EclipseOG[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

EclipseOG.exe
Size

1.1MB
MD5

ba404910a71932bac6cb7bd271ec3fbc
SHA1

122c0df145a9cab1e07df9395317ec459545bc92
SHA256

6c5104caef3c226c96c8a3a5450fa6bd5c771c0b75a3f7e2fe1ab0d21e977761
SHA512

e56c7c8ec0e2a832c362c75b45f8d5a4d213e923d66b21e56f740be21713f11cc3ae1e13cb30122aa4aae069949ed1f6217e60115c38d0a53dfe9b486743e343
SSDEEP

24576:v/q1haUsZaIJ3495kWm+sbM2fTTKdoc+O93l0fZj:vibaraIFFLvXTTy+O93+x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EclipseOG.exe

Files

EclipseOG.exe
.exe windows:6 windows x64 arch:x64

aeb89bfc1ee17a5c9d105be73d744f3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrateur\Documents\EclipseOG\Inj-og\x64\Release\Inj-og.pdb

Imports

kernel32

QueryFullProcessImageNameW
FreeLibrary
GetProcAddress
GetWindowsDirectoryW
CreateThread
CloseHandle
Process32FirstW
Process32Next
DeleteFileW
LoadLibraryA
Process32NextW
OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
WakeAllConditionVariable
SleepConditionVariableSRW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
GetLocaleInfoEx
WideCharToMultiByte
GetFileSizeEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
MultiByteToWideChar
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
DeleteCriticalSection
InitializeCriticalSectionEx
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
CreateFileA
Sleep
CreateToolhelp32Snapshot
ReadFile
GetModuleHandleA
ResumeThread
GetCurrentThreadId
CreateFileW
WriteFile
GetCurrentProcess
VirtualProtect
Process32First
GetModuleFileNameA

user32

GetAsyncKeyState
MessageBoxA

advapi32

CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
GetTokenInformation
AddAccessAllowedAce
GetLengthSid
SetSecurityInfo
InitializeAcl
OpenProcessToken
IsValidSid
CryptEncrypt
CryptAcquireContextA

shell32

ShellExecuteW
ShellExecuteA

msvcp140

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Strxfrm
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
_Strcoll
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Mtx_unlock
??0_Locinfo@std@@QEAA@PEBD@Z
_Mtx_lock
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xbad_function_call@std@@YAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Thrd_id
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ

shlwapi

PathRemoveFileSpecA

ntdll

VerSetConditionMask

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

ws2_32

closesocket
ntohl
gethostname
sendto
connect
recvfrom
listen
WSAGetLastError
getaddrinfo
accept
WSAIoctl
WSASetLastError
WSASocketW
htons
bind
getnameinfo
freeaddrinfo
__WSAFDIsSet
WSACleanup
WSAStartup
socket
shutdown
setsockopt
send
select
recv
ntohs
getsockopt
getsockname
getpeername
ioctlsocket
htonl

normaliz

IdnToAscii

wldap32

ord30
ord200
ord301
ord35
ord79
ord33
ord32
ord27
ord22
ord41
ord50
ord45
ord60
ord211
ord26
ord143
ord217
ord46

crypt32

CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateChainEngine

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

psapi

GetModuleInformation

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
strstr
strrchr
__RTDynamicCast
memchr
_CxxThrowException
__std_type_info_name
__std_type_info_compare
strchr
memset
memmove
memcpy
memcmp
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
__C_specific_handler
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_initterm_e
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_exit
abort
exit
_beginthreadex
_errno
_getpid
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo
system
_c_exit
_set_app_type
__p___argv
strerror
terminate
_seh_filter_exe
__sys_nerr
_crt_atexit
__p___argc
_cexit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
feof
fseek
_popen
_pclose
fgets
fwrite
ftell
_lseeki64
fputs
fclose
fflush
fgetpos
setvbuf
fputc
ungetc
fsetpos
fread
_fseeki64
fgetc
_open
__stdio_common_vsprintf
_get_stream_buffer_pointers
_close
_write
__acrt_iob_func
_read
_set_fmode
fopen
__p__commode

api-ms-win-crt-heap-l1-1-0

_aligned_free
calloc
free
_set_new_mode
malloc
_callnewh
realloc
_aligned_malloc

api-ms-win-crt-utility-l1-1-0

_byteswap_ulong
rand
qsort
srand

api-ms-win-crt-string-l1-1-0

strcmp
strlen
isdigit
_strdup
_stricmp
toupper
strspn
isupper
tolower
isalpha
strcspn
strncmp
strpbrk
strncpy

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_access
_unlink
_fstat64
_stat64

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-math-l1-1-0

_dclass
__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtoull
strtoul
strtoll
strtol
atoi
strtod

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

Exports

Exports

?antiDebugging@SafeGuardSDK@SafeGuard@@QEAA?AW4StatusCode@2@XZ
?antiVirtualization@SafeGuardSDK@SafeGuard@@QEAA?AW4StatusCode@2@XZ
?authenticateUser@SafeGuardSDK@SafeGuard@@QEAA?AW4StatusCode@2@XZ
?displayMessageBox@SafeGuardSDK@SafeGuard@@QEAAXW4StatusCode@2@@Z
?injectDll@SafeGuardSDK@SafeGuard@@QEAA?AW4StatusCode@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?keyAuthenticateUser@SafeGuardSDK@SafeGuard@@QEAA?AW4StatusCode@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z

Sections

.text
Size: 681KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 288KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aeb89bfc1ee17a5c9d105be73d744f3f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp140

shlwapi

ntdll

wininet

ws2_32

normaliz

wldap32

crypt32

rpcrt4

psapi

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 681KB - Virtual size: 681KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 288KB - Virtual size: 295KB

.pdata Size: 29KB - Virtual size: 28KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 681KB - Virtual size: 681KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 288KB - Virtual size: 295KB

.pdata
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 4KB - Virtual size: 3KB