popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

nxmr.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 26, 2023, 6:05 p.m. April 26, 2023, 6:07 p.m.
Size 5.4MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 41ab08c1955fce44bfd0c76a64d1945a
SHA256 dd12cb27b3867341bf6ca48715756500d3ec56c19b21bb1c1290806aa74cb493
CRC32 FACA3D01
ssdeep 98304:vavlQIN33nVKboT7MAwtCUxDwoQtKjnX6Og6X2XcNlfYWzdgIT3:vIlQIN33nVKboT7MAwtCYzQQjn46yQls
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
185.215.113.66 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 185.215.113.66:5151 -> 192.168.56.101:49163 2400019 ET DROP Spamhaus DROP Listed Traffic Inbound group 20 Misc Attack
TCP 192.168.56.101:49163 -> 185.215.113.66:5151 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation
TCP 192.168.56.101:49163 -> 185.215.113.66:5151 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

section {u'size_of_data': u'0x0054c600', u'virtual_address': u'0x0001b000', u'entropy': 7.697022007323988, u'name': u'.data', u'virtual_size': u'0x0054c4a0'} entropy 7.69702200732 description A section with a high entropy has been found
entropy 0.976687668767 description Overall entropy of this PE file is high
host 185.215.113.66
Lionic Trojan.Win32.Miner.4!c
MicroWorld-eScan Gen:Variant.Tedy.337886
FireEye Gen:Variant.Tedy.337886
CAT-QuickHeal Trojan.Win64
McAfee Artemis!41AB08C1955F
Malwarebytes Trojan.Crypt.Generic
Sangfor Trojan.Win64.Kryptik.Vthc
K7AntiVirus Trojan ( 005a1ef11 )
Alibaba Trojan:Win64/Miner.25b20107
K7GW Trojan ( 005a1ef11 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Tedy.D527DE
Cyren W64/ABRisk.GBRM-3827
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/GenKryptik.GIIA
Cynet Malicious (score: 100)
Paloalto generic.ml
Kaspersky Trojan.Win64.Miner.lgdo
BitDefender Gen:Variant.Tedy.337886
Avast Win64:Trojan-gen
Tencent Win64.Trojan.Miner.Imnw
Sophos Mal/Generic-S
F-Secure Heuristic.HEUR/AGEN.1329646
DrWeb Trojan.Inject4.56687
VIPRE Gen:Variant.Tedy.337886
McAfee-GW-Edition BehavesLike.Win64.Generic.tc
Emsisoft Gen:Variant.Tedy.337886 (B)
Avira HEUR/AGEN.1329646
Antiy-AVL Trojan/Win64.GenKryptik
Gridinsoft Ransom.Win64.Sabsik.sa
Microsoft Trojan:Win64/Xmrig!MTB
ZoneAlarm Trojan.Win64.Miner.lgdo
GData Gen:Variant.Tedy.337886
Google Detected
AhnLab-V3 Trojan/Win.Generic.R571995
ALYac Gen:Variant.Tedy.337886
MAX malware (ai score=86)
Cylance unsafe
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H0CDM23
Rising Trojan.DisguisedXMRigMiner!8.12EF7 (TFE:5:YhzrPCllRHI)
Ikarus Trojan.Win64.Krypt
Fortinet W64/GenKryptik.GIIA!tr
AVG Win64:Trojan-gen
DeepInstinct MALICIOUS