Summary | ZeroBOX

Updater.exe

PE64 PE File
Category Machine Started Completed
FILE s1_win7_x6403_us April 10, 2023, 9:07 a.m. April 10, 2023, 9:09 a.m.
Size 9.9MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 6fa2a8de3fc30b9c80d12c2ac4ad2e3f
SHA256 a2c59381ca2fdba45f345eec78681fc417271e2f3fb65ff9ec06998d90abc9fd
CRC32 E6139117
ssdeep 196608:RHkauZatU8wbxg2e/ZPIq3QkZRgj2wpAY7E6XZufNrM1W:RHcsw22eRI2QkjgjLlErH
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

IP Address Status Action
162.19.139.184 Active Moloch
164.124.101.2 Active Moloch
172.67.34.170 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2040353 ET INFO Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) Crypto Currency Mining Activity Detected
TCP 192.168.56.103:49164 -> 172.67.34.170:443 906200068 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.103:49164
172.67.34.170:443
None None None
TLS 1.3
192.168.56.103:49163
162.19.139.184:12222
None None None
TLS 1.3
192.168.56.103:49165
162.19.139.184:12222
None None None

section {u'size_of_data': u'0x009a2400', u'virtual_address': u'0x00020000', u'entropy': 7.61805324893538, u'name': u'.data', u'virtual_size': u'0x009a2220'} entropy 7.61805324894 description A section with a high entropy has been found
entropy 0.977506936187 description Overall entropy of this PE file is high
Lionic Trojan.Win32.Injector.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 99)
CAT-QuickHeal Trojan.Agent
McAfee Artemis!6FA2A8DE3FC3
Malwarebytes Trojan.Crypt
Sangfor Trojan.Win64.Kryptik.Vrp3
K7AntiVirus Trojan ( 005a1ef11 )
Alibaba Trojan:Win64/GenKryptik.42e8a052
K7GW Trojan ( 005a1ef11 )
Arcabit Application.Generic.D341B80
VirIT Trojan.Win64.Genus.PO
Cyren W64/ABRisk.EBYR-0635
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/GenKryptik.GIIA
Paloalto generic.ml
Kaspersky Trojan.Win32.Agent.xavnes
BitDefender Application.Generic.3414912
NANO-Antivirus Trojan.Win64.Hosts.jvisvl
MicroWorld-eScan Application.Generic.3414912
Avast Win64:Evo-gen [Trj]
Tencent Win32.Trojan.FalseSign.Eflw
Emsisoft Application.Generic.3414912 (B)
F-Secure Trojan.TR/AD.Nekark.wjaad
DrWeb Trojan.Hosts.51203
VIPRE Application.Generic.3414912
TrendMicro TROJ_GEN.R002C0DD623
McAfee-GW-Edition Artemis!Trojan
FireEye Application.Generic.3414912
Sophos Generic Reputation PUA (PUA)
Webroot W32.Trojan.Gen
Avira TR/AD.Nekark.wjaad
Antiy-AVL Trojan/Win64.GenKryptik
Gridinsoft Trojan.Win64.Gen.bot
Xcitium Malware@#38zvo226ygp71
Microsoft Trojan:Win64/Xmrig!MTB
ZoneAlarm Trojan.Win32.Agent.xavnes
GData Application.Generic.3414912
Google Detected
VBA32 Trojan.Win64.GenKryptik
ALYac Application.Generic.3414912
MAX malware (ai score=79)
Cylance unsafe
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002C0DD623
Rising Trojan.Kryptik!8.8 (TFE:5:tSjl4DNY5BP)
Ikarus Trojan.Win64.Agent
MaxSecure Trojan.Malware.204949125.susgen
Fortinet W64/GenKryptik.GIIA!tr
AVG Win64:Evo-gen [Trj]