popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

WezoEventUP.exe

CoinMiner Generic Malware AutoIt UPX PE File PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 21, 2024, 3:47 p.m. June 21, 2024, 3:53 p.m.
Size 330.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 47bfeea9297530e45f26c4877bc078a6
SHA256 b33031705aa73544858df53f11b3a5d9c969489d2c109cf32bbe1b796963c102
CRC32 9B3B3F21
ssdeep 6144:+68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1IP:+fnnK9zABs+TbFx9SXOPCf8DkqAR8zHt
Yara
  • AutoIt - autoit
  • PE_Header_Zero - PE File Signature
  • CoinMiner_IN - CoinMiner
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
section {u'size_of_data': u'0x0004aa00', u'virtual_address': u'0x0007d000', u'entropy': 7.940965856094214, u'name': u'UPX1', u'virtual_size': u'0x0004b000'} entropy 7.94096585609 description A section with a high entropy has been found
entropy 0.911450381679 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Autoit.4!c
Elastic malicious (moderate confidence)
Skyhigh BehavesLike.Win32.AutoitDropper.fc
ALYac Trojan.GenericKD.66127720
Cylance Unsafe
VIPRE Trojan.GenericKD.66127720
Sangfor Trojan.Win32.Packed.Viga
K7AntiVirus Trojan ( 005631b11 )
BitDefender Trojan.GenericKD.66127720
K7GW Trojan ( 005631b11 )
Cybereason malicious.929753
VirIT Trojan.Win32.Generic.XTX
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win32/Packed.Autoit.NBT suspicious
APEX Malicious
Avast Win32:Evo-gen [Trj]
ClamAV Win.Malware.Generic-6651791-0
Alibaba Packed:Win32/Generic.15c15198
NANO-Antivirus Trojan.Win32.TrjGen.jwpute
MicroWorld-eScan Trojan.GenericKD.66127720
Emsisoft Trojan.GenericKD.66127720 (B)
DrWeb Trojan.Siggen5.59949
Zillya Trojan.Nymeria.Win32.836
McAfeeD ti!B33031705AA7
Trapmine malicious.high.ml.score
FireEye Generic.mg.47bfeea9297530e4
Sophos Mal/Generic-S
Ikarus PUA.Autoit
Webroot W32.Trojan.Gen
Antiy-AVL Trojan[Packed]/Win32.Autoit
Gridinsoft Trojan.Win32.CoinMiner.dd!s2
Xcitium TrojWare.Win32.Hider.REXR@5364l6
Arcabit Trojan.Generic.D3F10768
ViRobot Trojan.Win32.A.Agent.690283[UPX]
GData Win32.Trojan.PSE.R2WKDE
Varist W32/Trojan.IJBN-1595
DeepInstinct MALICIOUS
VBA32 IMWorm.Sohanad
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H0CBQ24
Yandex Trojan.GenAsa!i9rai7w7/WE
MAX malware (ai score=87)
MaxSecure Trojan.Malware.204078855.susgen
Fortinet Riskware/Application
AVG Win32:Evo-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Trojan:Win/Packed.Autoit.NKB