Categories: Malware

What is “Win32/Packed.Enigma.EY”?

The Win32/Packed.Enigma.EY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Packed.Enigma.EY virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (7 unique times)
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Tries to suspend Cuckoo threads to prevent logging of malicious activity
Checks for the presence of known windows from debuggers and forensic tools
Tries to unhook or modify Windows functions monitored by Cuckoo
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Steals private information from local Internet browsers
Behavior consistent with a dropper attempting to download the next stage.
Network activity contains more than one unique useragent.
Collects information about installed applications
Attempts to identify installed AV products by installation directory
Checks for the presence of known devices from debuggers and forensic tools
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to access Bitcoin/ALTCoin wallets
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

iplogger.org

apps.identrust.com

ip-api.com

isrg.trustid.ocsp.identrust.com

rrrload05.top

ocsp.int-x3.letsencrypt.org

twors03.top

torikk05.top

How to determine Win32/Packed.Enigma.EY?


File Info:
crc32: 9305A81Dmd5: fd1b2dc361a319b096a9cebc6307bbc7name: file.exesha1: 4275da6c90334a963c4b5357142a49e9d18cdd8asha256: a176e6cebb29677612c2974c89ca330668a39fc3ca6324e71ccef742a3148ac8sha512: c0624a56121c816faef6a5d1b5185c116877e42da691d4f13aefad9e12a39a268e8384732ba629831536c532acb0e778a54233d6a279b03c6740298969d73b9assdeep: 196608:mJM5IrQaMylbUvkRh2actQ4o1kjlvHVfMljGrK310vs7f4goz/xNHaM3:muGrQhgbeY2act9Mkjl9JKCvngsmgtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: InternalName: FileVersion: 1.1.32.00ProductName: ProductVersion: 1.1.32.00FileDescription: OriginalFilename: Translation: 0x0409 0x04b0

Win32/Packed.Enigma.EY also known as:

Bkav	HW32.Packed.
FireEye	Generic.mg.fd1b2dc361a319b0
Cylance	Unsafe
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.Enigma.EY
APEX	Malicious
ClamAV	Win.Malware.Wacatac-7134228-1
Kaspersky	HEUR:Trojan-PSW.Win32.Coins.gen
Endgame	malicious (high confidence)
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.AdwareFileTour.rc
Trapmine	suspicious.low.ml.score
Ikarus	PUA.EnigmaProtector
Microsoft	Trojan:Win32/Wacatac.D!ml
ZoneAlarm	HEUR:Trojan-PSW.Win32.Coins.gen
VBA32	TrojanPSW.Coins
Malwarebytes	Trojan.Downloader.AHK
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_97%
Fortinet	W32/Agent.81BB!tr
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_60% (D)
Qihoo-360	HEUR/QVM19.1.EB34.Malware.Gen