ELiveProcess[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ELiveProcess.exe
Size

304KB
MD5

a6f074bf14592646125105c398702922
SHA1

ad599756a9fd06b83f517aceb39c94ea80f2bd20
SHA256

1697a4d0282edaaa26b3152956fb6c9c1d9489ba069634f2df7bdc8e5091380c
SHA512

bf3215a0540a2393022834a69904e8054d26de9baa9dc68199e5842f9f0820a444e22a11b563c6c52e781ef0f5918a2c63613e5b3b151f0c6b1fb3e732d74121
SSDEEP

3072:4jNyQCw5P/K0qmhamUOytapoowSmZhbP56DRNNQDirYBngGRkFuo6pruPz8:ITANz9ZFRTiMBngzF0iPz8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ELiveProcess.exe

Files

ELiveProcess.exe
.exe windows:6 windows x64 arch:x64

Password: infected

c84d29675737bbe6599451d9b274d193

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\PSE\build\shared_pse\cempod\source\test\projects\win\FinalOut\Release\64\ELiveProcess.pdb

Imports

libcef

cef_string_map_alloc
cef_execute_process
cef_string_list_free
cef_string_utf16_cmp
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_list_alloc
cef_string_userfree_utf16_free
cef_api_hash
cef_command_line_create
cef_string_map_append
cef_string_map_free
cef_string_utf16_set
cef_string_utf8_clear
cef_string_utf8_to_utf16
cef_string_utf16_to_utf8
cef_string_utf16_clear

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
GetCommandLineW
SetErrorMode
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
_CxxThrowException
__C_specific_handler
memset
memmove
memcpy
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
__current_exception_context
memcmp

api-ms-win-crt-runtime-l1-1-0

_c_exit
_cexit
_register_onexit_function
_crt_atexit
terminate
_invalid_parameter_noinfo_noreturn
_exit
_register_thread_local_exe_atexit_callback
exit
_initterm_e
_initterm
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_configure_wide_argv
_get_wide_winmain_command_line
_initialize_wide_environment

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c84d29675737bbe6599451d9b274d193

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcef

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 191KB - Virtual size: 191KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 191KB - Virtual size: 191KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 4KB - Virtual size: 3KB