Endoparasitic[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Endoparasitic.exe
Size

41.2MB
MD5

43c3b97b6ccdd6dc3342cf0bed11e129
SHA1

3e2fcc62849a6f8e595010dd1a14a21df35d9590
SHA256

a597903faed625ac9cc88f4dede98daf29916f75b882d5f651a01e99d6eba492
SHA512

d64cca9cc62022560df3c0f0e8c72b4a9926905d56e5c1e15884ec4d065374df2dc4a8bd6a5f658450a31114e0e942fb7a87b7adb262ab5919624e686863cc4e
SSDEEP

786432:OL0xkPo2lNeKl6Ur0Q+HUyhfyR0PZf80YYmrAdWe3fBdR:J8J+wYmy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Endoparasitic.exe

Files

Endoparasitic.exe
.exe windows:4 windows x64

2e1e0162afae396b2bb6e7511461f2b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
BuildTrusteeWithSidW
CopySid
CreateProcessWithLogonW
DuplicateToken
FreeSid
GetCurrentHwProfileA
GetEffectiveRightsFromAclW
GetLengthSid
GetNamedSecurityInfoW
GetTokenInformation
ImpersonateLoggedOnUser
LookupAccountSidW
OpenProcessToken
OpenThreadToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RevertToSelf
SetEntriesInAclW
SetNamedSecurityInfoW

avrt

AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority

bcrypt

BCryptGenRandom

dinput8

DirectInput8Create

dwmapi

DwmEnableBlurBehindWindow
DwmFlush
DwmIsCompositionEnabled

gdi32

BitBlt
ChoosePixelFormat
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SelectObject
SetBkColor
SetPixelFormat
SetTextColor
SwapBuffers

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

iphlpapi

GetAdaptersAddresses
GetBestInterfaceEx

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AttachConsole
CancelIo
CancelIoEx
CancelSynchronousIo
CloseHandle
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateMutexW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeleteFileW
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushProcessWriteBuffers
FlushViewOfFile
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoEx
GetLogicalDriveStringsW
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetPriorityClass
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessId
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetSystemTimes
GetTempFileNameW
GetThreadContext
GetThreadLocale
GetThreadPriority
GetTickCount
GetTickCount64
GetTimeZoneInformation
GetUserDefaultUILanguage
GetVersionExW
GetVolumeInformationW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
IsDBCSLeadByteEx
IsDebuggerPresent
K32EnumProcessModules
K32EnumProcesses
K32GetModuleBaseNameW
K32GetModuleFileNameExW
K32GetModuleInformation
LCIDToLocaleName
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
LockFile
MapViewOfFile
MoveFileW
MultiByteToWideChar
OpenEventW
OpenFileMappingW
OpenMutexW
OpenProcess
OpenSemaphoreW
OpenThread
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetProcessWorkingSetSize
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SleepConditionVariableCS
SleepEx
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnlockFile
UnmapViewOfFile
VerLanguageNameW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_ecvt_s
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_fmode
_fstat64
_ftime64
_get_osfhandle
_getch
_getpid
_gmtime64
_hypot
_initterm
_localtime64
_lock
_lseeki64
_mktemp
_onexit
_open
_resetstkoflw
_scprintf
_setjmp
_snprintf
_stat64
_strdup
_stricmp
_strnicmp
fwprintf
_time64
_ultoa
_unlink
_unlock
_utime64
_vscprintf
_vsnprintf
_vsnprintf_s
_wassert
_wchdir
_wfopen
_wfsopen
_wgetenv
_wmkdir
_wmktemp
_wopen
_wrename
_write
_wrmdir
_wstat64
_wsystem
_wunlink
abort
acos
asin
atan
atof
atoi
atol
bsearch
calloc
cosh
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
freopen_s
frexp
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalnum
isalpha
islower
isspace
isupper
iswctype
isxdigit
localeconv
log10
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putwc
qsort
rand
realloc
remove
rename
setlocale
setvbuf
signal
sinh
srand
strcat
strchr
strcmp
strcoll
strcpy
strcpy_s
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
tan
tanh
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcscat_s
wcschr
wcscmp
wcscoll
wcscpy
wcscpy_s
wcsftime
wcslen
wcsrchr
wcsxfrm
_vsnprintf_s
longjmp
_write
_unlink
_strdup
_read
_open
_memicmp
_lseek
_getpid
_getcwd
_fileno
_fdopen
_execvp
_close

ole32

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
PropVariantClear

oleaut32

SafeArrayCreate
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SysAllocStringLen
SysFreeString
SysStringLen

opengl32

wglCreateContext
wglDeleteContext
wglGetProcAddress
wglMakeCurrent

shell32

CommandLineToArgvW
DragAcceptFiles
DragQueryFileW
SHFileOperationW
SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteExW
ShellExecuteW

shlwapi

PathFileExistsW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
AllowSetForegroundWindow
CallWindowProcW
ClientToScreen
ClipCursor
CloseClipboard
CloseTouchInputHandle
CreateIconFromResource
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DispatchMessageW
EmptyClipboard
EnumDisplayMonitors
EnumDisplaySettingsW
FlashWindowEx
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetMessageExtraInfo
GetMonitorInfoW
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetTouchInputInfo
GetWindowLongPtrA
GetWindowRect
IsClipboardFormatAvailable
IsIconic
KillTimer
LoadCursorA
LoadIconA
MapVirtualKeyExA
MessageBoxA
MessageBoxW
MonitorFromPoint
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageW
RegisterClassExW
RegisterRawInputDevices
RegisterTouchWindow
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SendMessageTimeoutW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongPtrA
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowWindow
SystemParametersInfoA
TrackMouseEvent
TranslateMessage
WaitForInputIdle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

midiInClose
midiInGetDevCapsA
midiInGetErrorTextA
midiInGetID
midiInGetNumDevs
midiInOpen
midiInStart
midiInStop
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeKillEvent
timeSetEvent

ws2_32

WSAConnect
WSAIoctl
WSARecv
WSASend
WSASocketW
WSAWaitForMultipleEvents
freeaddrinfo
getaddrinfo
getnameinfo
inet_pton

wsock32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostname
getpeername
getprotobyname
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
_Z13widechar_mainiPPw
_Z5_mainv
main

Sections

.text
Size: 32.9MB - Virtual size: 32.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pck
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 705KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 182KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e1e0162afae396b2bb6e7511461f2b3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

avrt

bcrypt

dinput8

dwmapi

gdi32

imm32

iphlpapi

kernel32

msvcrt

ole32

oleaut32

opengl32

shell32

shlwapi

user32

version

winmm

ws2_32

wsock32

Exports

Exports

Sections

.text Size: 32.9MB - Virtual size: 32.9MB

.data Size: 37KB - Virtual size: 36KB

.rdata Size: 4.6MB - Virtual size: 4.6MB

pck Size: 512B - Virtual size: 8B

.pdata Size: 705KB - Virtual size: 704KB

.xdata Size: 2.4MB - Virtual size: 2.4MB

.bss Size: - Virtual size: 182KB

.edata Size: 512B - Virtual size: 214B

.idata Size: 22KB - Virtual size: 22KB

.CRT Size: 512B - Virtual size: 120B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 352KB - Virtual size: 352KB

.reloc Size: 178KB - Virtual size: 177KB

.text
Size: 32.9MB - Virtual size: 32.9MB

.data
Size: 37KB - Virtual size: 36KB

.rdata
Size: 4.6MB - Virtual size: 4.6MB

pck
Size: 512B - Virtual size: 8B

.pdata
Size: 705KB - Virtual size: 704KB

.xdata
Size: 2.4MB - Virtual size: 2.4MB

.bss
Size: - Virtual size: 182KB

.edata
Size: 512B - Virtual size: 214B

.idata
Size: 22KB - Virtual size: 22KB

.CRT
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 352KB - Virtual size: 352KB

.reloc
Size: 178KB - Virtual size: 177KB