EK-Release-0[.]0[.]1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

EK-Release-0.0.1.zip
Size

562KB
MD5

a81bc998bccdb41070f3974f36576c33
SHA1

9ce05f5f9cde7c19efebb12cfe0a6841e81abe42
SHA256

4ccd4d56c151116d4a4e09fbbad4faf444832fe145f0eeed744d691218bce479
SHA512

5f44a5c5c91b23d283d50bce2be5cabb15d3f2d4f3e550a5a5c4a95fa138a214a516f3df8ef6a11d2b881a939ae7ac2f36062eb9aa2efe90ff3a1cdbe99e4953
SSDEEP

12288:iwGR9uTcWWBVlVtfcji9ollkZsC4Ah5hJa4S7t3aygKIZTR61MXTBS0xs0:3kkTIBVlVlOi9ozZI5hJa4S7t3ZgK46Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EspanaKrypt.exe
unpack001/helloworld.exe

Files

EK-Release-0.0.1.zip
.zip
EspanaKrypt.exe
.exe windows:4 windows x64 arch:x64

45ae29f2796fcc8af8c9fa4b73ba5a1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AddVectoredExceptionHandler
BeginUpdateResourceA
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EndUpdateResourceA
EnterCriticalSection
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount64
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleTextAttribute
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UpdateResourceA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

api-ms-win-crt-convert-l1-1-0

_ultoa
mbrtowc
strtoul
wcrtomb

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___mb_cur_max_func
localeconv
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-private-l1-1-0

__C_specific_handler
__intrinsic_setjmpex
longjmp
memchr
memcmp
memcpy
memmove
strchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_endthreadex
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror
system

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
_fileno
_fseeki64
_ftelli64
_lseeki64
_read
_wfopen
_write
fclose
fflush
fopen
fputc
fputs
fread
fseek
ftell
fwrite
getc
getwc
putc
putwc
rewind
setvbuf
ungetc
ungetwc

api-ms-win-crt-string-l1-1-0

_strdup
iswctype
memset
strcmp
strcoll
strlen
strncmp
strxfrm
towlower
towupper
wcscoll
wcslen
wcsxfrm

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset
strftime
wcsftime

api-ms-win-crt-utility-l1-1-0

rand_s

Sections

.text
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
helloworld.exe
.exe windows:4 windows x64 arch:x64

8f6b757033737c47d35d0f96ae72ac3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-multibyte-l1-1-0

_ismbblead

api-ms-win-crt-private-l1-1-0

__C_specific_handler
memcpy

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__p__acmdln
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

strlen
strncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

user32

MessageBoxA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 384B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.md

Sharing

General

Malware Config

Signatures

Files

45ae29f2796fcc8af8c9fa4b73ba5a1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 726KB - Virtual size: 726KB

.data Size: 72KB - Virtual size: 71KB

.rdata Size: 63KB - Virtual size: 62KB

.pdata Size: 45KB - Virtual size: 45KB

.xdata Size: 61KB - Virtual size: 61KB

.bss Size: - Virtual size: 3KB

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 6KB - Virtual size: 5KB

/4 Size: 512B - Virtual size: 176B

/19 Size: 18KB - Virtual size: 17KB

/31 Size: 2KB - Virtual size: 2KB

/45 Size: 2KB - Virtual size: 2KB

/57 Size: 1KB - Virtual size: 1KB

/70 Size: 512B - Virtual size: 248B

/81 Size: 1KB - Virtual size: 1KB

/97 Size: 2KB - Virtual size: 1KB

/113 Size: 512B - Virtual size: 100B

8f6b757033737c47d35d0f96ae72ac3b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

user32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 256B

.rdata Size: 1KB - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 636B

.xdata Size: 512B - Virtual size: 500B

.bss Size: - Virtual size: 384B

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 148B

/4 Size: 512B - Virtual size: 80B

/19 Size: 4KB - Virtual size: 3KB

/31 Size: 512B - Virtual size: 175B

/45 Size: 512B - Virtual size: 164B

/57 Size: 512B - Virtual size: 72B

/70 Size: 512B - Virtual size: 163B

/81 Size: 512B - Virtual size: 504B

.text
Size: 726KB - Virtual size: 726KB

.data
Size: 72KB - Virtual size: 71KB

.rdata
Size: 63KB - Virtual size: 62KB

.pdata
Size: 45KB - Virtual size: 45KB

.xdata
Size: 61KB - Virtual size: 61KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 6KB - Virtual size: 5KB

/4
Size: 512B - Virtual size: 176B

/19
Size: 18KB - Virtual size: 17KB

/31
Size: 2KB - Virtual size: 2KB

/45
Size: 2KB - Virtual size: 2KB

/57
Size: 1KB - Virtual size: 1KB

/70
Size: 512B - Virtual size: 248B

/81
Size: 1KB - Virtual size: 1KB

/97
Size: 2KB - Virtual size: 1KB

/113
Size: 512B - Virtual size: 100B

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 256B

.rdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 636B

.xdata
Size: 512B - Virtual size: 500B

.bss
Size: - Virtual size: 384B

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 148B

/4
Size: 512B - Virtual size: 80B

/19
Size: 4KB - Virtual size: 3KB

/31
Size: 512B - Virtual size: 175B

/45
Size: 512B - Virtual size: 164B

/57
Size: 512B - Virtual size: 72B

/70
Size: 512B - Virtual size: 163B

/81
Size: 512B - Virtual size: 504B