popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

faintxakers.exe

Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 11, 2023, 10:27 a.m. March 11, 2023, 10:29 a.m.
Size 3.6MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 e5714adf276ab96cff90d3778ba51b7e
SHA256 7687dc9e1f582c340a6ce1ffdc1db7b273608e635177f53b65f3cde51f7cf65c
CRC32 5AC8C28A
ssdeep 98304:ee4H3qxuFh/zHgR7vjnOy3cQ0/r0UoEpQg9Kdaud4F:+vbg5Oy6/r0Uhd9Kdpd4F
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
pool.hashvault.pro
A 125.253.92.50
A 131.153.76.130
131.153.76.130
anaida.evisyn.lol
A 172.67.149.91
A 104.21.41.183
104.21.41.183
IP Address Status Action
104.21.41.183 Active Moloch
125.253.92.50 Active Moloch
131.153.76.130 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2036289 ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) Crypto Currency Mining Activity Detected
TCP 192.168.56.101:49164 -> 104.21.41.183:443 906200068 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.101:49165
131.153.76.130:80 		None None None
TLS 1.3
192.168.56.101:49163
125.253.92.50:80 		None None None
TLS 1.3
192.168.56.101:49164
104.21.41.183:443 		None None None

section {u'size_of_data': u'0x0037e800', u'virtual_address': u'0x0000f000', u'entropy': 7.963368986273371, u'name': u'.data', u'virtual_size': u'0x0037e620'} entropy 7.96336898627 description A section with a high entropy has been found
entropy 0.980139706889 description Overall entropy of this PE file is high
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Tedy.234724
FireEye Generic.mg.e5714adf276ab96c
McAfee Artemis!E5714ADF276A
Malwarebytes Malware.AI.463480657
VIPRE Gen:Variant.Tedy.234724
Sangfor Riskware.Win64.Agent.Vgvy
CrowdStrike win/malicious_confidence_70% (W)
Alibaba Trojan:Win64/CoinMiner.e3d4f9b9
Cyren W64/Agent.FHK.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Cynet Malicious (score: 100)
APEX Malicious
ClamAV Win.Malware.Trojanx-9977539-0
Kaspersky VHO:Trojan.Win64.Miner.lfpq
BitDefender Gen:Variant.Tedy.234724
Rising Stealer.Agent!8.C2 (TFE:5:mJL08voCrEL)
Emsisoft Gen:Variant.Tedy.234724 (B)
DrWeb Trojan.Siggen20.990
TrendMicro TROJ_GEN.R002C0DCA23
McAfee-GW-Edition BehavesLike.Win64.Generic.wc
Sophos Generic ML PUA (PUA)
Ikarus Trojan.Win64.CoinMiner
Jiangmin Trojan.Agent.ehvj
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1255492
Antiy-AVL Trojan/Win64.Kryptik
Arcabit Trojan.Tedy.D394E4
ZoneAlarm VHO:Trojan.Win64.Miner.lfpq
Microsoft Trojan:Win64/CoinMiner.DC!MTB
Google Detected
AhnLab-V3 Trojan/Win.Generic.R541225
ALYac Gen:Variant.Tedy.234724
MAX malware (ai score=86)
TrendMicro-HouseCall TROJ_GEN.R002C0DCA23
Tencent Win32.Trojan.Agen.Oqil
Fortinet W64/Agent.AGENMM!tr