popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

fw3.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 23, 2021, 10:05 a.m. April 23, 2021, 10:11 a.m.
Size 118.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 c3d59d08b1f437df8fd17ec4c7e5ce6c
SHA256 051ee98c921d915df85f4afee0e6ed40cf210dc9bd70c32ab446a1596f6b6aab
CRC32 F728EE70
ssdeep 3072:2XAERwJKi9bijvOzTdG9DZHTFpTjM9q529aP:DxJNb64TdGhtDT8s
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • IsPE64 - (no description)
  • IsWindowsGUI - (no description)
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • network_http - Communications over HTTP
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call

Name Response Post-Analysis Lookup
github.xn--comthtest22-pc-fhb7147u0j3kwl0f
IP Address Status Action
102.176.221.78 Active Moloch
103.54.41.193 Active Moloch
115.73.211.230 Active Moloch
117.252.68.211 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
host 102.176.221.78
host 103.54.41.193
host 115.73.211.230
host 117.252.68.211
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Cerbu.95336
ALYac Gen:Variant.Cerbu.95336
Cylance Unsafe
CrowdStrike win/malicious_confidence_90% (W)
Alibaba Trojan:Win32/Miner.b09cce1e
K7GW Trojan ( 00579b271 )
K7AntiVirus Trojan ( 00579b271 )
Arcabit Trojan.Cerbu.D17468
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win64/CoinMiner.AED
APEX Malicious
Avast Win64:CoinminerX-gen [Trj]
Kaspersky Trojan.Win32.Miner.auule
BitDefender Gen:Variant.Cerbu.95336
Paloalto generic.ml
Ad-Aware Gen:Variant.Cerbu.95336
Sophos Mal/Generic-S
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win64.Generic.cm
FireEye Generic.mg.c3d59d08b1f437df
Emsisoft Gen:Variant.Cerbu.95336 (B)
Ikarus Trojan.Win64.CoinMiner
Jiangmin Trojan.Miner.osk
Avira TR/CoinMiner.vzceh
Kingsoft Win32.Troj.Miner.(kcloud)
Gridinsoft Trojan.Win64.CoinMiner.vb
Microsoft Trojan:Win32/CoinMiner.N!cl
AegisLab Trojan.Win32.Miner.4!c
GData Gen:Variant.Cerbu.95336
AhnLab-V3 Trojan/Win.Generic.C4386694
McAfee RDN/Generic.dx
MAX malware (ai score=81)
Malwarebytes Trojan.BitCoinMiner
TrendMicro-HouseCall TROJ_GEN.R06CH0DDJ21
Rising Trojan.Miner!8.EA1 (CLOUD)
Yandex Trojan.Miner!cjUei5v96G4
SentinelOne Static AI - Suspicious PE
Fortinet Riskware/Miner
Webroot Trojan.Dropper.Gen
AVG Win64:CoinminerX-gen [Trj]
Panda Trj/CI.A