popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

W8vQdbz8.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 30, 2023, 8:49 a.m. July 30, 2023, 8:55 a.m.
Size 9.9MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 63c85f130b60b2c292e0eaf9794fe897
SHA256 43ab825086c6cb0ffccc887273a2acd37f81e0b48de001334579278f7da8e54a
CRC32 82A8D683
ssdeep 196608:NZwPMaUMd+JHUG/3m5i5EXF1kBHmUKbf+3y797xmyXpR:N6JUMiUG/3m5i54rkBHmbbG3y7Zx
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
randomxmonero.auto.nicehash.com
A 34.149.22.228
34.149.22.228
IP Address Status Action
104.248.239.160 Active Moloch
164.124.101.2 Active Moloch
34.149.22.228 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.103:49163
34.149.22.228:443 		None None None

Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1516
region_size: 159744
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000630000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x009c4600', u'virtual_address': u'0x0001f000', u'entropy': 7.654366263158296, u'name': u'.data', u'virtual_size': u'0x009c4500'} entropy 7.65436626316 description A section with a high entropy has been found
entropy 0.985126816055 description Overall entropy of this PE file is high
host 104.248.239.160
dead_host 104.248.239.160:80