Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 12, 2024, 9:23 a.m.	Aug. 12, 2024, 9:46 a.m.

Size	10.3MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`27b14ad026da76c1111174c6b4ba6aba`
SHA256	`bef765aff3d916d8be504b604c0dc37afe3fd76260fe158508b778b5e4b85ddf`
CRC32	`E097E6BE`
ssdeep	`196608:tSiB9/zPAW0ILyawlf9Ul33DqL4zDefJglqYnkFTdl434Mfr:tX97fB6iXvkFTf4zj`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

66b331646d2cd_123p.exe "C:\Users\test22\AppData\Local\Temp\66b331646d2cd_123p.exe"
2064

Name	Response	Post-Analysis Lookup
pool.hashvault.pro	A 125.253.92.50 A 131.153.76.130	131.153.76.130

IP Address	Status	Action
131.153.76.130	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	Crypto Currency Mining Activity Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.103:49163 131.153.76.130:443	None	None	None

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	.00cfg
section	.text0
section	.text1
section	.text2

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00a19a00', u'virtual_address': u'0x00f2b000', u'entropy': 7.9788840614245675, u'name': u'.text2', u'virtual_size': u'0x00a19890'}

entropy

7.97888406142

description

A section with a high entropy has been found

entropy

0.98158781379

description

Overall entropy of this PE file is high

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.VMProtect.4!c
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Expiro.vc
ALYac	Trojan.GenericKD.73803111
Cylance	Unsafe
VIPRE	Trojan.GenericKD.73803111
Sangfor	CoinMiner.Win64.Agent.Vvff
K7AntiVirus	Trojan ( 005aeb761 )
BitDefender	Trojan.GenericKD.73803111
K7GW	Trojan ( 005aeb761 )
VirIT	Trojan.Win64.Agent.HCX
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Packed.VMProtect.AC suspicious
Avast	Win64:MalwareX-gen [Trj]
Kaspersky	Trojan.Win32.Miner.bfevm
Alibaba	Trojan:Win64/Miner.d8d83649
MicroWorld-eScan	Trojan.GenericKD.73803111
Rising	Trojan.Agent!8.B1E (TFE:5:FkFUO8h2JGR)
Emsisoft	Trojan.GenericKD.73803111 (B)
F-Secure	Trojan.TR/Miner.zkvhe
DrWeb	Trojan.Siggen29.15329
TrendMicro	Trojan.Win64.PRIVATELOADER.YXEHGZ
McAfeeD	Real Protect-LS!27B14AD026DA
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.27b14ad026da76c1
Sophos	Mal/Generic-S
Webroot	W32.Backdoor.Gen
Avira	TR/Miner.zkvhe
MAX	malware (ai score=88)
Antiy-AVL	Trojan[Packed]/Win64.VMProtect
Kingsoft	Win32.Trojan.Miner.bfevm
Gridinsoft	Ransom.Win64.Sabsik.cl
Xcitium	ApplicUnwnt@#1ne0wlp1fejjb
ZoneAlarm	Trojan.Win32.Miner.bfevm
GData	Trojan.GenericKD.73803111
AhnLab-V3	Trojan/Win.Agent.C5656910
McAfee	Artemis!27B14AD026DA
DeepInstinct	MALICIOUS
VBA32	Trojan.CoinMiner
Malwarebytes	Trojan.CoinMiner
Ikarus	PUA.VMProtect
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win64.PRIVATELOADER.YXEHGZ
Tencent	Win32.Trojan.Miner.Rsmw
Yandex	Trojan.Miner!M/WpOdV8U1Q
Fortinet	Riskware/Application
AVG	Win64:MalwareX-gen [Trj]
Paloalto	generic.ml

66b331646d2cd_123p.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All