Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

miner_kill.exe

Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE64 PE File OS Processor Check ZIP Format DLL

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 5, 2024, 10:35 a.m.	Aug. 5, 2024, 11:04 a.m.

Size	8.5MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`5283694f46026d0d31edd618ed544c85`
SHA256	`28f8cffb685ffeead87e84d7df87b5bfb0d990b1e002334dc2150a359c8adf75`
CRC32	`990564CE`
ssdeep	`196608:alvrHlfID0pUzPLhQNQm8NkKeVuWJysVYvsODoyMxxvjDDAxsQDcqiX:ajHlXpUTLfhJxWJ0oyMxtDDAxsQA9X`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

miner_kill.exe "C:\Users\test22\AppData\Local\Temp\miner_kill.exe"
1020
- miner_kill.exe "C:\Users\test22\AppData\Local\Temp\miner_kill.exe"
  2304

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (9 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Aug. 5, 2024, 10:28 a.m.	buffer: Traceback (most recent call last): console_handle: 0x000000000000000b	1	1	0
WriteConsoleW Aug. 5, 2024, 10:28 a.m.	buffer: File "miner_kill.py", line 1, in <module> console_handle: 0x000000000000000b	1	1	0
WriteConsoleW Aug. 5, 2024, 10:28 a.m.	buffer: File "PyInstaller\loader\pyimod02_importers.py", line 419, in exec_module console_handle: 0x000000000000000b	1	1	0
WriteConsoleW Aug. 5, 2024, 10:28 a.m.	buffer: File "psutil\__init__.py", line 42, in <module> console_handle: 0x000000000000000b	1	1	0
WriteConsoleW Aug. 5, 2024, 10:28 a.m.	buffer: File "PyInstaller\loader\pyimod02_importers.py", line 419, in exec_module console_handle: 0x000000000000000b	1	1	0
WriteConsoleW Aug. 5, 2024, 10:28 a.m.	buffer: File "psutil\_common.py", line 18, in <module> console_handle: 0x000000000000000b	1	1	0
WriteConsoleW Aug. 5, 2024, 10:28 a.m.	buffer: File "PyInstaller\loader\pyimod02_importers.py", line 419, in exec_module console_handle: 0x000000000000000b	1	1	0
WriteConsoleW Aug. 5, 2024, 10:28 a.m.	buffer: File "socket.py", line 49, in <module> console_handle: 0x000000000000000b	1	1	0
WriteConsoleW Aug. 5, 2024, 10:28 a.m.	buffer: ImportError: DLL load failed while importing _socket: The parameter is incorrect. console_handle: 0x000000000000000b	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 5, 2024, 10:28 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

Creates executable files on the filesystem (6 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI10202\python3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI10202\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI10202\libffi-7.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI10202\libssl-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI10202\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI10202\python38.dll

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win64.Shlem.tsuY
Elastic	malicious (high confidence)
Skyhigh	BehavesLike.Win64.Generic.rc
ALYac	Trojan.GenericKD.72362249
Cylance	Unsafe
VIPRE	Trojan.GenericKD.72362249
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 00584baa1 )
BitDefender	Trojan.GenericKD.72362249
Cybereason	malicious.f46026
Arcabit	Trojan.Generic.D4502909
Symantec	Trojan.Gen.MBT
APEX	Malicious
McAfee	Artemis!5283694F4602
Avast	Win64:Malware-gen
Kaspersky	Trojan.Win64.Shelm.iy
Alibaba	Trojan:Win64/Shelm.1a92bc71
MicroWorld-eScan	Trojan.GenericKD.72362249
Emsisoft	Trojan.GenericKD.72362249 (B)
TrendMicro	TROJ_FRS.VSNTBC24
McAfeeD	ti!28F8CFFB685F
FireEye	Generic.mg.5283694f46026d0d
Sophos	Mal/Generic-S
Google	Detected
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Acll
ViRobot	Trojan.Win.Z.Agent.8938575
ZoneAlarm	Trojan.Win64.Shelm.iy
GData	Trojan.GenericKD.72362249
Varist	W64/S-60068354!Eldorado
AhnLab-V3	Trojan/Win.Evo-gen.R622261
DeepInstinct	MALICIOUS
VBA32	Trojan.Win64.Shelm
Malwarebytes	Malware.AI.4240893777
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_FRS.VSNTBC24
Yandex	Trojan.Shelm!EoqwSIKmd20
MAX	malware (ai score=87)
MaxSecure	Trojan.Malware.230154143.susgen
Fortinet	W32/PossibleThreat
AVG	Win64:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Trojan:Win/Shelm.ig