popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

pcstoryrestart.exe

CoinMiner Generic Malware AutoIt UPX PE File PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 19, 2024, 2:16 p.m. Aug. 19, 2024, 2:21 p.m.
Size 329.3KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 b69808cf234575a70239f8cfde03d77d
SHA256 ea6b484e8b5855d5058fb373f5b3407ecb2abb9e8820618e080da577a2567413
CRC32 E1ABD9A2
ssdeep 6144:i68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1I0:CfnnK9zABs+TbFx9SXOPCf8DkqAR8zHa
Yara
  • AutoIt - autoit
  • PE_Header_Zero - PE File Signature
  • CoinMiner_IN - CoinMiner
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000188
process_name: smss.exe
process_identifier: 232
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: csrss.exe
process_identifier: 308
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: wininit.exe
process_identifier: 344
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: csrss.exe
process_identifier: 356
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: winlogon.exe
process_identifier: 392
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: services.exe
process_identifier: 436
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: lsass.exe
process_identifier: 452
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: svchost.exe
process_identifier: 560
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: svchost.exe
process_identifier: 636
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: svchost.exe
process_identifier: 716
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: svchost.exe
process_identifier: 780
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: svchost.exe
process_identifier: 824
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: audiodg.exe
process_identifier: 896
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: svchost.exe
process_identifier: 984
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: svchost.exe
process_identifier: 340
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: spoolsv.exe
process_identifier: 1060
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: taskhost.exe
process_identifier: 1112
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: svchost.exe
process_identifier: 1120
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: dwm.exe
process_identifier: 1192
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: explorer.exe
process_identifier: 1236
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: svchost.exe
process_identifier: 1744
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: pw.exe
process_identifier: 1888
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: SearchIndexer.exe
process_identifier: 1652
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: mobsync.exe
process_identifier: 1676
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: pw.exe
process_identifier: 1904
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: wsqmcons.exe
process_identifier: 1792
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: sdclt.exe
process_identifier: 1508
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: taskhost.exe
process_identifier: 184
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: SearchProtocolHost.exe
process_identifier: 1608
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: cmd.exe
process_identifier: 1668
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: conhost.exe
process_identifier: 1280
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: pcstoryrestart.exe
process_identifier: 884
1 1 0

Process32NextW

 snapshot_handle: 0x00000188
process_name: pw.exe
process_identifier: 2096
1 1 0
section {u'size_of_data': u'0x0004aa00', u'virtual_address': u'0x0007d000', u'entropy': 7.940965856094214, u'name': u'UPX1', u'virtual_size': u'0x0004b000'} entropy 7.94096585609 description A section with a high entropy has been found
entropy 0.911450381679 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Autoit.4!c
Elastic malicious (moderate confidence)
Skyhigh BehavesLike.Win32.Yahlover.fc
Cylance Unsafe
Sangfor Trojan.Win32.Packed.Vwi2
K7AntiVirus Trojan ( 0056316d1 )
K7GW Trojan ( 0056316d1 )
VirIT Trojan.Win32.Generic.XTX
ESET-NOD32 a variant of Win32/Packed.Autoit.NBT suspicious
APEX Malicious
McAfee Artemis!B69808CF2345
Avast Win32:Evo-gen [Trj]
Alibaba Packed:Win32/Generic.a9c89a29
DrWeb Trojan.Siggen5.59949
Zillya Trojan.AutoIT.Win32.154721
McAfeeD ti!EA6B484E8B58
Trapmine malicious.high.ml.score
FireEye Generic.mg.b69808cf234575a7
Sophos Mal/Generic-S
Ikarus PUA.Autoit
Webroot W32.Trojan.Gen
Google Detected
Antiy-AVL Trojan[Packed]/Win32.Autoit
Gridinsoft Trojan.Win32.CoinMiner.dd!s2
Xcitium TrojWare.Win32.Hider.REXR@5364l6
Microsoft Trojan:Win32/Phonzy.A!ml
ViRobot Trojan.Win32.A.Agent.690283[UPX]
GData Win32.Trojan.PSE.R2WKDE
Varist W32/Trojan.IJBN-1595
DeepInstinct MALICIOUS
VBA32 IMWorm.Sohanad
Malwarebytes Generic.Malware.AI.DDS
Yandex Trojan.GenAsa!i9rai7w7/WE
MaxSecure Trojan.Malware.221268428.susgen
Fortinet Riskware/Application
AVG Win32:Evo-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud VirTool:Win/Packed.Autoit.NKB