Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 02:09
Google Faces EU Ultima...
09.21 02:09
This New Video Game Is...
09.21 02:09
FTC finds social media...
09.21 02:09
FTC finds social media...
09.21 01:09
Automate detection and...
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...
09.21 12:09
Inviting the Public to...
09.21 12:09
How Ransomhub Ransomwa...

Summary | ZeroBOX

EHH.exe

Generic Malware Malicious Packer PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 2, 2021, 11:28 a.m.	June 2, 2021, 11:29 a.m.

Size	124.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`979555d563632cad528a128a3af233bb`
SHA256	`3169e214328f82d65732fc3590b677154c0e1932e549fcd11c4b84f34f0afd4e`
CRC32	`04E9999D`
ssdeep	`1536:KpNAipDQlK8h4AKvkzf772JEoN3X/lU9xya9zgDVqpIbACUPv60k:++flv4AM+fGJEI3vibnYMSZ860k`
Yara	PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Generic_Malware_Zero - Generic Malware Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description)

EHH.exe "C:\Users\test22\AppData\Local\Temp\EHH.exe"
2932

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 2, 2021, 11:28 a.m.	process_identifier: 2932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773b0000 process_handle: 0xffffffff	1	0	0

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA June 2, 2021, 11:28 a.m.	service_handle: 0x007c2250 service_type: 48 service_status: 3		0	0

File has been identified by 18 AntiVirus engines on VirusTotal as malicious (18 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.979555d563632cad
McAfee	Artemis!979555D56363
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
BitDefenderTheta	Gen:NN.ZevbaF.34692.hm0@ai6DUehi
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	FileRepMalware
Kaspersky	Trojan.Win32.Scarsi.axce
Paloalto	generic.ml
McAfee-GW-Edition	BehavesLike.Win32.Trojan.cm
SentinelOne	Static AI - Suspicious PE
Microsoft	Trojan:Win32/Wacatac.B!ml
Yandex	Trojan.AvsArher.bTx33N
Fortinet	W32/Scarsi.AXCE!tr
AVG	FileRepMalware
CrowdStrike	win/malicious_confidence_60% (W)