popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

uYtF.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 24, 2024, 7:30 a.m. June 24, 2024, 7:34 a.m.
Size 2.5MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 4691a9fe21f8589b793ea16f0d1749f1
SHA256 63733ff3b794ebd7566103c8a37f7de862348ffacf130661f2c544dea8cde904
CRC32 F96C8FF8
ssdeep 49152:F9/HgTHqHoKCMrALmVS0VcfxXke6QHwpIdRgxh4+nAfHI:F9/HgTHyRrALmyfxXk5pIdRgxhTnu
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
pool.hashvault.pro
A 131.153.76.130
A 125.253.92.50
131.153.76.130
IP Address Status Action
125.253.92.50 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2036289 ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) Crypto Currency Mining Activity Detected
TCP 192.168.56.103:49164 -> 125.253.92.50:80 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation
TCP 192.168.56.103:49164 -> 125.253.92.50:80 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

section .00cfg
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Miner.4!c
Elastic Windows.Generic.Threat
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.CoinMiner.S32378657
ALYac Gen:Variant.Tedy.485656
Cylance Unsafe
VIPRE Gen:Variant.Tedy.485656
K7AntiVirus Trojan ( 005af85d1 )
BitDefender Gen:Variant.Tedy.485656
K7GW Trojan ( 005af85d1 )
Cybereason malicious.e21f85
Symantec Trojan.Coinminer!g3
ESET-NOD32 a variant of Win64/Kryptik.EDF
APEX Malicious
Avast Win64:Evo-gen [Trj]
Kaspersky HEUR:Trojan.Win32.Miner.pef
Alibaba Trojan:Win64/CoinMiner.21cc731d
NANO-Antivirus Trojan.Win64.Miner.kotlga
MicroWorld-eScan Gen:Variant.Tedy.485656
Rising Trojan.Kryptik!8.8 (TFE:5:puXfYWFTsfG)
Emsisoft Gen:Variant.Tedy.485656 (B)
F-Secure Heuristic.HEUR/AGEN.1371803
DrWeb Trojan.Siggen28.63157
TrendMicro Trojan.Win64.AMADEY.YXEFUZ
McAfeeD ti!63733FF3B794
FireEye Generic.mg.4691a9fe21f8589b
Sophos Troj/Krypt-ADL
Ikarus Win32.Outbreak
Google Detected
Avira HEUR/AGEN.1371803
MAX malware (ai score=85)
Antiy-AVL Trojan/Win64.GenKryptik
Kingsoft Win32.Trojan.Miner.pef
Gridinsoft Trojan.Win64.CoinMiner.sa
Arcabit Trojan.Tedy.D76918
ViRobot Trojan.Win.Z.Tedy.2608640.A
ZoneAlarm HEUR:Trojan.Win32.Miner.pef
GData Gen:Variant.Tedy.485656
Varist W64/Kryptik.LEH.gen!Eldorado
AhnLab-V3 Dropper/Win.DropperX-gen.R622355
DeepInstinct MALICIOUS
VBA32 OScope.Trojan.Win64.Miner
Malwarebytes Trojan.MalPack.Generic
Panda Trj/GdSda.A
TrendMicro-HouseCall Trojan.Win64.AMADEY.YXEFUZ
Tencent Win32.Trojan.Miner.Pgil
Yandex Trojan.Miner!7wV1/J+tp4g
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.121218.susgen