popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

xmrig.exe

UPX Malicious Library Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Feb. 21, 2023, 2:33 p.m. Feb. 21, 2023, 2:36 p.m.
Size 5.2MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 6c454e10bbea489cfc96253fe55ec282
SHA256 a12c34fef1d6475d99aa9af2e8bf1fd55bca83982a0ee2a9131ffd9fd15cb2a7
CRC32 16169542
ssdeep 98304:u0eUU9n9S8uIqzzCRrXdKrMiAeA4qG36UiVuiTK5GaRqayVMBzi0:rU9bZB4L3RYu3GaRqVaW0
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
section _RANDOMX
section _TEXT_CN
section _RDATA
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2060
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000550000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
Lionic Riskware.Win32.BitCoinMiner.1!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Application
ALYac Gen:Variant.Application.Miner.2
Malwarebytes BitcoinMiner.Trojan.Miner.DDS
VIPRE Gen:Variant.Application.Miner.2
Sangfor Trojan.Win64.XMR.Miner
CrowdStrike win/grayware_confidence_90% (W)
Alibaba Trojan:Win32/Coinminer.449
K7GW Trojan ( 005697011 )
K7AntiVirus Trojan ( 005697011 )
Cyren W64/Coinminer.BN.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/CoinMiner.QG potentially unwanted
APEX Malicious
Paloalto generic.ml
ClamAV Win.Coinminer.Generic-7151250-0
Kaspersky not-a-virus:RiskTool.Win32.BitCoinMiner.ooba
BitDefender Gen:Variant.Application.Miner.2
NANO-Antivirus Riskware.Win64.BitCoinMiner.jurbxe
MicroWorld-eScan Gen:Variant.Application.Miner.2
Avast Win64:CoinminerX-gen [Trj]
Tencent Win64.Risk.Coinminer.Dflw
Emsisoft Gen:Variant.Application.Miner.2 (B)
F-Secure Heuristic.HEUR/AGEN.1213073
McAfee-GW-Edition BehavesLike.Win64.PUP.th
FireEye Generic.mg.6c454e10bbea489c
Sophos XMRig Miner (PUA)
Ikarus PUA.CoinMiner
GData Win64.Application.Coinminer.CP
Avira HEUR/AGEN.1213073
Antiy-AVL GrayWare/Win64.CoinMiner.xmr
Gridinsoft Risk.Win64.CoinMiner.sd!i
Arcabit Trojan.Application.Miner.2
ZoneAlarm not-a-virus:RiskTool.Win32.BitCoinMiner.ooba
Google Detected
AhnLab-V3 Win-Trojan/Miner3.Exp
Acronis suspicious
McAfee Artemis!6C454E10BBEA
MAX malware (ai score=73)
Cylance Unsafe
TrendMicro-HouseCall TROJ_GEN.R002H0CB423
Rising HackTool.XMRMiner!1.C2EC (CLASSIC)
Yandex Riskware.Agent!VHilIsDLq0w
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.121218.susgen
Fortinet Riskware/CoinMiner
AVG Win64:CoinminerX-gen [Trj]
Cybereason malicious.0bbea4