Einsteinium[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Einsteinium.exe
Size

59KB
MD5

0b18325551f9d0055a9e3aa7921dfc76
SHA1

3b5076541b73bb6f9b1910dcc339709e360a9a92
SHA256

350f39bf3a98520e20f6aed34b4786ee2f6518c979613653b08dcf07f3b5e15e
SHA512

b45440ca9863bbb1cf2e1434612b32ed2f4f8d54645a02e4c7dc84297fae2222a40cb18e6e29f0eba5e475846ff02fa60ce35107c63a6f0a07830d89647a285b
SSDEEP

768:PGfmzZZ1vQ6yoXv8wG16fpnBZwci5qscFf/E3jj:PZzpvXf8wU6fRBZsqf83/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Einsteinium.exe

Files

Einsteinium.exe
.exe windows:6 windows x86 arch:x86

5c5d9912f37e79d021631faab1125008

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\HP Pavilion\source\repos\Marlon2210\Release\Marlon2210.pdb

Imports

kernel32

IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetStartupInfoW
GetTickCount
GetCurrentProcess
ExitProcess
GetProcAddress
CreateThread
LoadLibraryW
CloseHandle
LoadLibraryA
SetUnhandledExceptionFilter
TerminateThread
Sleep
CreateFileW
VirtualAlloc
WriteFile
GetModuleHandleW
UnhandledExceptionFilter

user32

ReleaseDC
InvalidateRect
DrawIconEx
LoadIconW
LoadCursorA
ExitWindowsEx
DrawIcon
GetSystemMetrics
MessageBoxW
GetDC

gdi32

CreateCompatibleBitmap
CreateFontA
SelectObject
CreateCompatibleDC
PatBlt
BitBlt
DeleteDC
SetTextColor
TextOutA
SetBitmapBits
SetBkMode
SetStretchBltMode
DeleteObject
InvertRgn
CreateSolidBrush
CreateEllipticRgn
CreateBitmap
GetBitmapBits
StretchBlt

advapi32

AdjustTokenPrivileges
RegCloseKey
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW

winmm

waveOutClose
waveOutOpen
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader

vcruntime140

memset
__current_exception_context
__current_exception
_except_handler4_common

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_controlfp_s
terminate
_initialize_onexit_table
_register_onexit_function
_cexit
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_set_app_type

api-ms-win-crt-math-l1-1-0

__setusermatherr
_CIfmod
_libm_sse2_sin_precise
_libm_sse2_cos_precise

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c5d9912f37e79d021631faab1125008

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

winmm

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 512B - Virtual size: 996B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 512B - Virtual size: 996B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB