Summary | ZeroBOX

EHH.exe

Generic Malware Malicious Packer PE32 PE File
Category Machine Started Completed
FILE s1_win7_x6401 June 2, 2021, 11:31 a.m. June 2, 2021, 11:34 a.m.
Size 124.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 979555d563632cad528a128a3af233bb
SHA256 3169e214328f82d65732fc3590b677154c0e1932e549fcd11c4b84f34f0afd4e
CRC32 04E9999D
ssdeep 1536:KpNAipDQlK8h4AKvkzf772JEoN3X/lU9xya9zgDVqpIbACUPv60k:++flv4AM+fGJEI3vibnYMSZ860k
Yara
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Generic_Malware_Zero - Generic Malware
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

stacktrace:
waveInPrepareHeader+0x3a waveInUnprepareHeader-0x33 winmm+0x25aa4 @ 0x72b95aa4
ehh+0x1aecb @ 0x41aecb
ehh+0x10ed5 @ 0x410ed5
IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33
ehh+0x226c @ 0x40226c
IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034
IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b
IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667
IID_IVbaHost+0x3b77 UserDllMain-0x61740 msvbvm60+0x321b7 @ 0x729721b7
IID_IVbaHost+0x386d UserDllMain-0x61a4a msvbvm60+0x31ead @ 0x72971ead
IID_IVbaHost+0x36291 UserDllMain-0x2f026 msvbvm60+0x648d1 @ 0x729a48d1
IID_IVbaHost+0x418d8 UserDllMain-0x239df msvbvm60+0x6ff18 @ 0x729aff18
BASIC_CLASS_Release+0xfcaa IID_IVbaHost-0xff3d msvbvm60+0x1e703 @ 0x7295e703
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ehh+0x167a @ 0x40167a
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 8b 40 d4 33 c9 3b 45 0c 0f 94 c1 8b c1 5d c2 08
exception.instruction: mov eax, dword ptr [eax + 0xffffffd4]
exception.exception_code: 0xc0000005
exception.symbol: DriverCallback+0x7bc waveOutOpen-0x2c0 winmm+0x425e
exception.address: 0x72b7425e
registers.esp: 1636284
registers.edi: 1636440
registers.eax: 8243192
registers.ebp: 1636284
registers.edx: 0
registers.ebx: 0
registers.esi: 1636408
registers.ecx: 1924764764
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1908
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d72000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1908
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x003e0000
process_handle: 0xffffffff
1 0 0
Elastic malicious (high confidence)
FireEye Generic.mg.979555d563632cad
McAfee Artemis!979555D56363
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
BitDefenderTheta Gen:NN.ZevbaF.34692.hm0@ai6DUehi
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast FileRepMalware
Kaspersky Trojan.Win32.Scarsi.axce
Paloalto generic.ml
McAfee-GW-Edition BehavesLike.Win32.Trojan.cm
SentinelOne Static AI - Suspicious PE
Microsoft Trojan:Win32/Wacatac.B!ml
Yandex Trojan.AvsArher.bTx33N
Fortinet W32/Scarsi.AXCE!tr
AVG FileRepMalware
CrowdStrike win/malicious_confidence_60% (W)