popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

863f2c19-1ce7-4e66-994b-a280b3548268

Malicious Library Admin Tool (Sysinternals etc ...) Antivirus UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 28, 2025, 9:44 a.m. March 28, 2025, 9:48 a.m.
Size 8.4MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 c6067cd3b970c7f932f73f4084df78e8
SHA256 76ed4d9fc0972558a1bbc35ae4ff12561715c2bb2f286ae3c359a9671d0911e8
CRC32 E71935F7
ssdeep 98304:TjnWIRW/ZdjLMEbsVBdaagU8PRIHh4DuRNrjsIrE5i3Fesc:G4W/Zh5HGBEoyME5iA
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • IsPE64 - (no description)
  • Antivirus - Contains references to security software
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .symtab
section {u'size_of_data': u'0x00076400', u'virtual_address': u'0x005ee000', u'entropy': 7.996097636416448, u'name': u'/19', u'virtual_size': u'0x00076225'} entropy 7.99609763642 description A section with a high entropy has been found
section {u'size_of_data': u'0x00018800', u'virtual_address': u'0x00665000', u'entropy': 7.939778571438917, u'name': u'/32', u'virtual_size': u'0x00018722'} entropy 7.93977857144 description A section with a high entropy has been found
section {u'size_of_data': u'0x000fbe00', u'virtual_address': u'0x0067f000', u'entropy': 7.998660193230992, u'name': u'/65', u'virtual_size': u'0x000fbcb5'} entropy 7.99866019323 description A section with a high entropy has been found
section {u'size_of_data': u'0x00097c00', u'virtual_address': u'0x0077b000', u'entropy': 7.995263396781177, u'name': u'/78', u'virtual_size': u'0x00097af3'} entropy 7.99526339678 description A section with a high entropy has been found
section {u'size_of_data': u'0x0002d400', u'virtual_address': u'0x00813000', u'entropy': 7.829602890746672, u'name': u'/90', u'virtual_size': u'0x0002d25a'} entropy 7.82960289075 description A section with a high entropy has been found
entropy 0.276331153667 description Overall entropy of this PE file is high
Bkav W32.Common.E0E34796
Lionic Trojan.Win32.CoinMiner.4!c
Cynet Malicious (score: 99)
CAT-QuickHeal Trojan.Ghanarava.1743028916df78e8
Skyhigh BehavesLike.Win64.Dropper.rh
ALYac Trojan.GenericKD.76023154
Cylance Unsafe
VIPRE Trojan.GenericKD.76023154
BitDefender Trojan.GenericKD.76023154
K7GW Trojan ( 005c335d1 )
K7AntiVirus Trojan ( 005c335d1 )
Arcabit Trojan.Generic.D4880572
VirIT Trojan.Win64.Agent.HWJ
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of WinGo/CoinMiner.AV
Avast Win64:Malware-gen
Kaspersky Trojan.Win32.CoinMiner.aqdk
MicroWorld-eScan Trojan.GenericKD.76023154
Rising Trojan.FallenMiner!1.129EC (CLASSIC)
Emsisoft Trojan.GenericKD.76023154 (B)
F-Secure Trojan.TR/AVI.Agent.onlpz
Zillya Trojan.CoinMiner.Win32.56092
TrendMicro Trojan.Win64.AMADEY.YXFCLZ
McAfeeD ti!76ED4D9FC097
CTX exe.trojan.generic
Sophos Generic Reputation PUA (PUA)
SentinelOne Static AI - Suspicious PE
FireEye Trojan.GenericKD.76023154
Google Detected
Avira TR/AVI.Agent.onlpz
Antiy-AVL Trojan/Win32.CoinMiner
Gridinsoft Trojan.Win64.CoinMiner.sa
Xcitium Malware@#1myt1d98bg7nf
Microsoft Trojan:Win32/Wacatac.B!ml
GData Trojan.GenericKD.76023154
Varist W64/ABMiner.APWR-0386
AhnLab-V3 Trojan/Win.Malware-gen.C5740441
McAfee Artemis!C6067CD3B970
DeepInstinct MALICIOUS
VBA32 Trojan.CoinMiner
Malwarebytes Malware.AI.3556356220
Ikarus Trojan.SuspectCRC
Panda PUP/Generic
TrendMicro-HouseCall Trojan.Win64.AMADEY.YXFCLZ
Tencent Win32.Trojan.Coinminer.Oqil
huorong Trojan/Generic!FD7FE0FC6965D818
MaxSecure Trojan.Malware.328690010.susgen
Fortinet Adware/Miner
AVG Win64:Malware-gen
Paloalto generic.ml