Summary | ZeroBOX

MinerFullDetect.exe

Malicious Library UPX PE32 PE File
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 9, 2023, 4:57 p.m. Aug. 9, 2023, 5:06 p.m.
Size 4.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f810de3ef202723a9fa3637e69115da6
SHA256 7cecd6d2b7a8c9a835d73e404a1659afeb39e92a59fe19e57c8ab265c9f77c72
CRC32 87AAB1B4
ssdeep 98304:EJ5C38lbZzsxc/QxovXoI1rt91KnH+rV8hliQTqvtqf+XIjagOc:EJjbdoc/QxGv1bsnerVCle8SIjROc
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
packer Armadillo v1.71
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
RtlpNtEnumerateSubKey+0x2a2b isupper-0x4e2b ntdll+0xcf559 @ 0x76fdf559
RtlpNtEnumerateSubKey+0x2b0b isupper-0x4d4b ntdll+0xcf639 @ 0x76fdf639
RtlUlonglongByteSwap+0xba5 RtlFreeOemString-0x20d35 ntdll+0x7df95 @ 0x76f8df95
free+0x39 memcpy-0x43 msvcrt+0x98cd @ 0x760b98cd
minerfulldetect+0x13a9 @ 0x4013a9
minerfulldetect+0x115f @ 0x40115f
minerfulldetect+0x6abc @ 0x406abc

exception.instruction_r: eb 12 8b 45 ec 8b 08 8b 09 50 51 e8 6f ff ff ff
exception.symbol: RtlpNtEnumerateSubKey+0x1b25 isupper-0x5d31 ntdll+0xce653
exception.instruction: jmp 0x76fde667
exception.module: ntdll.dll
exception.exception_code: 0xc0000374
exception.offset: 845395
exception.address: 0x76fde653
registers.esp: 1636712
registers.edi: 1637248
registers.eax: 1636728
registers.ebp: 1636832
registers.edx: 0
registers.ebx: 0
registers.esi: 3145728
registers.ecx: 2147483647
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bc2000
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
Malwarebytes Trojan.Dropper
CrowdStrike win/malicious_confidence_60% (W)
Cyren W32/Dropper.EM.gen!Eldorado
ESET-NOD32 Win32/Packed.7Zip.AI
ClamAV Win.Keylogger.Gencbl-9969771-0
Kaspersky Trojan.Win32.Startun.hqg
Avast Win32:Evo-gen [Trj]
Tencent Malware.Win32.Gencirc.10bebdd2
ZoneAlarm Trojan.Win32.Startun.hqg
AhnLab-V3 Trojan/Win.Evo-gen.R582204
AVG Win32:Evo-gen [Trj]