popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

videoLan.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 28, 2023, 5:36 p.m. July 28, 2023, 5:38 p.m.
Size 5.7MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 62472c78b3ab085422418e49dd2aa11c
SHA256 ef256556b6749f441874b9d86e2c35c693fdc6d358ce2bb58bb2ba2e2cd939d5
CRC32 FFBE010E
ssdeep 98304:wvwPndUBiFUg37BdTNJsl1cHZMjcXW7afr02BlDXFqv+nxRZWP/iSMgCW7owLCyy:wIPndf9uBGLfgWxR8XEguyk6QIOb
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
mine.bmpool.org
A 5.252.178.30
5.252.178.30
IP Address Status Action
164.124.101.2 Active Moloch
5.252.178.30 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49162 -> 5.252.178.30:6004 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation
TCP 192.168.56.103:49162 -> 5.252.178.30:6004 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1712
region_size: 159744
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000410000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x00592e00', u'virtual_address': u'0x0001c000', u'entropy': 7.668005415702556, u'name': u'.data', u'virtual_size': u'0x00592ce0'} entropy 7.6680054157 description A section with a high entropy has been found
entropy 0.976475620188 description Overall entropy of this PE file is high
Bkav W32.Common.B8052E28
Lionic Trojan.Win32.Injector.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Barys.382682
FireEye Gen:Variant.Barys.382682
CAT-QuickHeal TrojanDropper.Injector
ALYac Gen:Variant.Barys.382682
Cylance unsafe
Cynet Malicious (score: 100)
K7AntiVirus Trojan ( 005a508c1 )
Alibaba Trojan:Win64/GenKryptik.75d6b89e
K7GW Trojan ( 005a508c1 )
Cybereason malicious.f32ab1
Cyren W64/Injector.BMR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/GenKryptik.GIIA
ClamAV Win.Packed.Tedy-10005655-0
Kaspersky Trojan.Win64.Reflo.csu
BitDefender Gen:Variant.Barys.382682
NANO-Antivirus Trojan.Win64.GenKryptik.jxokdc
DrWeb Trojan.Siggen21.12357
VIPRE Gen:Variant.Barys.382682
TrendMicro TROJ_GEN.R002C0XGM23
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Antiy-AVL Trojan/Win64.GenKryptik
Gridinsoft Ransom.Win64.Wacatac.cl
Arcabit Trojan.Barys.D5D6DA
ZoneAlarm Trojan.Win64.Reflo.csu
GData Gen:Variant.Barys.382682
Google Detected
AhnLab-V3 Trojan/Win.Generic.R570614
MAX malware (ai score=83)
DeepInstinct MALICIOUS
Malwarebytes Crypt.Trojan.MSIL.DDS
TrendMicro-HouseCall TROJ_GEN.R002C0XGM23
Tencent Malware.Win32.Gencirc.13eaa4c8
Ikarus Trojan.Win64.Krypt
Fortinet W64/GenKryptik.GIIA!tr
Panda Trj/Chgt.AD
CrowdStrike win/malicious_confidence_100% (W)