popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

LogBack.exe

Gen1 Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Jan. 19, 2022, 3:24 p.m. Jan. 19, 2022, 3:26 p.m.
Size 4.9MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 72c6966aeb1678235e6dfc6f53bcf7fd
SHA256 03803f106b25eea135918b4ff9e7f20ddf30b16cb3374dd430c6238db785963a
CRC32 FB9FA014
ssdeep 98304:yGf/ct3gIqrvYcryT85K0SR8mHcExGWoSz6K2eo2kzzWhsTR:yH2K0SmmHcEF/z6K9SzzWhyR
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
section _RANDOMX
section _SHA3_25
section _TEXT_CN
section _RDATA
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2312
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000440000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x00015200', u'virtual_address': u'0x00763000', u'entropy': 7.046546396871217, u'name': u'.rsrc', u'virtual_size': u'0x00016000'} entropy 7.04654639687 description A section with a high entropy has been found
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
ClamAV Win.Coinminer.Generic-7151253-0
ALYac Gen:Variant.Application.Miner.24
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Coinminer.2cc
K7GW Adware ( 0055fa291 )
K7AntiVirus Adware ( 0055fa291 )
Arcabit Trojan.Application.Miner.24
Cyren W64/Trojan.VOMS-3926
ESET-NOD32 a variant of Win64/CoinMiner.QG potentially unwanted
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Gen:Variant.Application.Miner.24
MicroWorld-eScan Gen:Variant.Application.Miner.24
Avast Win64:CoinminerX-gen [Trj]
Ad-Aware Gen:Variant.Application.Miner.24
Emsisoft Gen:Variant.Application.Miner.24 (B)
Zillya Tool.BitMiner.Win32.3285
TrendMicro PUA.Win64.Xmrig.KBN
McAfee-GW-Edition BehavesLike.Win64.Dropper.rh
FireEye Generic.mg.72c6966aeb167823
Sophos XMRig Miner (PUA)
Jiangmin RiskTool.BitMiner.ckat
Webroot W32.Malware.Gen
Avira HEUR/AGEN.1134782
Antiy-AVL Trojan/Generic.ASMalwS.3496704
Gridinsoft Trojan.Heur!.02012023
Microsoft Trojan:Win64/DisguisedXMRigMiner
GData Win64.Application.Coinminer.CP
AhnLab-V3 Win-Trojan/Miner3.Exp
Acronis suspicious
McAfee CoinMiner-XMR.a
MAX malware (ai score=76)
VBA32 Trojan.Miner
Malwarebytes Trojan.BitCoinMiner.Generic
TrendMicro-HouseCall PUA.Win64.Xmrig.KBN
Rising HackTool.XMRMiner!1.C2EC (CLOUD)
Yandex Riskware.Agent!rR/yPg2yRjM
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.11387115.susgen
Fortinet Riskware/CoinMiner
AVG Win64:CoinminerX-gen [Trj]
Cybereason malicious.aeb167
Panda Trj/CI.A