Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 5, 2024, 9:25 a.m.	Aug. 5, 2024, 9:35 a.m.

Size	2.9MB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`be924fd44ff6878d0666320a6161ad70`
SHA256	`283ece83572923032a368088751b611aee0d866be61d048935d9b5ca3d344a70`
CRC32	`86DE7FD6`
ssdeep	`49152:emTKVJmW4ODgtXsxlh+WzMKZB1KfdW8EbmC6MIq6eYCq0yJHoJSzvMvUw2n:4mW4ODyXsxj+WAKZzKFNEbmC6+6eYCwY`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file

test.exe "C:\Users\test22\AppData\Local\Temp\test.exe"
1372

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Aug. 5, 2024, 9:18 a.m.	computer_name: TEST22-PC	1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Aug. 5, 2024, 9:18 a.m.	process_identifier: 1372 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000600000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x002dc200', u'virtual_address': u'0x0082f000', u'entropy': 7.945070841509203, u'name': u'UPX1', u'virtual_size': u'0x002dd000'}

entropy

7.94507084151

description

A section with a high entropy has been found

entropy

0.991871295512

description

Overall entropy of this PE file is high

The executable is compressed using UPX (2 events)

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

Bkav	W64.AIDetectMalware
Lionic	Riskware.Win32.BitCoinMiner.1!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.Dropper.vc
ALYac	Gen:Variant.Application.Miner.2
Cylance	Unsafe
VIPRE	Gen:Variant.Application.Miner.2
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 005622c31 )
BitDefender	Gen:Variant.Application.Miner.2
K7GW	Riskware ( 005622c31 )
Cybereason	malicious.44ff68
Arcabit	Trojan.Application.Miner.2
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/CoinMiner.IZ potentially unwanted
McAfee	Artemis!BE924FD44FF6
Avast	Win64:CoinminerX-gen [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	RiskWare:Win64/Miners.d032a9a0
MicroWorld-eScan	Gen:Variant.Application.Miner.2
Rising	Trojan.Miner!8.EA1 (TFE:5:yFwsfpS6ZqD)
Emsisoft	Gen:Variant.Application.Miner.2 (B)
DrWeb	Tool.BtcMine.2731
McAfeeD	Real Protect-LS!BE924FD44FF6
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.be924fd44ff6878d
Sophos	XMRig Miner (PUA)
Ikarus	Trojan.Win64.CoinMiner
Webroot	Bitcoinminer.Gen
Google	Detected
Antiy-AVL	Trojan/Win64.CoinMiner.xmr
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Trojan.Win64.XMRig.tr
ZoneAlarm	not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner.gen
GData	Gen:Variant.Application.Miner.2
Varist	W64/Coinminer.BN.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R526983
TACHYON	Trojan/W64.XMRig.8251392
DeepInstinct	MALICIOUS
Malwarebytes	RiskWare.CoinMiner
TrendMicro-HouseCall	TROJ_GEN.R002H07H424
Tencent	Risktool.Win64.Bitminer.16000063
MAX	malware (ai score=78)
Fortinet	Riskware/CoinMiner.PO
AVG	Win64:CoinminerX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/grayware_confidence_100% (W)
alibabacloud	HackTool:Win/CoinMiner.A

test.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All