popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

xmrig-notls.exe

XMRig Miner Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 19, 2024, 10:48 a.m. May 19, 2024, 10:50 a.m.
Size 5.3MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 b03bd8c9b9965ed83232260719faedbf
SHA256 6838c752804b1927a2718bc6156348e7afc8af96bb662fd5cb2eb6a2f3d26481
CRC32 E2857C8B
ssdeep 98304:JR/a0YRm8R3UIWP39tyILIjYVrOPvhRCBc1redIhiIu/6xQaSY9:HYRQCvhIBc8IhifSxSY9
Yara
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • XMRig_Miner_IN - XMRig Miner
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
section _RANDOMX
section _TEXT_CN
section _RDATA
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000001ce0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
Lionic Riskware.Win32.DeepScan.1!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.CoinMiner.th
ALYac DeepScan:Generic.Application.CoinMiner.1.ADC12824
Cylance unsafe
VIPRE DeepScan:Generic.Application.CoinMiner.1.ADC12824
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005697011 )
BitDefender DeepScan:Generic.Application.CoinMiner.1.ADC12824
K7GW Trojan ( 005697011 )
Arcabit DeepScan:Generic.Application.CoinMiner.1.ADC12824
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/CoinMiner.QG potentially unwanted
APEX Malicious
McAfee Artemis!B03BD8C9B996
Avast Win64:CoinminerX-gen [Trj]
ClamAV Win.Coinminer.Generic-7151253-0
Kaspersky not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
Alibaba Trojan:Win32/Coinminer.449
MicroWorld-eScan DeepScan:Generic.Application.CoinMiner.1.ADC12824
Rising HackTool.XMRMiner!1.C2EC (CLASSIC)
Emsisoft DeepScan:Generic.Application.CoinMiner.1.ADC12824 (B)
F-Secure PotentialRisk.PUA/CoinMiner.Gen
Zillya Tool.BitMiner.Win32.4564
Trapmine suspicious.low.ml.score
FireEye Generic.mg.b03bd8c9b9965ed8
Sophos XMRig Miner (PUA)
Ikarus PUA.CoinMiner
Jiangmin RiskTool.BitMiner.comv
Webroot Bitcoinminer.Gen
Google Detected
Avira PUA/CoinMiner.Gen
MAX malware (ai score=100)
Antiy-AVL GrayWare/Win64.CoinMiner.po
Gridinsoft Trojan.Win64.XMRig.tr
Microsoft Backdoor:Win32/IRCbot
ZoneAlarm not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner.gen
GData Win64.Application.Coinminer.CP
Varist W64/Coinminer.BN.gen!Eldorado
AhnLab-V3 Win-Trojan/Miner3.Exp
Acronis suspicious
DeepInstinct MALICIOUS
Malwarebytes Neshta.Virus.FileInfector.DDS
Panda PUP/CoinMiner
TrendMicro-HouseCall TROJ_GEN.R002H0CLF23
Tencent Malware.Win32.Gencirc.11bb7ffb
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.121218.susgen
Fortinet Riskware/CoinMiner