2[.]e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2.e
Size

8.1MB
MD5

ea2cbfb871a052450195be2bb0bc1956
SHA1

df612ed201bcc6af6758f65528c040f2f436e32a
SHA256

8168d1404d6d5a1ea3a75ca7816d10ddbf6fe34db9238f31c36fed5b0270ed49
SHA512

e1f5a1b1a754932b1a9935559fdee74102d24732f75dd6c2ffb9702cb5302e934999da4547b6f63f201073e211242a5b5cc7f562cc051dfa84fdb195ae2eef4a
SSDEEP

196608:CttOQT5EtB+ykYsAEGbK1e/LV2C2xg7Dc:QNOUeq4c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2.e

Files

2.e
.exe windows:5 windows x86

9ecf71002272ca348f21c638f14781f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx9_43

D3DXGetImageInfoFromFileInMemory
D3DXSaveSurfaceToFileA
D3DXCreateFontA
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx

d3d9

Direct3DCreate9

kernel32

SystemTimeToFileTime
FileTimeToSystemTime
CreateThread
GetCurrentThreadId
CreateFileA
GetFileAttributesA
SetFileAttributesA
CreateDirectoryA
GetSystemTime
GetLocalTime
GetTickCount
GetACP
GetOEMCP
GetComputerNameA
SetFileAttributesW
CreateDirectoryW
GetFileAttributesW
SetFilePointer
DeleteFileW
MoveFileW
GetTempPathA
GetTempPathW
GetCurrentDirectoryW
GetFullPathNameW
LocalFree
GetLastError
InterlockedIncrement
InitializeCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
MoveFileA
FormatMessageA
GetFileTime
ReadFile
WriteFile
GetFileSize
OutputDebugStringA
OpenEventA
LeaveCriticalSection
EnterCriticalSection
CloseHandle
TerminateThread
WaitForSingleObject
GetVersionExA
GetProcAddress
GlobalMemoryStatusEx
CopyFileA
GetModuleFileNameA
MultiByteToWideChar
FreeLibrary
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryExW
GetSystemDirectoryW
SetLastError
GetPriorityClass
QueryDosDeviceA
FatalAppExitA
GetProcessId
Process32First
Process32Next
LocalAlloc
WTSGetActiveConsoleSessionId
ReadProcessMemory
OpenProcess
VerifyVersionInfoW
SetEvent
CreateEventA
GetFullPathNameA
GetCurrentDirectoryA
TerminateProcess
GetCurrentProcess
GlobalLock
GlobalUnlock
GlobalAlloc
Sleep
AllocConsole
DeleteCriticalSection
DeleteFileA
CreateFileW
SetConsoleTitleA
GetModuleHandleA
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
InterlockedExchange
MapViewOfFile
GetSystemInfo
InterlockedExchangeAdd
TryEnterCriticalSection
GetCurrentThread
DuplicateHandle
MulDiv
UnmapViewOfFile
CreateFileMappingA
InterlockedDecrement
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetUnhandledExceptionFilter
ResumeThread
LoadLibraryA
VirtualAlloc

user32

SetRect
LoadStringW
LoadCursorA
LoadIconA
AdjustWindowRect
GetWindowLongA
SetWindowPos
ClipCursor
ReleaseCapture
GetCursorPos
GetWindowRect
SetCapture
DefWindowProcA
MessageBoxA
SetWindowTextA
ShowWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetCaretBlinkTime
GetFocus
GetKeyState
OpenClipboard
GetClipboardData
CloseClipboard
GetAsyncKeyState
SwitchToThisWindow
SetFocus
SendMessageA
GetDC
ReleaseDC
SetWindowLongA
CreateWindowExA
FindWindowA
EnumWindows
GetClassNameA
GetWindowThreadProcessId
WindowFromPoint
GetWindowTextA
FindWindowExA
GetClientRect
ClientToScreen
ShowCursor
GetSystemMetrics
PostQuitMessage
PeekMessageW
GetMessageW
RegisterClassA
GetActiveWindow
InvalidateRect
UpdateWindow
ChangeClipboardChain
SetClipboardViewer
EndPaint
BeginPaint

gdi32

CreateICA
GetDeviceCaps
GetStockObject
CreateFontA
CreateCompatibleDC
LineTo
MoveToEx
ExtTextOutA
CreatePen
SetMapMode
CreateDIBSection
SetTextAlign
SetBkColor
SetTextColor
DeleteObject
DeleteDC
GetTextExtentPoint32A
SelectObject
BitBlt
CreateCompatibleBitmap

advapi32

BuildExplicitAccessWithNameA
SetEntriesInAclA
InitializeAcl
SetSecurityInfo
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetUserNameA
CryptAcquireContextA
CryptReleaseContext
CryptAcquireContextW
CryptGetProvParam
CryptEnumProvidersA
CryptGetUserKey
CryptDestroyKey
CryptExportKey
CryptGenRandom

shell32

ShellExecuteA
SHGetFolderPathA

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

ntdll

VerSetConditionMask

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

psapi

GetModuleInformation

wtsapi32

WTSSendMessageA

wininet

InternetOpenA
FtpPutFileA
FtpCreateDirectoryA
InternetCloseHandle
InternetConnectA

wsock32

setsockopt
inet_ntoa
WSAGetLastError
socket
WSAStartup
getsockopt
inet_addr
getsockname
gethostbyname
ioctlsocket
htons
connect
select
__WSAFDIsSet
bind
closesocket
shutdown
send
ntohs
recv

gdiplus

GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipFree
GdipSaveImageToFile
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipDisposeImage
GdipCloneImage

msvcr90

atoi
strcat
_gmtime64
memmove
qsort
isalnum
towlower
towupper
fseek
_telli64
ftell
ferror
fread
_filelength
_filelengthi64
_atoi64
fgetc
fputc
_ctime64
_CxxThrowException
_mkdir
fflush
_assert
feof
_set_errno
_get_errno
_access_s
_errno
strcpy_s
_stat32
setvbuf
remove
_purecall
ceil
_snprintf
longjmp
strtoul
_setjmp3
atof
_aligned_free
_aligned_msize
_aligned_malloc
calloc
realloc
_tzset
_fileno
_strlwr
_mbsstr
_except_handler3
abort
system
ungetc
fgetpos
fsetpos
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
rename
fputs
wcslen
strerror
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_mktime64
_localtime64
srand
toupper
tolower
strcpy
sprintf
_wcsicmp
wcscmp
strncmp
_strnicmp
strcmp
rand
memchr
memcpy
memset
_stricmp
strlen
memcmp
__CxxFrameHandler3
free
printf
malloc
??0exception@std@@QAE@XZ
fgets
_vsnprintf
fwrite
getchar
__iob_func
freopen
_invalid_parameter_noinfo
memmove_s
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
isspace
exit
strstr
_unlink
memcpy_s
vsprintf
_beginthreadex
_time64
sprintf_s
sscanf
vsprintf_s
fclose
fprintf
strrchr
_access
strchr
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
_calloc_crt
setlocale
islower
_wfsopen
mbstowcs_s
__uncaught_exception
strncpy
_free_locale
fopen
_strupr

dinput8

DirectInput8Create

crypt32

CryptEncodeObject
CryptEncryptMessage
CertFreeCertificateContext
CertNameToStrW
CertDuplicateCertificateContext
CertSetCertificateContextProperty
CryptDecodeObject
CertGetCertificateContextProperty
CertCreateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptDecryptMessage

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 732KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 410KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdata1
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

��)c�u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ecf71002272ca348f21c638f14781f0

Headers

DLL Characteristics

File Characteristics

Imports

d3dx9_43

d3d9

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

ntdll

dbghelp

psapi

wtsapi32

wininet

wsock32

gdiplus

msvcr90

dinput8

crypt32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 732KB - Virtual size: 732KB

.data Size: 410KB - Virtual size: 1.1MB

.tls Size: 512B - Virtual size: 9B

.bdata1 Size: 512B - Virtual size: 4B

.rsrc Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 183KB - Virtual size: 183KB

��)c�u� Size: 16KB - Virtual size: 20KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 732KB - Virtual size: 732KB

.data
Size: 410KB - Virtual size: 1.1MB

.tls
Size: 512B - Virtual size: 9B

.bdata1
Size: 512B - Virtual size: 4B

.rsrc
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 183KB - Virtual size: 183KB

��)c�u�
Size: 16KB - Virtual size: 20KB