popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

gem2.exe

Generic Malware PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Jan. 12, 2025, 2:32 p.m. Jan. 12, 2025, 3:11 p.m.
Size 2.7MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 990a3f3b1273510f210fb9b541da219f
SHA256 35a8d03f86ae6f92424d6424fe0805d338eccedff177b400182102685299022c
CRC32 5AF0F3BA
ssdeep 49152:lYul8CapE2jLY0vFhbkQbIptv1xZ4ayOIYDIGC3FYKjPgz+WWrS2sWioLyVQGMNx:lYLCGYYbkQbytvVeOIerC1zPgSWW/pio
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
pool.supportxmr.com
A 141.94.96.71
CNAME pool-fr.supportxmr.com
A 141.94.96.144
A 141.94.96.195
141.94.96.144
IP Address Status Action
141.94.96.195 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2047928 ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com) Crypto Currency Mining Activity Detected
TCP 192.168.56.103:49163 -> 141.94.96.195:80 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation
TCP 192.168.56.103:49163 -> 141.94.96.195:80 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

section .00cfg
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1372
region_size: 176128
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000003f0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Reflo.4!c
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.CoinMiner.S31892093
Skyhigh BehavesLike.Win64.Kryptik.vh
Cylance Unsafe
VIPRE Gen:Heur.Mint.Zard.25
Sangfor Trojan.Win64.Kryptik.V55t
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Gen:Heur.Mint.Zard.25
K7GW Trojan ( 005af85d1 )
K7AntiVirus Trojan ( 005af85d1 )
Arcabit Trojan.Mint.Zard.25
Symantec Trojan.Coinminer!g3
Elastic Windows.Generic.Threat
ESET-NOD32 a variant of Win64/Kryptik.EDF
APEX Malicious
Avast Win64:Evo-gen [Trj]
ClamAV Win.Packed.Zusy-10017005-0
Kaspersky HEUR:Trojan.Win64.Reflo.pef
Alibaba Trojan:Win64/Coinminer.a76aa723
NANO-Antivirus Trojan.Win64.BankBot.kuspky
MicroWorld-eScan Gen:Heur.Mint.Zard.25
Rising Trojan.Kryptik!8.8 (TFE:5:puXfYWFTsfG)
Emsisoft Gen:Heur.Mint.Zard.25 (B)
F-Secure Heuristic.HEUR/AGEN.1371052
DrWeb Trojan.BankBot.374
McAfeeD ti!35A8D03F86AE
CTX exe.trojan.kryptik
Sophos Troj/Krypt-ADL
SentinelOne Static AI - Suspicious PE
FireEye Gen:Heur.Mint.Zard.25
Jiangmin Trojan.Reflo.ne
Webroot W32.Trojan.Gen
Google Detected
Avira HEUR/AGEN.1371052
Antiy-AVL Trojan/Win64.GenKryptik
Kingsoft Win64.Trojan.Reflo.pef
Gridinsoft Trojan.Win64.CoinMiner.sa
Xcitium Malware@#2aikcmy8k7e64
Microsoft Trojan:Win64/Coinminer.RB!MTB
GData Gen:Heur.Mint.Zard.25
Varist W64/Kryptik.LBJ.gen!Eldorado
McAfee Trojan-FWEM!990A3F3B1273
DeepInstinct MALICIOUS
VBA32 OScope.Trojan.Win64.Miner
Malwarebytes Trojan.MalPack.Generic
Ikarus Trojan.Win64.Krypt
Panda Trj/GdSda.A
Tencent Trojan.Win64.Kryptik.hj