eternal[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

eternal.exe
Size

637KB
MD5

a619774357f010b2d27a8fa3de1eee0a
SHA1

bc24fb019e02f29b06e9ecbdd0bcc3cdfbdaef02
SHA256

27cc3c0fc930ae48d1487f0bb1d98266070642e411d965ddd2b8d251a54c62dd
SHA512

e309d5b1770b23e397256139f35acd35c7820109323079e374ca18d91448bcbcd811a05c53a27308d69abc97009062eefbc13a7f428b1fe68e814842562e673d
SSDEEP

12288:jnFee9QBZfKKxkjG5pPbRnxuykq/k9RdbEmCgEyq9U:jFee92MKWjG5tyykm6RrCgEp9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eternal.exe

Files

eternal.exe
.exe windows:6 windows x64 arch:x64

911df0a0fe968a8c628a11fd07d80d65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Bigbo\OneDrive\Desktop\HWID-Spoofer-main\HWID-Spoofer-main\x64\Release\Protections.pdb

Imports

kernel32

EnterCriticalSection
FormatMessageA
SetLastError
DeleteFileA
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
LocalFree
LeaveCriticalSection
SleepEx
QueryPerformanceFrequency
CreateThread
FreeLibrary
VerifyVersionInfoA
QueryPerformanceCounter
GetTickCount
MoveFileExA
WaitForSingleObjectEx
MultiByteToWideChar
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
IsDebuggerPresent
OutputDebugStringW
DeleteCriticalSection
GetStdHandle
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetTempPathW
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
CreateFileW
VirtualAlloc
DeviceIoControl
VirtualFree
CreateProcessA
GetProcessHeap
GetSystemDirectoryA
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
GetTempPathA
Sleep
HeapSize
WaitForSingleObject
InitializeCriticalSectionEx
TerminateProcess
SetConsoleTitleA
HeapFree
GetCurrentProcess
LoadLibraryA
GetModuleFileNameA

user32

MessageBoxA

advapi32

CryptHashData
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
CryptCreateHash
RegSetKeyValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyW
RegOpenKeyW
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt

msvcp140

?id@?$ctype@_W@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??0_Lockit@std@@QEAA@H@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?always_noconv@codecvt_base@std@@QEBA_NXZ

ntdll

NtQuerySystemInformation
RtlInitUnicodeString
VerSetConditionMask

normaliz

IdnToAscii

wldap32

ord211
ord41
ord22
ord26
ord27
ord50
ord33
ord35
ord79
ord46
ord200
ord301
ord60
ord32
ord45
ord143
ord217
ord30

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertOpenStore

ws2_32

getpeername
getsockname
getsockopt
bind
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
WSAGetLastError
send
recv
closesocket
connect
htons
listen

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__current_exception_context
__C_specific_handler
memset
strstr
__std_exception_destroy
memmove
memcpy
memcmp
memchr
strrchr
__std_exception_copy
strchr
__std_terminate
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

__p___argc
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_exit
_initterm_e
_errno
_initterm
_get_initial_narrow_environment
_seh_filter_exe
_cexit
_crt_atexit
strerror
_register_onexit_function
abort
__sys_nerr
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
terminate
_getpid
system
_beginthreadex
_invalid_parameter_noinfo
exit
__p___argv
_resetstkoflw

api-ms-win-crt-stdio-l1-1-0

fputs
fopen
_lseeki64
fwrite
feof
fseek
ftell
fgetpos
fputc
setvbuf
ungetc
__stdio_common_vsscanf
_open
__stdio_common_vsprintf
_popen
_pclose
fgets
_close
_write
_read
fsetpos
__stdio_common_vfprintf
__acrt_iob_func
fread
_fseeki64
fflush
__p__commode
fclose
_get_stream_buffer_pointers
_set_fmode
fgetc

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
free
malloc
realloc
_callnewh

api-ms-win-crt-string-l1-1-0

_strdup
isupper
strncpy
tolower
strspn
strpbrk
strcspn
strncmp
strcmp
_stricmp

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
_gmtime64
strftime

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlink
_stat64
_unlock_file
_wremove
_access
_fstat64

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoull
strtol
strtoul
atoi

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-math-l1-1-0

_dclass
__setusermatherr

shell32

ShellExecuteA

Sections

.text
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

911df0a0fe968a8c628a11fd07d80d65

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

ntdll

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

shell32

Sections

.text Size: 461KB - Virtual size: 460KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 19KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 461KB - Virtual size: 460KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB