Eufonia Client[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Eufonia Client.exe
Size

18.9MB
MD5

f1d1f55141e80c7744eef50db70c0c94
SHA1

7d5554181a37ba49997feec07fa565ae1c71f17b
SHA256

c0d6928ef758a10a2929c5de9b53d4fffef3f9cb39c3b3ad7c6ca4d688b80e0f
SHA512

f278228e211f8c471bae6c39e794f75ac6ff9fbfd78eeff5b97beff0d5848cfaf22f3194d9428ea4cdfa82e31c84b28fba1eae7f4260a352499f9c81f9a019e1
SSDEEP

196608:/4L3xEQiMp7A2Z7SpZPflXwyc6ELqi5lDi2uwEmAvGIB:wL3xaMp7A2Z7SpZlgLrR5Fi2uwavGIB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Eufonia Client.exe

Files

Eufonia Client.exe
.exe windows:6 windows x64 arch:x64

45b9a1ba4b043089ee115616d92c7bed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcryptprimitives

ProcessPrng

shell32

ShellExecuteW
SHCreateItemFromParsingName
DragQueryFileW
SHAppBarMessage
DragFinish
SHGetKnownFolderPath

kernel32

RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
SetFileCompletionNotificationModes
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFullPathNameW
GetSystemInfo
CreatePipe
GetModuleHandleA
GetProcAddress
SetFileInformationByHandle
FlushFileBuffers
GetQueuedCompletionStatusEx
IsProcessorFeaturePresent
DeleteCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
InitializeCriticalSectionAndSpinCount
TlsAlloc
WakeAllConditionVariable
TlsGetValue
FindClose
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
lstrlenW
TlsSetValue
SetWaitableTimer
Sleep
CreateWaitableTimerExW
SetFileTime
GetSystemTimePreciseAsFileTime
GetProcessId
IsDebuggerPresent
GetModuleHandleW
DeleteProcThreadAttributeList
GetCurrentThread
LocalFree
CompareStringOrdinal
UnlockFile
SetThreadStackGuarantee
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
SetFilePointerEx
SwitchToThread
QueryPerformanceCounter
WaitForMultipleObjects
GetOverlappedResult
TerminateProcess
QueryPerformanceFrequency
LockFile
WriteFileEx
SleepEx
FindNextFileW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
MoveFileExW
GetCurrentProcess
DuplicateHandle
CreateSymbolicLinkW
CreateHardLinkW
SetFileAttributesW
GetFinalPathNameByHandleW
SetHandleInformation
CreateIoCompletionPort
FormatMessageW
GetModuleFileNameW
SetCurrentDirectoryW
ExitProcess
GetCurrentProcessId
CreateNamedPipeW
ReadFileEx
CreateEventW
ReadFile
CancelIo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetStdHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
CreateThread
GetTempPathW
GetCurrentThreadId
RegisterWaitForSingleObject
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
GetExitCodeProcess
LoadLibraryExW
WaitForSingleObject
GetLastError
CloseHandle
AddVectoredExceptionHandler
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
FreeLibrary
HeapAlloc
HeapFree
GetProcessHeap
ReOpenFile
PostQueuedCompletionStatus
LoadLibraryW
TlsFree

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

ole32

CoInitializeEx
CoUninitialize
RegisterDragDrop
CoCreateInstance
OleInitialize
RevokeDragDrop
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree

ws2_32

connect
WSASocketW
bind
setsockopt
WSAIoctl
send
recv
sendto
WSASend
getsockopt
socket
shutdown
WSAStartup
WSACleanup
freeaddrinfo
accept
getaddrinfo
recvfrom
WSAGetLastError
getpeername
listen
getsockname
closesocket
ioctlsocket

comctl32

DefSubclassProc
SetWindowSubclass
RemoveWindowSubclass
TaskDialogIndirect

user32

GetKeyState
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
GetRawInputData
VkKeyScanW
ValidateRect
RedrawWindow
PostThreadMessageW
SetMenuItemInfoW
GetUpdateRect
MsgWaitForMultipleObjectsEx
ScreenToClient
GetWindowRect
GetWindowPlacement
CreateIcon
MapVirtualKeyExW
MonitorFromRect
CreateMenu
SetWindowLongW
GetDC
ToUnicodeEx
AppendMenuW
GetSystemMenu
GetWindowTextW
GetWindowTextLengthW
EnumChildWindows
GetMessageA
CreateAcceleratorTableW
ShowWindow
PostQuitMessage
SystemParametersInfoA
DispatchMessageA
RegisterWindowMessageA
PeekMessageW
ClipCursor
PostMessageW
ReleaseCapture
SetCapture
TrackMouseEvent
DestroyWindow
GetWindowLongW
GetClientRect
GetClipCursor
ShowCursor
ClientToScreen
GetTouchInputInfo
AdjustWindowRectEx
CloseTouchInputHandle
SetCursor
GetCursorPos
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
SetWindowLongPtrW
TranslateAcceleratorW
GetAncestor
GetMessageW
MonitorFromWindow
GetMonitorInfoW
DestroyIcon
DestroyAcceleratorTable
RegisterRawInputDevices
IsProcessDPIAware
SetWindowTextW
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
RegisterClassExW
SendInput
MapVirtualKeyW
SetForegroundWindow
GetForegroundWindow
GetActiveWindow
SetCursorPos
InvalidateRgn
SendMessageW
DispatchMessageW
TranslateMessage
SetWindowDisplayAffinity
SetMenu
EnumDisplayMonitors
MonitorFromPoint
IsIconic
IsWindowVisible
GetMenu
GetWindowLongPtrW
EnableMenuItem
CheckMenuItem
LoadCursorW
SetWindowPos

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

bcrypt

BCryptGenRandom

advapi32

SystemFunction036
RegQueryValueExW
EventSetInformation
RegCloseKey
RegGetValueW
EventUnregister
EventRegister
EventWriteTransfer
RegOpenKeyExW

crypt32

CertAddCertificateContextToStore
CertDuplicateStore
CertCloseStore
CertFreeCertificateChain
CertOpenStore
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertDuplicateCertificateChain

iphlpapi

GetAdaptersAddresses

ntdll

NtCreateFile
NtWriteFile
NtReadFile
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError

secur32

EncryptMessage
QueryContextAttributesW
FreeContextBuffer
InitializeSecurityContextW
DecryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleA
ApplyControlToken
DeleteSecurityContext
AcceptSecurityContext

uxtheme

SetWindowTheme

oleaut32

SysFreeString
SetErrorInfo
SysStringLen
GetErrorInfo

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-memory-l1-1-6

VirtualAlloc2FromApp

api-ms-win-crt-math-l1-1-0

floor
trunc
__setusermatherr
round
fmod
pow
exp

api-ms-win-crt-string-l1-1-0

strlen
wcsncmp
wcslen
_wcsicmp
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_c_exit
_set_app_type
_seh_filter_exe
_cexit
__p___argc
_register_thread_local_exe_atexit_callback
exit
_initterm_e
_exit
_initterm
abort
_errno
__p___argv
_initialize_onexit_table
_register_onexit_function
_configure_narrow_argv
terminate
_crt_atexit
_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

fflush
_set_fmode
__acrt_iob_func
fputc
__p__commode
fputs

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free
calloc
_callnewh

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

msvcp140

_Query_perf_counter
_Query_perf_frequency

Sections

.text
Size: 10.7MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45b9a1ba4b043089ee115616d92c7bed

Headers

DLL Characteristics

File Characteristics

Imports

bcryptprimitives

shell32

kernel32

api-ms-win-core-synch-l1-2-0

ole32

ws2_32

comctl32

user32

gdi32

dwmapi

bcrypt

advapi32

crypt32

iphlpapi

ntdll

secur32

uxtheme

oleaut32

api-ms-win-core-memory-l1-1-0

api-ms-win-core-memory-l1-1-6

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

msvcp140

Sections

.text Size: 10.7MB - Virtual size: 10.7MB

.rdata Size: 7.8MB - Virtual size: 7.8MB

.data Size: 26KB - Virtual size: 39KB

.pdata Size: 176KB - Virtual size: 175KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 100KB - Virtual size: 100KB

.text
Size: 10.7MB - Virtual size: 10.7MB

.rdata
Size: 7.8MB - Virtual size: 7.8MB

.data
Size: 26KB - Virtual size: 39KB

.pdata
Size: 176KB - Virtual size: 175KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 100KB - Virtual size: 100KB