ECh0raixDecoder[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ECh0raixDecoder.zip
Size

77KB
MD5

6a169d2b94d6c9f2fa8303fb1a9f8d70
SHA1

41a1bc0858018e8be3ae1f870af67b4bfa8d75bf
SHA256

dc2ed42c7efc276a734f6a4fcafb69d320511bbc835377ec84705f858295f138
SHA512

0f8d4687732862df17909e95773aa4f1b9ff16a038ec767a78f90df835cd2aebbbc4eecd10147e08ba578a7ca6cfca46e57a553aa25a3b1687bf7b336cfeb58a
SSDEEP

1536:fAb3Ja55b0Kdp/j4rrhIkfCcRuV3aapySxwQFHp2mQVVEc:tnb0wp/j4JIkfCJEaprFc/Vt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ECh0raixDecoder.exe

Files

ECh0raixDecoder.zip
.zip
ECh0raixDecoder.exe
.exe windows:5 windows x86 arch:x86

c55264894a743587fbfe8cbd14e1ba68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
ExitProcess
CreateThread
ExitThread
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
VirtualAlloc
VirtualFree
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
LoadLibraryW
GlobalAlloc
SetThreadAffinityMask
lstrcpyW
MultiByteToWideChar
SetLastError
GetLastError
Sleep
HeapAlloc
GetCommandLineA
HeapFree
CloseHandle
WriteFile
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetLogicalDriveStringsW
GetFileSize
GetFileAttributesW
GetDriveTypeW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
GetCurrentDirectoryW
GetCommandLineW
CreateFileMappingW

user32

EnableWindow
SendDlgItemMessageW
GetDlgItemTextA
SetWindowTextW
SetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamW
ShowWindow
PostThreadMessageW
SendMessageW
MessageBoxW
SetWindowLongW
LoadImageW
SetDlgItemTextW
GetMessageW
CallWindowProcW

comdlg32

GetOpenFileNameW

comctl32

ord17

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW

advapi32

OpenProcessToken
CryptDecrypt
CryptImportKey
CryptDestroyKey
CryptReleaseContext
AdjustTokenPrivileges
CheckTokenMembership
CreateWellKnownSid
DuplicateToken
GetTokenInformation
IsTextUnicode
LookupPrivilegeValueW
CryptAcquireContextW

gdi32

CreateFontIndirectW
DeleteObject

shlwapi

StrStrIW
StrRStrIW
PathMatchSpecW

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.txt
changelog.txt

Sharing

General

Malware Config

Signatures

Files

c55264894a743587fbfe8cbd14e1ba68

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

comctl32

shell32

advapi32

gdi32

shlwapi

crypt32

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 34KB - Virtual size: 34KB

.rsrc Size: 168KB - Virtual size: 167KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 168KB - Virtual size: 167KB

.reloc
Size: 4KB - Virtual size: 4KB