D:\BaseCode\EPM13.5_20190425\EPMUI\EuDownloader\x64\Release\EDownloader.pdb
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
2b3ed63e74773c5c040eba08bffcef0d43174d07749d023cdac13d82877f31a9.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2b3ed63e74773c5c040eba08bffcef0d43174d07749d023cdac13d82877f31a9.exe
Resource
win10v2004-20240412-en
General
-
Target
2b3ed63e74773c5c040eba08bffcef0d43174d07749d023cdac13d82877f31a9
-
Size
1.4MB
-
MD5
05030f99b7b8a97a8fe6216fc72f2312
-
SHA1
10b772a3e28b3750a82954d212c27cad7f5976e7
-
SHA256
2b3ed63e74773c5c040eba08bffcef0d43174d07749d023cdac13d82877f31a9
-
SHA512
01d09e06cae02e732dbdaae98db4d2b195d0ada48d0893aff2a62e87ad472446f62d54ac4bb0cdb6451c578580755b8bb7bf5d6a61004894d51575b1bf98e2d0
-
SSDEEP
24576:6srs14u4hZA3kAchviyUXp1AWl3WzrhMTtYkUcIUYtu0My:7rs14u4zSMhvLEAW4FMTKk3Wtu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2b3ed63e74773c5c040eba08bffcef0d43174d07749d023cdac13d82877f31a9
Files
-
2b3ed63e74773c5c040eba08bffcef0d43174d07749d023cdac13d82877f31a9.exe windows:6 windows x64 arch:x64
ccbd754663ef24866c6e3f5cdf6cbc0d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ws2_32
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
recv
bind
WSAResetEvent
WSAEventSelect
gethostname
connect
getpeername
getsockname
getsockopt
htons
ntohs
socket
WSASetLastError
WSAIoctl
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
setsockopt
crypt32
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
PFXImportCertStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptQueryObject
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
wldap32
ord46
ord79
ord142
ord219
ord301
ord167
ord127
ord27
ord26
ord133
ord117
ord41
ord208
ord73
ord216
ord14
ord145
ord147
kernel32
GetFileSizeEx
VerifyVersionInfoW
GetModuleHandleA
VerSetConditionMask
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
MoveFileExW
FormatMessageW
SetLastError
GetTickCount
LoadLibraryW
GetSystemDirectoryW
QueryPerformanceFrequency
SleepEx
LCMapStringW
EncodePointer
OutputDebugStringW
SwitchToThread
InitializeSListHead
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ReadFile
GetCurrentProcess
CreateFileW
GetVersionExW
GetLastError
LoadLibraryA
CloseHandle
CreateThread
GetProcAddress
GetFileSize
CreateProcessW
FreeLibrary
GetExitCodeProcess
SetFilePointer
GetTempPathW
Sleep
DeleteFileW
GetPrivateProfileStringA
CopyFileW
GetModuleFileNameA
OutputDebugStringA
TerminateProcess
CreateMutexW
ReleaseMutex
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetLocalTime
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetCurrentThreadId
SetEndOfFile
SetFilePointerEx
WaitForSingleObject
WaitForMultipleObjects
InitializeCriticalSectionEx
DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
user32
PeekMessageW
FindWindowExW
IsWindowVisible
SendMessageW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
advapi32
CryptReleaseContext
LookupAccountNameW
RegQueryValueExW
GetUserNameW
CryptGetHashParam
RegOpenKeyExW
CryptDestroyHash
RegSetValueExA
IsValidSid
CryptHashData
CryptEncrypt
CryptImportKey
CryptDestroyKey
RegEnumKeyExW
RegCloseKey
CryptAcquireContextW
GetSidSubAuthorityCount
GetSidSubAuthority
RegCreateKeyExA
CryptCreateHash
GetSidIdentifierAuthority
shell32
SHGetSpecialFolderPathW
ole32
CoCreateGuid
vcruntime140
memcmp
__std_terminate
wcsrchr
__std_exception_destroy
__std_exception_copy
_purecall
strstr
wcsstr
strrchr
strchr
__C_specific_handler
_CxxThrowException
memset
memcpy
memmove
memchr
__uncaught_exception
wcschr
__CxxFrameHandler3
api-ms-win-crt-heap-l1-1-0
free
_set_new_mode
realloc
_callnewh
calloc
malloc
api-ms-win-crt-runtime-l1-1-0
_cexit
_seh_filter_exe
_set_app_type
_crt_atexit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
__sys_nerr
__sys_errlist
_beginthreadex
_invalid_parameter_noinfo_noreturn
_errno
abort
terminate
_initialize_onexit_table
api-ms-win-crt-stdio-l1-1-0
_read
_write
feof
_wopen
fputs
fseek
__stdio_common_vsnprintf_s
__p__commode
_set_fmode
fgets
_wfopen
fopen
__stdio_common_vsscanf
__stdio_common_vsprintf
_close
_lseeki64
__stdio_common_vswprintf_s
__acrt_iob_func
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
_wfsopen
fgetpos
fwrite
fgetc
ftell
fclose
fflush
fputc
__stdio_common_vsprintf_s
api-ms-win-crt-string-l1-1-0
strcspn
__strncnt
wcsnlen
islower
wcsncpy
strspn
strpbrk
wcsncmp
_strdup
strcmp
wcspbrk
strncpy
strcat_s
strncmp
towupper
isupper
wcscpy_s
tolower
_wcsdup
api-ms-win-crt-locale-l1-1-0
_unlock_locales
localeconv
___mb_cur_max_func
setlocale
___lc_codepage_func
___lc_locale_name_func
_configthreadlocale
_lock_locales
__pctype_func
api-ms-win-crt-time-l1-1-0
_time64
_gmtime64
strftime
api-ms-win-crt-math-l1-1-0
__setusermatherr
pow
_fdopen
floor
frexp
api-ms-win-crt-convert-l1-1-0
atoi
strtol
strtoll
_itoa_s
strtoul
wcstombs
wcstombs_s
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_unlink
_wstat64
_wrename
_fstat64
_lock_file
_waccess
_wremove
api-ms-win-crt-utility-l1-1-0
qsort
rand
bcrypt
BCryptGenRandom
Sections
.text Size: 559KB - Virtual size: 558KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 159KB - Virtual size: 158KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 568KB - Virtual size: 572KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE