Eufonia Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Eufonia Launcher.exe
Size

17.7MB
MD5

6c958bc30224d0ddeb837c5ebf3442c4
SHA1

673e33226ac127c17d05508a7e10a716599bfe6f
SHA256

1ac4b220eacfdd3475e5b18e70cfe9a067181f7ac06d66ee4195030146e04673
SHA512

01ba5e6c39d07734192381a3ffe9b62c32f13d0226e3cc420710abdab28ad4de082a8d3dbd65ca9c4b255bfddb8d1da302532b9fe1163a6b2a5d09e1ab999c7b
SSDEEP

196608:adx4fE1vm7nb7kGKBzbXv0UA6DRmTxNTc:adOomP7kGKBXXv00wTxNTc

Score

1^/10

Malware Config

Signatures

Files

Eufonia Launcher.exe
.exe windows x64

fe9554b86e2acbf4bddfb72baf38fb66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnwindEx
RtlPcToFileHeader
NtQuerySystemInformation
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlGetNtVersionNumbers
RtlVirtualUnwind
NtQueryInformationProcess
RtlGetVersion
RtlUnwind

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2
GetAdaptersAddresses

ws2_32

send
recv
shutdown
getsockopt
WSAStartup
WSACleanup
freeaddrinfo
listen
connect
bind
WSASocketW
accept
getsockname
recvfrom
getpeername
WSAGetLastError
WSAIoctl
sendto
WSASend
socket
select
ioctlsocket
getaddrinfo
closesocket
setsockopt

kernel32

HeapFree
GetProcessHeap
lstrlenW
GetExitCodeProcess
GetLogicalDrives
GlobalMemoryStatusEx
AcquireSRWLockShared
GetTickCount64
GetProcessTimes
DeviceIoControl
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
LCIDToLocaleName
CreateFileW
LoadLibraryW
SleepConditionVariableSRW
GetDriveTypeW
GetCurrentProcessId
RegisterWaitForSingleObject
VirtualQueryEx
ReleaseSRWLockShared
OpenProcess
GetSystemTimes
GetProcessIoCounters
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryAcquireSRWLockExclusive
DeleteCriticalSection
ResetEvent
LocalFree
GetSystemInfo
UnhandledExceptionFilter
CreatePipe
GetTempPathW
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
GetLastError
GetVolumeInformationW
HeapAlloc
CreateThread
WriteConsoleW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
CreateNamedPipeW
GetFullPathNameW
ExitProcess
SetCurrentDirectoryW
GetConsoleMode
CancelIo
CreateEventW
CopyFileExW
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
ReadProcessMemory
LoadLibraryA
RemoveDirectoryW
DeleteFileW
FindFirstFileW
GetFileInformationByHandleEx
FindNextFileW
CreateMutexA
WaitForSingleObjectEx
HeapReAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalLock
GlobalUnlock
WakeConditionVariable
WakeAllConditionVariable
GlobalAlloc
GetProcessId
TerminateProcess
ReadFileEx
SleepEx
WriteFileEx
GetStdHandle
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
AcquireSRWLockExclusive
LoadLibraryExW
GetCurrentThreadId
FreeLibrary
GetEnvironmentVariableW
SetFileTime
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
Sleep
GetEnvironmentStringsW
FormatMessageW
SetEvent
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
GetCurrentDirectoryW
SetLastError
GetCurrentThread
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
FindClose
ReleaseMutex
FreeEnvironmentStringsW
SetHandleInformation
MoveFileExW
SetFileAttributesW
GetFileInformationByHandle
ReleaseSRWLockExclusive
IsDebuggerPresent
RaiseException
CloseHandle
EncodePointer
PostQueuedCompletionStatus
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
TlsAlloc
CancelIoEx
ReadFile
GetOverlappedResult
WriteFile
TlsFree

user32

PeekMessageW
SystemParametersInfoA
DestroyAcceleratorTable
DestroyIcon
IsProcessDPIAware
GetDC
PostQuitMessage
ShowWindow
AppendMenuW
CreateMenu
CheckMenuItem
TranslateMessage
SetMenuItemInfoW
EnableMenuItem
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
SetForegroundWindow
SendInput
SetWindowDisplayAffinity
SetWindowTextW
DispatchMessageW
MonitorFromPoint
DestroyWindow
EnumDisplayMonitors
RegisterClipboardFormatW
CreateIcon
GetWindowLongPtrW
SetWindowLongW
IsWindowVisible
SendMessageW
SetClipboardData
GetSystemMenu
CreateAcceleratorTableW
ClipCursor
GetClipCursor
GetMessageA
ValidateRect
AdjustWindowRectEx
GetMenu
PostThreadMessageW
GetWindowRect
RegisterHotKey
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
GetKeyboardLayout
UnregisterHotKey
RegisterClassExW
RegisterWindowMessageA
GetRawInputData
RedrawWindow
EnumChildWindows
DispatchMessageA
OpenClipboard
MessageBoxW
GetClipboardData
EmptyClipboard
GetUpdateRect
MonitorFromRect
CloseClipboard
PostMessageW
TrackMouseEvent
GetWindowLongW
GetClientRect
ClientToScreen
GetTouchInputInfo
ScreenToClient
CloseTouchInputHandle
GetCursorPos
MonitorFromWindow
SetWindowPos
SetCursor
GetMonitorInfoW
LoadCursorW
CreateWindowExW
IsWindow
GetSystemMetrics
ToUnicodeEx
RegisterTouchWindow
InvalidateRgn
SetMenu
ReleaseCapture
SetCursorPos
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
GetForegroundWindow
GetActiveWindow
ShowCursor

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass

ole32

CreateStreamOnHGlobal
CoSetProxyBlanket
RevokeDragDrop
OleInitialize
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

secur32

InitializeSecurityContextW
FreeContextBuffer
EncryptMessage
AcceptSecurityContext
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext
QueryContextAttributesW
LsaGetLogonSessionData
LsaFreeReturnBuffer
DecryptMessage
LsaEnumerateLogonSessions

crypt32

CertGetCertificateChain
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertDuplicateStore
CertOpenStore

shell32

SHGetKnownFolderPath
DragFinish
DragQueryFileW
ShellExecuteW
CommandLineToArgvW
SHCreateItemFromParsingName

oleaut32

SetErrorInfo
GetErrorInfo
SysStringLen
SysAllocString
SysFreeString
VariantClear

pdh

PdhOpenQueryA
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCollectQueryData

powrprof

CallNtPowerInformation

advapi32

RegOpenKeyExW
RegCloseKey
IsValidSid
GetLengthSid
CopySid
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegGetValueW
EventUnregister
SystemFunction036
EventWriteTransfer
RegCreateKeyExW
EventSetInformation
EventRegister
RegSetValueExW
RegQueryValueExW

netapi32

NetUserGetLocalGroups
NetUserGetInfo
NetUserEnum
NetApiBufferFree

uxtheme

SetWindowTheme

bcrypt

BCryptGenRandom

psapi

GetModuleFileNameExW
GetPerformanceInfo

api-ms-win-crt-math-l1-1-0

trunc
round
__setusermatherr
floor

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcpy_s
wcsncmp
wcslen
strlen

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
calloc
malloc
_callnewh

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

abort
_get_initial_narrow_environment
_initterm
terminate
_crt_atexit
_initterm_e
_initialize_onexit_table
exit
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_seh_filter_exe
_register_onexit_function
__p___argv
__p___argc
_exit
_set_app_type

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 623KB - Virtual size: 623KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe9554b86e2acbf4bddfb72baf38fb66

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

iphlpapi

ws2_32

kernel32

user32

comctl32

ole32

gdi32

dwmapi

secur32

crypt32

shell32

oleaut32

pdh

powrprof

advapi32

netapi32

uxtheme

bcrypt

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 11.0MB - Virtual size: 11.0MB

.rdata Size: 6.0MB - Virtual size: 6.0MB

.data Size: 31KB - Virtual size: 35KB

.pdata Size: 623KB - Virtual size: 623KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 58KB - Virtual size: 57KB

.text
Size: 11.0MB - Virtual size: 11.0MB

.rdata
Size: 6.0MB - Virtual size: 6.0MB

.data
Size: 31KB - Virtual size: 35KB

.pdata
Size: 623KB - Virtual size: 623KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 58KB - Virtual size: 57KB