Evon-Executor-main[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Evon-Executor-main.zip
Size

1.1MB
MD5

dd5333ea591f4223b40c7af48b200fe2
SHA1

991a19e1ddcc8df1927ade7c84aafa0140243ce8
SHA256

24ec4e8c071184483c4a1876a59fe99babe3bb42e8548981da346f0d5d53587b
SHA512

7d51d62ed5461805066dad61f10a68b737b8e0794e6b719d0fdba035ce5935637ab074d054fc2aa04ea041e190413daa163049146676f36b08d863644ce90f0b
SSDEEP

24576:q8bZTKRSRTQYP0MciQ5LimPYAUfhm/4Qmc9mCBJdV9Rz:qugRu8pHR5ua7XJ/sCBJdXd

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Evon-Executor-main/Evon.exe
unpack001/Evon-Executor-main/lua51.dll

Files

Evon-Executor-main.zip
.zip
Evon-Executor-main/Evon.exe
.exe windows:4 windows x86 arch:x86

b7891f7a8c0d33c7432a245ffd7de25d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA

kernel32

CloseHandle
CreateMutexA
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetConsoleWindow
GetCurrentProcess
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_fdopen
_fstat
_lseek
_read
_strdup
_stricoll
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthreadex
_cexit
_errno
_filbuf
_flsbuf
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
atoi
calloc
fclose
fflush
fopen
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
getwc
iswctype
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
putwc
realloc
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strerror
strftime
strlen
strtod
strtoul
strxfrm
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcstombs
wcsxfrm

user32

CloseClipboard
EmptyClipboard
GetClipboardData
OpenClipboard
SetClipboardData
ShowWindow

Exports

Exports

HideProcess

Sections

.text
Size: 832KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 71B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Evon-Executor-main/Launcher.bat
.bat .vbs
Evon-Executor-main/README.md
Evon-Executor-main/README.txt
Evon-Executor-main/config
Evon-Executor-main/lua51.dll
.dll windows:6 windows x86 arch:x86

9466a71df1d3a59794f8605626534abe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
SetLastError
VirtualAlloc
VirtualFree
VirtualQuery
VirtualProtect
FreeLibrary
GetModuleHandleExA
GetProcAddress
LoadLibraryExA
FormatMessageA
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
Sleep
CreateThread
RtlUnwind
GetModuleFileNameA
GetModuleHandleA
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
SetEndOfFile
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ReadFile
CloseHandle
DuplicateHandle
CreateProcessA
GetTempPathW
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
DecodePointer
GetACP
SetFilePointerEx
GetExitCodeProcess
GetFileAttributesExW
CreatePipe
CreateFileW
GetTimeZoneInformation
DeleteFileW
MoveFileExW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
WriteConsoleW

Exports

Exports

luaJIT_profile_dumpstack
luaJIT_profile_start
luaJIT_profile_stop
luaJIT_setmode
luaJIT_version_2_1_0_beta3
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_execresult
luaL_fileresult
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadbufferx
luaL_loadfile
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushmodule
luaL_pushresult
luaL_ref
luaL_register
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_traceback
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_copy
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_lessthan
lua_load
lua_loadx
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tointegerx
lua_tolstring
lua_tonumber
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_xmove
lua_yield
luaopen_base
luaopen_bit
luaopen_debug
luaopen_ffi
luaopen_io
luaopen_jit
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7891f7a8c0d33c7432a245ffd7de25d

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 832KB - Virtual size: 832KB

.data Size: 7KB - Virtual size: 7KB

.rdata Size: 48KB - Virtual size: 47KB

/4 Size: 347KB - Virtual size: 346KB

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 71B

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 27KB - Virtual size: 27KB

/14 Size: 512B - Virtual size: 216B

/29 Size: 84KB - Virtual size: 83KB

/41 Size: 5KB - Virtual size: 4KB

/55 Size: 8KB - Virtual size: 7KB

/67 Size: 512B - Virtual size: 56B

/80 Size: 1024B - Virtual size: 686B

/91 Size: 33KB - Virtual size: 32KB

/102 Size: 3KB - Virtual size: 3KB

9466a71df1d3a59794f8605626534abe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 479KB - Virtual size: 478KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 832KB - Virtual size: 832KB

.data
Size: 7KB - Virtual size: 7KB

.rdata
Size: 48KB - Virtual size: 47KB

/4
Size: 347KB - Virtual size: 346KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 71B

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 27KB - Virtual size: 27KB

/14
Size: 512B - Virtual size: 216B

/29
Size: 84KB - Virtual size: 83KB

/41
Size: 5KB - Virtual size: 4KB

/55
Size: 8KB - Virtual size: 7KB

/67
Size: 512B - Virtual size: 56B

/80
Size: 1024B - Virtual size: 686B

/91
Size: 33KB - Virtual size: 32KB

/102
Size: 3KB - Virtual size: 3KB

.text
Size: 479KB - Virtual size: 478KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 12KB