Windows
Analysis Report
PhoenixMiner.exe
Overview
General Information
Detection
Phoenix Miner
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Phoenix Miner
Machine Learning detection for sample
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Classification
- System is w10x64_ra
PhoenixMiner.exe (PID: 1644 cmdline:
C:\Users\u ser\Deskto p\PhoenixM iner.exe MD5: 51FF42D909A879D42EB5F0E643AAB806) conhost.exe (PID: 4392 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
PhoenixMiner.exe (PID: 4256 cmdline:
"C:\Users\ user\Deskt op\Phoenix Miner.exe" MD5: 51FF42D909A879D42EB5F0E643AAB806) conhost.exe (PID: 1104 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
PhoenixMiner.exe (PID: 5856 cmdline:
"C:\Users\ user\Deskt op\Phoenix Miner.exe" MD5: 51FF42D909A879D42EB5F0E643AAB806) conhost.exe (PID: 5708 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_PhoenixMiner | Yara detected Phoenix Miner | Joe Security | ||
JoeSecurity_PhoenixMiner | Yara detected Phoenix Miner | Joe Security | ||
JoeSecurity_PhoenixMiner | Yara detected Phoenix Miner | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_PhoenixMiner | Yara detected Phoenix Miner | Joe Security | ||
JoeSecurity_PhoenixMiner | Yara detected Phoenix Miner | Joe Security | ||
JoeSecurity_PhoenixMiner | Yara detected Phoenix Miner | Joe Security | ||
JoeSecurity_PhoenixMiner | Yara detected Phoenix Miner | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Bitcoin Miner |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |