popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

LEMMIN.exe

Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 9, 2023, 5:31 p.m. March 9, 2023, 5:41 p.m.
Size 3.5MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 38aad33a1f0f90c4294abab2a85221eb
SHA256 1a72fe969226e84373bd29a8caefc5e46478f550662f2d55c889ffc0a580b491
CRC32 1807A561
ssdeep 98304:hXRMxYUKJxO28EJuhT8VArZfrYUyYOep+KM7:wYUK/O2k3VfZxOep+Kk
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
xmr.2miners.com
A 162.19.139.184
162.19.139.184
IP Address Status Action
162.19.139.184 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2040353 ET INFO Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) Crypto Currency Mining Activity Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.103:49164
162.19.139.184:12222 		None None None

section {u'size_of_data': u'0x0037c800', u'virtual_address': u'0x0000d000', u'entropy': 7.963782933813844, u'name': u'.data', u'virtual_size': u'0x0037c7c0'} entropy 7.96378293381 description A section with a high entropy has been found
entropy 0.983877635387 description Overall entropy of this PE file is high
MicroWorld-eScan Gen:Variant.Tedy.235835
ALYac Gen:Variant.Tedy.235835
CrowdStrike win/malicious_confidence_60% (W)
K7GW Trojan ( 0059d3f31 )
K7AntiVirus Trojan ( 0059d3f31 )
Arcabit Trojan.Tedy.D3993B
Cyren W64/Agent.FHK.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Kryptik.DQA
Cynet Malicious (score: 100)
APEX Malicious
ClamAV Win.Malware.Trojanx-9977539-0
Kaspersky Trojan.Win64.Miner.lfoz
BitDefender Gen:Variant.Tedy.235835
Avast Win64:Evo-gen [Trj]
VIPRE Gen:Variant.Tedy.235835
FireEye Generic.mg.38aad33a1f0f90c4
Emsisoft Gen:Variant.Tedy.235835 (B)
Avira HEUR/AGEN.1255492
Microsoft Trojan:Win64/CoinMiner.DC!MTB
ZoneAlarm Trojan.Win64.Miner.lfoz
GData Gen:Variant.Tedy.235835
Google Detected
MAX malware (ai score=80)
Malwarebytes Malware.AI.3110380935
Rising Stealer.Agent!8.C2 (TFE:5:mJL08voCrEL)
Ikarus Trojan.Win64.CoinMiner
MaxSecure Trojan.Malware.300983.susgen
Fortinet W64/Agent.AGENMM!tr
AVG Win64:Evo-gen [Trj]