ScreenShot
| Created | 2025.03.28 09:52 | Machine | s1_win7_x6403 |
| Filename | 863f2c19-1ce7-4e66-994b-a280b3548268 | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 51 detected (Common, CoinMiner, Malicious, score, Ghanarava, GenericKD, Unsafe, a variant of WinGo, aqdk, FallenMiner, CLASSIC, onlpz, AMADEY, YXFCLZ, Generic Reputation PUA, Static AI, Suspicious PE, Detected, Malware@#1myt1d98bg7nf, Wacatac, ABMiner, APWR, Artemis, Oqil, susgen, Miner) | ||
| md5 | c6067cd3b970c7f932f73f4084df78e8 | ||
| sha256 | 76ed4d9fc0972558a1bbc35ae4ff12561715c2bb2f286ae3c359a9671d0911e8 | ||
| ssdeep | 98304:TjnWIRW/ZdjLMEbsVBdaagU8PRIHh4DuRNrjsIrE5i3Fesc:G4W/Zh5HGBEoyME5iA | ||
| imphash | d42595b695fc008ef2c56aabd8efd68e | ||
| impfuzzy | 24:ibVjh9wOuuTkkboVaXOr6kwmDgUPMztxdEr6Ul:AwOuUjXOmokx0nl | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x94d3e0 WriteFile
0x94d3e8 WriteConsoleW
0x94d3f0 WerSetFlags
0x94d3f8 WerGetFlags
0x94d400 WaitForMultipleObjects
0x94d408 WaitForSingleObject
0x94d410 VirtualQuery
0x94d418 VirtualFree
0x94d420 VirtualAlloc
0x94d428 TlsAlloc
0x94d430 SwitchToThread
0x94d438 SuspendThread
0x94d440 SetWaitableTimer
0x94d448 SetProcessPriorityBoost
0x94d450 SetEvent
0x94d458 SetErrorMode
0x94d460 SetConsoleCtrlHandler
0x94d468 RtlVirtualUnwind
0x94d470 RtlLookupFunctionEntry
0x94d478 ResumeThread
0x94d480 RaiseFailFastException
0x94d488 PostQueuedCompletionStatus
0x94d490 LoadLibraryW
0x94d498 LoadLibraryExW
0x94d4a0 SetThreadContext
0x94d4a8 GetThreadContext
0x94d4b0 GetSystemInfo
0x94d4b8 GetSystemDirectoryA
0x94d4c0 GetStdHandle
0x94d4c8 GetQueuedCompletionStatusEx
0x94d4d0 GetProcessAffinityMask
0x94d4d8 GetProcAddress
0x94d4e0 GetErrorMode
0x94d4e8 GetEnvironmentStringsW
0x94d4f0 GetCurrentThreadId
0x94d4f8 GetConsoleMode
0x94d500 FreeEnvironmentStringsW
0x94d508 ExitProcess
0x94d510 DuplicateHandle
0x94d518 CreateWaitableTimerExW
0x94d520 CreateThread
0x94d528 CreateIoCompletionPort
0x94d530 CreateEventA
0x94d538 CloseHandle
0x94d540 AddVectoredExceptionHandler
0x94d548 AddVectoredContinueHandler
EAT(Export Address Table) is none
kernel32.dll
0x94d3e0 WriteFile
0x94d3e8 WriteConsoleW
0x94d3f0 WerSetFlags
0x94d3f8 WerGetFlags
0x94d400 WaitForMultipleObjects
0x94d408 WaitForSingleObject
0x94d410 VirtualQuery
0x94d418 VirtualFree
0x94d420 VirtualAlloc
0x94d428 TlsAlloc
0x94d430 SwitchToThread
0x94d438 SuspendThread
0x94d440 SetWaitableTimer
0x94d448 SetProcessPriorityBoost
0x94d450 SetEvent
0x94d458 SetErrorMode
0x94d460 SetConsoleCtrlHandler
0x94d468 RtlVirtualUnwind
0x94d470 RtlLookupFunctionEntry
0x94d478 ResumeThread
0x94d480 RaiseFailFastException
0x94d488 PostQueuedCompletionStatus
0x94d490 LoadLibraryW
0x94d498 LoadLibraryExW
0x94d4a0 SetThreadContext
0x94d4a8 GetThreadContext
0x94d4b0 GetSystemInfo
0x94d4b8 GetSystemDirectoryA
0x94d4c0 GetStdHandle
0x94d4c8 GetQueuedCompletionStatusEx
0x94d4d0 GetProcessAffinityMask
0x94d4d8 GetProcAddress
0x94d4e0 GetErrorMode
0x94d4e8 GetEnvironmentStringsW
0x94d4f0 GetCurrentThreadId
0x94d4f8 GetConsoleMode
0x94d500 FreeEnvironmentStringsW
0x94d508 ExitProcess
0x94d510 DuplicateHandle
0x94d518 CreateWaitableTimerExW
0x94d520 CreateThread
0x94d528 CreateIoCompletionPort
0x94d530 CreateEventA
0x94d538 CloseHandle
0x94d540 AddVectoredExceptionHandler
0x94d548 AddVectoredContinueHandler
EAT(Export Address Table) is none