popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

xmrig.exe

Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 10, 2022, 9:38 a.m. March 10, 2022, 9:44 a.m.
Size 7.8MB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 5385a40c6af4c73f43cfa5de46b9f05a
SHA256 21bc43587dc1f19ec6271e69fe709b18fdefdfbfc5971a3edf00e92cb1b77995
CRC32 D2AE4DEE
ssdeep 98304:Cf4ix3tX2mzKHmCTBk1XoHtLgF9o11clR73DArjRjjoHuLc2orGpV7bAUI9+dcGL:CAiLLcg2FiF1E+AsDm1y8n
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
185.168.130.138 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49190 -> 185.168.130.138:443 2404308 ET CNC Feodo Tracker Reported CnC Server group 9 A Network Trojan was detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2416
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002830000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
host 185.168.130.138
dead_host 192.168.56.103:49190
Lionic Trojan.Win32.Miner.4!c
Elastic malicious (high confidence)
DrWeb Tool.BtcMine.2615
MicroWorld-eScan Gen:Variant.Tedy.60527
FireEye Generic.mg.5385a40c6af4c73f
CAT-QuickHeal Trojan.Xmrminer.S24673691
ALYac Gen:Variant.Tedy.60527
Cylance Unsafe
Zillya Trojan.Miner.Win32.15186
Sangfor Trojan.Win64.XMR.Miner
K7AntiVirus Adware ( 005300251 )
Alibaba Trojan:Win64/Miner.4af56cfc
K7GW Adware ( 005300251 )
Cybereason malicious.73e3c7
Arcabit Trojan.Tedy.DEC6F
Cyren W64/Trojan.CDZR-8535
Symantec Miner.XMRig!gen2
ESET-NOD32 a variant of Win64/CoinMiner.IZ potentially unwanted
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.Miner.bbazi
BitDefender Gen:Variant.Tedy.60527
Avast Win64:CoinminerX-gen [Trj]
Tencent Risktool.Win64.Bitminer.16000063
Ad-Aware Gen:Variant.Tedy.60527
Emsisoft Gen:Variant.Tedy.60527 (B)
TrendMicro TROJ_GEN.R002C0PAH22
McAfee-GW-Edition BehavesLike.Win64.Generic.wh
Sophos XMRig Miner (PUA)
Jiangmin RiskTool.BitMiner.cnyq
MaxSecure Trojan.Malware.121218.susgen
Avira HEUR/AGEN.1216470
MAX malware (ai score=83)
Antiy-AVL GrayWare/Win64.CoinMiner.xmr
Gridinsoft Risk.Win64.CoinMiner.vl!n
Microsoft PUA:Win32/CoinMiner
ZoneAlarm Trojan.Win32.Miner.bbazi
GData Win32.Application.CoinMiner.Y
AhnLab-V3 Trojan/Win.Miner.R374094
Acronis suspicious
McAfee W64/CoinMiner
VBA32 Trojan.Miner
Malwarebytes RiskWare.BitCoinMiner
TrendMicro-HouseCall TROJ_GEN.R002C0PAH22
Rising HackTool.XMRMiner!1.C2EC (CLOUD)
SentinelOne Static AI - Malicious PE
Fortinet Riskware/CoinMiner.PO
Webroot W32.Adware.Gen
AVG Win64:CoinminerX-gen [Trj]