popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Aztec.exe

Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 11, 2023, 10:27 a.m. March 11, 2023, 10:42 a.m.
Size 3.6MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 679f7bb9c60003a65a6a98d474f3fb0e
SHA256 fe0c2c6438a5ed2dd338a52678b1d5be0a63de608bd360437129976ae19ee1c1
CRC32 FBCE36D1
ssdeep 98304:4emYRF9KAR+oj+kQf4KnqI8VV4xqxVT9111UoQDKBfcxTgb8pg:pCARpj+11MqedFMDTAx
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
pool.hashvault.pro
A 125.253.92.50
A 131.153.76.130
131.153.76.130
anaida.evisyn.lol
A 172.67.149.91
A 104.21.41.183
172.67.149.91
IP Address Status Action
125.253.92.50 Active Moloch
104.21.41.183 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2036289 ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) Crypto Currency Mining Activity Detected
TCP 192.168.56.103:49165 -> 104.21.41.183:443 906200068 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.103:49164
125.253.92.50:80 		None None None
TLS 1.3
192.168.56.103:49166
125.253.92.50:80 		None None None
TLS 1.3
192.168.56.103:49165
104.21.41.183:443 		None None None

section {u'size_of_data': u'0x0037e800', u'virtual_address': u'0x0000f000', u'entropy': 7.963850359743683, u'name': u'.data', u'virtual_size': u'0x0037e620'} entropy 7.96385035974 description A section with a high entropy has been found
entropy 0.980139706889 description Overall entropy of this PE file is high
MicroWorld-eScan Gen:Variant.Tedy.234724
ALYac Gen:Variant.Tedy.234724
Cylance unsafe
CrowdStrike win/malicious_confidence_70% (W)
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/Kryptik.DQA
APEX Malicious
Alibaba Trojan:Win64/CoinMiner.e3d4f9b9
Tencent Win32.Trojan.Agen.Bgow
DrWeb Trojan.Siggen20.994
McAfee-GW-Edition BehavesLike.Win64.Generic.wc
Sophos Generic ML PUA (PUA)
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1255492
MAX malware (ai score=86)
Arcabit Trojan.Tedy.D394E4
Google Detected
AhnLab-V3 Trojan/Win.Generic.R541225
Malwarebytes Malware.AI.463480657
Rising Stealer.Agent!8.C2 (TFE:5:mJL08voCrEL)