popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

11.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 27, 2023, 10:17 a.m. July 27, 2023, 10:19 a.m.
Size 9.8MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 0fe4cd989e5b3992e9bf3b118f838436
SHA256 bf9afe70f71b3fdba34f67e6274f39cbe170da5d8b3b50857465fae59b7d090d
CRC32 7890D830
ssdeep 196608:/16zy2/eMamgcaYhrvkRnRacvf8Li+DsA8hK9//IJMrk:/sd/eDmgca8cLacvf8EY3m
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
stratum-eu.rplant.xyz
CNAME pool-fr2.rplant.xyz
A 141.94.192.217
141.94.192.217
IP Address Status Action
141.94.192.217 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.103:49163
141.94.192.217:17056 		None None None

section {u'size_of_data': u'0x0099fa00', u'virtual_address': u'0x00020000', u'entropy': 7.653086858240878, u'name': u'.data', u'virtual_size': u'0x0099f8e0'} entropy 7.65308685824 description A section with a high entropy has been found
entropy 0.983826685968 description Overall entropy of this PE file is high
Lionic Trojan.Win32.Agent.Y!c
Elastic malicious (high confidence)
Cynet Malicious (score: 99)
FireEye Gen:Variant.Barys.382682
McAfee Artemis!0FE4CD989E5B
Malwarebytes Crypt.Trojan.MSIL.DDS
VIPRE Gen:Variant.Barys.382682
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005a508c1 )
Alibaba Trojan:Win64/GenKryptik.75d6b89e
K7GW Trojan ( 005a508c1 )
Cybereason malicious.a3b41d
Arcabit Trojan.Barys.D5D6DA
Cyren W64/Injector.BMR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/GenKryptik.GIIA
Kaspersky Trojan.Win64.Miner.lhhk
BitDefender Gen:Variant.Barys.382682
MicroWorld-eScan Gen:Variant.Barys.382682
Avast Win64:CrypterX-gen [Trj]
Sophos Mal/Generic-S
F-Secure Trojan.TR/AD.Nekark.qntvn
TrendMicro TROJ_GEN.R002C0DGP23
McAfee-GW-Edition BehavesLike.Win64.Worm.tc
Emsisoft Gen:Variant.Barys.382682 (B)
Avira TR/AD.Nekark.qntvn
Antiy-AVL Trojan/Win64.GenKryptik
Gridinsoft Trojan.Win64.Gen.bot
Microsoft Trojan:Win32/Xmrig!ic
ZoneAlarm Trojan.Win64.Miner.lhhk
GData Win32.Application.Coinminer.YN14T1
Google Detected
AhnLab-V3 Trojan/Win.Generic.R570073
ALYac Gen:Variant.Barys.382682
MAX malware (ai score=82)
Cylance unsafe
TrendMicro-HouseCall TROJ_GEN.R002C0DGP23
Rising Trojan.Kryptik!8.8 (TFE:5:tSjl4DNY5BP)
Ikarus Trojan.Win64.Krypt
Fortinet W64/GenKryptik.GIIA!tr
AVG Win64:CrypterX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)