popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

rkduajedzcrd.exe

Generic Malware PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 20, 2024, 11:19 a.m. Oct. 20, 2024, 11:19 a.m.
Size 5.0MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 0838e4e90814a48e6122f4b0a2b2fc5f
SHA256 4f63cd101e4bdaacffd9169610b7bb9430de6bf87b9016125a3d76368f3e1fa7
CRC32 804933C9
ssdeep 98304:zxrSpzFH7gGBN9CsoC18nY97TGAQ0U06pDcROsKoE5jVMo9xRCJiWug/T:zUpZwsqyVQBQKoENtxREM
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
xmr-asia1.nanopool.org 172.104.165.191
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:59002 -> 8.8.8.8:53 2033268 ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) Potential Corporate Privacy Violation
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2033268 ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

section .00cfg
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Reflo.4!c
Elastic Windows.Generic.Threat
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.CoinMiner.S32378657
Skyhigh BehavesLike.Win64.Trojan.rh
Cylance Unsafe
VIPRE Gen:Heur.Mint.Zard.25
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005af85d1 )
BitDefender Gen:Heur.Mint.Zard.25
K7GW Trojan ( 005af85d1 )
Cybereason malicious.90814a
Arcabit Trojan.Mint.Zard.25
Symantec Trojan.Coinminer!g3
ESET-NOD32 a variant of Win64/Kryptik.EDF
APEX Malicious
McAfee Trojan-FWHP!0838E4E90814
Avast Win64:Evo-gen [Trj]
ClamAV Win.Trojan.Genkryptik-10016533-0
Kaspersky HEUR:Trojan.Win64.Reflo.pef
Alibaba Trojan:Win64/Coinminer.32f5356c
NANO-Antivirus Trojan.Win64.Kryptik.kqizrx
MicroWorld-eScan Gen:Heur.Mint.Zard.25
Rising Dropper.Injector!8.DC (TFE:5:qANomcoTHvR)
Emsisoft Gen:Heur.Mint.Zard.25 (B)
F-Secure Heuristic.HEUR/AGEN.1371433
DrWeb Trojan.Siggen29.10332
Zillya Trojan.Kryptik.Win64.48466
TrendMicro TROJ_GEN.R002C0DGU24
McAfeeD ti!4F63CD101E4B
Trapmine suspicious.low.ml.score
FireEye Gen:Heur.Mint.Zard.25
Sophos Troj/Krypt-ADL
Ikarus Trojan.Win64.Krypt
Webroot W32.Coinminer.Gen
Google Detected
Avira HEUR/AGEN.1371433
MAX malware (ai score=85)
Antiy-AVL Trojan/Win64.GenKryptik
Kingsoft Win64.Trojan.Reflo.pef
Gridinsoft Trojan.Win64.CoinMiner.sa
Microsoft Trojan:Win64/Coinminer.RB!MTB
ZoneAlarm HEUR:Trojan.Win64.Reflo.pef
GData Gen:Heur.Mint.Zard.25
Varist W64/Kryptik.LEG.gen!Eldorado
AhnLab-V3 Dropper/Win.DropperX-gen.R622355
DeepInstinct MALICIOUS
VBA32 OScope.Trojan.Win64.Miner
Malwarebytes Trojan.Crypt