popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

lolMiner.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 April 10, 2021, 9:20 a.m. April 10, 2021, 9:22 a.m.
Size 3.7MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 3c9dcc91e05dc05a01fff739e40474d7
SHA256 6dd7b3d944595429136366b908fd18d3cac315c6f1453dd4cb5bcafa9e9a95a6
CRC32 25C675B3
ssdeep 98304:o9qZFSd9o31ZlZP9ybmBCTauIejZc3j20L8ghQLj9INDwhPBlsR2Yv1sTFt:o8yS1LxQbmkVjZczjL8ghQxIBwhPBlso
Yara
  • win_registry - Affect system registries
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • PE_Header_Zero - PE File Signature Zero
  • UPX_Zero - UPX packed file
  • IsPE64 - (no description)
  • IsConsole - (no description)
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • HasRichSignature - Rich Signature Check

Name Response Post-Analysis Lookup
r3---sn-3u-bh26.gvt1.com
A 59.18.44.14
CNAME r3.sn-3u-bh26.gvt1.com
59.18.44.14
IP Address Status Action
142.250.66.67 Active Moloch
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch
59.18.44.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:2918620959&cup2hreq=20b23180095e8ee832d7a3e00a81651de5511b478ee0c64cc6d1faa93c33504d
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
request HEAD http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1618013728&mv=u&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes
request GET http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1618013728&mv=u&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes
request POST https://update.googleapis.com/service/update2?cup2key=10:2918620959&cup2hreq=20b23180095e8ee832d7a3e00a81651de5511b478ee0c64cc6d1faa93c33504d
request POST https://update.googleapis.com/service/update2?cup2key=10:2918620959&cup2hreq=20b23180095e8ee832d7a3e00a81651de5511b478ee0c64cc6d1faa93c33504d
section {u'size_of_data': u'0x003b0800', u'virtual_address': u'0x01a6e000', u'entropy': 7.9999360940513995, u'name': u'UPX1', u'virtual_size': u'0x003b1000'} entropy 7.99993609405 description A section with a high entropy has been found
entropy 0.999603122106 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
host 142.250.66.67
host 172.217.25.14
Elastic malicious (high confidence)
MicroWorld-eScan Application.Coinminer.HS
FireEye Application.Coinminer.HS
ALYac Application.Coinminer.HS
Cylance Unsafe
Sangfor CoinMiner.Win32.Agent.mt
K7GW Adware ( 00576ae61 )
K7AntiVirus Adware ( 00576ae61 )
Cyren W64/Trojan.QDFS-0745
Symantec Miner.Bitcoinminer
ESET-NOD32 a variant of Win64/CoinMiner.PM potentially unwanted
APEX Malicious
Avast FileRepMalware [PUP]
BitDefender Application.Coinminer.HS
Paloalto generic.ml
Rising HackTool.CoinMiner!8.F154 (CLOUD)
Ad-Aware Application.Coinminer.HS
Comodo ApplicUnwnt@#35as3iiatmqs8
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_FRS.VSNTBN21
McAfee-GW-Edition Artemis!PUP
Emsisoft Application.Miner (A)
SentinelOne Static AI - Suspicious PE
Jiangmin RiskTool.Generic.pmp
Avira PUA/CoinMiner.GU
MAX malware (ai score=99)
Microsoft PUA:Win32/CoinMiner
Gridinsoft Trojan.CoinMiner.dd!c
GData Application.Coinminer.HS
Cynet Malicious (score: 100)
AhnLab-V3 Win-Trojan/Miner3.Exp
McAfee Artemis!3C9DCC91E05D
Malwarebytes RiskWare.BitCoinMiner
TrendMicro-HouseCall TROJ_FRS.VSNTBN21
Ikarus PUA.CoinMiner
Fortinet Riskware/CoinMiner
Webroot W32.Coinminer
AVG FileRepMalware [PUP]
Cybereason malicious.1e05dc
Panda PUP/CoinMiner