ewyith[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ewyith.exe
Size

7KB
MD5

a52b27ef1351d697c3795ad13735b8ab
SHA1

96bf8f2e79116860a185f0e7bc5cfef45bf2a57a
SHA256

d10e205dcee069282226109eb51c7bea9e50454d89dc2e1f8d94e5d336d09c66
SHA512

9745bc1887b43d2bcd748c3eb72f6fb8b18d190cbf5dc12cb232d733599b9b45d81ff6b12b87fe46829850a6a5d52a44ab872ab163314cb9202a32ee5f801af3
SSDEEP

96:Eg+8cImJTPymL/Zz0o/ZHPtboyn34R16cPYF+Y:Egbbgem/Zz5/ZHP1oyng3PYF+Y

Score

1^/10

Malware Config

Signatures

Files

ewyith.exe
.exe windows x86

f1e2cc735472b98ab8038d5251e2d0ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_acmdln
exit
__getmainargs
_exit
_initterm
__setusermatherr
_except_handler3
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_XcptFilter
memcpy
fseek
ftell
fread
fopen
wcsrchr
malloc
wcschr

imm32

ImmSetHotKey
ImmSimulateHotKey
ImmGetIMCCSize
ImmGetIMEFileNameA
ImmGetCompositionFontW
ImmGetGuideLineA
ImmGetCompositionWindow
ImmLockIMC

kernel32

CreateNamedPipeA
GetStartupInfoA
GetModuleHandleA
lstrcpyW
VirtualProtect
lstrlenW
GetEnvironmentStrings
GetUserDefaultLangID
FindFirstFileW

wininet

ReadUrlCacheEntryStream
InternetQueryOptionW
SetUrlCacheEntryInfoW
InternetGetConnectedState
InternetSetStatusCallback

user32

DdeGetLastError
DestroyAcceleratorTable
InsertMenuA
EnumWindowStationsA
DlgDirListA
GetMenuItemRect
MonitorFromRect

gdi32

LPtoDP
GetGlyphOutlineW
FillPath
GetGlyphIndicesW
GetGlyphOutline
GdiPlayPrivatePageEMF

wsnmp32

ord302
ord604
ord103
ord101
ord106
ord203
ord204
ord901

urlmon

URLDownloadToCacheFileW
ObtainUserAgentString
CoInternetQueryInfo
URLDownloadToCacheFileA
MkParseDisplayNameEx
CoGetClassObjectFromURL

resutils

ResUtilVerifyService
ResUtilGetPropertySize
ResUtilGetProperty
ResUtilGetDwordProperty
ResUtilEnumResources
ResUtilResourcesEqual
ResUtilGetPrivateProperties

Exports

Exports

_CredPackAuthenticationBufferW@20
_CredUIParseUserNameW@20
_CredUIPromptForWindowsCredentialsW@36
_CredUIReadSSOCredW@8
_CredUIStoreSSOCredW@16
_CredUnPackAuthenticationBufferW@36

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1e2cc735472b98ab8038d5251e2d0ea

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

imm32

kernel32

wininet

user32

gdi32

wsnmp32

urlmon

resutils

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 344B

.reloc Size: 1024B - Virtual size: 536B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 344B

.reloc
Size: 1024B - Virtual size: 536B