popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

123.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 7, 2023, 5:26 p.m. Sept. 7, 2023, 5:47 p.m.
Size 9.9MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 4c328b215a84c1b2c982a3268b4a0cea
SHA256 3761032e760a2bcc61854a0c7cf22e8e991af0ed60fac92b981853eadda00d1a
CRC32 C422081A
ssdeep 196608:OB+EV10gI3ZrS8kJ9SW1Y9ILzsjTL0UkhtUuQ:OB+MOgIZSD1Y9ILzsb0U+tUuQ
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
pool.hashvault.pro
A 125.253.92.50
A 131.153.76.130
125.253.92.50
IP Address Status Action
125.253.92.50 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2036289 ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) Crypto Currency Mining Activity Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.103:49163
125.253.92.50:443 		None None None

Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1188
region_size: 159744
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x009c7400', u'virtual_address': u'0x0001d000', u'entropy': 7.628690373818031, u'name': u'.data', u'virtual_size': u'0x009c7260'} entropy 7.62869037382 description A section with a high entropy has been found
entropy 0.985531496063 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware.64
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Heur.Molotov.IM.39.85
FireEye Gen:Heur.Molotov.IM.39.85
ALYac Gen:Heur.Molotov.IM.39.85
VIPRE Gen:Heur.Molotov.IM.39.85
K7AntiVirus Trojan ( 005a508c1 )
K7GW Trojan ( 005a508c1 )
Cybereason malicious.8ce3f4
Arcabit Trojan.Molotov.IM.39.85
Cyren W64/Injector.BMR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/TrojanDropper.Agent.IH
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.Win64.Reflo.pef
BitDefender Gen:Heur.Molotov.IM.39.85
Avast Win64:CrypterX-gen [Trj]
Tencent Malware.Win32.Gencirc.10bee91b
Emsisoft Gen:Heur.Molotov.IM.39.85 (B)
F-Secure Trojan.TR/Dropper.Gen
Avira TR/Dropper.Gen
Microsoft Trojan:Win32/Sabsik.TE.B!ml
ZoneAlarm HEUR:Trojan.Win64.Reflo.pef
GData Gen:Heur.Molotov.IM.39.85
Google Detected
MAX malware (ai score=86)
Malwarebytes Crypt.Trojan.MSIL.DDS
Rising Dropper.Injector!8.DC (TFE:5:G0bkKzjdiCR)
Ikarus Trojan.Win64.Agent
Fortinet W64/GenKryptik.GIIA!tr
AVG Win64:CrypterX-gen [Trj]