Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	April 12, 2021, 10:40 a.m.	April 12, 2021, 10:51 a.m.

Size	2.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`829c8b46d2fcfbcb7f5c2e3545a4c4a3`
SHA256	`fb6ee6d377aac0a4cd0b6d235270b2918936509fe6f738c3bcf0c0153906f0aa`
CRC32	`7933A1EE`
ssdeep	`49152:0bHAMSM7p8Zn+KZyTd9NI8iVfLxtLhNES6UjTSxTuTbfr3FWuZnrkmfKiJfkgWd:iSpoKAOV9S6KxTybfr3dn9SqZWd`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara	escalate_priv - Escalade priviledges screenshot - Take screenshot win_registry - Affect system registries win_token - Affect system token win_files_operation - Affect private profile PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasOverlay - Overlay Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check

64a1.com "C:\Users\test22\AppData\Local\Temp\64a1.com"
2616
- explorer.exe "C:\Windows (x86)\explorer.exe"
  4888

Name	Response	Post-Analysis Lookup
pool.hashvault.pro	A 131.153.159.26 A 131.153.76.130	131.153.159.26

IP Address	Status	Action
131.153.76.130	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA April 12, 2021, 10:33 a.m.	computer_name: TEST22-PC	1	1	0

This executable has a PDB path (1 event)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 12, 2021, 10:33 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

PNG

Allocates read-write-execute memory (usually to unpack itself) (5 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 12, 2021, 10:40 a.m.	process_identifier: 2616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:33 a.m.	process_identifier: 4888 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:33 a.m.	process_identifier: 4888 region_size: 262144 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002570000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:33 a.m.	process_identifier: 4888 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000029d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory April 12, 2021, 10:33 a.m.	process_identifier: 4888 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000029b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Windows (x86)\explorer.exe

Drops a binary and executes it (1 event)

file	C:\Windows (x86)\explorer.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (33 events)

Time & API	Arguments	Status	Return
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000022c process_name: taskhost.exe process_identifier: 5732	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000022c process_name: conhost.exe process_identifier: 6168	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000022c process_name: slui.exe process_identifier: 652	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000022c process_name: explorer.exe process_identifier: 4888	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000022c process_name: conhost.exe process_identifier: 8752	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000022c process_name: taskhost.exe process_identifier: 1160	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000280 process_name: cmd.exe process_identifier: 6472	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000280 process_name: conhost.exe process_identifier: 6152	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000280 process_name: pw.exe process_identifier: 7772	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x00000000000002b0 process_name: cmd.exe process_identifier: 2268	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x00000000000002b0 process_name: conhost.exe process_identifier: 4220	1	1
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x00000000000002b0 process_name: pw.exe process_identifier: 3812	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002e8 process_name: cmd.exe process_identifier: 5260	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002e8 process_name: conhost.exe process_identifier: 1608	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002e8 process_name: pw.exe process_identifier: 4404	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000314 process_name: cmd.exe process_identifier: 8408	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000314 process_name: conhost.exe process_identifier: 1756	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000314 process_name: pw.exe process_identifier: 6444	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000160 process_name: cmd.exe process_identifier: 6912	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000160 process_name: conhost.exe process_identifier: 1036	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000160 process_name: pw.exe process_identifier: 2600	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000360 process_name: cmd.exe process_identifier: 4376	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000360 process_name: conhost.exe process_identifier: 5860	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000360 process_name: pw.exe process_identifier: 2648	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000388 process_name: cmd.exe process_identifier: 3100	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000388 process_name: conhost.exe process_identifier: 5572	1	1
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000388 process_name: pw.exe process_identifier: 3080	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x00000000000003bc process_name: cmd.exe process_identifier: 6456	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x00000000000003bc process_name: conhost.exe process_identifier: 7884	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x00000000000003bc process_name: pw.exe process_identifier: 4900	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x00000000000003e8 process_name: cmd.exe process_identifier: 2224	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x00000000000003e8 process_name: conhost.exe process_identifier: 4744	1	1
Process32NextW April 12, 2021, 10:35 a.m.	snapshot_handle: 0x00000000000003e8 process_name: pw.exe process_identifier: 6460	1	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses April 12, 2021, 10:33 a.m.	flags: 14 family: 0		111	0

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 115 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000023c process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000240 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000244 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000248 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000024c process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000250 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000254 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000258 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000025c process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000260 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000264 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000230 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000027c process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000280 process_name: pw.exe process_identifier: 7772		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000284 process_name: pw.exe process_identifier: 7772		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000288 process_name: pw.exe process_identifier: 7772		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000028c process_name: pw.exe process_identifier: 7772		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000290 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000294 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x0000000000000298 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x00000000000002a0 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x000000000000029c process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x00000000000002a4 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x00000000000002a8 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x00000000000002b0 process_name: pw.exe process_identifier: 3812		0	0
Process32NextW April 12, 2021, 10:33 a.m.	snapshot_handle: 0x00000000000002ac process_name: pw.exe process_identifier: 3812		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002b4 process_name: pw.exe process_identifier: 3812		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002b8 process_name: pw.exe process_identifier: 3812		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002c4 process_name: pw.exe process_identifier: 3812		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002cc process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002d0 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002d4 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002c8 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002d8 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002dc process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002e4 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002e8 process_name: pw.exe process_identifier: 4404		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002e0 process_name: pw.exe process_identifier: 4404		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002ec process_name: pw.exe process_identifier: 4404		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002f0 process_name: pw.exe process_identifier: 4404		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002f8 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002f4 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x00000000000002fc process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000300 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000304 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000308 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000310 process_name: taskhost.exe process_identifier: 1160		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000314 process_name: pw.exe process_identifier: 6444		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x000000000000030c process_name: pw.exe process_identifier: 6444		0	0
Process32NextW April 12, 2021, 10:34 a.m.	snapshot_handle: 0x0000000000000318 process_name: pw.exe process_identifier: 6444		0	0

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Manager

reg_value

C:\Windows (x86)\explorer.exe

Created a service where a service was also not started (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateServiceW April 12, 2021, 10:33 a.m.	service_start_name: start_type: 3 password: display_name: WinRing0_1_2_0 filepath: C:\Windows (x86)\WinRing0x64.sys service_name: WinRing0_1_2_0 filepath_r: C:\Windows (x86)\WinRing0x64.sys desired_access: 983551 service_handle: 0x00000000003e3750 error_control: 1 service_type: 1 service_manager_handle: 0x00000000003e35a0	1	4077392	0

Network communications indicative of possible code injection originated from the process explorer.exe (2 events)

Time & API	Arguments	Status	Return	Repeated
WSASend April 12, 2021, 10:33 a.m.	buffer: uJ?JhÔÇöÑÑ¬ )_µÒ¦üä7ê@øùÝøÿ Å»k/ ¨jNüÞmañ8¡¨ÜäFTÿö{¥R>À,À0Ì©Ì¨ÌªÀ+À/À$À(kÀ#À'gÀ À9À À3=<5/ÿ # 0. + -3&$ %(Â¿ÂRb7v-;¨\|îÅÙiúN;ö¦²u®ø) socket: 540		0	0
WSASend April 12, 2021, 10:33 a.m.	buffer: E¹®Òç¥ýÞ<y¥¨ÞeZÅ.vÏØ#ÄÛ¯oÊFpjAÜñuñ]É8ÔÀµA¦ßãtþ#hÉFçÛae.@zË6ñ-ù¼ÖÞN©¶Î%o=!&&ÅåøkQ5©?çùt9 äO»W 6_«VmÆ®FK )Üh¢ÉyeÖ«è¡k s5ËÙVyä7ªÎcOò«ö@b&.34QZ½tî6h¡ÔÏù½Ý<¢v0ÂÑNÿy§ ý?JCûÀ[ðncüA;lõ0EKÜµm¨ó\½Ñ}åÁ³f©u3BD:êøäþx"¥½ (¬»×¨H`!Ja$´ÁÒ»hÌ'>uTûiúìãI8W:si÷äãÏ½¢O&ã1-RENaJæ¾Òð/Ó(Mí~??ÝYP8ÀÌÍ£ïù1¢Ç#ànLÉmeÈ²ùjrådâ¼Xzâ,ÈÉè/Öz1ÀºX©6nú²VäeÄ¥Íµ±ì8Å¿³©q6h «¤HuT3¢«Ù±ë3,Ô_oCî´·É\|aÓ;QJIsÛ-m~#9$_ÂáÝ6çGvM3 éÔªfÖ&Ì»R¶ÿhºpÎì¹çFéð©JÕ³1)<õl4÷xöS¿,¬L?ùd¶ýÆ(Ð*´DxF¥hÚÿ]Fò(G°Ë"<®5jw¸!ªÙÚ»Ñ)f³\|! socket: 540		0	0

Created a process named as a common system process (2 events)

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW April 12, 2021, 10:40 a.m.	thread_identifier: 6676 thread_handle: 0x0000030c process_identifier: 4888 current_directory: C:\Windows (x86) filepath: C:\Windows (x86)\explorer.exe track: 1 command_line: "C:\Windows (x86)\explorer.exe" filepath_r: C:\Windows (x86)\explorer.exe stack_pivoted: 0 creation_flags: 67634196 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000308	1	1	0
ShellExecuteExW April 12, 2021, 10:40 a.m.	show_type: 1 filepath_r: C:\Windows (x86)\explorer.exe parameters: filepath: C:\Windows (x86)\explorer.exe	1	1	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation April 12, 2021, 10:33 a.m.	information_class: 76 (SystemFirmwareTableInformation)		-1073741789	0

File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 events)

Bkav	W32.AIDetect.malware2
MicroWorld-eScan	Trojan.GenericKD.36678708
FireEye	Generic.mg.829c8b46d2fcfbcb
ALYac	Trojan.GenericKD.36678708
Malwarebytes	Malware.AI.3021647873
Alibaba	Trojan:Win64/Miners.d06317f6
K7GW	Adware ( 0055631f1 )
K7AntiVirus	Adware ( 0055631f1 )
Arcabit	Trojan.Generic.D22FAC34
Cyren	W64/Trojan.WMRZ-7299
ESET-NOD32	a variant of Win64/CoinMiner.PO potentially unwanted
APEX	Malicious
Avast	Win64:CoinminerX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Miner.gen
BitDefender	Trojan.GenericKD.36678708
Paloalto	generic.ml
AegisLab	Trojan.Win32.Miner.4!c
Ad-Aware	Trojan.GenericKD.36678708
Sophos	Mal/Generic-S (PUA)
F-Secure	Heuristic.HEUR/AGEN.1136970
TrendMicro	Coinminer.Win64.MALXMR.SMA
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Emsisoft	Trojan.GenericKD.36678708 (B)
Avira	HEUR/AGEN.1136970
Gridinsoft	Trojan.Win32.CoinMiner.oa
Microsoft	PUA:Win32/CoinMiner
ZoneAlarm	HEUR:Trojan.Win32.Miner.gen
GData	Win32.Application.CoinMiner.Y
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Miner.C4411496
McAfee	Artemis!829C8B46D2FC
MAX	malware (ai score=86)
VBA32	Trojan.Miner
Cylance	Unsafe
TrendMicro-HouseCall	Coinminer.Win64.MALXMR.SMA
Rising	HackTool.CoinMiner!1.CB20 (CLOUD)
Ikarus	PUA.CoinMiner
Fortinet	W64/CoinMiner.PO!tr
AVG	Win64:CoinminerX-gen [Trj]
Qihoo-360	Win32/Miner.Coinminer.HwYDZM8A

64a1.com

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All