Malicious
Classifications
PUA Backdoor Miner
Threat Names
XMRig App/Generic-FN
Dynamic Analysis Report
Created on 2024-06-06T21:06:17+00:00
unknown.exe
Windows Exe (x86-64)
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "23 minutes, 23 seconds" to "7 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\OqXZRaykm\Desktop\unknown.exe | Sample File | Binary |
Malicious
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 618.48 KB |
| MD5 |
9da5175fd8da8cc469d809a882ae990c
|
| SHA1 |
5d0a55089d9eaf226f23babf9b71a20fe88e6a4c
|
| SHA256 |
55457ac12d73f7be72229fb1604e73f140f7f2b90165db98fa41845bd9b14192
|
| SSDeep |
12288:cQ+ijM/hwnfJkdmWS2ynDtPxaNDo3koFkKFJBGKsNCGtWdopqCq3YpWs:hGtaDt5aK0qxtGKsNCGtWdq3/
|
| ImpHash |
2486a9bb18017055bb32dc57a87898d2
|
File Reputation Information
»
| Verdict |
Suspicious
|
| Names | App/Generic-FN |
| Classification | PUA |
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x1400297B8 |
| Size Of Code | 0x00065A00 |
| Size Of Initialized Data | 0x00034E00 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_CUI |
| Machine Type | IMAGE_FILE_MACHINE_AMD64 |
| Compile Timestamp | 2018-02-04 04:40 (UTC) |
Sections (6)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x000659D2 | 0x00065A00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.51 |
| .rdata | 0x140067000 | 0x000205C6 | 0x00020600 | 0x00065E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.66 |
| .data | 0x140088000 | 0x0000E9D0 | 0x0000C400 | 0x00086400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.21 |
| .pdata | 0x140097000 | 0x00004A70 | 0x00004C00 | 0x00092800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.77 |
| .rsrc | 0x14009C000 | 0x000001D5 | 0x00000200 | 0x00097400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.71 |
| .reloc | 0x14009D000 | 0x00000E98 | 0x00001000 | 0x00097600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.27 |
Imports (6)
»
WS2_32.dll (31)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| connect | 0x00000004 | 0x140067590 | 0x000866B8 | 0x000854B8 | - |
| htons | 0x00000009 | 0x140067598 | 0x000866C0 | 0x000854C0 | - |
| WSACleanup | 0x00000074 | 0x1400675A0 | 0x000866C8 | 0x000854C8 | - |
| __WSAFDIsSet | 0x00000097 | 0x1400675A8 | 0x000866D0 | 0x000854D0 | - |
| accept | 0x00000001 | 0x1400675B0 | 0x000866D8 | 0x000854D8 | - |
| send | 0x00000013 | 0x1400675B8 | 0x000866E0 | 0x000854E0 | - |
| ntohs | 0x0000000F | 0x1400675C0 | 0x000866E8 | 0x000854E8 | - |
| recv | 0x00000010 | 0x1400675C8 | 0x000866F0 | 0x000854F0 | - |
| WSAPoll | - | 0x1400675D0 | 0x000866F8 | 0x000854F8 | 0x00000045 |
| WSASetLastError | 0x00000070 | 0x1400675D8 | 0x00086700 | 0x00085500 | - |
| WSAStartup | 0x00000073 | 0x1400675E0 | 0x00086708 | 0x00085508 | - |
| select | 0x00000012 | 0x1400675E8 | 0x00086710 | 0x00085510 | - |
| WSARecvFrom | - | 0x1400675F0 | 0x00086718 | 0x00085518 | 0x0000004A |
| bind | 0x00000002 | 0x1400675F8 | 0x00086720 | 0x00085520 | - |
| WSAIoctl | - | 0x140067600 | 0x00086728 | 0x00085528 | 0x0000003A |
| WSASend | - | 0x140067608 | 0x00086730 | 0x00085530 | 0x0000004D |
| shutdown | 0x00000016 | 0x140067610 | 0x00086738 | 0x00085538 | - |
| listen | 0x0000000D | 0x140067618 | 0x00086740 | 0x00085540 | - |
| WSASocketW | - | 0x140067620 | 0x00086748 | 0x00085548 | 0x00000057 |
| getsockname | 0x00000006 | 0x140067628 | 0x00086750 | 0x00085550 | - |
| socket | 0x00000017 | 0x140067630 | 0x00086758 | 0x00085558 | - |
| WSARecv | - | 0x140067638 | 0x00086760 | 0x00085560 | 0x00000048 |
| ioctlsocket | 0x0000000A | 0x140067640 | 0x00086768 | 0x00085568 | - |
| FreeAddrInfoW | - | 0x140067648 | 0x00086770 | 0x00085570 | 0x00000002 |
| GetAddrInfoW | - | 0x140067650 | 0x00086778 | 0x00085578 | 0x00000007 |
| closesocket | 0x00000003 | 0x140067658 | 0x00086780 | 0x00085580 | - |
| getsockopt | 0x00000007 | 0x140067660 | 0x00086788 | 0x00085588 | - |
| setsockopt | 0x00000015 | 0x140067668 | 0x00086790 | 0x00085590 | - |
| htonl | 0x00000008 | 0x140067670 | 0x00086798 | 0x00085598 | - |
| WSAGetLastError | 0x0000006F | 0x140067678 | 0x000867A0 | 0x000855A0 | - |
| gethostname | 0x00000039 | 0x140067680 | 0x000867A8 | 0x000855A8 | - |
IPHLPAPI.DLL (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetAdaptersAddresses | - | 0x140067058 | 0x00086180 | 0x00084F80 | 0x0000003F |
KERNEL32.dll (156)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FindClose | - | 0x140067068 | 0x00086190 | 0x00084F90 | 0x00000179 |
| GetTimeZoneInformation | - | 0x140067070 | 0x00086198 | 0x00084F98 | 0x00000311 |
| FindFirstFileExA | - | 0x140067078 | 0x000861A0 | 0x00084FA0 | 0x0000017E |
| HeapSize | - | 0x140067080 | 0x000861A8 | 0x00084FA8 | 0x00000353 |
| FindNextFileA | - | 0x140067088 | 0x000861B0 | 0x00084FB0 | 0x0000018E |
| HeapFree | - | 0x140067090 | 0x000861B8 | 0x00084FB8 | 0x0000034E |
| HeapReAlloc | - | 0x140067098 | 0x000861C0 | 0x00084FC0 | 0x00000351 |
| SetLastError | - | 0x1400670A0 | 0x000861C8 | 0x00084FC8 | 0x00000537 |
| InitializeCriticalSectionEx | - | 0x1400670A8 | 0x000861D0 | 0x00084FD0 | 0x00000364 |
| GetLastError | - | 0x1400670B0 | 0x000861D8 | 0x00084FD8 | 0x00000263 |
| RaiseException | - | 0x1400670B8 | 0x000861E0 | 0x00084FE0 | 0x0000045F |
| DecodePointer | - | 0x1400670C0 | 0x000861E8 | 0x00084FE8 | 0x00000108 |
| DeleteCriticalSection | - | 0x1400670C8 | 0x000861F0 | 0x00084FF0 | 0x0000010F |
| WideCharToMultiByte | - | 0x1400670D0 | 0x000861F8 | 0x00084FF8 | 0x00000605 |
| GetStdHandle | - | 0x1400670D8 | 0x00086200 | 0x00085000 | 0x000002D5 |
| SetConsoleMode | - | 0x1400670E0 | 0x00086208 | 0x00085008 | 0x000004FF |
| GetConsoleMode | - | 0x1400670E8 | 0x00086210 | 0x00085010 | 0x00000200 |
| CloseHandle | - | 0x1400670F0 | 0x00086218 | 0x00085018 | 0x00000086 |
| FreeConsole | - | 0x1400670F8 | 0x00086220 | 0x00085020 | 0x000001AC |
| GetConsoleWindow | - | 0x140067100 | 0x00086228 | 0x00085028 | 0x0000020B |
| SetThreadAffinityMask | - | 0x140067108 | 0x00086230 | 0x00085030 | 0x00000558 |
| GetCurrentProcess | - | 0x140067110 | 0x00086238 | 0x00085038 | 0x0000021B |
| SetProcessAffinityMask | - | 0x140067118 | 0x00086240 | 0x00085040 | 0x00000542 |
| GetCurrentThread | - | 0x140067120 | 0x00086248 | 0x00085048 | 0x0000021F |
| VirtualFree | - | 0x140067128 | 0x00086250 | 0x00085050 | 0x000005D0 |
| VirtualAlloc | - | 0x140067130 | 0x00086258 | 0x00085058 | 0x000005CD |
| LocalAlloc | - | 0x140067138 | 0x00086260 | 0x00085060 | 0x000003C8 |
| LocalFree | - | 0x140067140 | 0x00086268 | 0x00085068 | 0x000003CC |
| SetPriorityClass | - | 0x140067148 | 0x00086270 | 0x00085070 | 0x00000541 |
| SetThreadPriority | - | 0x140067150 | 0x00086278 | 0x00085078 | 0x00000563 |
| GetProcAddress | - | 0x140067158 | 0x00086280 | 0x00085080 | 0x000002B1 |
| GetModuleHandleW | - | 0x140067160 | 0x00086288 | 0x00085088 | 0x0000027A |
| TlsSetValue | - | 0x140067168 | 0x00086290 | 0x00085090 | 0x000005A7 |
| EnterCriticalSection | - | 0x140067170 | 0x00086298 | 0x00085098 | 0x00000133 |
| ReleaseSemaphore | - | 0x140067178 | 0x000862A0 | 0x000850A0 | 0x000004B1 |
| WaitForMultipleObjects | - | 0x140067180 | 0x000862A8 | 0x000850A8 | 0x000005DC |
| LeaveCriticalSection | - | 0x140067188 | 0x000862B0 | 0x000850B0 | 0x000003BB |
| InitializeCriticalSection | - | 0x140067190 | 0x000862B8 | 0x000850B8 | 0x00000362 |
| WaitForSingleObject | - | 0x140067198 | 0x000862C0 | 0x000850C0 | 0x000005DE |
| ResumeThread | - | 0x1400671A0 | 0x000862C8 | 0x000850C8 | 0x000004C9 |
| SetEvent | - | 0x1400671A8 | 0x000862D0 | 0x000850D0 | 0x0000051C |
| TlsAlloc | - | 0x1400671B0 | 0x000862D8 | 0x000850D8 | 0x000005A4 |
| ResetEvent | - | 0x1400671B8 | 0x000862E0 | 0x000850E0 | 0x000004C3 |
| CreateSemaphoreW | - | 0x1400671C0 | 0x000862E8 | 0x000850E8 | 0x000000EA |
| TlsGetValue | - | 0x1400671C8 | 0x000862F0 | 0x000850F0 | 0x000005A6 |
| TlsFree | - | 0x1400671D0 | 0x000862F8 | 0x000850F8 | 0x000005A5 |
| CreateSemaphoreA | - | 0x1400671D8 | 0x00086300 | 0x00085100 | 0x000000E7 |
| CreateEventA | - | 0x1400671E0 | 0x00086308 | 0x00085108 | 0x000000BB |
| VerifyVersionInfoA | - | 0x1400671E8 | 0x00086310 | 0x00085110 | 0x000005CB |
| GetModuleFileNameW | - | 0x1400671F0 | 0x00086318 | 0x00085118 | 0x00000276 |
| MultiByteToWideChar | - | 0x1400671F8 | 0x00086320 | 0x00085120 | 0x000003EB |
| QueryPerformanceFrequency | - | 0x140067200 | 0x00086328 | 0x00085128 | 0x0000044A |
| GetSystemInfo | - | 0x140067208 | 0x00086330 | 0x00085130 | 0x000002E6 |
| VerSetConditionMask | - | 0x140067210 | 0x00086338 | 0x00085138 | 0x000005C8 |
| IsValidCodePage | - | 0x140067218 | 0x00086340 | 0x00085140 | 0x00000389 |
| QueryPerformanceCounter | - | 0x140067220 | 0x00086348 | 0x00085148 | 0x00000449 |
| SetConsoleCtrlHandler | - | 0x140067228 | 0x00086350 | 0x00085150 | 0x000004EF |
| PostQueuedCompletionStatus | - | 0x140067230 | 0x00086358 | 0x00085158 | 0x0000041F |
| Sleep | - | 0x140067238 | 0x00086360 | 0x00085160 | 0x00000583 |
| SetErrorMode | - | 0x140067240 | 0x00086368 | 0x00085168 | 0x0000051B |
| GetQueuedCompletionStatus | - | 0x140067248 | 0x00086370 | 0x00085170 | 0x000002CD |
| CreateIoCompletionPort | - | 0x140067250 | 0x00086378 | 0x00085178 | 0x000000CF |
| GetConsoleScreenBufferInfo | - | 0x140067258 | 0x00086380 | 0x00085180 | 0x00000206 |
| SetConsoleTextAttribute | - | 0x140067260 | 0x00086388 | 0x00085188 | 0x00000508 |
| RegisterWaitForSingleObject | - | 0x140067268 | 0x00086390 | 0x00085190 | 0x000004A6 |
| UnregisterWait | - | 0x140067270 | 0x00086398 | 0x00085198 | 0x000005BD |
| GetConsoleCursorInfo | - | 0x140067278 | 0x000863A0 | 0x000851A0 | 0x000001F4 |
| CreateFileW | - | 0x140067280 | 0x000863A8 | 0x000851A8 | 0x000000CA |
| DuplicateHandle | - | 0x140067288 | 0x000863B0 | 0x000851B0 | 0x0000012D |
| QueueUserWorkItem | - | 0x140067290 | 0x000863B8 | 0x000851B8 | 0x00000454 |
| SetConsoleCursorInfo | - | 0x140067298 | 0x000863C0 | 0x000851C0 | 0x000004F1 |
| FillConsoleOutputCharacterW | - | 0x1400672A0 | 0x000863C8 | 0x000851C8 | 0x00000171 |
| ReadConsoleInputW | - | 0x1400672A8 | 0x000863D0 | 0x000851D0 | 0x00000467 |
| CreateFileA | - | 0x1400672B0 | 0x000863D8 | 0x000851D8 | 0x000000C2 |
| ReadConsoleW | - | 0x1400672B8 | 0x000863E0 | 0x000851E0 | 0x0000046D |
| WriteConsoleInputW | - | 0x1400672C0 | 0x000863E8 | 0x000851E8 | 0x00000612 |
| FillConsoleOutputAttribute | - | 0x1400672C8 | 0x000863F0 | 0x000851F0 | 0x0000016F |
| WriteConsoleW | - | 0x1400672D0 | 0x000863F8 | 0x000851F8 | 0x00000618 |
| GetNumberOfConsoleInputEvents | - | 0x1400672D8 | 0x00086400 | 0x00085200 | 0x00000298 |
| SetConsoleCursorPosition | - | 0x1400672E0 | 0x00086408 | 0x00085208 | 0x000004F3 |
| GetFileType | - | 0x1400672E8 | 0x00086410 | 0x00085210 | 0x00000251 |
| CreateDirectoryW | - | 0x1400672F0 | 0x00086418 | 0x00085218 | 0x000000B9 |
| ReadFile | - | 0x1400672F8 | 0x00086420 | 0x00085220 | 0x00000470 |
| WriteFile | - | 0x140067300 | 0x00086428 | 0x00085228 | 0x00000619 |
| DeviceIoControl | - | 0x140067308 | 0x00086430 | 0x00085230 | 0x0000011F |
| RemoveDirectoryW | - | 0x140067310 | 0x00086438 | 0x00085238 | 0x000004B6 |
| SetFileTime | - | 0x140067318 | 0x00086440 | 0x00085240 | 0x0000052C |
| CreateHardLinkW | - | 0x140067320 | 0x00086448 | 0x00085248 | 0x000000CE |
| GetFileAttributesW | - | 0x140067328 | 0x00086450 | 0x00085250 | 0x00000248 |
| GetFileInformationByHandle | - | 0x140067330 | 0x00086458 | 0x00085258 | 0x0000024A |
| SetFilePointerEx | - | 0x140067338 | 0x00086460 | 0x00085260 | 0x00000529 |
| MoveFileExW | - | 0x140067340 | 0x00086468 | 0x00085268 | 0x000003E4 |
| CopyFileW | - | 0x140067348 | 0x00086470 | 0x00085270 | 0x000000AC |
| FlushFileBuffers | - | 0x140067350 | 0x00086478 | 0x00085278 | 0x000001A3 |
| CancelIo | - | 0x140067358 | 0x00086480 | 0x00085280 | 0x00000071 |
| SetHandleInformation | - | 0x140067360 | 0x00086488 | 0x00085288 | 0x00000533 |
| GetModuleHandleA | - | 0x140067368 | 0x00086490 | 0x00085290 | 0x00000277 |
| LoadLibraryA | - | 0x140067370 | 0x00086498 | 0x00085298 | 0x000003BF |
| DebugBreak | - | 0x140067378 | 0x000864A0 | 0x000852A0 | 0x00000105 |
| SetNamedPipeHandleState | - | 0x140067380 | 0x000864A8 | 0x000852A8 | 0x00000540 |
| CreateNamedPipeW | - | 0x140067388 | 0x000864B0 | 0x000852B0 | 0x000000DB |
| PeekNamedPipe | - | 0x140067390 | 0x000864B8 | 0x000852B8 | 0x0000041E |
| GetNamedPipeHandleStateA | - | 0x140067398 | 0x000864C0 | 0x000852C0 | 0x00000282 |
| SwitchToThread | - | 0x1400673A0 | 0x000864C8 | 0x000852C8 | 0x0000058D |
| ConnectNamedPipe | - | 0x1400673A8 | 0x000864D0 | 0x000852D0 | 0x0000009B |
| GetLongPathNameW | - | 0x1400673B0 | 0x000864D8 | 0x000852D8 | 0x00000270 |
| ReadDirectoryChangesW | - | 0x1400673B8 | 0x000864E0 | 0x000852E0 | 0x0000046F |
| TerminateProcess | - | 0x1400673C0 | 0x000864E8 | 0x000852E8 | 0x00000592 |
| UnregisterWaitEx | - | 0x1400673C8 | 0x000864F0 | 0x000852F0 | 0x000005BE |
| LCMapStringW | - | 0x1400673D0 | 0x000864F8 | 0x000852F8 | 0x000003AF |
| GetExitCodeProcess | - | 0x1400673D8 | 0x00086500 | 0x00085300 | 0x0000023F |
| GetStartupInfoW | - | 0x1400673E0 | 0x00086508 | 0x00085308 | 0x000002D3 |
| InitializeCriticalSectionAndSpinCount | - | 0x1400673E8 | 0x00086510 | 0x00085310 | 0x00000363 |
| GetCurrentThreadId | - | 0x1400673F0 | 0x00086518 | 0x00085318 | 0x00000220 |
| GetTickCount64 | - | 0x1400673F8 | 0x00086520 | 0x00085320 | 0x0000030B |
| HeapAlloc | - | 0x140067400 | 0x00086528 | 0x00085328 | 0x0000034A |
| GetACP | - | 0x140067408 | 0x00086530 | 0x00085330 | 0x000001B6 |
| GetModuleFileNameA | - | 0x140067410 | 0x00086538 | 0x00085338 | 0x00000275 |
| ExitProcess | - | 0x140067418 | 0x00086540 | 0x00085340 | 0x00000162 |
| SetFileAttributesW | - | 0x140067420 | 0x00086548 | 0x00085348 | 0x00000523 |
| GetFileAttributesExW | - | 0x140067428 | 0x00086550 | 0x00085350 | 0x00000245 |
| GetConsoleCP | - | 0x140067430 | 0x00086558 | 0x00085358 | 0x000001EE |
| SetStdHandle | - | 0x140067438 | 0x00086560 | 0x00085360 | 0x0000054F |
| GetOEMCP | - | 0x140067440 | 0x00086568 | 0x00085368 | 0x0000029A |
| GetEnvironmentStringsW | - | 0x140067448 | 0x00086570 | 0x00085370 | 0x0000023A |
| FreeEnvironmentStringsW | - | 0x140067450 | 0x00086578 | 0x00085378 | 0x000001AE |
| SetEnvironmentVariableA | - | 0x140067458 | 0x00086580 | 0x00085380 | 0x00000519 |
| GetProcessHeap | - | 0x140067460 | 0x00086588 | 0x00085388 | 0x000002B7 |
| GetThreadTimes | - | 0x140067468 | 0x00086590 | 0x00085390 | 0x00000308 |
| GetCurrentProcessId | - | 0x140067470 | 0x00086598 | 0x00085398 | 0x0000021C |
| FormatMessageA | - | 0x140067478 | 0x000865A0 | 0x000853A0 | 0x000001AA |
| GetModuleHandleExW | - | 0x140067480 | 0x000865A8 | 0x000853A8 | 0x00000279 |
| FreeLibraryAndExitThread | - | 0x140067488 | 0x000865B0 | 0x000853B0 | 0x000001B0 |
| ExitThread | - | 0x140067490 | 0x000865B8 | 0x000853B8 | 0x00000163 |
| CreateThread | - | 0x140067498 | 0x000865C0 | 0x000853C0 | 0x000000F0 |
| GetCommandLineW | - | 0x1400674A0 | 0x000865C8 | 0x000853C8 | 0x000001DB |
| GetCommandLineA | - | 0x1400674A8 | 0x000865D0 | 0x000853D0 | 0x000001DA |
| RtlPcToFileHeader | - | 0x1400674B0 | 0x000865D8 | 0x000853D8 | 0x000004D4 |
| LoadLibraryExW | - | 0x1400674B8 | 0x000865E0 | 0x000853E0 | 0x000003C1 |
| FreeLibrary | - | 0x1400674C0 | 0x000865E8 | 0x000853E8 | 0x000001AF |
| RtlUnwindEx | - | 0x1400674C8 | 0x000865F0 | 0x000853F0 | 0x000004D8 |
| OutputDebugStringW | - | 0x1400674D0 | 0x000865F8 | 0x000853F8 | 0x00000415 |
| CreateEventW | - | 0x1400674D8 | 0x00086600 | 0x00085400 | 0x000000BE |
| RtlCaptureContext | - | 0x1400674E0 | 0x00086608 | 0x00085408 | 0x000004CB |
| RtlLookupFunctionEntry | - | 0x1400674E8 | 0x00086610 | 0x00085410 | 0x000004D2 |
| RtlVirtualUnwind | - | 0x1400674F0 | 0x00086618 | 0x00085418 | 0x000004D9 |
| UnhandledExceptionFilter | - | 0x1400674F8 | 0x00086620 | 0x00085420 | 0x000005B4 |
| SetUnhandledExceptionFilter | - | 0x140067500 | 0x00086628 | 0x00085428 | 0x00000573 |
| IsProcessorFeaturePresent | - | 0x140067508 | 0x00086630 | 0x00085430 | 0x00000384 |
| IsDebuggerPresent | - | 0x140067510 | 0x00086638 | 0x00085438 | 0x0000037D |
| GetSystemTimeAsFileTime | - | 0x140067518 | 0x00086640 | 0x00085440 | 0x000002EC |
| InitializeSListHead | - | 0x140067520 | 0x00086648 | 0x00085448 | 0x00000367 |
| EncodePointer | - | 0x140067528 | 0x00086650 | 0x00085450 | 0x0000012F |
| CompareStringW | - | 0x140067530 | 0x00086658 | 0x00085458 | 0x0000009A |
| GetStringTypeW | - | 0x140067538 | 0x00086660 | 0x00085460 | 0x000002DA |
| GetCPInfo | - | 0x140067540 | 0x00086668 | 0x00085468 | 0x000001C5 |
USER32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ShowWindow | - | 0x140067550 | 0x00086678 | 0x00085478 | 0x00000380 |
| TranslateMessage | - | 0x140067558 | 0x00086680 | 0x00085480 | 0x000003A0 |
| DispatchMessageA | - | 0x140067560 | 0x00086688 | 0x00085488 | 0x000000BC |
| MapVirtualKeyW | - | 0x140067568 | 0x00086690 | 0x00085490 | 0x0000027C |
| GetMessageA | - | 0x140067570 | 0x00086698 | 0x00085498 | 0x00000181 |
ADVAPI32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptAcquireContextA | - | 0x140067000 | 0x00086128 | 0x00084F28 | 0x000000C1 |
| CryptGenRandom | - | 0x140067008 | 0x00086130 | 0x00084F30 | 0x000000D2 |
| CryptReleaseContext | - | 0x140067010 | 0x00086138 | 0x00084F38 | 0x000000DC |
| LookupPrivilegeValueW | - | 0x140067018 | 0x00086140 | 0x00084F40 | 0x000001AF |
| AdjustTokenPrivileges | - | 0x140067020 | 0x00086148 | 0x00084F48 | 0x0000001F |
| OpenProcessToken | - | 0x140067028 | 0x00086150 | 0x00084F50 | 0x00000215 |
| LsaOpenPolicy | - | 0x140067030 | 0x00086158 | 0x00084F58 | 0x000001D7 |
| LsaAddAccountRights | - | 0x140067038 | 0x00086160 | 0x00084F60 | 0x000001B2 |
| LsaClose | - | 0x140067040 | 0x00086168 | 0x00084F68 | 0x000001B5 |
| GetTokenInformation | - | 0x140067048 | 0x00086170 | 0x00084F70 | 0x00000170 |
WINHTTP.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WinHttpAddRequestHeaders | - | 0x140067580 | 0x000866A8 | 0x000854A8 | 0x00000004 |
Digital Signature Information
»
| Verification Status | Valid |
Certificate: Xi' an JingTech electronic Technology Co.,LTD
»
| Issued by | Xi' an JingTech electronic Technology Co.,LTD |
| Parent Certificate | Symantec Class 3 SHA256 Code Signing CA |
| Country Name | CN |
| Valid From | 2016-11-23 00:00 (UTC) |
| Valid Until | 2017-11-23 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 65 F9 B9 66 60 AD 34 C1 C1 FE F2 97 26 6A 1B 36 |
| Thumbprint | 3D 28 93 34 2A D1 B7 42 9D 66 0C 27 42 49 02 F8 5C CA CC 89 |
| Revoked Since | 2017-02-06 00:00 (UTC) |
| Revocation Reason | Certificate's private key has been compromised |
Certificate: Symantec Class 3 SHA256 Code Signing CA
»
| Issued by | Symantec Class 3 SHA256 Code Signing CA |
| Parent Certificate | VeriSign Class 3 Public Primary Certification Authority - G5 |
| Country Name | US |
| Valid From | 2013-12-10 00:00 (UTC) |
| Valid Until | 2023-12-09 23:59 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A |
| Thumbprint | 00 77 90 F6 56 1D AD 89 B0 BC D8 55 85 76 24 95 E3 58 F8 A5 |
Certificate: VeriSign Class 3 Public Primary Certification Authority - G5
»
| Issued by | VeriSign Class 3 Public Primary Certification Authority - G5 |
| Country Name | US |
| Valid From | 2006-11-08 00:00 (UTC) |
| Valid Until | 2021-11-07 23:59 (UTC) |
| Algorithm | sha1_rsa |
| Serial Number | 1B 09 3B 78 60 96 DA 37 BB A4 51 94 46 C8 96 78 |
| Thumbprint | 45 3A B3 27 6F 4C 16 71 7C 64 D2 D9 0C 05 4C E2 88 77 03 51 |
Memory Dumps (12)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| unknown.exe | 1 | 0x7FF7AAE80000 | 0x7FF7AAF1DFFF | Relevant Image |
|
64-bit | 0x7FF7AAE81190 |
|
...
|
| buffer | 1 | 0x0014C000 | 0x0014FFFF | First Network Behavior |
|
64-bit | - |
|
...
|
| buffer | 1 | 0x005A9710 | 0x005A983F | First Network Behavior |
|
64-bit | - |
|
...
|
| buffer | 1 | 0x005AD130 | 0x005AD225 | First Network Behavior |
|
64-bit | - |
|
...
|
| buffer | 1 | 0x005ADE70 | 0x005AE097 | First Network Behavior |
|
64-bit | - |
|
...
|
| buffer | 1 | 0x005B14A0 | 0x005B159F | First Network Behavior |
|
64-bit | - |
|
...
|
| buffer | 1 | 0x005B2660 | 0x005B26DF | First Network Behavior |
|
64-bit | - |
|
...
|
| buffer | 1 | 0x005BB580 | 0x005BB947 | First Network Behavior |
|
64-bit | - |
|
...
|
| buffer | 1 | 0x005BB950 | 0x005BC94F | First Network Behavior |
|
64-bit | - |
|
...
|
| buffer | 1 | 0x005BC960 | 0x005BD95F | First Network Behavior |
|
64-bit | - |
|
...
|
| buffer | 1 | 0x005C4300 | 0x005C477F | First Network Behavior |
|
64-bit | - |
|
...
|
| unknown.exe | 1 | 0x7FF7AAE80000 | 0x7FF7AAF1DFFF | First Network Behavior |
|
64-bit | 0x7FF7AAE9CB09 |
|
...
|
YARA Matches (1)
»
| Rule Name | Rule Description | Classification | Score | Actions |
|---|---|---|---|---|
| XMRig_Miner | XMRig mining software | Miner, PUA |
5/5
|
...
|
