EternalOrange[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EternalOrange.exe
Size

272KB
MD5

59b1f2c4da85066cc5a73d80cfb9dcd2
SHA1

bf005c3de251295d74ec19bf90d03ddcf06b1d88
SHA256

9242ae324864a6388d09a076110b3d55cb97056e22b201c4cc8cbcae29f302cf
SHA512

951bd4db81e9f0bdbc6a16c9ce3f400f287e9815e097e0a984d407dc8df85fbde150930a18af474f86221a4a8f46413f8c08cf2df0bbd1ad47bb85b0583595fd
SSDEEP

3072:x9FHvufmKzk1kSgq/Yx7doXtroylzRVcVWUE93x00crwS:x9FHvuJSgUYR09R7PxQrwS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EternalOrange.exe

Files

EternalOrange.exe
.exe windows:6 windows x86 arch:x86

317e280255d466ea1b954ce549b51101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\s-sch\source\repos\WindowsProject1\Release\WindowsProject1.pdb

Imports

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
GetTickCount
ExitProcess
CreateThread
CloseHandle
TerminateThread
Sleep
GetModuleHandleW

user32

DrawIcon
MessageBoxW
GetDC
GetWindowRect
GetCursorPos
ReleaseDC
SetCursorPos
InvalidateRect
GetDesktopWindow
GetWindowDC
GetSystemMetrics
LoadIconW

gdi32

GetBitmapBits
BitBlt
CreateFontA
SelectObject
CreateDIBSection
CreateCompatibleDC
PatBlt
StretchBlt
PlgBlt
DeleteDC
TextOutW
SetTextColor
TextOutA
SetBitmapBits
SetBkMode
CreatePen
Polygon
SetBkColor
SetStretchBltMode
DeleteObject
InvertRgn
CreateSolidBrush
CreateEllipticRgn
CreateBitmap

shell32

ShellExecuteA

winmm

waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutClose
waveOutOpen

msimg32

AlphaBlend
GradientFill

vcruntime140

__current_exception_context
_except_handler4_common
memset
__current_exception

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

__setusermatherr
cbrt
_libm_sse2_tan_precise
_libm_sse2_sqrt_precise
_CIfmod
_libm_sse2_cos_precise
_libm_sse2_sin_precise

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_crt_atexit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
_seh_filter_exe
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_exit
exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

317e280255d466ea1b954ce549b51101

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

winmm

msimg32

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 225KB - Virtual size: 225KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 225KB - Virtual size: 225KB

.reloc
Size: 3KB - Virtual size: 2KB