VCheck.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6403_us | Sept. 10, 2023, 9:14 a.m. | Sept. 10, 2023, 9:20 a.m. |
-
VCheck.exe "C:\Users\test22\AppData\Local\Temp\VCheck.exe"
2080
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| pastebin.com | 104.20.68.143 | |
| gulf.moneroocean.stream |
CNAME
monerooceans.stream
|
54.250.156.221 |
| spoff.findeverything.xyz | 104.21.78.103 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49166 -> 172.67.220.56:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
| TCP 192.168.56.103:49167 -> 172.67.220.56:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
| TCP 192.168.56.103:49164 -> 104.20.67.143:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.3 192.168.56.103:49163 54.250.156.221:20128 |
None | None | None |
|
TLS 1.3 192.168.56.103:49166 172.67.220.56:443 |
None | None | None |
|
TLS 1.3 192.168.56.103:49165 54.250.156.221:20128 |
None | None | None |
|
TLS 1.3 192.168.56.103:49167 172.67.220.56:443 |
None | None | None |
|
TLS 1.3 192.168.56.103:49164 104.20.67.143:443 |
None | None | None |
| section | {u'size_of_data': u'0x00570e00', u'virtual_address': u'0x0001b000', u'entropy': 7.695970259548616, u'name': u'.data', u'virtual_size': u'0x00570d80'} | entropy | 7.69597025955 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.909409940423 | description | Overall entropy of this PE file is high | |||||||||||
| Bkav | W32.AIDetectMalware.64 |
| Lionic | Trojan.Win32.Miner.4!c |
| Elastic | malicious (high confidence) |
| DrWeb | Trojan.Siggen21.26096 |
| MicroWorld-eScan | Gen:Heur.Molotov.IM.39.100 |
| FireEye | Gen:Heur.Molotov.IM.39.100 |
| ALYac | Gen:Heur.Molotov.IM.39.100 |
| Malwarebytes | Crypt.Trojan.MSIL.DDS |
| VIPRE | Gen:Heur.Molotov.IM.39.100 |
| Sangfor | Trojan.Win64.Kryptik.V7sm |
| K7AntiVirus | Trojan ( 005a508c1 ) |
| BitDefender | Gen:Heur.Molotov.IM.39.100 |
| K7GW | Trojan ( 005a508c1 ) |
| Arcabit | Trojan.Molotov.IM.39.100 |
| Cyren | W64/Injector.BMR.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win64/Kryptik.DZL |
| Cynet | Malicious (score: 99) |
| Kaspersky | Trojan.Win64.Miner.libb |
| Alibaba | Trojan:Win64/Miner.cd064944 |
| NANO-Antivirus | Trojan.Win64.Kryptik.jzlaqn |
| Avast | Win64:Evo-gen [Trj] |
| Rising | Trojan.DisguisedXMRigMiner!8.12EF7 (TFE:5:YhzrPCllRHI) |
| Sophos | Mal/Generic-S |
| F-Secure | Trojan.TR/Kryptik.zdkhg |
| McAfee-GW-Edition | Artemis!Trojan |
| Emsisoft | Gen:Heur.Molotov.IM.39.100 (B) |
| Avira | TR/Kryptik.zdkhg |
| MAX | malware (ai score=89) |
| Antiy-AVL | Trojan/Win64.GenKryptik |
| Gridinsoft | Ransom.Win64.Sabsik.sa |
| Microsoft | Trojan:Win64/XMRig.CCAN!MTB |
| ZoneAlarm | Trojan.Win64.Miner.libb |
| GData | Gen:Heur.Molotov.IM.39.100 |
| Detected | |
| AhnLab-V3 | Trojan/Win.Generic.R571995 |
| McAfee | Artemis!AD66F35B4176 |
| Cylance | unsafe |
| Panda | Trj/Chgt.AD |
| TrendMicro-HouseCall | TROJ_GEN.R002H0CI123 |
| Tencent | Win32.Trojan.FalseSign.Uwhl |
| Ikarus | Trojan.Win64.Krypt |
| Fortinet | W64/GenKryptik.GIIA!tr |
| AVG | Win64:Evo-gen [Trj] |
| DeepInstinct | MALICIOUS |
| CrowdStrike | win/malicious_confidence_70% (W) |