f370 InternetReadFile
EAT(Export Address Table) is none