popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

latestX.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 7, 2023, 8:25 a.m. Aug. 7, 2023, 8:27 a.m.
Size 5.6MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
CRC32 1EC89FFF
ssdeep 49152:MMcDmMRlBdzs3EThgR0uEqBXLdcJAbtNmbOHaGhEospqOziZXAfrrARS7JL2ozPX:dcdrCET8XeospuZXAf0EJyocDKIVDT05
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
xmr-eu1.nanopool.org
A 51.15.58.224
A 51.255.34.118
A 51.68.143.81
A 212.47.253.124
A 163.172.154.142
A 51.15.65.182
A 135.125.238.108
A 51.15.193.130
A 51.68.190.80
163.172.154.142
pastebin.com
A 172.67.34.170
A 104.20.67.143
A 104.20.68.143
104.20.68.143
IP Address Status Action
163.172.154.142 Active Moloch
164.124.101.2 Active Moloch
172.67.34.170 Active Moloch
51.68.143.81 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49164 -> 172.67.34.170:443 906200068 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) undefined
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2033268 ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) Potential Corporate Privacy Violation

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.101:49164
172.67.34.170:443 		None None None
TLS 1.3
192.168.56.101:49165
163.172.154.142:14433 		None None None
TLS 1.3
192.168.56.101:49163
51.68.143.81:14433 		None None None

section {u'size_of_data': u'0x00570a00', u'virtual_address': u'0x00020000', u'entropy': 7.691738890560774, u'name': u'.data', u'virtual_size': u'0x005709c0'} entropy 7.69173889056 description A section with a high entropy has been found
entropy 0.972843171498 description Overall entropy of this PE file is high
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
McAfee Artemis!BAE29E49E819
Malwarebytes Crypt.Trojan.MSIL.DDS
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005a508c1 )
Alibaba Trojan:Win64/Reflo.63848087
K7GW Trojan ( 005a508c1 )
Cybereason malicious.b47c7e
Cyren W64/Kryptik.JDZ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/GenKryptik.GIIA
Kaspersky HEUR:Trojan.Win64.Reflo.pef
BitDefender Gen:Heur.Molotov.IM.39.90
MicroWorld-eScan Gen:Heur.Molotov.IM.39.90
Avast Win64:Evo-gen [Trj]
Tencent Win32.Trojan.FalseSign.Rcnw
Emsisoft Gen:Heur.Molotov.IM.39.90 (B)
VIPRE Gen:Heur.Molotov.IM.39.90
McAfee-GW-Edition Artemis!Trojan
FireEye Gen:Heur.Molotov.IM.39.90
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
GData Gen:Heur.Molotov.IM.39.90
Gridinsoft Trojan.Win64.Gen.bot
Arcabit Trojan.Molotov.IM.39.90
ZoneAlarm HEUR:Trojan.Win64.Reflo.pef
Microsoft Trojan:Win32/Xmrig!ic
Google Detected
AhnLab-V3 Trojan/Win.Generic.R568362
ALYac Gen:Heur.Molotov.IM.39.90
MAX malware (ai score=87)
Cylance unsafe
Panda Trj/CI.A
Rising Trojan.Kryptik!8.8 (TFE:5:tSjl4DNY5BP)
Ikarus Trojan.Win64.Krypt
Fortinet W64/GenKryptik.GIIA!tr
AVG Win64:Evo-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)