popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

My2.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 16, 2023, 12:41 p.m. Oct. 16, 2023, 12:49 p.m.
Size 5.2MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 df280925e135481b26e921dd1221e359
SHA256 710a3e1beda67e1c543ba04423bfb0ba643815582310c0b3d03d03e071c894b8
CRC32 184C99A5
ssdeep 98304:Po/+yDDRT0Vzalb9K8K+ZR+wc6cw5FTEsDNJZe6w43eK:A/+yHxlb9K8K+rYq9NJZeD43eK
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
pool.hashvault.pro
A 131.153.76.130
A 125.253.92.50
125.253.92.50
IP Address Status Action
172.67.139.220 Active Moloch
131.153.76.130 Active Moloch
164.124.101.2 Active Moloch
45.9.74.80 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2036289 ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) Crypto Currency Mining Activity Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.101:49163
131.153.76.130:80 		None None None

section {u'size_of_data': u'0x0052b400', u'virtual_address': u'0x0000c000', u'entropy': 7.707749959433753, u'name': u'.data', u'virtual_size': u'0x0052b240'} entropy 7.70774995943 description A section with a high entropy has been found
entropy 0.988514333738 description Overall entropy of this PE file is high
host 172.67.139.220
host 45.9.74.80
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Agent.Y!c
MicroWorld-eScan Trojan.GenericKD.69729140
FireEye Trojan.GenericKD.69729140
Skyhigh Artemis!Trojan
McAfee Artemis!DF280925E135
VIPRE Trojan.GenericKD.69729140
Sangfor Trojan.Win64.Rozena.V2ty
K7AntiVirus Trojan ( 005aa7121 )
Alibaba Trojan:Win64/CoinMiner.fcdc3793
K7GW Trojan ( 005aa7121 )
CrowdStrike win/malicious_confidence_90% (W)
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Agent.CYX
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.Agent.xbfbdl
BitDefender Trojan.GenericKD.69729140
Avast Win64:MalwareX-gen [Trj]
Rising Trojan.Rozena!8.6D (TFE:5:VqtQRH5PzKH)
Emsisoft Trojan.GenericKD.69729140 (B)
F-Secure Trojan.TR/Rozena.qeorb
DrWeb Trojan.Siggen21.39721
TrendMicro Trojan.Win64.LGOOGLOADER.YXDJLZ
Sophos Mal/Generic-S
Google Detected
Avira TR/Rozena.qeorb
MAX malware (ai score=83)
Antiy-AVL Trojan/Win64.Rozena
Microsoft Trojan:Win64/CoinMiner.RDL!MTB
Gridinsoft Trojan.Win64.CoinMiner.sa
Xcitium Malware@#xxi7fw61adj5
Arcabit Trojan.Generic.D427FB74
ViRobot Trojan.Win.Z.Rozena.5494552.C
ZoneAlarm Trojan.Win32.Agent.xbfbdl
GData Trojan.GenericKD.69729140
Varist W64/Rozena.HA.gen!Eldorado
AhnLab-V3 Trojan/Win.Generic.R608024
ALYac Trojan.GenericKD.69729140
Cylance unsafe
TrendMicro-HouseCall Trojan.Win64.LGOOGLOADER.YXDJLZ
Tencent Win32.Trojan.FalseSign.Jqil
Ikarus Trojan.Win64.Agent
Fortinet W64/Rozena.AN!tr
AVG Win64:MalwareX-gen [Trj]
Cybereason malicious.142fdc
DeepInstinct MALICIOUS