Ethic[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Ethic.exe
Size

1.0MB
MD5

b9a7f6845ad0900860451bf73c330346
SHA1

065b4c9e7d501627efdf4a810cc6b1eb1eb42f4b
SHA256

9b43f2d8c30c1965f6a030a194f89b89e4e532f4bd0b060ae84e47896b40652b
SHA512

d65f321408ca4b7df3ec0d869737e7156e3ff142ae420af503d165620143a7137d8581e761254ce3163cd812a91b184831471e2745ffb44aeacdfe4127992b8c
SSDEEP

24576:0sssHWtVkI/FZsOwnbqfEy3FPou0sEhSllYagKR9Q3neIxXDe4W4C30Wemex2zeB:0sssHoL/FNwPy3yuEcoagIQ3j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Ethic.exe

Files

Ethic.exe
.exe windows:6 windows x86 arch:x86

d72859b7af50fec5a07ba50f1a256c80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\xxx\Desktop\‎\build\Ethic.pdb

Imports

kernel32

LoadLibraryExA
GetLastError
GetProcAddress
FreeLibrary
FormatMessageA
SetConsoleTitleA
DeviceIoControl
CreateFileW
GetConsoleWindow
VirtualFree
VirtualAlloc
GetCurrentThreadId
GetTempPathW
Sleep
Process32First
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
GetSystemTimeAsFileTime
WakeAllConditionVariable
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileInformationByHandleEx
GetModuleHandleW
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetLocaleInfoEx
LocalFree
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentProcessId
GetModuleFileNameA
IsDebuggerPresent
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CloseHandle
SleepConditionVariableSRW
InitializeSListHead

user32

DestroyWindow
ShowWindow
DispatchMessageA
LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
MessageBoxA
SetWindowDisplayAffinity
GetMonitorInfoA
MoveWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
GetWindowLongA
SetWindowLongA
GetSystemMetrics
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
MonitorFromWindow
GetCapture
ClientToScreen
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
SetProcessDPIAware
ReleaseCapture
SetCursorPos
OpenClipboard
CloseClipboard
SetWindowPos
GetWindowRect
GetCursorPos
FindWindowA
GetForegroundWindow
GetAsyncKeyState
ScreenToClient
SetClipboardData
GetClipboardData
EmptyClipboard

gdi32

CreateSolidBrush

advapi32

RegCreateKeyW
RegDeleteTreeW
RegCloseKey
RegSetKeyValueW
GetUserNameW
RegOpenKeyW

shell32

SHGetFolderPathW

msvcp140

_Xtime_get_ticks
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
_Query_perf_frequency
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Query_perf_counter
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Syserror_map@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??7ios_base@std@@QBE_NXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
_Strxfrm
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z

ntdll

RtlInitUnicodeString
NtQuerySystemInformation

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140

memset
_CxxThrowException
__current_exception_context
__current_exception
_except_handler4_common
memcpy
wcsstr
strrchr
longjmp
strchr
strstr
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
memmove
_setjmp3
memchr
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

terminate
_beginthreadex
__p___argv
_controlfp_s
abort
strerror
_register_thread_local_exe_atexit_callback
_errno
_c_exit
_invalid_parameter_noinfo_noreturn
exit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
system
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
realloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

frexp
_libm_sse2_acos_precise
_CIfmod
_libm_sse2_asin_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_log10_precise
_libm_sse2_log_precise
llround
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
__setusermatherr
ldexp
_libm_sse2_tan_precise
ceil
floor
_CIatan2

api-ms-win-crt-string-l1-1-0

strpbrk
toupper
strncmp
isalnum
strspn
isdigit
isxdigit
ispunct
iscntrl
strcoll
isalpha
_stricmp
isblank
tolower
isupper
isspace
isgraph
islower

api-ms-win-crt-stdio-l1-1-0

_set_fmode
tmpnam
__stdio_common_vsscanf
_wfopen
fputc
__p__commode
fseek
ftell
freopen
ferror
fopen
_ftelli64
__acrt_iob_func
ungetc
_popen
_get_stream_buffer_pointers
fflush
setvbuf
tmpfile
fsetpos
fclose
_pclose
clearerr
fgetpos
fgets
_fseeki64
__stdio_common_vsprintf
getc
fwrite
__stdio_common_vfprintf
fgetc
feof
fread

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
setlocale
_configthreadlocale

api-ms-win-crt-time-l1-1-0

_gmtime64
clock
strftime
_mktime64
_difftime64
_localtime64
_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtoull
strtod

api-ms-win-crt-filesystem-l1-1-0

_wremove
_lock_file
_unlock_file
rename
remove

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

Sections

.text
Size: 573KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 350KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d72859b7af50fec5a07ba50f1a256c80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcp140

ntdll

d3d11

imm32

d3dcompiler_47

dwmapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 573KB - Virtual size: 572KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 350KB - Virtual size: 354KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 573KB - Virtual size: 572KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 350KB - Virtual size: 354KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 22KB