Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 22, 2021, 9:12 a.m.	Oct. 22, 2021, 9:26 a.m.

Size	4.5MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`f0cf1d3d9ed23166ff6c1f3deece19b4`
SHA256	`0663d70411a20340f184ae3b47138b33ac398c800920e4d976ae609b60522b01`
CRC32	`FE72D224`
ssdeep	`98304:Hf8WSHqjQrScap+JvvW8vCeNDzml+UxHVP9kfYs:kprvvdvCeNe+Ux1qfYs`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

wxm.exe "C:\Users\test22\AppData\Local\Temp\wxm.exe"
1016

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Oct. 22, 2021, 9:05 a.m.	computer_name: TEST22-PC	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	_RANDOMX
section	_SHA3_25
section	_TEXT_CN
section	_RDATA

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 22, 2021, 9:05 a.m.	process_identifier: 1016 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000005b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Lionic	Trojan.Win32.Miner.4!c
Elastic	malicious (high confidence)
DrWeb	Tool.BtcMine.2577
MicroWorld-eScan	Gen:Variant.Application.Miner.2
FireEye	Generic.mg.f0cf1d3d9ed23166
CAT-QuickHeal	Trojan.Miner
McAfee	Artemis!F0CF1D3D9ED2
Cylance	Unsafe
Zillya	Trojan.Miner.Win32.14341
Sangfor	Trojan.Win64.XMR.Miner
K7AntiVirus	Trojan ( 005697011 )
Alibaba	Trojan:Win32/Coinminer.2cc
K7GW	Trojan ( 005697011 )
Cybereason	malicious.d9ed23
Cyren	W64/Coinminer.BN.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/CoinMiner.QG potentially unwanted
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Coinminer.Generic-7151250-0
Kaspersky	VHO:Trojan.Win32.Miner.gen
BitDefender	Gen:Variant.Application.Miner.2
NANO-Antivirus	Riskware.Win64.BitMiner.jbpnmf
Avast	Win32:Miner-DM [Trj]
Ad-Aware	Gen:Variant.Application.Miner.2
Sophos	XMRig Miner (PUA)
Comodo	ApplicUnwnt@#x8zpfpr4hf01
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	PUA.Win64.Xmrig.KBL
McAfee-GW-Edition	BehavesLike.Win64.CoinMiner.rh
Emsisoft	Gen:Variant.Application.Miner.2 (B)
Ikarus	PUA.CoinMiner
Jiangmin	RiskTool.Convagent.b
MaxSecure	Trojan.Malware.12132258.susgen
Avira	HEUR/AGEN.1134782
Antiy-AVL	Trojan/Generic.ASMalwS.34692D0
Gridinsoft	Trojan.Win64.CoinMiner.vb
GData	Win64.Application.Coinminer.CP
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/Miner3.Exp
Acronis	suspicious
VBA32	Trojan.Miner
ALYac	Misc.Riskware.CoinMiner.Etc
MAX	malware (ai score=100)
Malwarebytes	RiskWare.BitCoinMiner
TrendMicro-HouseCall	PUA.Win64.Xmrig.KBL
Rising	HackTool.XMRMiner!1.C2EC (CLASSIC)
SentinelOne	Static AI - Malicious PE
Fortinet	Riskware/CoinMiner
Webroot	Bitcoinminer.Gen

wxm.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All