eternity | Pathfinder_2[.]19[.]3[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Pathfinder_2.19.3.zip
Size

1.9MB
MD5

44e0bdc5f7b10b99e2fbe3f2488e1dfb
SHA1

af35ee5be6d4500bf9b0341b82522877dca54081
SHA256

c6a48b2f3fe21c09e04c1ff2b2430d6a051badf0f6d8a049b132c33c75b30097
SHA512

d7152c515641d48319ddfca76a298d8aa4ddafc2902319057d7a4666c95f169cadfbbe2acbc0c80231c33ddab4836f356a2c88ef86a5db7825a58f222b8fdea7
SSDEEP

49152:hB4z78P6vgbztlDjr000eyPJVuikXmMRAl/qnN:T678Sv0ztZjr5U/uiQAlCN

Score

10^/10

eternity

Malware Config

Extracted

Family

eternity

http://rlcjba7wduej3xcstcjo577eqgjsjvcjfsw4i23fqvf2y27ylylhmhad.onion

Wallets

46bBrD45kERWemsjD2jEP6LMqRtRaZG2yP7vToprBPwsZ2Zz7TzbheQUjWECtygvwxd7PoXpbqcnmDk3799yhJVvEddyzZv

Attributes

payload_urls
http://rlcjba7wduej3xcstcjo577eqgjsjvcjfsw4i23fqvf2y27ylylhmhad.onion.pet/shared/xmrig.exe

Signatures

Eternity family
eternity

Files

Pathfinder_2.19.3.zip
.zip
Pathfinder_2.19.3/Config.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pathfinder_2.19.3/Pathfinder_Builder.exe
.exe windows x64

0610fdee849b475d923836d9ca6a05fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SafeArrayUnaccessData
SafeArrayGetLBound
SysAllocStringLen
SafeArrayGetUBound
SysFreeString
VariantClear
SafeArrayAccessData
SafeArrayDestroy

kernel32

GetFileInformationByHandle
AddVectoredExceptionHandler
SetFilePointerEx
GetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
SetHandleInformation
FileTimeToSystemTime
GetModuleHandleA
GetProcAddress
GetStdHandle
GetConsoleMode
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
IsProcessorFeaturePresent
SetThreadStackGuarantee
GetTempPathW
GetModuleFileNameW
CreateFileW
DeviceIoControl
GetFullPathNameW
FindNextFileW
CreateDirectoryW
HeapAlloc
GetProcessHeap
HeapReAlloc
SwitchToThread
ReadFileEx
SleepEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
CreateProcessW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
GetCurrentThread
WriteFileEx
CreateEventW
CancelIo
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentDirectoryW
ReleaseSRWLockShared
FindFirstFileW
CopyFileExW
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
PostQueuedCompletionStatus
AcquireSRWLockShared
SetLastError
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetExitCodeProcess
WaitForSingleObject
GetOverlappedResult
WaitForMultipleObjects
GetSystemInfo
RtlVirtualUnwind
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
RtlCaptureContext
GlobalFree
UnhandledExceptionFilter
GlobalAlloc
SetFileCompletionNotificationModes
SetUnhandledExceptionFilter
GlobalUnlock
GlobalLock
GlobalSize
FormatMessageW
GetLastError
TerminateProcess
FindClose
ReleaseSRWLockExclusive
CloseHandle
AcquireSRWLockExclusive
HeapFree
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
ReadFile

crypt32

CertDuplicateStore
CertCloseStore
CertOpenStore
CryptUnprotectData
CertFreeCertificateContext
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertAddCertificateContextToStore

user32

OpenClipboard
CloseClipboard
SetClipboardData
EnumDisplayMonitors
EnumDisplaySettingsExW
GetMonitorInfoW
GetClipboardData

advapi32

RegOpenKeyExW
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

ole32

CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx

gdi32

CreateDCW
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
SetStretchBltMode
StretchBlt
GetDIBits
DeleteObject

bcrypt

BCryptGenRandom

ws2_32

WSAStartup
WSAIoctl
recv
send
setsockopt
getsockname
WSAGetLastError
getpeername
bind
WSASend
getsockopt
freeaddrinfo
getaddrinfo
connect
ioctlsocket
shutdown
WSACleanup
closesocket
WSASocketW

ntdll

RtlNtStatusToDosError
NtCreateFile
NtDeviceIoControlFile
NtCancelIoFileEx

secur32

FreeContextBuffer
DecryptMessage
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
ApplyControlToken

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
strrchr
memmove
__CxxFrameHandler3
memset
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcspn
strncmp
strlen
strcmp

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-heap-l1-1-0

free
_msize
malloc
realloc
_set_new_mode

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
log
_dclass

api-ms-win-crt-runtime-l1-1-0

terminate
__p___argv
_beginthreadex
_endthreadex
_seh_filter_exe
_set_app_type
exit
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_c_exit
_initterm_e
__p___argc
_initialize_onexit_table
_cexit
_register_onexit_function
_register_thread_local_exe_atexit_callback
_crt_atexit
_exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

0610fdee849b475d923836d9ca6a05fd

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

crypt32

user32

advapi32

ole32

gdi32

bcrypt

ws2_32

ntdll

secur32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 26KB - Virtual size: 29KB

.pdata Size: 63KB - Virtual size: 62KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 26KB - Virtual size: 29KB

.pdata
Size: 63KB - Virtual size: 62KB

.reloc
Size: 25KB - Virtual size: 24KB