Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 12, 2025, 2:29 p.m.	Jan. 12, 2025, 2:31 p.m.

Size	6.1MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`f6d520ae125f03056c4646c508218d16`
SHA256	`d2fcf28897ddc2137141d838b734664ff7592e03fcd467a433a51cb4976b4fb1`
CRC32	`B4E4A0D7`
ssdeep	`98304:JtRK2Xvf49fuI0nBkLuFvJr4XGCkc/zF2fz5IZ4ePzpS+KdbjrD/6K+TU3nA:I2Xv42VKzYz6Z4qSndf3D+TU3A`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature XMRig_Miner_IN - XMRig Miner Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

win.exe "C:\Users\test22\AppData\Local\Temp\win.exe"
416

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Jan. 12, 2025, 2:22 p.m.	computer_name: TEST22-PC	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	_RANDOMX
section	_TEXT_CN
section	_RDATA

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Jan. 12, 2025, 2:22 p.m.	process_identifier: 416 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000540000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Lionic	Trojan.Win32.Miner.tstT
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Ghanarava.1732577811218d16
Skyhigh	BehavesLike.Win64.Dropper.vh
ALYac	Gen:Variant.Application.Miner.2
Cylance	Unsafe
VIPRE	Gen:Variant.Application.Miner.2
Sangfor	Trojan.Win64.XMR.Miner
CrowdStrike	win/grayware_confidence_90% (W)
BitDefender	Gen:Variant.Application.Miner.2
K7GW	CryptoMiner ( 0058ddab1 )
K7AntiVirus	CryptoMiner ( 0058ddab1 )
Arcabit	Trojan.Application.Miner.2
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Cryptominer.Generic
ESET-NOD32	a variant of Win64/CoinMiner.IZ potentially unwanted
APEX	Malicious
Avast	Win64:MiscX-gen [PUP]
ClamAV	Win.Coinminer.Generic-7151250-0
Kaspersky	not-a-virus:RiskTool.Win64.XMRigMiner.ajm
Alibaba	Trojan:Win32/Coinminer.449
MicroWorld-eScan	Gen:Variant.Application.Miner.2
Rising	HackTool.XMRMiner!1.C2EC (CLASSIC)
Emsisoft	Gen:Variant.Application.Miner.2 (B)
F-Secure	PotentialRisk.PUA/CoinMiner.Gen
Zillya	Trojan.Miner.Win32.18450
TrendMicro	PUA.Win64.BitMiner.D
McAfeeD	Real Protect-LS!F6D520AE125F
CTX	exe.miner.generic
Sophos	XMRig Miner (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.f6d520ae125f0305
Webroot	Bitcoinminer.Gen
Google	Detected
Avira	PUA/CoinMiner.Gen
Antiy-AVL	GrayWare/Win64.CoinMiner.po
Kingsoft	Win32.Troj.Undef.a
Gridinsoft	Trojan.Win64.XMRig.tr
Xcitium	ApplicUnwnt@#2ke5rqpsy3n28
GData	Win64.Application.Coinminer.CP
Varist	W64/Coinminer.BN.gen!Eldorado
McAfee	Artemis!F6D520AE125F
DeepInstinct	MALICIOUS
Malwarebytes	BitcoinMiner.Trojan.Miner.DDS
Ikarus	PUA.CoinMiner
Panda	PUP/CoinMiner
TrendMicro-HouseCall	PUA.Win64.BitMiner.D
Tencent	RiskTool.Win32.BitMiner.hb
Yandex	Riskware.Agent!eTYPNp2GCAQ
huorong	HackTool/CoinMiner.m

win.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All