popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

jkfe.exe

VMProtect Malicious Library PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 18, 2021, 4:11 p.m. Aug. 18, 2021, 4:13 p.m.
Size 6.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 5c3ebb5dfa876c0d76ccae99518153d8
SHA256 1c63a6f9d19720b232e0a092d1962a0969967e9a51579a5ad890adaf3361e1df
CRC32 B4214C9C
ssdeep 98304:pP4R0NzUErSZpGtSkGkOsl3fcsIK5ziXybtkjTCMD2r/8XV2uNfIY0oGtT/4BjuR:B4iUEqUg9wpIxXotkH2rkl2uynprQj4
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
51.89.92.99 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
file C:\Windows\svchost.exe
file C:\Users\test22\AppData\Local\Temp\nss63A5.tmp\nsExec.dll
file C:\Users\test22\AppData\Local\Temp\nss63A5.tmp\nsProcess.dll
Time & API Arguments Status Return Repeated

CreateServiceW

 service_start_name:
start_type: 2
password:
display_name: MiningeService
filepath: C:\Windows\svchost.exe
service_name: MiningeService
filepath_r: C:\Windows\svchost.exe
desired_access: 983551
service_handle: 0x004dbc60
error_control: 1
service_type: 16
service_manager_handle: 0x004dbd00
1 5094496 0
cmdline C:\Windows\system32\cmd.exe /C sc description MiningeService ServiceManagerForMiner
cmdline C:\Windows\system32\cmd.exe /C Sc create MiningeService binpath= C:\Windows\svchost.exe start= auto DisplayName= MiningeService
cmdline C:\Windows\system32\cmd.exe /C Sc delete MiningeService
cmdline Sc create MiningeService binpath= C:\Windows\svchost.exe start= auto DisplayName= MiningeService
cmdline C:\Windows\system32\cmd.exe /C net stop MiningeService
cmdline C:\Windows\system32\cmd.exe /C net start MiningeService
file C:\Users\test22\AppData\Local\Temp\nss63A5.tmp\nsExec.dll
file C:\Users\test22\AppData\Local\Temp\nss63A5.tmp\nsProcess.dll
cmdline net start MiningeService
cmdline C:\Windows\system32\cmd.exe /C sc description MiningeService ServiceManagerForMiner
cmdline C:\Windows\system32\cmd.exe /C Sc create MiningeService binpath= C:\Windows\svchost.exe start= auto DisplayName= MiningeService
cmdline net stop MiningeService
cmdline sc description MiningeService ServiceManagerForMiner
cmdline C:\Windows\system32\cmd.exe /C Sc delete MiningeService
cmdline Sc create MiningeService binpath= C:\Windows\svchost.exe start= auto DisplayName= MiningeService
cmdline C:\Windows\system32\cmd.exe /C net stop MiningeService
cmdline C:\Windows\system32\cmd.exe /C net start MiningeService
cmdline Sc delete MiningeService
host 51.89.92.99
service_name MiningeService service_path C:\Windows\svchost.exe
Lionic Trojan.Win32.SchoolGirl.4!c
Elastic malicious (high confidence)
DrWeb Trojan.Siggen14.61410
MicroWorld-eScan Trojan.GenericKD.46810259
FireEye Generic.mg.5c3ebb5dfa876c0d
ALYac Trojan.GenericKD.46810259
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan-Downloader ( 0050e5cf1 )
Alibaba Trojan:Win32/SchoolGirl.e787ea55
K7GW Trojan-Downloader ( 0050e5cf1 )
Cybereason malicious.675ecb
Cyren W32/Trojan.ZEIO-1855
ESET-NOD32 a variant of Win32/Packed.VMProtect.VZ
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.SchoolGirl.gen
BitDefender Trojan.GenericKD.46810259
Avast NSIS:MalwareX-gen [Trj]
Ad-Aware Trojan.GenericKD.46810259
Emsisoft Trojan.GenericKD.46810259 (B)
VIPRE BehavesLike.Win32.Malware.bsf (vs)
TrendMicro TROJ_GEN.R070C0RHE21
McAfee-GW-Edition BehavesLike.Win32.AdwareAdload.vc
Sophos Mal/Generic-R
SentinelOne Static AI - Suspicious PE
Avira TR/SchoolGirl.odadw
MAX malware (ai score=87)
Gridinsoft Malware.Win32.Gen.cc!s5
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Trojan.GenericKD.46810259
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Fuery.R202739
McAfee Artemis!5C3EBB5DFA87
VBA32 Trojan.SchoolGirl
Malwarebytes Malware.AI.3224927324
TrendMicro-HouseCall TROJ_GEN.R070C0RHE21
Rising Trojan.CoinMiner/NSIS!1.D88C (CLASSIC)
Ikarus Trojan.Win32.VMProtect
AVG NSIS:MalwareX-gen [Trj]
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Win32/Trojan.Generic.HyoDNBsA