en1gma-injector[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

en1gma-injector.exe
Size

16.7MB
MD5

1b2f829a321dba8331c2a5a30a2425c9
SHA1

0732c918f35337ceeeb1e1c24a75e0a314fb6400
SHA256

21b6520a88721bef4aae5e6145451a96d02b009bf6d6fa514390f33ad21f5ec0
SHA512

42919b604b4f6d6360f5992ae2da1c0975e3582aa4dfa00debb7ce512148e812c270a5943cad64455d69c33d185b3c60d1819cf60cdfc7c4bb2963e8e2a1d0ca
SSDEEP

393216:6fzwDI4H+C0F3s8WeRNf2oQc509lBODHZiYrAFPfNxk:6s8FCm3s83Nf5KlBOTQYr+P1x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
en1gma-injector.exe

Files

en1gma-injector.exe
.exe windows:6 windows x64 arch:x64

dbeb7a05542b192721595aa420c5b2a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumWindows

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

ntdll

RtlAnsiStringToUnicodeString

vcruntime140

_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-runtime-l1-1-0

__p___argc

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: - Virtual size: 140B

.8x$
Size: - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MzR
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.[t6
Size: 16.7MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 411B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbeb7a05542b192721595aa420c5b2a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

ntdll

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 37KB

.rdata Size: - Virtual size: 15KB

.data Size: - Virtual size: 2KB

.pdata Size: - Virtual size: 2KB

.00cfg Size: - Virtual size: 56B

.retplne Size: - Virtual size: 140B

.8x$ Size: - Virtual size: 10.2MB

.MzR Size: 3KB - Virtual size: 2KB

.[t6 Size: 16.7MB - Virtual size: 16.7MB

.reloc Size: 512B - Virtual size: 264B

.rsrc Size: 512B - Virtual size: 411B

.text
Size: - Virtual size: 37KB

.rdata
Size: - Virtual size: 15KB

.data
Size: - Virtual size: 2KB

.pdata
Size: - Virtual size: 2KB

.00cfg
Size: - Virtual size: 56B

.retplne
Size: - Virtual size: 140B

.8x$
Size: - Virtual size: 10.2MB

.MzR
Size: 3KB - Virtual size: 2KB

.[t6
Size: 16.7MB - Virtual size: 16.7MB

.reloc
Size: 512B - Virtual size: 264B

.rsrc
Size: 512B - Virtual size: 411B