popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

My2.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 7, 2023, 7:40 a.m. Nov. 7, 2023, 7:42 a.m.
Size 5.2MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 9873907d252dcecd6baea9a11ac4b0da
SHA256 a5c68511132b9590f0d60bc6fa5f43999c25d636d0b29aae1ff3787688907fe7
CRC32 5ECCABB8
ssdeep 98304:jkIr0MF/LGIgU95JrA8MjLiwlqVwDfb1BrOuQ4:jkIr0MF/FV95BA8hwgCpO2
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
pool.hashvault.pro
A 125.253.92.50
A 131.153.76.130
131.153.76.130
IP Address Status Action
125.253.92.50 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2036289 ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) Crypto Currency Mining Activity Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.101:49163
125.253.92.50:3333 		None None None

section {u'size_of_data': u'0x0052b400', u'virtual_address': u'0x0000c000', u'entropy': 7.705731102421746, u'name': u'.data', u'virtual_size': u'0x0052b240'} entropy 7.70573110242 description A section with a high entropy has been found
entropy 0.988514333738 description Overall entropy of this PE file is high