esentutl[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

esentutl.exe
Size

472KB
MD5

885765ee9e70ef7ecbf37cf0a458ebc5
SHA1

fd7007df9fc2ae895c38b777065d628c4ec49490
SHA256

5b66230b28f1896149a9c1875bbc6115f4fb3892b840be8a68175ff217dad902
SHA512

bc7376eaaa938da939a7807cde5badce25ede17daace5a1877311940a6e56b7ed4d95079981ec7700319cafdec84f2da62d7b1138ad53f5b4f44d304b43c79dd
SSDEEP

6144:29T8SPPB8W2kAaV3t8SENeV3DADNniAdh2ORnAKixh/Q1EG3JfqXQd:7nW2k/6SENeFDADNnuOOxh/nXQd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
esentutl.exe

Files

esentutl.exe
.exe windows:10 windows x64 arch:x64

fe6591b11402803deebb84294c5a81bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__set_app_type
_exit
_amsg_exit
_XcptFilter
_wtol
_wcsnicmp
strchr
_wfullpath
_wcsupr_s
wcsstr
swprintf_s
_fmode
wcscat_s
wcscpy_s
__C_specific_handler
_commode
_cexit
_lock
_getch
_unlock
_snwscanf_s
_wsplitpath_s
__dllonexit
_onexit
?terminate@@YAXXZ
__setusermatherr
_wmakepath_s
swscanf_s
wcstol
_vsnwprintf
malloc
free
memcpy
wprintf
memcmp
wcschr
_purecall
exit
_initterm
iswascii
fwprintf
isprint
_vsnprintf
strtoul
strcspn
strrchr
wcsncmp
wcsrchr
memmove_s
iswalpha
rand_s
wcspbrk
vprintf
strstr
_wcsicmp
__iob_func
__wgetmainargs
memset

esent

JetSetSystemParameterA
JetDBUtilitiesW
JetGetSystemParameterW
JetTerm2
JetGetErrorInfoW
JetTestHook
JetDetachDatabaseW
JetInit
JetBeginSessionW
JetAttachDatabase3W
JetInit4W
JetSetSystemParameterW
JetGetLogFileInfoW
JetRestore2W
JetEndSession
JetGetDatabaseFileInfoW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCaptureStackBackTrace

api-ms-win-core-file-l1-1-0

FindClose
CreateFileW
FindVolumeClose
FlushFileBuffers
SetFileValidData
SetFileInformationByHandle
FindNextVolumeW
ReadFile
WriteFileGather
ReadFileScatter
GetFileInformationByHandle
RemoveDirectoryW
CreateDirectoryW
GetTempFileNameW
SetEndOfFile
GetFileAttributesExW
WriteFile
GetDiskFreeSpaceExW
GetVolumePathNameW
GetFinalPathNameByHandleW
GetFileAttributesW
DeleteFileW
SetFilePointerEx
GetDiskFreeSpaceW
GetFullPathNameW
GetDriveTypeW
FindNextFileW
FindFirstVolumeW
GetVolumeInformationW
FindFirstFileW
GetFileSizeEx

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus
DeviceIoControl
GetOverlappedResult
PostQueuedCompletionStatus

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle
SetHandleInformation

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetVersionExW
GetLogicalProcessorInformationEx
GlobalMemoryStatusEx
GetTickCount
GetSystemInfo
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
LoadLibraryExA
GetProcAddress

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx
CopyFileExW

api-ms-win-core-processthreads-l1-1-0

SetThreadPriorityBoost
GetCurrentProcessId
SetThreadPriority
CreateThread
GetCurrentProcess
TlsAlloc
TerminateProcess
GetCurrentThread
TlsFree
TlsGetValue
GetExitCodeThread
GetCurrentThreadId
ResumeThread
CreateProcessW
TlsSetValue
OpenThread

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
CreateMutexW
SetEvent
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateEventW
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
SleepEx
ReleaseMutex

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
VirtualProtect
VirtualFree
VirtualAlloc
VirtualQueryEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetThreadIdealProcessorEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringW
LCMapStringEx

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringW

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe6591b11402803deebb84294c5a81bb

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

esent

ntdll

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l2-1-1

api-ms-win-core-console-l1-1-0

api-ms-win-core-errorhandling-l1-1-3

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 312KB - Virtual size: 308KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 12KB - Virtual size: 15KB

.pdata Size: 16KB - Virtual size: 13KB

.didat Size: 4KB - Virtual size: 16B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 312KB - Virtual size: 308KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 12KB - Virtual size: 15KB

.pdata
Size: 16KB - Virtual size: 13KB

.didat
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB