Eclipsedwing-1[.]5[.]2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Eclipsedwing-1.5.2.exe
Size

42KB
MD5

195efb4a896e41fe49395c3c165a5d2e
SHA1

6e2272c8f53692e8bf83686fab9336caf64b7971
SHA256

48251fb89c510fb3efa14c4b5b546fbde918ed8bb25f041a801e3874bd4f60f8
SHA512

5a88c16f0248cc1165e2cff7df31776775834606170d1aaac2d2e08dd5f9fc1554e5fc7d0b14f27cdbe673f437b649e69ae627cd0316363efcae812e905440b5
SSDEEP

768:MSs0srOCHZg81Zhnc943D5NcTzQSKAzYYqn6IUI3lEfJ:VHsiCHZgwZhnc943DLcTzan6IUI3l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Eclipsedwing-1.5.2.exe

Files

Eclipsedwing-1.5.2.exe
.exe windows x86

19916ab84dbb68ca7713a54c37348620

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
Sleep
GetSystemTimeAsFileTime

adfw-2

mainWrapper
adfw_setProcess
adfw_setID
adfw_delete
adfw_create
adfw_setValidate

tibe-1

TbCloseSocket
TbWaitServerSocket
TbRecv
TbMalloc
TbFreeStructBuffers
TbCloseStructSockets
TbDoSmbStartupEx
TbPutRpcArray
TbDoSmbStartup
TbMakeSocket
TbSetRemoteSocketData
TbBuffCpy
TbMakeServerSocket
TbSetCallbackSocketData
TbInitStruct
TbPutPointer
TbPutLong
TbPutAlign
TbDoRpcRequestEx
TbDoRpcBind
TbDoSmbSendData
TbPutBuff
TbMakeTcpReq
TbDoSmbShutdown

trfo-2

TfStrcasecmp
TfRandomizeBuffer
TfFree
TfReadFileIntoBuffer
TfRandomByte
TfNrvCompress
TfNrvCalculateMaxExpansion
TfFillRandom

trch-0

Parameter_S16_getValue
Paramchoice_setValue
Parameter_Socket_setValue
Parameter_U8_setValue
Parameter_String_setValue
Params_getCallbackPortValues
Params_findParamchoice
Paramchoice_getValue
Params_validateCallbackPorts
Parameter_markInvalid
Parameter_String_getValue
Params_findParameter
Parameter_U8_getValue
Parameter_U32_getValue
Parameter_Port_getValue
Parameter_LocalFile_getValue
Parameter_getType
Parameter_IPv4_getValue
Parameter_Boolean_getValue

tucl-1

TcLogBuffer
TcLog

ws2_32

select
__WSAFDIsSet
inet_ntoa
getsockname
ntohs
inet_addr
htons

msvcrt

_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs
free
_access
calloc
memset
memcpy
malloc

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19916ab84dbb68ca7713a54c37348620

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

adfw-2

tibe-1

trfo-2

trch-0

tucl-1

ws2_32

msvcrt

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 10KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 10KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 2KB