eternity | PC_Proxy_V4[.]45[.]exe | Triage

Sharing

General

Target

PC_Proxy_V4.45.exe
Size

885KB
MD5

124c7ca47bafcee406d200a3af2b59fc
SHA1

dcfe00312117d97e6c44a526c127ae14f660b388
SHA256

7c1aef3259961aea042da45d734dfb677404eb33c075e995c1ea3d04b4b9c28b
SHA512

8169da9a69f6ecc01ee221cfd7e87d4e7701b60bf714db1b3a904b252591ad793f9245befa86da1fb7780bd31f89cf1f2e79d86e4bc3a577d318b3ea76eecd34
SSDEEP

12288:PTEYAsROAsrt/uxduo1jB0Y96qNOoFQzcdeyFA4o9hrC8maxPELoNe/Ld9/e9tVG:PwT7rC6qNOoiccDmaxPzNe/r29K

Score

10^/10

stealer eternity

Malware Config

Signatures

Detects Eternity stealer 1 IoCs

resource	yara_rule
sample	eternity_stealer

Eternity family
eternity

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PC_Proxy_V4.45.exe

Files

PC_Proxy_V4.45.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter0
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter1
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ