Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 5, 2024, 3:36 p.m.	Aug. 5, 2024, 3:43 p.m.

Size	10.1MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`3b24971c5fef776db7df10a769f0857a`
SHA256	`0d990bedac4696a67ad46dbc686750086f72f4795ed8a6121782ba3b0dc736b5`
CRC32	`D44BF723`
ssdeep	`196608:7PyWqZApuYuBDhM7GsHkE5j5hKAbsZ2i0zdKRVZ6FspAE5EFH73AUYR:7aWNRuBDZsEChnK2VziVZdu3h8`
Yara	ftp_command - ftp command PE_Header_Zero - PE File Signature IsPE64 - (no description)

66af31c75d213_123p.exe "C:\Users\test22\AppData\Local\Temp\66af31c75d213_123p.exe"
2536

Name	Response	Post-Analysis Lookup
pool.hashvault.pro	A 131.153.76.130 A 125.253.92.50	125.253.92.50

IP Address	Status	Action
125.253.92.50	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	Crypto Currency Mining Activity Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.101:49163 125.253.92.50:443	None	None	None

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	.00cfg
section	.text0
section	.text1
section	.text2

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x009e2800', u'virtual_address': u'0x00f05000', u'entropy': 7.981187510655445, u'name': u'.text2', u'virtual_size': u'0x009e2760'}

entropy

7.98118751066

description

A section with a high entropy has been found

entropy

0.981194261342

description

Overall entropy of this PE file is high

File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.VMProtect.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Miner
Skyhigh	BehavesLike.Win64.Generic.vc
ALYac	Trojan.GenericKD.73156928
Cylance	Unsafe
VIPRE	Trojan.GenericKD.73156928
Sangfor	CoinMiner.Win64.Agent.Vq6q
K7AntiVirus	Trojan ( 005aeb761 )
BitDefender	Trojan.GenericKD.73156928
K7GW	Trojan ( 005aeb761 )
Cybereason	malicious.c5fef7
Arcabit	Trojan.Generic.D45C4940
VirIT	Trojan.Win64.Genus.GYW
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/Packed.VMProtect.AC suspicious
APEX	Malicious
McAfee	Artemis!3B24971C5FEF
Avast	Win64:TrojanX-gen [Trj]
Kaspersky	Trojan.Win32.Miner.beqmx
Alibaba	Trojan:Win64/Miner.0be0d4af
MicroWorld-eScan	Trojan.GenericKD.73156928
Rising	Trojan.Agent!8.B1E (TFE:5:FkFUO8h2JGR)
Emsisoft	Trojan.GenericKD.73156928 (B)
F-Secure	Trojan.TR/Miner.qzqil
DrWeb	Trojan.Siggen28.62668
Zillya	Trojan.Miner.Win32.18034
TrendMicro	Trojan.Win64.PRIVATELOADER.YXEFQZ
McAfeeD	Real Protect-LS!3B24971C5FEF
Trapmine	malicious.moderate.ml.score
FireEye	Trojan.GenericKD.73156928
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Webroot	W32.Malware.Gen
Google	Detected
Avira	TR/Miner.qzqil
MAX	malware (ai score=85)
Antiy-AVL	Trojan[Packed]/Win64.VMProtect
Kingsoft	Win32.Trojan.Miner.beqmx
Gridinsoft	Trojan.Win64.Packed.cl
Xcitium	Malware@#2tne6v71ivudf
Microsoft	Trojan:Win64/Reflo.HNS!MTB
ZoneAlarm	Trojan.Win32.Miner.beqmx
GData	Trojan.GenericKD.73156928
AhnLab-V3	Trojan/Win.Miner.C5645058
DeepInstinct	MALICIOUS
VBA32	Trojan.Miner
Malwarebytes	Trojan.BitCoinMiner

66af31c75d213_123p.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All