popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

EERIE_EAVE.exe

Malicious Packer UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 3, 2024, 6:35 p.m. July 3, 2024, 6:37 p.m.
Size 16.5MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 e515e4872f4891fb598b503c34036b8c
SHA256 12fb501b09774d1d6b620d88be3fe6e78a3423c2a484d2f5771ec152f6c6c42f
CRC32 7940A5AE
ssdeep 98304:m3aJvBMT7eoPpAV69xFPYSWCmwWmnDN6ERbascUik:uaFCXpAV67RYKs4Dllcy
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
185.208.158.176 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 185.208.158.176:8080 -> 192.168.56.101:49163 2400032 ET DROP Spamhaus DROP Listed Traffic Inbound group 33 Misc Attack

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section .symtab
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
host 185.208.158.176
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0
Bkav W64.AIDetectMalware
Elastic Multi.Trojan.Sliver
Cynet Malicious (score: 99)
Skyhigh Artemis
ALYac Dump:Generic.Sliver.Marte.E.EB99B942
Cylance Unsafe
VIPRE Dump:Generic.Sliver.Marte.E.EB99B942
Sangfor Trojan.Win32.Save.a
BitDefender Dump:Generic.Sliver.Marte.E.EB99B942
Cybereason malicious.72f489
Arcabit Dump:Generic.Sliver.Marte.E.EB99B942
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of WinGo/HackTool.Sliver.L
APEX Malicious
McAfee Artemis!E515E4872F48
Avast MalwareX-gen [Trj]
ClamAV Win.File.Sliver-9942542-0
Kaspersky HEUR:Trojan.Multi.MalGO.gen
MicroWorld-eScan Dump:Generic.Sliver.Marte.E.EB99B942
Rising Backdoor.Sliver!1.FCA0 (CLASSIC)
Emsisoft Dump:Generic.Sliver.Marte.E.EB99B942 (B)
F-Secure Hack-Tool:W32/SBeacon.A
TrendMicro Backdoor.Win64.SILVER.SMYXCFWAZ
McAfeeD ti!12FB501B0977
FireEye Dump:Generic.Sliver.Marte.E.EB99B942
Sophos ATK/Sliver-B
Ikarus Trojan.WinGo.Shellcoderunner
Google Detected
Avira HEUR/AGEN.1366847
MAX malware (ai score=88)
Microsoft Trojan:Win32/SuspGolang.GK
ZoneAlarm HEUR:Trojan.Multi.MalGO.gen
GData Dump:Generic.Sliver.Marte.E.EB99B942
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.1183035905
Tencent Win32.Trojan.Malgo.Ijgl
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
AVG MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (D)
dead_host 185.208.158.176:8080
dead_host 192.168.56.101:49167
dead_host 192.168.56.101:49161
dead_host 192.168.56.101:49163
dead_host 192.168.56.101:49168