Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	April 12, 2021, 11:14 a.m.	April 12, 2021, 11:16 a.m.

Size	11.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f0411337b3218b145f6b4ea19d67c5e2`
SHA256	`ee513e70f3f7515aba9de29eb73306c04994b5129c3eb2a731a1657263febf35`
CRC32	`95635BE7`
ssdeep	`196608:moG5eJpPCubLp8LWiHeYX7oOOEAq4eU/pWJ7lhUQ1y0F4f/hQNn1eWA1iF+gWwUS:moMupPnLKLWUemoZq4eLJLy0e+B1E1eX`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara	escalate_priv - Escalade priviledges screenshot - Take screenshot win_registry - Affect system registries win_token - Affect system token win_files_operation - Affect private profile PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasOverlay - Overlay Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check

x64.com "C:\Users\test22\AppData\Local\Temp\x64.com"
5776
- explorer.exe "C:\Windows (x86)\explorer.exe"
  8324

Name	Response	Post-Analysis Lookup
pool.hashvault.pro	A 131.153.159.26 A 131.153.76.130	131.153.159.26

IP Address	Status	Action
131.153.76.130	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA April 12, 2021, 11:07 a.m.	computer_name: TEST22-PC	1	1	0

This executable has a PDB path (1 event)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 12, 2021, 11:07 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

PNG

Allocates read-write-execute memory (usually to unpack itself) (5 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 12, 2021, 11:14 a.m.	process_identifier: 5776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 12, 2021, 11:07 a.m.	process_identifier: 8324 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory April 12, 2021, 11:07 a.m.	process_identifier: 8324 region_size: 262144 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001e10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory April 12, 2021, 11:07 a.m.	process_identifier: 8324 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002090000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory April 12, 2021, 11:07 a.m.	process_identifier: 8324 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000020c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (4 events)

file	C:\Windows (x86)\explorer.exe
file	C:\Windows (x86)\xmrig-cuda.dll
file	C:\Windows (x86)\nvrtc64_92.dll
file	C:\Windows (x86)\nvrtc-builtins64_92.dll

Drops a binary and executes it (1 event)

file	C:\Windows (x86)\explorer.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (37 events)

Time & API	Arguments	Status	Return
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000022c process_name: mobsync.exe process_identifier: 3400	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000022c process_name: taskhost.exe process_identifier: 7896	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000022c process_name: cmd.exe process_identifier: 5904	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000022c process_name: conhost.exe process_identifier: 3576	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000022c process_name: pw.exe process_identifier: 5580	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000022c process_name: slui.exe process_identifier: 5628	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000022c process_name: explorer.exe process_identifier: 8324	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000022c process_name: conhost.exe process_identifier: 7072	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000244 process_name: taskhost.exe process_identifier: 4024	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000230 process_name: cmd.exe process_identifier: 8704	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000230 process_name: pw.exe process_identifier: 4672	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002a4 process_name: cmd.exe process_identifier: 4848	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002a4 process_name: conhost.exe process_identifier: 6568	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002a4 process_name: pw.exe process_identifier: 5960	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002d0 process_name: cmd.exe process_identifier: 3724	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002d0 process_name: conhost.exe process_identifier: 1812	1	1
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002d0 process_name: pw.exe process_identifier: 8772	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000002fc process_name: cmd.exe process_identifier: 5272	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000002fc process_name: conhost.exe process_identifier: 7552	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000002fc process_name: pw.exe process_identifier: 6844	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000328 process_name: conhost.exe process_identifier: 6980	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000328 process_name: pw.exe process_identifier: 4012	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000354 process_name: cmd.exe process_identifier: 8636	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000354 process_name: conhost.exe process_identifier: 4788	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000354 process_name: pw.exe process_identifier: 8140	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000380 process_name: cmd.exe process_identifier: 3684	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000380 process_name: conhost.exe process_identifier: 3968	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000380 process_name: pw.exe process_identifier: 6076	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000003b0 process_name: cmd.exe process_identifier: 5352	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000003b0 process_name: conhost.exe process_identifier: 2340	1	1
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000003b0 process_name: pw.exe process_identifier: 4440	1	1
Process32NextW April 12, 2021, 11:09 a.m.	snapshot_handle: 0x00000000000003d0 process_name: cmd.exe process_identifier: 5596	1	1
Process32NextW April 12, 2021, 11:09 a.m.	snapshot_handle: 0x00000000000003d0 process_name: conhost.exe process_identifier: 3632	1	1
Process32NextW April 12, 2021, 11:09 a.m.	snapshot_handle: 0x00000000000003d0 process_name: pw.exe process_identifier: 6440	1	1
Process32NextW April 12, 2021, 11:09 a.m.	snapshot_handle: 0x0000000000000404 process_name: cmd.exe process_identifier: 7000	1	1
Process32NextW April 12, 2021, 11:09 a.m.	snapshot_handle: 0x0000000000000404 process_name: conhost.exe process_identifier: 3944	1	1
Process32NextW April 12, 2021, 11:09 a.m.	snapshot_handle: 0x0000000000000404 process_name: pw.exe process_identifier: 7804	1	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses April 12, 2021, 11:07 a.m.	flags: 14 family: 0		111	0

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 115 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000023c process_name: conhost.exe process_identifier: 7072		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000240 process_name: conhost.exe process_identifier: 7072		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000244 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000248 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000024c process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000250 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000254 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000258 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000025c process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000260 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000264 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000230 process_name: pw.exe process_identifier: 4672		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000278 process_name: pw.exe process_identifier: 4672		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000027c process_name: pw.exe process_identifier: 4672		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000280 process_name: pw.exe process_identifier: 4672		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000284 process_name: pw.exe process_identifier: 4672		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000288 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000290 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000294 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x0000000000000298 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000028c process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002a0 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x000000000000029c process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002a4 process_name: pw.exe process_identifier: 5960		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002a8 process_name: pw.exe process_identifier: 5960		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002ac process_name: pw.exe process_identifier: 5960		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002b0 process_name: pw.exe process_identifier: 5960		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002b4 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002c0 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002c4 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002c8 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002cc process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002d4 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002d8 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002d0 process_name: pw.exe process_identifier: 8772		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002dc process_name: pw.exe process_identifier: 8772		0	0
Process32NextW April 12, 2021, 11:07 a.m.	snapshot_handle: 0x00000000000002e0 process_name: pw.exe process_identifier: 8772		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000002e4 process_name: pw.exe process_identifier: 8772		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000002e8 process_name: pw.exe process_identifier: 8772		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000002f0 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000002ec process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000002f4 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000002f8 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000300 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000304 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000308 process_name: taskhost.exe process_identifier: 4024		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x00000000000002fc process_name: pw.exe process_identifier: 6844		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x000000000000030c process_name: pw.exe process_identifier: 6844		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000310 process_name: pw.exe process_identifier: 6844		0	0
Process32NextW April 12, 2021, 11:08 a.m.	snapshot_handle: 0x0000000000000314 process_name: pw.exe process_identifier: 6844		0	0

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Manager

reg_value

C:\Windows (x86)\explorer.exe

Created a service where a service was also not started (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateServiceW April 12, 2021, 11:07 a.m.	service_start_name: start_type: 3 password: display_name: WinRing0_1_2_0 filepath: C:\Windows (x86)\WinRing0x64.sys service_name: WinRing0_1_2_0 filepath_r: C:\Windows (x86)\WinRing0x64.sys desired_access: 983551 service_handle: 0x0000000000533160 error_control: 1 service_type: 1 service_manager_handle: 0x0000000000532fb0	1	5452128	0

Network communications indicative of possible code injection originated from the process explorer.exe (2 events)

Time & API	Arguments	Status	Return	Repeated
WSASend April 12, 2021, 11:07 a.m.	buffer: ¿tÏô9Ôóõ"6Ò<¿Ñ{¡U8¢ÐüÝ+RÇ J]a5\×yÙñuæ @ö]©Æêë{ÊÛuXÖ>À,À0Ì©Ì¨ÌªÀ+À/À$À(kÀ#À'gÀ À9À À3=<5/ÿ # 0. + -3&$ ©%lÿ÷lÎ¬&äaKÅ*k¼}lÁ¡â;o socket: 540		0	0
WSASend April 12, 2021, 11:07 a.m.	buffer: Eÿcë!%fÂt¶°ßNõ_Sk¯À0Òµ¹öUsºhí¡Ã¡â -;·¸,¹©\L´PÓ¡c]/Õ«çk¹DîQÖQivY®°-bëNÈ¥ãQÞÍ]Ì<Và'(ò4ø¬Æ^Ò´¾L&~jSªùÐ\°Æ¶ÉfD¿ u?áÀ²¸û ð0½¦ëß Ûú{Y=ãÏ%©¹¶X¸,ôýFé@z¹Â°u5½W®+èÙôùJcñßû447·¨6ZjÄØ9i`yÕÔÀÔ\|#=6^0K¦ K'3<áQýüA#ÚûÊÔ/g²³½Ð}[ÏQ2f_Qï¸ ?å ¯ÈMÁÁ[ôcc´ãhHcãSI\Bt:°º.ÄçÚ_ `ßßLK¾JÿÂFoÃÕ´Wî~Ù'Á TIîòìü/5&°v Çu÷äny&ÒÛª¤¹\|°8ûï/(P:Ùä±øÓá¹E862:o`ê sêuÛQUoG®ë qùþ6`Mç(ógLÆÝsV´£¬vSeØÁ3Z»Ë¥ËÐÒëcYÓÈ>«GÛ}¯þÔè5ÒY÷%÷/ ²Ö¸+r$=ÂÛ{ äÇDN©0æ>z.íIÈ%Y£AÂ£ÚñÔ®}npï»wîk~¬¦³2a}ªàØgY*¯v<^½Uº¼ÐXnß²ôP% Çæº]cNfDâC socket: 540		0	0

Created a process named as a common system process (2 events)

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW April 12, 2021, 11:14 a.m.	thread_identifier: 6692 thread_handle: 0x00000310 process_identifier: 8324 current_directory: C:\Windows (x86) filepath: C:\Windows (x86)\explorer.exe track: 1 command_line: "C:\Windows (x86)\explorer.exe" filepath_r: C:\Windows (x86)\explorer.exe stack_pivoted: 0 creation_flags: 67634196 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x0000030c	1	1	0
ShellExecuteExW April 12, 2021, 11:14 a.m.	show_type: 1 filepath_r: C:\Windows (x86)\explorer.exe parameters: filepath: C:\Windows (x86)\explorer.exe	1	1	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation April 12, 2021, 11:07 a.m.	information_class: 76 (SystemFirmwareTableInformation)		-1073741789	0

File has been identified by 32 AntiVirus engines on VirusTotal as malicious (32 events)

FireEye	Gen:Variant.Application.Miner.2
ALYac	Gen:Variant.Application.Miner.2
Malwarebytes	Malware.AI.3021647873
Alibaba	Trojan:Win64/Miners.ac89e207
K7GW	Adware ( 0055be151 )
Cybereason	malicious.7b3218
Arcabit	Trojan.Application.Miner.2
Cyren	W64/Coinminer.BN.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/CoinMiner.QB potentially unwanted
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Miner.gen
BitDefender	Gen:Variant.Application.Miner.2
Avast	Win64:CoinminerX-gen [Trj]
Rising	HackTool.CoinMiner!1.CB20 (CLOUD)
Sophos	Mal/Generic-S (PUA)
TrendMicro	Coinminer.Win64.MALXMR.SMA
McAfee-GW-Edition	BehavesLike.Win32.Generic.wc
Avira	HEUR/AGEN.1136970
MAX	malware (ai score=88)
Gridinsoft	Risk.Win64.CoinMiner.vl!n
Microsoft	PUA:Win64/CoinMiner
ZoneAlarm	not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
GData	Win32.Application.CoinMiner.Y
Cynet	Malicious (score: 99)
McAfee	Artemis!F0411337B321
Cylance	Unsafe
TrendMicro-HouseCall	TROJ_GEN.R002H0CD921
Ikarus	PUA.CoinMiner
Fortinet	Riskware/Miner
AVG	Win64:CoinminerX-gen [Trj]
Qihoo-360	Win32/Miner.BitMiner.HwYDf4cA

x64.com

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All