eternity | Growtopia Hack[.]exe | Triage

Sharing

General

Target

Growtopia Hack.exe
Size

1.2MB
MD5

3f532a4355da80fc22ce565440f9d73d
SHA1

ad55468ee3271ddf921fc68252ff633a56449d77
SHA256

e14364e74981e5512d4b55360af8dc794d2e00dc758c1952484171e729018536
SHA512

7545619ccc2920b1cefb4cc8f476886b2fcd08124059d0f72570878d9086280251ee9f0206f8fa9e69c249cad4bdab0e299b5ed0fbb7ad6d8223ac76489ed540
SSDEEP

12288:HTEYAsROAsrt/uxduo1jB0Y96qNef7PV64xnAsspqZEeLh0I4oDgJzzq1MlEjFNh:HwT7rC6qmPdhsqBL61oDGCuyw

Score

10^/10

stealer eternity

Malware Config

Signatures

Detects Eternity stealer 1 IoCs

resource	yara_rule
sample	eternity_stealer

Eternity family
eternity

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Growtopia Hack.exe

Files

Growtopia Hack.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter0
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter1
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ