HawkEye_21f298867854db6ff13fbdf2ef306a00_exe_2019-08-20_01_00.txt

1.  
2. * MalFamily: "HawkEye"
3.  
4. * MalScore: 10.0
5.  
6. * File Name: "HawkEye_21f298867854db6ff13fbdf2ef306a00.exe"
7. * File Size: 1064448
8. * File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
9. * SHA256: "7349e10c347d2c7ceeaa23d171e3c1934ac9a373c2381d58fed3b7ae25053e2c"
10. * MD5: "21f298867854db6ff13fbdf2ef306a00"
11. * SHA1: "005d62e0163e8a81b7a82516d5ca7a5d5551e1a4"
12. * SHA512: "36882ef09d9b010d553ba3a1bb2ce0283cec8ed3fc6926510a2900f240b46dd1289cd6bef6207f7810b064f1925f20e74fe8a41728741b6433722d0a715ca1f9"
13. * CRC32: "08349212"
14. * SSDEEP: "24576:HSjlqUrNpwElYn6Pz77HtpsX7ihWGl2gMUqUZQL/AI:HSjlqU7wElYnqz3HY7ihKgF3ZnI"
15.  
16. * Process Execution:
17.  
18. * Executed Commands:
19.  
20. * Signatures Detected:
21.  
22. "Description": "The binary likely contains encrypted or compressed data.",
23. "Details":
24.  
25. "section": "name: .text, entropy: 7.75, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00103400, virtual_size: 0x00103304"
26.  
27.  
28.  
29.  
30. "Description": "File has been identified by 20 Antiviruses on VirusTotal as malicious",
31. "Details":
32.  
33. "Cybereason": "malicious.0163e8"
34.  
35.  
36. "F-Prot": "W32/Trojan.SW.gen!Eldorado"
37.  
38.  
39. "Symantec": "ML.Attribute.HighConfidence"
40.  
41.  
42. "ESET-NOD32": "a variant of MSIL/GenKryptik.DQPF"
43.  
44.  
45. "APEX": "Malicious"
46.  
47.  
48. "Paloalto": "generic.ml"
49.  
50.  
51. "Avast": "Win32:MalwareX-gen Trj"
52.  
53.  
54. "Endgame": "malicious (high confidence)"
55.  
56.  
57. "Invincea": "heuristic"
58.  
59.  
60. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.tc"
61.  
62.  
63. "Trapmine": "malicious.high.ml.score"
64.  
65.  
66. "FireEye": "Generic.mg.21f298867854db6f"
67.  
68.  
69. "SentinelOne": "DFI - Suspicious PE"
70.  
71.  
72. "Cyren": "W32/Trojan.SW.gen!Eldorado"
73.  
74.  
75. "Webroot": "W32.Trojan.Gen"
76.  
77.  
78. "Acronis": "suspicious"
79.  
80.  
81. "Cylance": "Unsafe"
82.  
83.  
84. "AVG": "Win32:MalwareX-gen Trj"
85.  
86.  
87. "CrowdStrike": "win/malicious_confidence_100% (D)"
88.  
89.  
90. "Qihoo-360": "HEUR/QVM03.0.5095.Malware.Gen"
91.  
92.  
93.  
94.  
95.  
96. * Started Service:
97.  
98. * Mutexes:
99.  
100. * Modified Files:
101.  
102. * Deleted Files:
103.  
104. * Modified Registry Keys:
105.  
106. * Deleted Registry Keys:
107.  
108. * DNS Communications:
109.  
110. * Domains:
111.  
112. * Network Communication - ICMP:
113.  
114. * Network Communication - HTTP:
115.  
116. * Network Communication - SMTP:
117.  
118. * Network Communication - Hosts:
119.  
120. * Network Communication - IRC: