eternal_lite[.]exe

Resubmissions

13-02-2023 14:28

230213-rszfkadb8v 5

13-02-2023 14:25

230213-rrnmnsdb71 5

Sharing

Copy URL

Twitter E-mail

General

Target

eternal_lite.exe
Size

5.6MB
MD5

4aa39760450001bab52ea021a8026252
SHA1

c4a850eaae8550681d3146b3eae62804f076b0e7
SHA256

66f0cae57153f67d7f2530271e4933be1df09f599633b3d1717863fcf2ce3420
SHA512

f661dcc123101e5e208bb9c09633b8c51476b35fd38433bd9891f9aeaa2bf90fae7ab68165ddd70ce53bf021dc8b6603a480da95c8f4918534737643eb41d820
SSDEEP

98304:cdFP3U3MobnBu8zeMEA7wSiKHmrwsqGyxLMhvklJi09W6Izi5jgtygngFMaTYdLn:cXk3MEk8xEJ5KHmkKALMhcUKWJzi58Hh

Score

1^/10

Malware Config

Signatures

Files

eternal_lite.exe
.exe windows x64

2b81322e2c04225db1a4f1d145db31b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

LoadLibraryA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetCursor
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

InitializeSecurityDescriptor

msvcp140

_Cnd_signal

imm32

ImmReleaseContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_beginthreadex

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-stdio-l1-1-0

ftell

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file

wtsapi32

WTSSendMessageW

Exports

Exports

B��s��a ��c>��G"3�-Z&�N�-�r{��-Qh��Ʈ��R��T��S5��.��^��N��c�f�:�D� hM�Ү8��>��G1>Z�=3<�F'r��!��e�&n¾�á��f��B��4ǣ-iXC9_�"8��*��>�m�i}f��^�x��K��p��?��s��"�t'oi(�&��s�#�e��~�%Fҙ��w]&xXw��,E�K�]G��p�q��,��Q�Y'iV�ȣ&tp�ݻ%D�M��c��8-9��pێSYO.��R�;�o�]1_��ݏ �+��DX�ҏ@*m Sf�fX2�2�%�}C�B��N��b�t��k�ty`��}��a��t�g��T8nt��k�}5��FU� �q?��!􏇷W��-�r�n��hJ�� cP��Xy'��T�-e�/d��+rUe��YWۨ��ƅ�w��0��2��r�#�3��Bl@ ~��ɀ� ��/��0{��M�$�X;��3f��4�I��k7lʁcr�Ǻ��[��̼��ɨ��΄}Ct#9�})��+et��H��`��弃pF�%Tq|Y��U��M`:��n��o\� ;y�z��ESǹ%@9!��K%Y�Vk�>ҡ?��5D�ҽ�� U]��׵v��_�D� �eKX�OG5��j_�|8�!�U>#��V\�SE��K�TG))�$��z��c�X#�� =�ϺB%�\ň�g�;d`��@'��yQ�{�p��W2�Ja�g^�++ʾ��:h��5U�a"� ��S��"��F|;CJ�JF��CϦ�A��t��Q)��P��O�F��Z�H��7�/�[0Hu-�j�T��:~��2;��M�<�k�u�{[�=ɨOݓ޶Axr�l��V�x�� .cR ^�o��;M��شV'��̤��1��+-n��]o�!1)ڊs1H/ZE��a��0��z��j3��O�Ӡ�<��s`P�2!<�N@4U��v�� Cb��iݦ�԰�ؼ�Y�C ~˜l1�� Z��%ac�E��Sy��J5�{툙`�x�� 3fH��yOI�:G֥~��CX��t~�M�_Ă�RU��lMX�4��x�((�ƣߩ6_1��a�骷�K��4�B��n$�}l��-�� >�"=�78�=E��?�g��6�D�.��Fo��q�܍I��Ӟh-��w�\&��[��%�h��?��xd��$�[D�H��ߩ�hAE6�tb��$L��¯W� ��$�^� &<�' h+,8c,w�=��xTFf��0S�XɈ�S֊%��T��5��2��~��jA�6N�z1F!/-o��g�0��ϛ��n��d��̈��مfx�dx�B�B�W��r:�Ӯl�H5��ۯ�Q�^G3�z��l�y��Is�.�u68��O��`�ZB~�#��}G�H�7��N�F_$"*�R,�?��TN��S��*�xI��q��tu]<2��b��r�̰]�QZ��7g��c�� B��!|�.��X�Ko�r��[� Q��FT#� ��}d��/��p�"��D2��º��'��T�Ft��#��r�oE�� Q��s��KΔ�%3��3�D��<�)>L:�� M{�OA�}��WfK�'�YH[e�5�`��E"��L�z��T��z��/V;��C&��w]�d��3�E��^��i0k��ؼU�Tj��)'�� a\��0��\]͋�zB@a��~��i~��MPogܒd�ژ7p��Q�FT��]�j��x�8h2��</�z��P�4L�}�J�2=q��I#K��\_�P��n) ��q��D��n�؋��"�܅�<~��ϝ�Jހ�q��,;^`eB�p��7I� ��z��B�qa*�f�Pv�ɉDS�Hk��xڃ��;��"�2�3�В�$mC��d�,��WO�b�ld��*�{��軜�bg�I1�_�l�+� #�r�Q�G��ǯ�[t6C�]�юR�e;h,?bEJCE��%Rxt�<��j��2��:_��Bړ@��P}i�+<u��q4�A��^�Ύ��53�F��0� ��q��_�E��IΤ(*p��<��D��ڤa4W��wwP�h�� Ŏ�u�yB �|f�`��;�pO�(}c��c=�3F3Sx!��=�ZC�H4��a7b~�4q�<��)��+O\!��p$(��ś��꽞�sę+Γʀ�b?�fWz�� C�V��j��[+2!��!��wݳ6 \-��mt��]�o�kY1�3�qՋ�8��,:��k��^�B��f#�� 7"�̔e�q��9�d��1�w��G��zvF;k�i%�H�=�u��%�9~�q��P��Fu\҅�(��t��TۋB>C�kU��>�|�(d{' ��`�h=-jA��5��6�L:��ų��1��D1��x��,�[]�7E��I��?D�x�bD�u �qw.��7��S�U�dZ<�`��{��Z��=��/YX�&�T��+�/�i��Q�7K��A�tШ�eFD��Oh�a�� }B�&fݦ��`%�^q��U��m�q{�m2R�z�/c߻�!%u��g}��v��l*��o��6#S�o�y��+ ~�xW߼Y`irvp��D��w[ V4��22�͜�O��n�6\�?�A��6(�'D�q�Ye�{��Y�!p��,��v��{|�Kx^А�H �;�G�ռ$Q�d��ޝ\{ff�B�"�%�X&툪�AH��փ��?`lX�h��d֨��w��N

Sections

.text
Size: - Virtual size: 960KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vroom0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vroom1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

2b81322e2c04225db1a4f1d145db31b6

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

advapi32

msvcp140

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 960KB

.rdata Size: - Virtual size: 399KB

.data Size: - Virtual size: 391KB

.pdata Size: - Virtual size: 46KB

.vroom0 Size: - Virtual size: 3.1MB

.vroom1 Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 960KB

.rdata
Size: - Virtual size: 399KB

.data
Size: - Virtual size: 391KB

.pdata
Size: - Virtual size: 46KB

.vroom0
Size: - Virtual size: 3.1MB

.vroom1
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 512B - Virtual size: 469B