popup

Report - 5nsrv2.dll

CoinMiner Malicious Packer UPX PE File PE64 DLL OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2025.04.21 13:33 Machine s1_win7_x6401
Filename 5nsrv2.dll
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
AI Score
4
 Behavior Score
1.8
ZERO API file : mailcious
VT API (file) 49 detected (Common, GameHack, Malicious, score, Ghanarava, GenericKDZ, Unsafe, confidence, high confidence, AGen, MalwareX, Misc, Lazy, pD0pfqlkBMQ, tbzke, GameHackAGen, moderate, Detected, GrayWare, Puwaders, Etset, ABTrojan, LQKC, Artemis, HackTool, GdSda, R002H09DB25, Gencirc, Zusy, susgen)
md5 87f0e1a7fd21b8b2620be3919c67fc9c
sha256 30b27817caaeed88683c6d4bc3d21404038e8ac8e7ee2dc3db06d66de02e030a
ssdeep 49152:4qaFan6cVbjUoKGD2nQdZh1PvzPLnCLJPIvJPI:VaFG9OoKS4JPgJP
imphash c239b2d5c2847731a0406c8b4c1a7011
impfuzzy 192:7XetW/f/DGFurSMAynkoKlWhaQlSRB+fyhyy9:7XWzFuOMAmkalSRB+fyhV9
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 49 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info This executable has a PDB path

Rules (7cnts)

Level Name Description Collection
danger CoinMiner_IN CoinMiner binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsDLL (no description) binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

d3d11.dll
 0x180110bb0 D3D11CreateDeviceAndSwapChain
D3DCOMPILER_43.dll
 0x180110000 D3DCompile
KERNEL32.dll
 0x180110038 FreeLibrary
 0x180110040 QueryPerformanceCounter
 0x180110048 Process32First
 0x180110050 WriteProcessMemory
 0x180110058 GetCurrentProcess
 0x180110060 VirtualAlloc
 0x180110068 TerminateProcess
 0x180110070 Thread32Next
 0x180110078 InitializeCriticalSectionEx
 0x180110080 Thread32First
 0x180110088 GetVolumeInformationA
 0x180110090 FreeLibraryAndExitThread
 0x180110098 SuspendThread
 0x1801100a0 ResumeThread
 0x1801100a8 OpenProcess
 0x1801100b0 CreateToolhelp32Snapshot
 0x1801100b8 Sleep
 0x1801100c0 GetLastError
 0x1801100c8 DisableThreadLibraryCalls
 0x1801100d0 TerminateThread
 0x1801100d8 Process32Next
 0x1801100e0 CloseHandle
 0x1801100e8 GetSystemInfo
 0x1801100f0 CreateThread
 0x1801100f8 GetThreadContext
 0x180110100 DeleteCriticalSection
 0x180110108 ReadProcessMemory
 0x180110110 WinExec
 0x180110118 CreateDirectoryA
 0x180110120 OpenThread
 0x180110128 GetProcAddress
 0x180110130 VirtualQueryEx
 0x180110138 VirtualFree
 0x180110140 VirtualQuery
 0x180110148 HeapCreate
 0x180110150 VirtualProtect
 0x180110158 HeapFree
 0x180110160 GetCurrentThreadId
 0x180110168 HeapReAlloc
 0x180110170 HeapAlloc
 0x180110178 HeapDestroy
 0x180110180 GetCurrentProcessId
 0x180110188 FlushInstructionCache
 0x180110190 SetThreadContext
 0x180110198 CreateFileA
 0x1801101a0 GetFileSizeEx
 0x1801101a8 ReadFile
 0x1801101b0 MapViewOfFile
 0x1801101b8 UnmapViewOfFile
 0x1801101c0 GetSystemTimeAsFileTime
 0x1801101c8 OutputDebugStringW
 0x1801101d0 ReleaseSRWLockExclusive
 0x1801101d8 AcquireSRWLockExclusive
 0x1801101e0 WakeAllConditionVariable
 0x1801101e8 SleepConditionVariableSRW
 0x1801101f0 UnhandledExceptionFilter
 0x1801101f8 SetUnhandledExceptionFilter
 0x180110200 IsProcessorFeaturePresent
 0x180110208 InitializeSListHead
 0x180110210 QueryPerformanceFrequency
 0x180110218 LoadLibraryA
 0x180110220 GetModuleHandleA
 0x180110228 WideCharToMultiByte
 0x180110230 GlobalLock
 0x180110238 GlobalFree
 0x180110240 GlobalAlloc
 0x180110248 MultiByteToWideChar
 0x180110250 GlobalUnlock
 0x180110258 SetLastError
 0x180110260 IsDebuggerPresent
 0x180110268 CreateFileMappingA
USER32.dll
 0x180110608 GetClipboardData
 0x180110610 EmptyClipboard
 0x180110618 CloseClipboard
 0x180110620 OpenClipboard
 0x180110628 GetCursorPos
 0x180110630 SetCursorPos
 0x180110638 ReleaseCapture
 0x180110640 IsWindowUnicode
 0x180110648 DispatchMessageA
 0x180110650 SetClipboardData
 0x180110658 DestroyWindow
 0x180110660 CreateWindowExW
 0x180110668 CallNextHookEx
 0x180110670 GetSystemMetrics
 0x180110678 UnregisterClassW
 0x180110680 RegisterClassExW
 0x180110688 GetActiveWindow
 0x180110690 ShowWindow
 0x180110698 GetAsyncKeyState
 0x1801106a0 SetWindowLongA
 0x1801106a8 SetWindowsHookExA
 0x1801106b0 GetWindowLongA
 0x1801106b8 SetWindowDisplayAffinity
 0x1801106c0 MessageBoxA
 0x1801106c8 MoveWindow
 0x1801106d0 UnhookWindowsHookEx
 0x1801106d8 DefWindowProcA
 0x1801106e0 SetLayeredWindowAttributes
 0x1801106e8 TranslateMessage
 0x1801106f0 LoadIconA
 0x1801106f8 PeekMessageA
 0x180110700 PostQuitMessage
 0x180110708 UpdateWindow
 0x180110710 GetKeyState
 0x180110718 GetMessageExtraInfo
 0x180110720 LoadCursorA
 0x180110728 GetWindowRect
 0x180110730 ScreenToClient
 0x180110738 GetCapture
 0x180110740 ClientToScreen
 0x180110748 TrackMouseEvent
 0x180110750 GetForegroundWindow
 0x180110758 SetCapture
 0x180110760 SetCursor
 0x180110768 GetClientRect
ole32.dll
 0x180110c30 CoInitialize
 0x180110c38 CoUninitialize
 0x180110c40 CoCreateInstance
glew32.dll
 0x180110be0 __glewDepthRangef
 0x180110be8 __glewGetUniformLocation
 0x180110bf0 __glewBlendFuncSeparate
 0x180110bf8 __glewBlendColor
 0x180110c00 glewInit
OPENGL32.dll
 0x180110568 glTexImage2D
 0x180110570 glTexParameteri
 0x180110578 glGenTextures
 0x180110580 glBindTexture
 0x180110588 glGetIntegerv
 0x180110590 glDepthRange
 0x180110598 glGetFloatv
 0x1801105a0 glPushMatrix
 0x1801105a8 glDisable
 0x1801105b0 glDrawElements
 0x1801105b8 glBegin
 0x1801105c0 glColorMask
 0x1801105c8 glBlendFunc
 0x1801105d0 glLineWidth
 0x1801105d8 glEnd
 0x1801105e0 glVertex3f
 0x1801105e8 glEnable
 0x1801105f0 glPolygonMode
 0x1801105f8 glPopMatrix
MSVCP140.dll
 0x180110278 ?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
 0x180110280 ?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
 0x180110288 ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
 0x180110290 ?_Incref@facet@locale@std@@UEAAXXZ
 0x180110298 ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
 0x1801102a0 ?_Xbad_function_call@std@@YAXXZ
 0x1801102a8 ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
 0x1801102b0 ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
 0x1801102b8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
 0x1801102c0 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
 0x1801102c8 ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
 0x1801102d0 ??Bios_base@std@@QEBA_NXZ
 0x1801102d8 ?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
 0x1801102e0 ?tolower@?$ctype@D@std@@QEBADD@Z
 0x1801102e8 ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
 0x1801102f0 ??1facet@locale@std@@MEAA@XZ
 0x1801102f8 ??0facet@locale@std@@IEAA@_K@Z
 0x180110300 ?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
 0x180110308 ?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
 0x180110310 ?id@?$collate@D@std@@2V0locale@2@A
 0x180110318 ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
 0x180110320 ?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
 0x180110328 ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
 0x180110330 ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
 0x180110338 ??1_Locinfo@std@@QEAA@XZ
 0x180110340 ??0_Locinfo@std@@QEAA@PEBD@Z
 0x180110348 _Strxfrm
 0x180110350 _Strcoll
 0x180110358 _Mtx_unlock
 0x180110360 ?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
 0x180110368 ?good@ios_base@std@@QEBA_NXZ
 0x180110370 _Mtx_lock
 0x180110378 _Mtx_destroy_in_situ
 0x180110380 _Mtx_init_in_situ
 0x180110388 _Thrd_id
 0x180110390 ?_Xinvalid_argument@std@@YAXPEBD@Z
 0x180110398 ??Bid@locale@std@@QEAA_KXZ
 0x1801103a0 ?always_noconv@codecvt_base@std@@QEBA_NXZ
 0x1801103a8 ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
 0x1801103b0 ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
 0x1801103b8 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
 0x1801103c0 ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
 0x1801103c8 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
 0x1801103d0 ?_Xlength_error@std@@YAXPEBD@Z
 0x1801103d8 ?_Xout_of_range@std@@YAXPEBD@Z
 0x1801103e0 _Query_perf_frequency
 0x1801103e8 ??1_Lockit@std@@QEAA@XZ
 0x1801103f0 ??0_Lockit@std@@QEAA@H@Z
 0x1801103f8 ?_Throw_Cpp_error@std@@YAXH@Z
 0x180110400 ?uncaught_exceptions@std@@YAHXZ
 0x180110408 ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
 0x180110410 ?_Xbad_alloc@std@@YAXXZ
 0x180110418 ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
 0x180110420 ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
 0x180110428 ?id@?$ctype@D@std@@2V0locale@2@A
 0x180110430 _Cnd_do_broadcast_at_thread_exit
 0x180110438 _Query_perf_counter
 0x180110440 _Thrd_detach
 0x180110448 _Xtime_get_ticks
 0x180110450 ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
 0x180110458 ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
 0x180110460 ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
 0x180110468 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
 0x180110470 ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
 0x180110478 ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
 0x180110480 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
 0x180110488 ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
 0x180110490 ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
 0x180110498 ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
 0x1801104a0 ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
 0x1801104a8 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
 0x1801104b0 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
 0x1801104b8 ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
 0x1801104c0 ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
 0x1801104c8 ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
 0x1801104d0 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
 0x1801104d8 ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
 0x1801104e0 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
 0x1801104e8 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
 0x1801104f0 ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
 0x1801104f8 ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
 0x180110500 ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
 0x180110508 ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
 0x180110510 ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
 0x180110518 ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
 0x180110520 ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
 0x180110528 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
 0x180110530 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
 0x180110538 ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
 0x180110540 ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
 0x180110548 ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
 0x180110550 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
 0x180110558 ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
IMM32.dll
 0x180110010 ImmSetCompositionWindow
 0x180110018 ImmReleaseContext
 0x180110020 ImmGetContext
 0x180110028 ImmSetCandidateWindow
dwmapi.dll
 0x180110bd0 DwmExtendFrameIntoClientArea
d3dx11_43.dll
 0x180110bc0 D3DX11CreateShaderResourceViewFromMemory
ntdll.dll
 0x180110c10 RtlLookupFunctionEntry
 0x180110c18 RtlCaptureContext
 0x180110c20 RtlVirtualUnwind
WS2_32.dll
 0x180110838 WSASocketW
 0x180110840 getaddrinfo
 0x180110848 WSAGetLastError
 0x180110850 getnameinfo
 0x180110858 WSACleanup
 0x180110860 WSAStartup
 0x180110868 socket
 0x180110870 shutdown
 0x180110878 __WSAFDIsSet
 0x180110880 freeaddrinfo
 0x180110888 setsockopt
 0x180110890 send
 0x180110898 select
 0x1801108a0 recv
 0x1801108a8 ntohs
 0x1801108b0 getsockopt
 0x1801108b8 getsockname
 0x1801108c0 getpeername
 0x1801108c8 ioctlsocket
 0x1801108d0 connect
 0x1801108d8 closesocket
crypt.dll
 0x180110b90 BCryptOpenAlgorithmProvider
 0x180110b98 BCryptGenRandom
 0x180110ba0 BCryptCloseAlgorithmProvider
VCRUNTIME140_1.dll
 0x180110828 __CxxFrameHandler4
VCRUNTIME140.dll
 0x180110778 __std_type_info_destroy_list
 0x180110780 __intrinsic_setjmp
 0x180110788 __C_specific_handler
 0x180110790 __current_exception_context
 0x180110798 __current_exception
 0x1801107a0 _CxxThrowException
 0x1801107a8 __std_type_info_name
 0x1801107b0 __std_type_info_compare
 0x1801107b8 strchr
 0x1801107c0 _purecall
 0x1801107c8 memcmp
 0x1801107d0 memchr
 0x1801107d8 memset
 0x1801107e0 memmove
 0x1801107e8 memcpy
 0x1801107f0 longjmp
 0x1801107f8 strrchr
 0x180110800 strstr
 0x180110808 __std_terminate
 0x180110810 __std_exception_copy
 0x180110818 __std_exception_destroy
api-ms-win-crt-stdio-l1-1-0.dll
 0x180110a80 setvbuf
 0x180110a88 fputc
 0x180110a90 __stdio_common_vsscanf
 0x180110a98 fclose
 0x180110aa0 ungetc
 0x180110aa8 fsetpos
 0x180110ab0 fread
 0x180110ab8 fgetc
 0x180110ac0 ftell
 0x180110ac8 __acrt_iob_func
 0x180110ad0 __stdio_common_vsprintf
 0x180110ad8 _wfopen
 0x180110ae0 _fseeki64
 0x180110ae8 _get_stream_buffer_pointers
 0x180110af0 fwrite
 0x180110af8 fgetpos
 0x180110b00 fseek
 0x180110b08 __stdio_common_vfprintf
 0x180110b10 fflush
api-ms-win-crt-utility-l1-1-0.dll
 0x180110b70 _byteswap_ulong
 0x180110b78 rand
 0x180110b80 qsort
api-ms-win-crt-string-l1-1-0.dll
 0x180110b20 strncmp
 0x180110b28 strcmp
 0x180110b30 tolower
 0x180110b38 isdigit
 0x180110b40 strlen
 0x180110b48 _stricmp
 0x180110b50 strncpy
api-ms-win-crt-heap-l1-1-0.dll
 0x180110938 _callnewh
 0x180110940 free
 0x180110948 _msize
 0x180110950 realloc
 0x180110958 malloc
 0x180110960 _aligned_malloc
 0x180110968 _aligned_free
api-ms-win-crt-runtime-l1-1-0.dll
 0x1801109f8 _initterm_e
 0x180110a00 _initterm
 0x180110a08 _cexit
 0x180110a10 _crt_atexit
 0x180110a18 _execute_onexit_table
 0x180110a20 terminate
 0x180110a28 _register_onexit_function
 0x180110a30 _initialize_onexit_table
 0x180110a38 _initialize_narrow_environment
 0x180110a40 _beginthreadex
 0x180110a48 _configure_narrow_argv
 0x180110a50 _invalid_parameter_noinfo
 0x180110a58 _seh_filter_dll
 0x180110a60 _invalid_parameter_noinfo_noreturn
 0x180110a68 exit
 0x180110a70 _errno
api-ms-win-crt-convert-l1-1-0.dll
 0x1801108e8 strtol
 0x1801108f0 atof
 0x1801108f8 strtod
 0x180110900 strtoll
 0x180110908 strtoul
 0x180110910 strtoull
api-ms-win-crt-time-l1-1-0.dll
 0x180110b60 _time64
api-ms-win-crt-filesystem-l1-1-0.dll
 0x180110920 _unlock_file
 0x180110928 _lock_file
api-ms-win-crt-multibyte-l1-1-0.dll
 0x1801109e8 _mbsicmp
api-ms-win-crt-math-l1-1-0.dll
 0x180110988 powf
 0x180110990 sinf
 0x180110998 fmodf
 0x1801109a0 cosf
 0x1801109a8 roundf
 0x1801109b0 _dtest
 0x1801109b8 _dsign
 0x1801109c0 ceilf
 0x1801109c8 acosf
 0x1801109d0 sin
 0x1801109d8 sqrtf
api-ms-win-crt-locale-l1-1-0.dll
 0x180110978 localeconv

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure