popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Downdd.exe

CoinMiner Generic Malware AutoIt UPX PE File PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 21, 2024, 9:34 a.m. June 21, 2024, 9:34 a.m.
Size 1.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 f6be85b0254a308f77189fc96fa6f38e
SHA256 6db6a1f73e471e2068a0a420fe6134327171e9a11bbd1a5b360298c5b6a1b069
CRC32 EDC37EE1
ssdeep 24576:ofK9zUHFpi8/cVt692Qbp9EPXcHJCOoMmBorv9CYmVzsuY:ofKtqFpiucf6zxsOFyorv9FJuY
Yara
  • AutoIt - autoit
  • PE_Header_Zero - PE File Signature
  • CoinMiner_IN - CoinMiner
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2652
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x734c2000
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0004aa00', u'virtual_address': u'0x0007d000', u'entropy': 7.940965856094214, u'name': u'UPX1', u'virtual_size': u'0x0004b000'} entropy 7.94096585609 description A section with a high entropy has been found
entropy 0.911450381679 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.lNoD
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.Injector.tc
ALYac AIT:Trojan.Nymeria.4279
Cylance Unsafe
VIPRE AIT:Trojan.Nymeria.4279
Sangfor Trojan.Win32.Packed.Vsgl
K7AntiVirus Trojan ( 005631b11 )
BitDefender AIT:Trojan.Nymeria.4279
K7GW Trojan ( 005631b11 )
Cybereason malicious.0254a3
Arcabit AIT:Trojan.Nymeria.D10B7 [many]
VirIT Trojan.Win32.Generic.XTX
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win32/Packed.Autoit.NBT suspicious
APEX Malicious
McAfee Artemis!F6BE85B0254A
Avast Win32:Evo-gen [Trj]
ClamAV Win.Malware.Generic-6651791-0
Alibaba Packed:Win32/Generic.1b8f7da6
NANO-Antivirus Trojan.Win32.TrjGen.koswjz
MicroWorld-eScan AIT:Trojan.Nymeria.4279
Emsisoft AIT:Trojan.Nymeria.4279 (B)
DrWeb Trojan.Siggen5.59949
Zillya Trojan.Nymeria.Win32.767
McAfeeD ti!6DB6A1F73E47
Trapmine malicious.high.ml.score
FireEye Generic.mg.f6be85b0254a308f
Sophos Mal/Generic-S
Ikarus PUA.Autoit
Webroot W32.Malware.gen
Google Detected
Antiy-AVL Trojan[Packed]/Win32.Autoit
Gridinsoft Trojan.Win32.CoinMiner.dd!s2
Xcitium TrojWare.Win32.Hider.REXR@5364l6
Microsoft Program:Win32/Wacapew.C!ml
ViRobot Trojan.Win32.A.Agent.690283[UPX]
GData Win32.Trojan.PSE.R2WKDE
Varist W32/Trojan.IJBN-1595
DeepInstinct MALICIOUS
VBA32 IMWorm.Sohanad
Malwarebytes Generic.Malware.AI.DDS
TrendMicro-HouseCall TROJ_GEN.R002H09ET24
Yandex Trojan.GenAsa!i9rai7w7/WE
MAX malware (ai score=84)
MaxSecure Trojan.Malware.115849518.susgen
Fortinet Riskware/Application
AVG Win32:Evo-gen [Trj]