Summary | ZeroBOX

xmrig.exe

Generic Malware UPX Malicious Library Malicious Packer PE64 PE File OS Processor Check
Category Machine Started Completed
FILE s1_win7_x6401 July 12, 2023, 3:15 p.m. July 12, 2023, 3:17 p.m.
Size 7.9MB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 4813fa6d610e180b097eae0ce636d2aa
SHA256 9ef2e8714e85dcd116b709894b43babb4a0872225ae7363152013b7fd1bc95bc
CRC32 04A4594C
ssdeep 98304:ZLsUYfB9pOp/BWLbrkShfa+XQD/YPLTDtU5SXXMQHJw7ZB87TtIeUK+MzfL7cybS:Kgp/NQ7rfWOlb1paSbkJFsxfKLNIS
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 2556
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000520000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
Bkav W32.Common.ED2714C8
Lionic Riskware.Win32.BitCoinMiner.1!c
MicroWorld-eScan Gen:Variant.Application.Miner.2
FireEye Generic.mg.4813fa6d610e180b
ALYac Gen:Variant.Application.Miner.2
Malwarebytes Neshta.Virus.FileInfector.DDS
Sangfor Trojan.Win64.XMR.Miner
K7AntiVirus Riskware ( 005622c31 )
Alibaba RiskWare:Win64/Miners.a90d1904
K7GW Riskware ( 005622c31 )
Cybereason malicious.d610e1
Arcabit Trojan.Application.Miner.2
Cyren W64/Coinminer.BN.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/CoinMiner.IZ potentially unwanted
Cynet Malicious (score: 100)
ClamAV Win.Coinminer.Generic-7151250-0
Kaspersky VHO:Trojan.Win64.Convagent.gen
BitDefender Gen:Variant.Application.Miner.2
NANO-Antivirus Riskware.Win64.BitCoinMiner.jxdvvm
Avast Win64:CoinminerX-gen [Trj]
Tencent Risktool.Win64.Bitminer.16000063
Sophos XMRig Miner (PUA)
VIPRE Gen:Variant.Application.Miner.2
TrendMicro TROJ_GEN.R002C0PG323
McAfee-GW-Edition W64/CoinMiner!4813FA6D610E
Emsisoft Gen:Variant.Application.Miner.2 (B)
SentinelOne Static AI - Malicious PE
Webroot Bitcoinminer.Gen
Antiy-AVL Trojan[Miner]/Win64.Xmrig.gen
Gridinsoft Trojan.Win64.Gen.bot
ZoneAlarm VHO:Trojan.Win64.Convagent.gen
GData Win32.Application.CoinMiner.Y
Google Detected
AhnLab-V3 Unwanted/Win.BitMiner.R589756
Acronis suspicious
McAfee W64/CoinMiner!4813FA6D610E
MAX malware (ai score=79)
VBA32 Trojan.Win64.Convagent
Cylance unsafe
Panda Trj/CI.A
TrendMicro-HouseCall TROJ_GEN.R002C0PG323
Rising HackTool.XMRMiner!1.C2EC (CLASSIC)
Yandex Riskware.Agent!BlUpQyX6a8Y
Ikarus PUA.CoinMiner
MaxSecure Trojan.Malware.121218.susgen
Fortinet Riskware/CoinMiner.PO
AVG Win64:CoinminerX-gen [Trj]
DeepInstinct MALICIOUS