popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vncDbnt.exe

CoinMiner Generic Malware AutoIt UPX PE File PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 21, 2024, 9:45 a.m. June 21, 2024, 9:49 a.m.
Size 329.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 3597cd93701c4505d035a34271e0b931
SHA256 acd89e772ca1bc9d3c69cff7430fa4bb921d4468d6115c57cade092944572eb3
CRC32 042F978B
ssdeep 6144:J68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1IX:ffnnK9zABs+TbFx9SXOPCf8DkqAR8zHN
Yara
  • AutoIt - autoit
  • PE_Header_Zero - PE File Signature
  • CoinMiner_IN - CoinMiner
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: [SC] OpenService FAILED 1060: The specified service does not exist as an installed service.
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
cmdline C:\Windows\system32\cmd.exe /c sc delete DBNTser
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000184
process_name: mobsync.exe
process_identifier: 1668
1 1 0

Process32NextW

 snapshot_handle: 0x00000184
process_name: pw.exe
process_identifier: 760
1 1 0

Process32NextW

 snapshot_handle: 0x00000184
process_name: cmd.exe
process_identifier: 1740
1 1 0

Process32NextW

 snapshot_handle: 0x00000184
process_name: conhost.exe
process_identifier: 2032
1 1 0

Process32NextW

 snapshot_handle: 0x00000184
process_name: SearchFilterHost.exe
process_identifier: 1884
1 1 0

Process32NextW

 snapshot_handle: 0x00000184
process_name: vncDbnt.exe
process_identifier: 872
1 1 0

Process32NextW

 snapshot_handle: 0x00000184
process_name: pw.exe
process_identifier: 1020
1 1 0
section {u'size_of_data': u'0x0004aa00', u'virtual_address': u'0x0007d000', u'entropy': 7.940965856094214, u'name': u'UPX1', u'virtual_size': u'0x0004b000'} entropy 7.94096585609 description A section with a high entropy has been found
entropy 0.911450381679 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
cmdline C:\Windows\system32\cmd.exe /c sc delete DBNTser
cmdline sc delete DBNTser
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Autoit.4!c
Elastic malicious (moderate confidence)
Skyhigh BehavesLike.Win32.AutoitDropper.fc
ALYac Trojan.GenericKD.66127804
Cylance Unsafe
VIPRE Trojan.GenericKD.66127804
Sangfor Trojan.Win32.Packed.V2uk
K7AntiVirus Trojan ( 005631b11 )
BitDefender Trojan.GenericKD.66127804
K7GW Trojan ( 005631b11 )
Cybereason malicious.3701c4
Arcabit Trojan.Generic.D3F107BC
VirIT Trojan.Win32.Generic.XTX
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win32/Packed.Autoit.NBT suspicious
APEX Malicious
McAfee RDN/YahLover.worm
Avast Win32:Evo-gen [Trj]
ClamAV Win.Malware.Generic-6651791-0
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Packed:Win32/YahLover.5a21e6a4
MicroWorld-eScan Trojan.GenericKD.66127804
Emsisoft Trojan.GenericKD.66127804 (B)
DrWeb Trojan.Siggen5.59949
TrendMicro TROJ_GEN.R03BC0PFC24
McAfeeD ti!ACD89E772CA1
Trapmine malicious.high.ml.score
FireEye Generic.mg.3597cd93701c4505
Sophos Mal/Generic-S
Ikarus PUA.Autoit
Webroot W32.Trojan.Gen
Google Detected
Antiy-AVL Trojan[Packed]/Win32.Autoit
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Trojan.Win32.CoinMiner.dd!s2
Xcitium TrojWare.Win32.Hider.REXR@5364l6
Microsoft Trojan:Win32/Casdet!rfn
ViRobot Trojan.Win32.A.Agent.690283[UPX]
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Win32.Trojan.PSE.R2WKDE
Varist W32/Trojan.IJBN-1595
DeepInstinct MALICIOUS
VBA32 IMWorm.Sohanad
Malwarebytes Generic.Malware.AI.DDS
TrendMicro-HouseCall TROJ_GEN.R03BC0PFC24
Yandex Trojan.GenAsa!i9rai7w7/WE
MAX malware (ai score=89)
MaxSecure Trojan.Malware.204078691.susgen
Fortinet Riskware/YahLover