popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

System_Settings.exe

Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 4, 2022, 5:32 p.m. Jan. 4, 2022, 5:43 p.m.
Size 5.2MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 20d99154c5080cfd356df4e37630182c
SHA256 a55ca2cee9eb393d411e306d51c3d4bbb43528eb80fefafa1bb898b85d3a4e5a
CRC32 401ACABF
ssdeep 98304:NRLRLj41OH4wAIOF+kmcIxJr+fx3k/sc37gz+li0pjY3l50XYarG:Bj417x3Msc8Kli0JUuXYaK
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
section _RANDOMX
section _SHA3_25
section _TEXT_CN
section _RDATA
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2788
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000440000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
Elastic malicious (high confidence)
FireEye Generic.mg.20d99154c5080cfd
Sangfor Trojan.Win64.XMR.Miner
CrowdStrike win/malicious_confidence_100% (D)
ESET-NOD32 a variant of Win64/CoinMiner.QG potentially unwanted
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
Avast Win64:CoinminerX-gen [Trj]
Sophos XMRig Miner (PUA)
Zillya Tool.BitCoinMiner.Win32.41283
Emsisoft Gen:Variant.Application.Miner.24 (B)
Ikarus PUA.CoinMiner
Jiangmin RiskTool.BitCoinMiner.arlu
Avira HEUR/AGEN.1134782
Gridinsoft Risk.Win64.CoinMiner.vl!n
Arcabit Trojan.Application.Miner.24
AhnLab-V3 Win-Trojan/Miner3.Exp
Acronis suspicious
Malwarebytes RiskWare.BitCoinMiner
Rising HackTool.XMRMiner!1.C2EC (CLASSIC)
Yandex Riskware.BitCoinMiner!au9DzS/eIX4
SentinelOne Static AI - Malicious PE
Fortinet Riskware/CoinMiner
AVG Win64:CoinminerX-gen [Trj]
MaxSecure Trojan.Malware.121218.susgen