eulean[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

eulean.exe
Size

258KB
MD5

1b3b04e73ec90d7a8ddd32594d9b2665
SHA1

278ec0777c849043d5795b32313c2bacf016b0a0
SHA256

cdadb51628834d8bf40d9a276f9936a1fb98c4de1faa71ab1d7523544d7b9d3f
SHA512

dad41af70e6ce4aca5579a2a103e7a34584bb358431b0aad238e70ed36c93fd23c78da1095541356a6784fb91f846ef5442173cbdc86c2ae146afbd59c2ad0cd
SSDEEP

6144:HnQ4i55KyoV2c4xWt5iywJvF1yWy1rohMzmSn:HIAlV2cUW0JGnJoW5n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eulean.exe

Files

eulean.exe
.exe windows:6 windows x64 arch:x64

37f944b09d0932e2c55e60ec6181d007

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
HeapFree
SetConsoleTitleA
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
InitializeCriticalSectionEx
GetModuleHandleA
HeapSize
GetTempPathA
CopyFileA
GetLastError
HeapReAlloc
CloseHandle
HeapAlloc
DecodePointer
DeleteCriticalSection
ExitProcess
GetProcessHeap
CreateProcessW
CreateProcessA
CreateFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
EncodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
GetModuleHandleExW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
DeleteFileW
GetFileType
MoveFileExW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
WriteConsoleW

urlmon

URLDownloadToFileA

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.E3]
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37f944b09d0932e2c55e60ec6181d007

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

urlmon

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 12KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.E3] Size: 10KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.E3]
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 480B