popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

xmrig.exe

XMRig Miner Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 30, 2024, 11:25 a.m. Sept. 30, 2024, 11:29 a.m.
Size 6.1MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 5fba8ae226b096da3b31de0e17496735
SHA256 ca28f4aeaa5e16d216cd828b67454a56f3c7feeb242412d26ed914fadff20d40
CRC32 88F33254
ssdeep 98304:iONmXliGgyduIy7bWynX75rfdRZqOXmvFubCY9yxl5TtX8Ao0Ezae6B:GXlivZqOXmtubmxl5ppvEzT6
Yara
  • Malicious_Library_Zero - Malicious_Library
  • XMRig_Miner_IN - XMRig Miner
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
section _RANDOMX
section _TEXT_CN
section _RDATA
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2676
region_size: 131072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000003c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Miner.tstT
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Dropper.vh
ALYac Dump:Generic.Application.CoinMiner.1.C4298D9A
Cylance Unsafe
VIPRE Dump:Generic.Application.CoinMiner.1.C4298D9A
Sangfor Trojan.Win64.XMR.Miner
CrowdStrike win/grayware_confidence_70% (W)
BitDefender Dump:Generic.Application.CoinMiner.1.C4298D9A
K7GW CryptoMiner ( 0058ddab1 )
K7AntiVirus CryptoMiner ( 0058ddab1 )
Arcabit Dump:Generic.Application.CoinMiner.1.C4298D9A
VirIT Trojan.Win64.Agent.HHF
Symantec ML.Attribute.HighConfidence
Elastic Windows.Cryptominer.Generic
ESET-NOD32 a variant of Win64/CoinMiner.IZ potentially unwanted
APEX Malicious
Avast Win32:Miner-HM [PUP]
ClamAV Win.Coinminer.Generic-7151250-0
Kaspersky not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
Alibaba Trojan:Win32/Coinminer.449
NANO-Antivirus Riskware.Win64.BitMiner.ksaxup
MicroWorld-eScan Dump:Generic.Application.CoinMiner.1.C4298D9A
Rising HackTool.XMRMiner!1.C2EC (CLASSIC)
Emsisoft Dump:Generic.Application.CoinMiner.1.C4298D9A (B)
F-Secure PotentialRisk.PUA/CoinMiner.Gen
Zillya Tool.BitMiner.Win32.4679
TrendMicro TROJ_FRS.VSNTIL24
McAfeeD Real Protect-LS!5FBA8AE226B0
CTX exe.miner.generic
Sophos XMRig Miner (PUA)
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.5fba8ae226b096da
Jiangmin Trojan.Miner.tct
Webroot Bitcoinminer.Gen
Google Detected
Avira PUA/CoinMiner.Gen
Antiy-AVL GrayWare/Win64.CoinMiner.po
Kingsoft Win32.Troj.Undef.a
Gridinsoft Trojan.Win64.XMRig.tr
Xcitium ApplicUnwnt@#vpjoctrukvif
ZoneAlarm not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
GData Win64.Application.Coinminer.CP
Varist W64/Coinminer.BN.gen!Eldorado
AhnLab-V3 Win-Trojan/Miner3.Exp
McAfee Artemis!5FBA8AE226B0
DeepInstinct MALICIOUS
Malwarebytes BitcoinMiner.Trojan.Miner.DDS
Ikarus PUA.CoinMiner