ecumenacymacadamiseow[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ecumenacymacadamiseow.exe
Size

5.2MB
MD5

22e7b3b75d855676b8218ef7569b4093
SHA1

9017e854c96629d0ee3b8a754732e88526294b1f
SHA256

2b04a61dd7b1121188ac0596002afce301aef02378660a7d24c5cc1f6c18abb6
SHA512

a2271ed7b57b8ab753f7207695cd09a934f67403fb5f4ba3cd4c6c2652c64d3eb848ece1bb9eab95b161ddccdd06833f0a5699ce85abc9c5f27e18f21806129c
SSDEEP

49152:QgyduEtvgLGMAuv+eT3Wucv7qmFE9ZhhI5LFKCMSsxCC12kwAjvfsxBlSihxzKVH:UzISU3bZoL5G/vfHu/k1rm1/2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecumenacymacadamiseow.exe

Files

ecumenacymacadamiseow.exe
.exe windows:6 windows x64 arch:x64

f8f1d79aaec586b36cba10a27b98626d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ecumenacymacadamiseow.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

bcryptprimitives

ProcessPrng

ntdll

RtlNtStatusToDosError
RtlPcToFileHeader
NtCreateFile
RtlUnwindEx
NtCancelIoFileEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtReadFile
NtWriteFile
NtDeviceIoControlFile

kernel32

GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
GetModuleHandleA
GetProcAddress
CreateWaitableTimerExW
SetWaitableTimer
Sleep
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
lstrlenW
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
GetFullPathNameW
GetSystemInfo
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
SetLastError
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetCurrentProcess
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
HeapAlloc
GetProcessHeap
WaitForSingleObjectEx
GetFinalPathNameByHandleW
SwitchToThread
ReleaseMutex
DeleteFileW
CopyFileExW
GetQueuedCompletionStatusEx
SetFileInformationByHandle
GetModuleFileNameW
GetFileInformationByHandle
PostQueuedCompletionStatus
QueryPerformanceCounter
UnhandledExceptionFilter
GetCommandLineW
SetUnhandledExceptionFilter
HeapReAlloc
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
GetSystemTimePreciseAsFileTime
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
IsProcessorFeaturePresent
GetLastError
InitializeSListHead
FindClose
IsDebuggerPresent
CreateFileW
CloseHandle
CreateMutexA
HeapFree
CreateIoCompletionPort
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetFileCompletionNotificationModes
LoadLibraryA
FlushFileBuffers
LoadLibraryExW

oleaut32

SafeArrayUnaccessData
VariantClear
SysFreeString
SysAllocStringLen
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayDestroy

rstrtmgr

RmGetList
RmRegisterResources
RmStartSession

user32

EnumDisplaySettingsExW
EnumDisplayMonitors
GetMonitorInfoW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx

gdi32

GetDeviceCaps
DeleteDC
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject

ws2_32

WSAGetLastError
ioctlsocket
select
closesocket
bind
listen
accept
getpeername
connect
getsockname
WSAIoctl
WSASocketW
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
send
WSASend
shutdown
getsockopt
socket

crypt32

CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenStore
CertCloseStore
CryptUnprotectData
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateChain

advapi32

FreeSid
SystemFunction036
RegOpenKeyExW
RegCloseKey
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW

bcrypt

BCryptGenRandom

secur32

EncryptMessage
FreeCredentialsHandle
AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
FreeContextBuffer
ApplyControlToken
DecryptMessage
AcquireCredentialsHandleA
DeleteSecurityContext

api-ms-win-crt-math-l1-1-0

log
ceil
exp2f
_dclass
roundf
truncf
__setusermatherr
pow

api-ms-win-crt-string-l1-1-0

strlen
strcspn
wcsncmp
strcpy_s
strncmp
strcmp

api-ms-win-crt-heap-l1-1-0

_msize
_set_new_mode
calloc
realloc
malloc
free

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_initterm
_beginthreadex
_c_exit
_set_app_type
terminate
_crt_atexit
abort
_cexit
_initterm_e
_register_onexit_function
_endthreadex
exit
_exit
__p___argv
__p___argc

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8f1d79aaec586b36cba10a27b98626d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

ntdll

kernel32

oleaut32

rstrtmgr

user32

ole32

gdi32

ws2_32

crypt32

advapi32

bcrypt

secur32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 24KB - Virtual size: 28KB

.pdata Size: 84KB - Virtual size: 83KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 24KB - Virtual size: 28KB

.pdata
Size: 84KB - Virtual size: 83KB

.reloc
Size: 35KB - Virtual size: 35KB