eternity | AAP BYPASS[.]exe | Triage

Sharing

General

Target

AAP BYPASS.exe
Size

884KB
MD5

6c42867bd89e3e095c44b473abb74172
SHA1

9d455632d2454cf4ae5d9715e170d57d7a93b91a
SHA256

ec4996e811fb0971cde953c229d532144e48c4608f62f86f79170d6a2eee90e1
SHA512

e253fe011d0df319982b78b3a1c2b9ed6052525c40dcdff0f01b851f42af5c6bb33ad60381bf43098234e32b8cfb47ec8ef5a6e5df08a0d360ca16d43fd42a9a
SSDEEP

12288:gTEYAsROAsrt/uxduo1jB0Y96qKG+Nh/CgfZTm6rFa1Em+oYuUx/uDnCGtCoLt:gwT7rC6qKG2kW46rFrPfuUxSCFo

Score

10^/10

stealer eternity

Malware Config

Signatures

Detects Eternity stealer 1 IoCs

resource	yara_rule
sample	eternity_stealer

Eternity family
eternity

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AAP BYPASS.exe

Files

AAP BYPASS.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter0
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter1
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ