popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66b45c742e0a1_123p.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 9, 2024, 4:38 p.m. Aug. 9, 2024, 4:41 p.m.
Size 10.1MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 488d85695b6e76307aa595f8db6a48fc
SHA256 433ced4f31e8bfb3f0c02fe88255d4fc109c8bc2f4d8bd51eae700cff631d191
CRC32 EE2EE198
ssdeep 196608:V+Zh8TZ4EwkJcPAyxxycUgqToe0ERIdBxZC7dmmvYGW8Jv:jrhutxSgWPcxZCJNL
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
pool.hashvault.pro
A 125.253.92.50
A 131.153.76.130
125.253.92.50
IP Address Status Action
131.153.76.130 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2036289 ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) Crypto Currency Mining Activity Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.103:49163
131.153.76.130:443 		None None None

section .00cfg
section .text0
section .text1
section .text2
section {u'size_of_data': u'0x009e8e00', u'virtual_address': u'0x00f0b000', u'entropy': 7.9818878108087326, u'name': u'.text2', u'virtual_size': u'0x009e8da0'} entropy 7.98188781081 description A section with a high entropy has been found
entropy 0.981240632403 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Miner.4!c
Elastic malicious (high confidence)
Skyhigh BehavesLike.Win64.Trojan.vc
Cylance Unsafe
Sangfor Trojan.Win32.Agent.V8zy
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/Packed.VMProtect.AC suspicious
APEX Malicious
McAfee Artemis!488D85695B6E
Avast FileRepMalware [Trj]
Kaspersky Trojan.Win32.Miner.bfewo
Rising Trojan.Agent!8.B1E (TFE:5:FkFUO8h2JGR)
F-Secure Trojan.TR/Miner.uzmzp
TrendMicro Trojan.Win64.PRIVATELOADER.YXEHHZ
McAfeeD Real Protect-LS!488D85695B6E
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.488d85695b6e7630
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Webroot W32.Backdoor.Gen
Avira TR/Miner.uzmzp
Antiy-AVL Trojan[Packed]/Win64.VMProtect
Kingsoft malware.kb.b.870
Gridinsoft Ransom.Win64.Wacatac.cl
Microsoft Trojan:Win32/Sabsik.FL.A!ml
ZoneAlarm UDS:Trojan.Win32.Miner.bfewo
GData Win32.Application.Coinminer.4R9797
DeepInstinct MALICIOUS
Malwarebytes Trojan.CoinMiner
TrendMicro-HouseCall Trojan.Win64.PRIVATELOADER.YXEHHZ
Fortinet Riskware/Application
AVG FileRepMalware [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_90% (W)
alibabacloud VirTool:Win/Wacatac.B9nj