Report - ewwe.exe

Malicious Packer Malicious Library UPX PE64 PE File OS Processor Check
ScreenShot
Created 2024.06.16 10:11 Machine s1_win7_x6401
Filename ewwe.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
4
Behavior Score
2.0
ZERO API file : mailcious
VT API (file) 48 detected (AIDetectMalware, Goshell, malicious, high confidence, score, PUPXTH, Artemis, Unsafe, GenericKD, Save, Attribute, HighConfidence, CobaltSC, aekgm, WinGo, Detected, ai score=87, Wacatac, ABTrojan, VREU, Chgt, R002H0CFE24, Hkjl, Static AI, Malicious PE, susgen, confidence, 100%)
md5 58f8e96f834d5d882046bd503ee83b18
sha256 97ba9760d2b5c0ea8931ef386e725eb57bf190960895b37e98166559c5f49c84
ssdeep 98304:8+LJ9ieU4RXEf8pXU3Kr8LbEpLpoPL4a8hoo8lrg:84J0yRU2L82CPL4aeoP
imphash 4f2f006e2ecf7172ad368f8289dc96c1
impfuzzy 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP
  Network IP location

Signature (4cnts)

Level Description
danger File has been identified by 48 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (6cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x51e200 WriteFile
 0x51e208 WriteConsoleW
 0x51e210 WerSetFlags
 0x51e218 WerGetFlags
 0x51e220 WaitForMultipleObjects
 0x51e228 WaitForSingleObject
 0x51e230 VirtualQuery
 0x51e238 VirtualFree
 0x51e240 VirtualAlloc
 0x51e248 TlsAlloc
 0x51e250 SwitchToThread
 0x51e258 SuspendThread
 0x51e260 SetWaitableTimer
 0x51e268 SetUnhandledExceptionFilter
 0x51e270 SetProcessPriorityBoost
 0x51e278 SetEvent
 0x51e280 SetErrorMode
 0x51e288 SetConsoleCtrlHandler
 0x51e290 ResumeThread
 0x51e298 RaiseFailFastException
 0x51e2a0 PostQueuedCompletionStatus
 0x51e2a8 LoadLibraryW
 0x51e2b0 LoadLibraryExW
 0x51e2b8 SetThreadContext
 0x51e2c0 GetThreadContext
 0x51e2c8 GetSystemInfo
 0x51e2d0 GetSystemDirectoryA
 0x51e2d8 GetStdHandle
 0x51e2e0 GetQueuedCompletionStatusEx
 0x51e2e8 GetProcessAffinityMask
 0x51e2f0 GetProcAddress
 0x51e2f8 GetErrorMode
 0x51e300 GetEnvironmentStringsW
 0x51e308 GetCurrentThreadId
 0x51e310 GetConsoleMode
 0x51e318 FreeEnvironmentStringsW
 0x51e320 ExitProcess
 0x51e328 DuplicateHandle
 0x51e330 CreateWaitableTimerExW
 0x51e338 CreateThread
 0x51e340 CreateIoCompletionPort
 0x51e348 CreateFileA
 0x51e350 CreateEventA
 0x51e358 CloseHandle
 0x51e360 AddVectoredExceptionHandler

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure