popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

blob.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 19, 2024, 9:35 a.m. June 19, 2024, 9:55 a.m.
Size 2.5MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 fbfbe4ee13baecac3e7d16bec24cf079
SHA256 3d65e5f78fa228a79d279fd903b45e584effe6b680d3a3adcb582985de62d01e
CRC32 B0BFC4C0
ssdeep 49152:0GXNqt3/rQCbVuI1SjuNVASD++6ozKQ/hD5xkmIW3vFqbrBeL9SSKl:0Gm3/rQCbVuIioc9ihD5KmjteALgl
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
pool.hashvault.pro
A 125.253.92.50
A 131.153.76.130
125.253.92.50
IP Address Status Action
125.253.92.50 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49164 -> 125.253.92.50:80 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation
UDP 192.168.56.101:53004 -> 164.124.101.2:53 2036289 ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) Crypto Currency Mining Activity Detected
TCP 192.168.56.101:49164 -> 125.253.92.50:80 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

section .00cfg
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Miner.4!c
Elastic Windows.Generic.Threat
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.CoinMiner.S32378657
Skyhigh BehavesLike.Win64.Generic.vh
ALYac Gen:Variant.Tedy.485656
Cylance Unsafe
VIPRE Gen:Variant.Tedy.485656
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005af85d1 )
BitDefender Gen:Variant.Tedy.485656
K7GW Trojan ( 005af85d1 )
Cybereason malicious.e13bae
Arcabit Trojan.Tedy.D76918
Symantec Trojan.Coinminer!g3
ESET-NOD32 a variant of Win64/Kryptik.EDF
APEX Malicious
McAfee Artemis!FBFBE4EE13BA
Avast Win64:Evo-gen [Trj]
Kaspersky HEUR:Trojan.Win32.Miner.pef
Alibaba Trojan:Win64/CoinMiner.21cc731d
NANO-Antivirus Trojan.Win64.Miner.koqvgm
MicroWorld-eScan Gen:Variant.Tedy.485656
Rising Trojan.Kryptik!8.8 (TFE:5:puXfYWFTsfG)
Emsisoft Gen:Variant.Tedy.485656 (B)
F-Secure Heuristic.HEUR/AGEN.1371803
DrWeb Trojan.Inject5.5917
TrendMicro Trojan.Win64.AMADEY.YXEFQZ
McAfeeD ti!3D65E5F78FA2
FireEye Generic.mg.fbfbe4ee13baecac
Sophos Troj/Krypt-ADL
Ikarus Win32.Outbreak
Webroot W32.Trojan.CoinMiner
Google Detected
Avira HEUR/AGEN.1371803
MAX malware (ai score=88)
Antiy-AVL Trojan/Win64.GenKryptik
Kingsoft Win32.Trojan.Miner.pef
Gridinsoft Trojan.Win64.XMRig.tr
Microsoft Trojan:Win64/Reflo.HNS!MTB
ViRobot Trojan.Win.Z.Tedy.2608640
ZoneAlarm HEUR:Trojan.Win32.Miner.pef
GData Gen:Variant.Tedy.485656
Varist W64/Kryptik.LEH.gen!Eldorado
AhnLab-V3 Dropper/Win.DropperX-gen.R622355
DeepInstinct MALICIOUS
VBA32 OScope.Trojan.Win64.Miner
Malwarebytes Trojan.MalPack.Generic
Panda Trj/GdSda.A