Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 29, 2024, 3:11 p.m.	June 29, 2024, 3:12 p.m.

Size	176.0KB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`03364eb9ea6170328d51511d7639ba26`
SHA256	`23ff85e463672b3939302e967aae890e4ef7f489d9fc434fdfdc62f4f0995eb6`
CRC32	`81E0734F`
ssdeep	`1536:5Dx+n6BFPbLtFl8TYqYpmO5fDFm3AF2ccfPsc4bfGI+Uncvi1pxwm2QO3Nq6Xlx/:5D46PTLl8FQmePsUncvKxwazOAhK0C`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature VMProtect_Zero - VMProtect packed file IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00169400', u'virtual_address': u'0x00022000', u'entropy': 7.119626215720743, u'name': u'.rsrc', u'virtual_size': u'0x00169230'}

entropy

7.11962621572

description

A section with a high entropy has been found

entropy

0.938007140539

description

Overall entropy of this PE file is high

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Agentb.tn9n
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Risktool.BitCoinMiner.DR9
Skyhigh	Photominer!03364EB9EA61
ALYac	Application.BitCoinMiner.OE
Cylance	Unsafe
VIPRE	Application.BitCoinMiner.OE
Sangfor	CoinMiner.Win32.Agent.Vr0i
K7AntiVirus	CryptoMiner ( 004e1d801 )
BitDefender	Application.BitCoinMiner.OE
K7GW	CryptoMiner ( 004e1d801 )
Cybereason	malicious.9ea617
Arcabit	Application.BitCoinMiner.OE
Symantec	Trojan.Coinbitminer
ESET-NOD32	Win32/Crytes.AA
APEX	Malicious
McAfee	Photominer!03364EB9EA61
Avast	Win32:BitCoinMiner-IW [Trj]
ClamAV	Win.Coinminer.Generic-7150608-0
Kaspersky	Worm.Win32.Remoh.ah
Alibaba	Malware:Win32/km_2ed2b.None
NANO-Antivirus	Trojan.Win32.DownLoad3.ebcppl
MicroWorld-eScan	Application.BitCoinMiner.OE
Rising	Trojan.CoinMiner!1.ACB9 (CLASSIC)
Emsisoft	Application.BitCoinMiner.OE (B)
DrWeb	Trojan.BtcMine.1214
Zillya	Trojan.Black.Win32.46302
TrendMicro	TROJ_COINMINER_GB01001A.UVPM
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.03364eb9ea617032
Sophos	Troj/Miner-JO
Ikarus	Trojan.Win32.CoinMiner
Jiangmin	RiskTool.BitCoinMiner.ab
Webroot	Trojan.Dropper.Gen
Google	Detected
MAX	malware (ai score=74)
Antiy-AVL	Trojan/Win32.Crytes.aa
Kingsoft	malware.kb.a.1000
Gridinsoft	Risk.Win32.CoinMiner.sd!s1
Xcitium	TrojWare.Win32.CoinMiner.B@6tqin0
Microsoft	Trojan:Win32/Ymacco.ABA2
ViRobot	Trojan.Win32.Agent.1578496.A
ZoneAlarm	Worm.Win32.Remoh.ah
GData	Win32.Trojan.PSE.FPT8KX
Varist	W32/BitCoin.J.gen!Eldorado
AhnLab-V3	CoinMiner/Win.Agent.1606144
DeepInstinct	MALICIOUS
VBA32	Trojan.Miner

Photo.scr

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All