Static task
static1
General
-
Target
Eclipsed Spoofer Recode.exe
-
Size
3.8MB
-
MD5
864e5ab5b3d00a16043ba9d3b8010928
-
SHA1
3fee8f892dd2b7f366615d31c59de0424e76e3b4
-
SHA256
51e644001e64545dfa063dd59e33c009ff494c372e04fa2c66ec5c83eef145cf
-
SHA512
aaf21895307f8db2ae8a9683fd797eee31c87bd64958d14ca96ef33d10182b7e5ab33e34d33f1d3101c4e41769102303d169d01cc85f611a86f11ae09fbdebce
-
SSDEEP
49152:kGtlqT1IU6in6uanQCs4R+5u47n3a+bZGQtUJ7Ap8FZewgAC6cTb9ebIgiPlZxnn:n+ng05u473f7aNTcTOTqZxRAhru
Malware Config
Signatures
Files
-
Eclipsed Spoofer Recode.exe.exe windows x64
e947d5c442d29eaf00f214fb922ac3fc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
FreeLibrary
SetConsoleCursorPosition
GetCurrentThreadId
GetModuleHandleA
GetCurrentProcessId
GetTempPathW
CreateFileW
CloseHandle
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
CreateFileA
Process32NextW
GetLastError
GetConsoleMode
Sleep
CreateToolhelp32Snapshot
HeapSize
InitializeCriticalSectionEx
SetFilePointer
SetStdHandle
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LocalFree
CompareStringW
FlushFileBuffers
GetConsoleOutputCP
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
SetConsoleCtrlHandler
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
ExitProcess
VirtualQuery
GetSystemInfo
RtlUnwind
LoadLibraryExW
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
RaiseException
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
CreateEventW
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetProcAddress
HeapDestroy
DecodePointer
FillConsoleOutputAttribute
HeapAlloc
LoadLibraryW
HeapReAlloc
Process32FirstW
DeleteFileW
DeleteFileA
LoadLibraryA
LCMapStringW
GetCurrentThread
GetDriveTypeA
VirtualAlloc
SetConsoleMode
WriteFile
GetStdHandle
GetCurrentProcess
SetConsoleTitleA
VirtualFree
SetConsoleTextAttribute
HeapFree
GetConsoleScreenBufferInfo
VirtualProtect
FlsFree
FlsSetValue
FillConsoleOutputCharacterA
ReadFile
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
GetEnvironmentVariableW
WideCharToMultiByte
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
MultiByteToWideChar
FormatMessageW
GetSystemTimeAsFileTime
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetFileInformationByHandleEx
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
DeviceIoControl
user32
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
FindWindowA
MessageBoxW
advapi32
ReportEventW
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW
CryptGetHashParam
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW
RegSetKeyValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyW
RegOpenKeyW
ConvertSidToStringSidA
CopySid
IsValidSid
OpenProcessToken
GetLengthSid
GetTokenInformation
shell32
ShellExecuteA
ws2_32
WSACleanup
WSAStartup
WSAIoctl
setsockopt
closesocket
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
select
__WSAFDIsSet
inet_pton
WSAGetLastError
recv
send
socket
htonl
listen
ioctlsocket
getaddrinfo
ntohl
sendto
gethostname
accept
getnameinfo
ntohs
freeaddrinfo
recvfrom
shutdown
wldap32
ord46
ord143
ord211
ord301
ord200
ord60
ord50
ord79
ord41
ord35
ord33
ord32
ord30
ord27
ord26
ord22
ord45
crypt32
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty
userenv
UnloadUserProfile
secureenginesdk64
ord509
ord1
ord517
ord111
ord22
ord139
ord109
ord2
ord21
ord511
ord117
ntdll
NtQuerySystemInformation
RtlLookupFunctionEntry
RtlCaptureContext
NtRaiseHardError
VerSetConditionMask
RtlInitUnicodeString
RtlVirtualUnwind
RtlAdjustPrivilege
urlmon
URLDownloadToFileA
rpcrt4
UuidToStringA
RpcStringFreeA
UuidCreate
bcrypt
BCryptGenRandom
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 842KB - Virtual size: 842KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 402KB - Virtual size: 495KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 103KB - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ