Malicious
Classifications
PUA Backdoor Miner
Threat Names
XMRig App/Generic-FN
Dynamic Analysis Report
Created on 2024-06-06T21:06:17+00:00
unknown.exe
Windows Exe (x86-64)
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "23 minutes, 23 seconds" to "7 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\OqXZRaykm\Desktop\unknown.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Suspicious
|
Names | App/Generic-FN |
Classification | PUA |
PE Information
»
Image Base | 0x140000000 |
Entry Point | 0x1400297B8 |
Size Of Code | 0x00065A00 |
Size Of Initialized Data | 0x00034E00 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_CUI |
Machine Type | IMAGE_FILE_MACHINE_AMD64 |
Compile Timestamp | 2018-02-04 04:40 (UTC) |
Sections (6)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x140001000 | 0x000659D2 | 0x00065A00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.51 |
.rdata | 0x140067000 | 0x000205C6 | 0x00020600 | 0x00065E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.66 |
.data | 0x140088000 | 0x0000E9D0 | 0x0000C400 | 0x00086400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.21 |
.pdata | 0x140097000 | 0x00004A70 | 0x00004C00 | 0x00092800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.77 |
.rsrc | 0x14009C000 | 0x000001D5 | 0x00000200 | 0x00097400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.71 |
.reloc | 0x14009D000 | 0x00000E98 | 0x00001000 | 0x00097600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.27 |
Imports (6)
»
WS2_32.dll (31)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
connect | 0x00000004 | 0x140067590 | 0x000866B8 | 0x000854B8 | - |
htons | 0x00000009 | 0x140067598 | 0x000866C0 | 0x000854C0 | - |
WSACleanup | 0x00000074 | 0x1400675A0 | 0x000866C8 | 0x000854C8 | - |
__WSAFDIsSet | 0x00000097 | 0x1400675A8 | 0x000866D0 | 0x000854D0 | - |
accept | 0x00000001 | 0x1400675B0 | 0x000866D8 | 0x000854D8 | - |
send | 0x00000013 | 0x1400675B8 | 0x000866E0 | 0x000854E0 | - |
ntohs | 0x0000000F | 0x1400675C0 | 0x000866E8 | 0x000854E8 | - |
recv | 0x00000010 | 0x1400675C8 | 0x000866F0 | 0x000854F0 | - |
WSAPoll | - | 0x1400675D0 | 0x000866F8 | 0x000854F8 | 0x00000045 |
WSASetLastError | 0x00000070 | 0x1400675D8 | 0x00086700 | 0x00085500 | - |
WSAStartup | 0x00000073 | 0x1400675E0 | 0x00086708 | 0x00085508 | - |
select | 0x00000012 | 0x1400675E8 | 0x00086710 | 0x00085510 | - |
WSARecvFrom | - | 0x1400675F0 | 0x00086718 | 0x00085518 | 0x0000004A |
bind | 0x00000002 | 0x1400675F8 | 0x00086720 | 0x00085520 | - |
WSAIoctl | - | 0x140067600 | 0x00086728 | 0x00085528 | 0x0000003A |
WSASend | - | 0x140067608 | 0x00086730 | 0x00085530 | 0x0000004D |
shutdown | 0x00000016 | 0x140067610 | 0x00086738 | 0x00085538 | - |
listen | 0x0000000D | 0x140067618 | 0x00086740 | 0x00085540 | - |
WSASocketW | - | 0x140067620 | 0x00086748 | 0x00085548 | 0x00000057 |
getsockname | 0x00000006 | 0x140067628 | 0x00086750 | 0x00085550 | - |
socket | 0x00000017 | 0x140067630 | 0x00086758 | 0x00085558 | - |
WSARecv | - | 0x140067638 | 0x00086760 | 0x00085560 | 0x00000048 |
ioctlsocket | 0x0000000A | 0x140067640 | 0x00086768 | 0x00085568 | - |
FreeAddrInfoW | - | 0x140067648 | 0x00086770 | 0x00085570 | 0x00000002 |
GetAddrInfoW | - | 0x140067650 | 0x00086778 | 0x00085578 | 0x00000007 |
closesocket | 0x00000003 | 0x140067658 | 0x00086780 | 0x00085580 | - |
getsockopt | 0x00000007 | 0x140067660 | 0x00086788 | 0x00085588 | - |
setsockopt | 0x00000015 | 0x140067668 | 0x00086790 | 0x00085590 | - |
htonl | 0x00000008 | 0x140067670 | 0x00086798 | 0x00085598 | - |
WSAGetLastError | 0x0000006F | 0x140067678 | 0x000867A0 | 0x000855A0 | - |
gethostname | 0x00000039 | 0x140067680 | 0x000867A8 | 0x000855A8 | - |
IPHLPAPI.DLL (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetAdaptersAddresses | - | 0x140067058 | 0x00086180 | 0x00084F80 | 0x0000003F |
KERNEL32.dll (156)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
FindClose | - | 0x140067068 | 0x00086190 | 0x00084F90 | 0x00000179 |
GetTimeZoneInformation | - | 0x140067070 | 0x00086198 | 0x00084F98 | 0x00000311 |
FindFirstFileExA | - | 0x140067078 | 0x000861A0 | 0x00084FA0 | 0x0000017E |
HeapSize | - | 0x140067080 | 0x000861A8 | 0x00084FA8 | 0x00000353 |
FindNextFileA | - | 0x140067088 | 0x000861B0 | 0x00084FB0 | 0x0000018E |
HeapFree | - | 0x140067090 | 0x000861B8 | 0x00084FB8 | 0x0000034E |
HeapReAlloc | - | 0x140067098 | 0x000861C0 | 0x00084FC0 | 0x00000351 |
SetLastError | - | 0x1400670A0 | 0x000861C8 | 0x00084FC8 | 0x00000537 |
InitializeCriticalSectionEx | - | 0x1400670A8 | 0x000861D0 | 0x00084FD0 | 0x00000364 |
GetLastError | - | 0x1400670B0 | 0x000861D8 | 0x00084FD8 | 0x00000263 |
RaiseException | - | 0x1400670B8 | 0x000861E0 | 0x00084FE0 | 0x0000045F |
DecodePointer | - | 0x1400670C0 | 0x000861E8 | 0x00084FE8 | 0x00000108 |
DeleteCriticalSection | - | 0x1400670C8 | 0x000861F0 | 0x00084FF0 | 0x0000010F |
WideCharToMultiByte | - | 0x1400670D0 | 0x000861F8 | 0x00084FF8 | 0x00000605 |
GetStdHandle | - | 0x1400670D8 | 0x00086200 | 0x00085000 | 0x000002D5 |
SetConsoleMode | - | 0x1400670E0 | 0x00086208 | 0x00085008 | 0x000004FF |
GetConsoleMode | - | 0x1400670E8 | 0x00086210 | 0x00085010 | 0x00000200 |
CloseHandle | - | 0x1400670F0 | 0x00086218 | 0x00085018 | 0x00000086 |
FreeConsole | - | 0x1400670F8 | 0x00086220 | 0x00085020 | 0x000001AC |
GetConsoleWindow | - | 0x140067100 | 0x00086228 | 0x00085028 | 0x0000020B |
SetThreadAffinityMask | - | 0x140067108 | 0x00086230 | 0x00085030 | 0x00000558 |
GetCurrentProcess | - | 0x140067110 | 0x00086238 | 0x00085038 | 0x0000021B |
SetProcessAffinityMask | - | 0x140067118 | 0x00086240 | 0x00085040 | 0x00000542 |
GetCurrentThread | - | 0x140067120 | 0x00086248 | 0x00085048 | 0x0000021F |
VirtualFree | - | 0x140067128 | 0x00086250 | 0x00085050 | 0x000005D0 |
VirtualAlloc | - | 0x140067130 | 0x00086258 | 0x00085058 | 0x000005CD |
LocalAlloc | - | 0x140067138 | 0x00086260 | 0x00085060 | 0x000003C8 |
LocalFree | - | 0x140067140 | 0x00086268 | 0x00085068 | 0x000003CC |
SetPriorityClass | - | 0x140067148 | 0x00086270 | 0x00085070 | 0x00000541 |
SetThreadPriority | - | 0x140067150 | 0x00086278 | 0x00085078 | 0x00000563 |
GetProcAddress | - | 0x140067158 | 0x00086280 | 0x00085080 | 0x000002B1 |
GetModuleHandleW | - | 0x140067160 | 0x00086288 | 0x00085088 | 0x0000027A |
TlsSetValue | - | 0x140067168 | 0x00086290 | 0x00085090 | 0x000005A7 |
EnterCriticalSection | - | 0x140067170 | 0x00086298 | 0x00085098 | 0x00000133 |
ReleaseSemaphore | - | 0x140067178 | 0x000862A0 | 0x000850A0 | 0x000004B1 |
WaitForMultipleObjects | - | 0x140067180 | 0x000862A8 | 0x000850A8 | 0x000005DC |
LeaveCriticalSection | - | 0x140067188 | 0x000862B0 | 0x000850B0 | 0x000003BB |
InitializeCriticalSection | - | 0x140067190 | 0x000862B8 | 0x000850B8 | 0x00000362 |
WaitForSingleObject | - | 0x140067198 | 0x000862C0 | 0x000850C0 | 0x000005DE |
ResumeThread | - | 0x1400671A0 | 0x000862C8 | 0x000850C8 | 0x000004C9 |
SetEvent | - | 0x1400671A8 | 0x000862D0 | 0x000850D0 | 0x0000051C |
TlsAlloc | - | 0x1400671B0 | 0x000862D8 | 0x000850D8 | 0x000005A4 |
ResetEvent | - | 0x1400671B8 | 0x000862E0 | 0x000850E0 | 0x000004C3 |
CreateSemaphoreW | - | 0x1400671C0 | 0x000862E8 | 0x000850E8 | 0x000000EA |
TlsGetValue | - | 0x1400671C8 | 0x000862F0 | 0x000850F0 | 0x000005A6 |
TlsFree | - | 0x1400671D0 | 0x000862F8 | 0x000850F8 | 0x000005A5 |
CreateSemaphoreA | - | 0x1400671D8 | 0x00086300 | 0x00085100 | 0x000000E7 |
CreateEventA | - | 0x1400671E0 | 0x00086308 | 0x00085108 | 0x000000BB |
VerifyVersionInfoA | - | 0x1400671E8 | 0x00086310 | 0x00085110 | 0x000005CB |
GetModuleFileNameW | - | 0x1400671F0 | 0x00086318 | 0x00085118 | 0x00000276 |
MultiByteToWideChar | - | 0x1400671F8 | 0x00086320 | 0x00085120 | 0x000003EB |
QueryPerformanceFrequency | - | 0x140067200 | 0x00086328 | 0x00085128 | 0x0000044A |
GetSystemInfo | - | 0x140067208 | 0x00086330 | 0x00085130 | 0x000002E6 |
VerSetConditionMask | - | 0x140067210 | 0x00086338 | 0x00085138 | 0x000005C8 |
IsValidCodePage | - | 0x140067218 | 0x00086340 | 0x00085140 | 0x00000389 |
QueryPerformanceCounter | - | 0x140067220 | 0x00086348 | 0x00085148 | 0x00000449 |
SetConsoleCtrlHandler | - | 0x140067228 | 0x00086350 | 0x00085150 | 0x000004EF |
PostQueuedCompletionStatus | - | 0x140067230 | 0x00086358 | 0x00085158 | 0x0000041F |
Sleep | - | 0x140067238 | 0x00086360 | 0x00085160 | 0x00000583 |
SetErrorMode | - | 0x140067240 | 0x00086368 | 0x00085168 | 0x0000051B |
GetQueuedCompletionStatus | - | 0x140067248 | 0x00086370 | 0x00085170 | 0x000002CD |
CreateIoCompletionPort | - | 0x140067250 | 0x00086378 | 0x00085178 | 0x000000CF |
GetConsoleScreenBufferInfo | - | 0x140067258 | 0x00086380 | 0x00085180 | 0x00000206 |
SetConsoleTextAttribute | - | 0x140067260 | 0x00086388 | 0x00085188 | 0x00000508 |
RegisterWaitForSingleObject | - | 0x140067268 | 0x00086390 | 0x00085190 | 0x000004A6 |
UnregisterWait | - | 0x140067270 | 0x00086398 | 0x00085198 | 0x000005BD |
GetConsoleCursorInfo | - | 0x140067278 | 0x000863A0 | 0x000851A0 | 0x000001F4 |
CreateFileW | - | 0x140067280 | 0x000863A8 | 0x000851A8 | 0x000000CA |
DuplicateHandle | - | 0x140067288 | 0x000863B0 | 0x000851B0 | 0x0000012D |
QueueUserWorkItem | - | 0x140067290 | 0x000863B8 | 0x000851B8 | 0x00000454 |
SetConsoleCursorInfo | - | 0x140067298 | 0x000863C0 | 0x000851C0 | 0x000004F1 |
FillConsoleOutputCharacterW | - | 0x1400672A0 | 0x000863C8 | 0x000851C8 | 0x00000171 |
ReadConsoleInputW | - | 0x1400672A8 | 0x000863D0 | 0x000851D0 | 0x00000467 |
CreateFileA | - | 0x1400672B0 | 0x000863D8 | 0x000851D8 | 0x000000C2 |
ReadConsoleW | - | 0x1400672B8 | 0x000863E0 | 0x000851E0 | 0x0000046D |
WriteConsoleInputW | - | 0x1400672C0 | 0x000863E8 | 0x000851E8 | 0x00000612 |
FillConsoleOutputAttribute | - | 0x1400672C8 | 0x000863F0 | 0x000851F0 | 0x0000016F |
WriteConsoleW | - | 0x1400672D0 | 0x000863F8 | 0x000851F8 | 0x00000618 |
GetNumberOfConsoleInputEvents | - | 0x1400672D8 | 0x00086400 | 0x00085200 | 0x00000298 |
SetConsoleCursorPosition | - | 0x1400672E0 | 0x00086408 | 0x00085208 | 0x000004F3 |
GetFileType | - | 0x1400672E8 | 0x00086410 | 0x00085210 | 0x00000251 |
CreateDirectoryW | - | 0x1400672F0 | 0x00086418 | 0x00085218 | 0x000000B9 |
ReadFile | - | 0x1400672F8 | 0x00086420 | 0x00085220 | 0x00000470 |
WriteFile | - | 0x140067300 | 0x00086428 | 0x00085228 | 0x00000619 |
DeviceIoControl | - | 0x140067308 | 0x00086430 | 0x00085230 | 0x0000011F |
RemoveDirectoryW | - | 0x140067310 | 0x00086438 | 0x00085238 | 0x000004B6 |
SetFileTime | - | 0x140067318 | 0x00086440 | 0x00085240 | 0x0000052C |
CreateHardLinkW | - | 0x140067320 | 0x00086448 | 0x00085248 | 0x000000CE |
GetFileAttributesW | - | 0x140067328 | 0x00086450 | 0x00085250 | 0x00000248 |
GetFileInformationByHandle | - | 0x140067330 | 0x00086458 | 0x00085258 | 0x0000024A |
SetFilePointerEx | - | 0x140067338 | 0x00086460 | 0x00085260 | 0x00000529 |
MoveFileExW | - | 0x140067340 | 0x00086468 | 0x00085268 | 0x000003E4 |
CopyFileW | - | 0x140067348 | 0x00086470 | 0x00085270 | 0x000000AC |
FlushFileBuffers | - | 0x140067350 | 0x00086478 | 0x00085278 | 0x000001A3 |
CancelIo | - | 0x140067358 | 0x00086480 | 0x00085280 | 0x00000071 |
SetHandleInformation | - | 0x140067360 | 0x00086488 | 0x00085288 | 0x00000533 |
GetModuleHandleA | - | 0x140067368 | 0x00086490 | 0x00085290 | 0x00000277 |
LoadLibraryA | - | 0x140067370 | 0x00086498 | 0x00085298 | 0x000003BF |
DebugBreak | - | 0x140067378 | 0x000864A0 | 0x000852A0 | 0x00000105 |
SetNamedPipeHandleState | - | 0x140067380 | 0x000864A8 | 0x000852A8 | 0x00000540 |
CreateNamedPipeW | - | 0x140067388 | 0x000864B0 | 0x000852B0 | 0x000000DB |
PeekNamedPipe | - | 0x140067390 | 0x000864B8 | 0x000852B8 | 0x0000041E |
GetNamedPipeHandleStateA | - | 0x140067398 | 0x000864C0 | 0x000852C0 | 0x00000282 |
SwitchToThread | - | 0x1400673A0 | 0x000864C8 | 0x000852C8 | 0x0000058D |
ConnectNamedPipe | - | 0x1400673A8 | 0x000864D0 | 0x000852D0 | 0x0000009B |
GetLongPathNameW | - | 0x1400673B0 | 0x000864D8 | 0x000852D8 | 0x00000270 |
ReadDirectoryChangesW | - | 0x1400673B8 | 0x000864E0 | 0x000852E0 | 0x0000046F |
TerminateProcess | - | 0x1400673C0 | 0x000864E8 | 0x000852E8 | 0x00000592 |
UnregisterWaitEx | - | 0x1400673C8 | 0x000864F0 | 0x000852F0 | 0x000005BE |
LCMapStringW | - | 0x1400673D0 | 0x000864F8 | 0x000852F8 | 0x000003AF |
GetExitCodeProcess | - | 0x1400673D8 | 0x00086500 | 0x00085300 | 0x0000023F |
GetStartupInfoW | - | 0x1400673E0 | 0x00086508 | 0x00085308 | 0x000002D3 |
InitializeCriticalSectionAndSpinCount | - | 0x1400673E8 | 0x00086510 | 0x00085310 | 0x00000363 |
GetCurrentThreadId | - | 0x1400673F0 | 0x00086518 | 0x00085318 | 0x00000220 |
GetTickCount64 | - | 0x1400673F8 | 0x00086520 | 0x00085320 | 0x0000030B |
HeapAlloc | - | 0x140067400 | 0x00086528 | 0x00085328 | 0x0000034A |
GetACP | - | 0x140067408 | 0x00086530 | 0x00085330 | 0x000001B6 |
GetModuleFileNameA | - | 0x140067410 | 0x00086538 | 0x00085338 | 0x00000275 |
ExitProcess | - | 0x140067418 | 0x00086540 | 0x00085340 | 0x00000162 |
SetFileAttributesW | - | 0x140067420 | 0x00086548 | 0x00085348 | 0x00000523 |
GetFileAttributesExW | - | 0x140067428 | 0x00086550 | 0x00085350 | 0x00000245 |
GetConsoleCP | - | 0x140067430 | 0x00086558 | 0x00085358 | 0x000001EE |
SetStdHandle | - | 0x140067438 | 0x00086560 | 0x00085360 | 0x0000054F |
GetOEMCP | - | 0x140067440 | 0x00086568 | 0x00085368 | 0x0000029A |
GetEnvironmentStringsW | - | 0x140067448 | 0x00086570 | 0x00085370 | 0x0000023A |
FreeEnvironmentStringsW | - | 0x140067450 | 0x00086578 | 0x00085378 | 0x000001AE |
SetEnvironmentVariableA | - | 0x140067458 | 0x00086580 | 0x00085380 | 0x00000519 |
GetProcessHeap | - | 0x140067460 | 0x00086588 | 0x00085388 | 0x000002B7 |
GetThreadTimes | - | 0x140067468 | 0x00086590 | 0x00085390 | 0x00000308 |
GetCurrentProcessId | - | 0x140067470 | 0x00086598 | 0x00085398 | 0x0000021C |
FormatMessageA | - | 0x140067478 | 0x000865A0 | 0x000853A0 | 0x000001AA |
GetModuleHandleExW | - | 0x140067480 | 0x000865A8 | 0x000853A8 | 0x00000279 |
FreeLibraryAndExitThread | - | 0x140067488 | 0x000865B0 | 0x000853B0 | 0x000001B0 |
ExitThread | - | 0x140067490 | 0x000865B8 | 0x000853B8 | 0x00000163 |
CreateThread | - | 0x140067498 | 0x000865C0 | 0x000853C0 | 0x000000F0 |
GetCommandLineW | - | 0x1400674A0 | 0x000865C8 | 0x000853C8 | 0x000001DB |
GetCommandLineA | - | 0x1400674A8 | 0x000865D0 | 0x000853D0 | 0x000001DA |
RtlPcToFileHeader | - | 0x1400674B0 | 0x000865D8 | 0x000853D8 | 0x000004D4 |
LoadLibraryExW | - | 0x1400674B8 | 0x000865E0 | 0x000853E0 | 0x000003C1 |
FreeLibrary | - | 0x1400674C0 | 0x000865E8 | 0x000853E8 | 0x000001AF |
RtlUnwindEx | - | 0x1400674C8 | 0x000865F0 | 0x000853F0 | 0x000004D8 |
OutputDebugStringW | - | 0x1400674D0 | 0x000865F8 | 0x000853F8 | 0x00000415 |
CreateEventW | - | 0x1400674D8 | 0x00086600 | 0x00085400 | 0x000000BE |
RtlCaptureContext | - | 0x1400674E0 | 0x00086608 | 0x00085408 | 0x000004CB |
RtlLookupFunctionEntry | - | 0x1400674E8 | 0x00086610 | 0x00085410 | 0x000004D2 |
RtlVirtualUnwind | - | 0x1400674F0 | 0x00086618 | 0x00085418 | 0x000004D9 |
UnhandledExceptionFilter | - | 0x1400674F8 | 0x00086620 | 0x00085420 | 0x000005B4 |
SetUnhandledExceptionFilter | - | 0x140067500 | 0x00086628 | 0x00085428 | 0x00000573 |
IsProcessorFeaturePresent | - | 0x140067508 | 0x00086630 | 0x00085430 | 0x00000384 |
IsDebuggerPresent | - | 0x140067510 | 0x00086638 | 0x00085438 | 0x0000037D |
GetSystemTimeAsFileTime | - | 0x140067518 | 0x00086640 | 0x00085440 | 0x000002EC |
InitializeSListHead | - | 0x140067520 | 0x00086648 | 0x00085448 | 0x00000367 |
EncodePointer | - | 0x140067528 | 0x00086650 | 0x00085450 | 0x0000012F |
CompareStringW | - | 0x140067530 | 0x00086658 | 0x00085458 | 0x0000009A |
GetStringTypeW | - | 0x140067538 | 0x00086660 | 0x00085460 | 0x000002DA |
GetCPInfo | - | 0x140067540 | 0x00086668 | 0x00085468 | 0x000001C5 |
USER32.dll (5)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
ShowWindow | - | 0x140067550 | 0x00086678 | 0x00085478 | 0x00000380 |
TranslateMessage | - | 0x140067558 | 0x00086680 | 0x00085480 | 0x000003A0 |
DispatchMessageA | - | 0x140067560 | 0x00086688 | 0x00085488 | 0x000000BC |
MapVirtualKeyW | - | 0x140067568 | 0x00086690 | 0x00085490 | 0x0000027C |
GetMessageA | - | 0x140067570 | 0x00086698 | 0x00085498 | 0x00000181 |
ADVAPI32.dll (10)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CryptAcquireContextA | - | 0x140067000 | 0x00086128 | 0x00084F28 | 0x000000C1 |
CryptGenRandom | - | 0x140067008 | 0x00086130 | 0x00084F30 | 0x000000D2 |
CryptReleaseContext | - | 0x140067010 | 0x00086138 | 0x00084F38 | 0x000000DC |
LookupPrivilegeValueW | - | 0x140067018 | 0x00086140 | 0x00084F40 | 0x000001AF |
AdjustTokenPrivileges | - | 0x140067020 | 0x00086148 | 0x00084F48 | 0x0000001F |
OpenProcessToken | - | 0x140067028 | 0x00086150 | 0x00084F50 | 0x00000215 |
LsaOpenPolicy | - | 0x140067030 | 0x00086158 | 0x00084F58 | 0x000001D7 |
LsaAddAccountRights | - | 0x140067038 | 0x00086160 | 0x00084F60 | 0x000001B2 |
LsaClose | - | 0x140067040 | 0x00086168 | 0x00084F68 | 0x000001B5 |
GetTokenInformation | - | 0x140067048 | 0x00086170 | 0x00084F70 | 0x00000170 |
WINHTTP.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
WinHttpAddRequestHeaders | - | 0x140067580 | 0x000866A8 | 0x000854A8 | 0x00000004 |
Digital Signature Information
»
Verification Status | Valid |
Certificate: Xi' an JingTech electronic Technology Co.,LTD
»
Issued by | Xi' an JingTech electronic Technology Co.,LTD |
Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
Country Name | CN |
Valid From | 2016-11-23 00:00 (UTC) |
Valid Until | 2017-11-23 23:59 (UTC) |
Algorithm | sha256_rsa |
Serial Number | 65 F9 B9 66 60 AD 34 C1 C1 FE F2 97 26 6A 1B 36 |
Thumbprint | 3D 28 93 34 2A D1 B7 42 9D 66 0C 27 42 49 02 F8 5C CA CC 89 |
Revoked Since | 2017-02-06 00:00 (UTC) |
Revocation Reason | Certificate's private key has been compromised |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
Issued by | Symantec Class 3 SHA256 Code Signing CA |
Parent Certificate | VeriSign Class 3 Public Primary Certification Authority - G5 |
Country Name | US |
Valid From | 2013-12-10 00:00 (UTC) |
Valid Until | 2023-12-09 23:59 (UTC) |
Algorithm | sha256_rsa |
Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
Certificate: VeriSign Class 3 Public Primary Certification Authority - G5
»
Issued by | VeriSign Class 3 Public Primary Certification Authority - G5 |
Country Name | US |
Valid From | 2006-11-08 00:00 (UTC) |
Valid Until | 2021-11-07 23:59 (UTC) |
Algorithm | sha1_rsa |
Serial Number | 1B 09 3B 78 60 96 DA 37 BB A4 51 94 46 C8 96 78 |
Thumbprint | 45 3A B3 27 6F 4C 16 71 7C 64 D2 D9 0C 05 4C E2 88 77 03 51 |
Memory Dumps (12)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
unknown.exe | 1 | 0x7FF7AAE80000 | 0x7FF7AAF1DFFF | Relevant Image | 64-bit | 0x7FF7AAE81190 |
...
|
||
buffer | 1 | 0x0014C000 | 0x0014FFFF | First Network Behavior | 64-bit | - |
...
|
||
buffer | 1 | 0x005A9710 | 0x005A983F | First Network Behavior | 64-bit | - |
...
|
||
buffer | 1 | 0x005AD130 | 0x005AD225 | First Network Behavior | 64-bit | - |
...
|
||
buffer | 1 | 0x005ADE70 | 0x005AE097 | First Network Behavior | 64-bit | - |
...
|
||
buffer | 1 | 0x005B14A0 | 0x005B159F | First Network Behavior | 64-bit | - |
...
|
||
buffer | 1 | 0x005B2660 | 0x005B26DF | First Network Behavior | 64-bit | - |
...
|
||
buffer | 1 | 0x005BB580 | 0x005BB947 | First Network Behavior | 64-bit | - |
...
|
||
buffer | 1 | 0x005BB950 | 0x005BC94F | First Network Behavior | 64-bit | - |
...
|
||
buffer | 1 | 0x005BC960 | 0x005BD95F | First Network Behavior | 64-bit | - |
...
|
||
buffer | 1 | 0x005C4300 | 0x005C477F | First Network Behavior | 64-bit | - |
...
|
||
unknown.exe | 1 | 0x7FF7AAE80000 | 0x7FF7AAF1DFFF | First Network Behavior | 64-bit | 0x7FF7AAE9CB09 |
...
|
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
XMRig_Miner | XMRig mining software | Miner, PUA |
5/5
|
...
|