popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Miner-XMR1.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Jan. 24, 2024, 9:31 a.m. Jan. 24, 2024, 9:35 a.m.
Size 6.4MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 2eafb4926d78feb0b61d5b995d0fe6ee
SHA256 50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30
CRC32 F56084E5
ssdeep 196608:1pznZ/ySos+NnrlQ5jrNoIgDJ0I6x/oAP:1pDZk9LQ5vNdeJ0IC
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section \x00
section .idata
section
section xgrhcaku
section cnnrpfsb
section .pdata\x00I
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x1c6604
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 83 3d 8d d1 02 00 00 ff 25 00 00 00 00 53 12 69
exception.instruction: cmp dword ptr [rip + 0x2d18d], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x1c6604
registers.r14: 0
registers.r15: 0
registers.rcx: 48
registers.rsi: 36656
registers.r10: 0
registers.rbx: 8791653941248
registers.rsp: 3275208
registers.r11: 518
registers.r8: 3272776
registers.r9: 3272848
registers.rdx: 8796092887632
registers.r12: 0
registers.rbp: 3275328
registers.rdi: 4150853632
registers.rax: 1861120
registers.r13: 0
1 0 0
section {u'size_of_data': u'0x0052e000', u'virtual_address': u'0x00001000', u'entropy': 7.439100402508459, u'name': u' \\x00 ', u'virtual_size': u'0x006eb000'} entropy 7.43910040251 description A section with a high entropy has been found
section {u'size_of_data': u'0x00139000', u'virtual_address': u'0x00902000', u'entropy': 7.960750499914746, u'name': u'xgrhcaku', u'virtual_size': u'0x00139000'} entropy 7.96075049991 description A section with a high entropy has been found
entropy 0.999542613203 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Themida.4!c
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Mediyes.vc
McAfee Artemis!2EAFB4926D78
Cylance unsafe
VIPRE Trojan.GenericKD.71245120
Sangfor CoinMiner.Win32.Packed.Vl11
K7AntiVirus Trojan ( 005af7e41 )
BitDefender Trojan.GenericKD.71245120
K7GW Trojan ( 005af7e41 )
Cybereason malicious.8f1daf
Arcabit Trojan.Generic.D43F1D40
Symantec Trojan Horse
ESET-NOD32 a variant of Win64/Packed.Themida.QS
Avast Win64:Evo-gen [Trj]
Kaspersky Trojan.Win32.Miner.bcqca
Alibaba Packed:Win64/Themida.6bbfd887
MicroWorld-eScan Trojan.GenericKD.71245120
Rising Dropper.Injector!8.DC (CLOUD)
Emsisoft Trojan.GenericKD.71245120 (B)
F-Secure Trojan.TR/Miner.kdimb
DrWeb Trojan.Siggen24.30419
Zillya Trojan.Miner.Win32.17558
TrendMicro Trojan.Win64.SMOKELOADER.YXDLZZ
Sophos Mal/Generic-S
Ikarus Trojan.Win64.Themida
Webroot W32.Backdoor.Gen
Google Detected
Avira TR/Miner.kdimb
Antiy-AVL Trojan[Packed]/Win64.Themida
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Ransom.Win64.Sabsik.ca
Xcitium Malware@#2oafyxuddsn8c
Microsoft Trojan:Win32/Casdet!rfn
ViRobot Trojan.Win.Z.Miner.6731040
ZoneAlarm Trojan.Win32.Miner.bcqca
GData Trojan.GenericKD.71245120
Varist W64/ABRisk.WXDM-1021
AhnLab-V3 Trojan/Win.Generic.C5567585
DeepInstinct MALICIOUS
VBA32 Trojan.Miner
Malwarebytes Trojan.MalPack.Themida
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win64.SMOKELOADER.YXDLZZ
Tencent Malware.Win32.Gencirc.13fb2e3f
MaxSecure Trojan.Malware.222041541.susgen
Fortinet Riskware/Application
AVG Win64:Evo-gen [Trj]