popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

xmrig.exe

XMRig Miner Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 8, 2024, 5:03 p.m. July 8, 2024, 5:08 p.m.
Size 6.1MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 c0f8959614ae06561216158d78a787e5
SHA256 e199d88569fb54346d5fa20ee7b59b2ea6f16f4ecca3ea1e1c937b11aab7b2b0
CRC32 1E159741
ssdeep 98304:AwHlVzThdquIJ3mH6KfTSr2tJCkN3dOauqMAC2Taf43TZquOE2:fVz5CkN3dXuq9Taf4jLt2
Yara
  • Malicious_Library_Zero - Malicious_Library
  • XMRig_Miner_IN - XMRig Miner
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
section _RANDOMX
section _TEXT_CN
section _RDATA
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000001ce0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Miner.tstT
Elastic Windows.Cryptominer.Generic
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.CoinMiner.vh
McAfee Artemis!C0F8959614AE
Cylance Unsafe
VIPRE Gen:Variant.Application.Miner.2
Sangfor Trojan.Win64.XMR.Miner
K7AntiVirus Trojan ( 005697011 )
BitDefender Gen:Variant.Application.Miner.2
K7GW Trojan ( 005697011 )
Cybereason malicious.614ae0
Arcabit Trojan.Application.Miner.2
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win64/CoinMiner.IZ potentially unwanted
APEX Malicious
Avast Win64:MiscX-gen [PUP]
ClamAV Win.Coinminer.Generic-7151250-0
Kaspersky not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
Alibaba Trojan:Win32/Coinminer.449
NANO-Antivirus Riskware.Win64.BitMiner.kmlecm
MicroWorld-eScan Gen:Variant.Application.Miner.2
Rising HackTool.XMRMiner!1.C2EC (CLASSIC)
Emsisoft Gen:Variant.Application.Miner.2 (B)
F-Secure PotentialRisk.PUA/CoinMiner.Gen
DrWeb Tool.BtcMine.2756
Zillya Tool.BitMiner.Win32.4635
McAfeeD Real Protect-LS!C0F8959614AE
FireEye Generic.mg.c0f8959614ae0656
Sophos XMRig Miner (PUA)
Ikarus PUA.CoinMiner
Jiangmin RiskTool.BitMiner.conl
Webroot Bitcoinminer.Gen
Google Detected
Avira PUA/CoinMiner.Gen
MAX malware (ai score=76)
Antiy-AVL GrayWare/Win64.CoinMiner.po
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Trojan.Win64.XMRig.tr
Xcitium ApplicUnwnt@#17lxgrjukmbyh
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Win64.Application.Coinminer.CP
Varist W64/Coinminer.BN.gen!Eldorado
AhnLab-V3 Win-Trojan/Miner3.Exp
DeepInstinct MALICIOUS
Malwarebytes BitcoinMiner.Trojan.Miner.DDS
Panda PUP/CoinMiner
TrendMicro-HouseCall TROJ_GEN.R002H0CDN24
Tencent Malware.Win32.Gencirc.10bfe9da